Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
N/A
Description
According to comments in the cnf file hashicorp_key_management.cnf, hashicorp-key-management-vault-url must always contain /v1/:
- HTTP[s] URL that is used to connect to the Hashicorp Vault server.
- It must include the name of the scheme ("https://" for a secure
- connection) and, according to the API rules for storages of the
- key-value type in Hashicorp Vault, after the server address, the
- path must begin with the "/v1/" string (as prefix), for example:
- "https://127.0.0.1:8200/v1/my_secrets"
It is good that the cnf template mentions it, but it should also be mentioned in the documentation.
Moreover, if it's cut in stone, maybe the plugin could include it into the parameter verification and throw an error if the URL doesn't contain it.
Attachments
Issue Links
- is part of
-
MDEV-28494 Hashicorp plugin documentation
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
- split to
-
-
- Closed
-
Activity
Fixed, https://github.com/MariaDB/server/commit/1c22a9d8aebc91c37b90730fc737df44f780e90e
Subtask related to documentation moved to: https://jira.mariadb.org/browse/MDEV-28528
The error is now detected and a [somewhat] meaningful error message is returned.
If the plugin is loaded upon startup, it's written in the log as
bb-10.9-MDEV-19281-v5 a47e08aa2b
2022-05-06 19:52:26 0 [ERROR] mysqld: hashicorp: According to the Hashicorp Vault API rules, the path inside the URL must start with the "/v1/" prefix, while the supplied URL value is: "http://127.0.0.1:8200/vbug/"2022-05-06 19:52:26 0 [ERROR] Plugin 'hashicorp_key_management' init function returned error.2022-05-06 19:52:26 0 [ERROR] Plugin 'hashicorp_key_management' registration as a ENCRYPTION failed.At runtime it's
MariaDB [test]> show warnings;I'm keeping this JIRA entry open for documentation purposes.