Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28277

Hashicorp: Document the mandatory presence of /v1/ in URL, detect error if possible

Details

    Description

      According to comments in the cnf file hashicorp_key_management.cnf, hashicorp-key-management-vault-url must always contain /v1/:

      1. HTTP[s] URL that is used to connect to the Hashicorp Vault server.
      2. It must include the name of the scheme ("https://" for a secure
      3. connection) and, according to the API rules for storages of the
      4. key-value type in Hashicorp Vault, after the server address, the
      5. path must begin with the "/v1/" string (as prefix), for example:
      6. "https://127.0.0.1:8200/v1/my_secrets"

      It is good that the cnf template mentions it, but it should also be mentioned in the documentation.

      Moreover, if it's cut in stone, maybe the plugin could include it into the parameter verification and throw an error if the URL doesn't contain it.

      Attachments

        Issue Links

          Activity

            The error is now detected and a [somewhat] meaningful error message is returned.
            If the plugin is loaded upon startup, it's written in the log as

            bb-10.9-MDEV-19281-v5 a47e08aa2b

            2022-05-06 19:52:26 0 [ERROR] mysqld: hashicorp: According to the Hashicorp Vault API rules, the path inside the URL must start with the "/v1/" prefix, while the supplied URL value is: "http://127.0.0.1:8200/vbug/"
            2022-05-06 19:52:26 0 [ERROR] Plugin 'hashicorp_key_management' init function returned error.
            2022-05-06 19:52:26 0 [ERROR] Plugin 'hashicorp_key_management' registration as a ENCRYPTION failed.
            

            At runtime it's

            MariaDB [test]> install soname 'hashicorp_key_management';
            ERROR 1105 (HY000): hashicorp: According to the Hashicorp Vault API rules, the path inside the URL must start with the "/v1/" prefix, while the supplied URL value is: "http://127.0.0.1:8200/vbug/"
            MariaDB [test]> show warnings;
            +-------+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
            | Level | Code | Message                                                                                                                                                                          |
            +-------+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
            | Error | 1105 | hashicorp: According to the Hashicorp Vault API rules, the path inside the URL must start with the "/v1/" prefix, while the supplied URL value is: "http://127.0.0.1:8200/vbug/" |
            | Error | 1123 | Can't initialize function 'hashicorp_key_management'; Plugin initialization function failed.                                                                                     |
            +-------+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
            2 rows in set (0.000 sec)
            

            I'm keeping this JIRA entry open for documentation purposes.

            elenst Elena Stepanova added a comment - The error is now detected and a [somewhat] meaningful error message is returned. If the plugin is loaded upon startup, it's written in the log as bb-10.9-MDEV-19281-v5 a47e08aa2b 2022-05-06 19:52:26 0 [ERROR] mysqld: hashicorp: According to the Hashicorp Vault API rules, the path inside the URL must start with the "/v1/" prefix, while the supplied URL value is: "http://127.0.0.1:8200/vbug/" 2022-05-06 19:52:26 0 [ERROR] Plugin 'hashicorp_key_management' init function returned error. 2022-05-06 19:52:26 0 [ERROR] Plugin 'hashicorp_key_management' registration as a ENCRYPTION failed. At runtime it's MariaDB [test]> install soname 'hashicorp_key_management' ; ERROR 1105 (HY000): hashicorp: According to the Hashicorp Vault API rules, the path inside the URL must start with the "/v1/" prefix, while the supplied URL value is : "http://127.0.0.1:8200/vbug/" MariaDB [test]> show warnings; + -------+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Level | Code | Message | + -------+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Error | 1105 | hashicorp: According to the Hashicorp Vault API rules, the path inside the URL must start with the "/v1/" prefix, while the supplied URL value is : "http://127.0.0.1:8200/vbug/" | | Error | 1123 | Can 't initialize function ' hashicorp_key_management'; Plugin initialization function failed. | + -------+------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.000 sec) I'm keeping this JIRA entry open for documentation purposes.
            sysprg Julius Goryavsky added a comment - Fixed, https://github.com/MariaDB/server/commit/1c22a9d8aebc91c37b90730fc737df44f780e90e Subtask related to documentation moved to: https://jira.mariadb.org/browse/MDEV-28528

            People

              sysprg Julius Goryavsky
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.