MDEV-38244 Remove deprecated hashicorp_key_management_cache_timeout and hashicorp_key_management_use_cache_on_timeout

plugin/hashicorp_key_management/hashicorp_key_management.cnf

@@ -61,50 +61,18 @@
 #
 #hashicorp-key-management-caching-enabled="on"
 
-#
-# This parameter instructs the plugin to use the key values
-# or version numbers taken from the cache in the event of a
-# timeout when accessing the vault server. By default this
-# option is disabled.
-#
-# Please note that key values or version numbers will be read
-# from the cache when the timeout expires only after the number
-# of attempts to read them from the storage server that specified
-# by the hashicorp-key-management-retries parameter has been
-# exhausted:
-#
-#hashicorp-key-management-use-cache-on-timeout="off"
-
-#
-# The time (in milliseconds) after which the value of the key
-# stored in the cache becomes invalid and an attempt to read this
-# data causes a new request send to the vault server. By default,
-# cache entries become invalid after 60,000 milliseconds (after
-# one minute).
-#
-# If the value of this parameter is zero, then the keys will always
-# be considered invalid, but they still can be used if the vault
-# server is unavailable and the corresponding cache operating mode
-# (--[loose-]hashicorp-key-management-use-cache-on-timeout="on")
-# is enabled.
-#
-#hashicorp-key-management-cache-timeout=0
-
 #
 # The time (in milliseconds) after which the information about
 # latest version number of the key (which stored in the cache)
 # becomes invalid and an attempt to read this information causes
 # a new request send to the vault server.
 #
 # If the value of this parameter is zero, then information about
-# latest key version numbers is always considered invalid, unless
-# there is no communication with the vault server and use of the
-# cache is allowed when the server is unavailable.
+# latest key version numbers is always considered invalid.
 #
 # By default, this parameter is zero, that is, the latest version
 # numbers for the keys stored in the cache are considered always
-# invalid, except when the vault server is unavailable and use
-# of the cache is allowed on server failures.
+# invalid.
 #
 #hashicorp-key-management-cache-version-timeout=0
 

plugin/hashicorp_key_management/hashicorp_key_management.txt

@@ -129,33 +129,6 @@ operation:
   the Hashicorp Vault server in the local memory). By default
   caching is enabled.
 
---[loose-]hashicorp-key-management-use-cache-on-timeout="on"|"off"
-
-  This parameter instructs the plugin to use the key values
-  or version numbers taken from the cache in the event of a
-  timeout when accessing the vault server. By default this
-  option is disabled.
-
-  Please note that key values or version numbers will be read
-  from the cache when the timeout expires only after the number
-  of attempts to read them from the storage server that specified
-  by the --[loose-]hashicorp-key-management-retries parameter
-  has been exhausted.
-
---[loose-]hashicorp-key-management-cache-timeout=<timeout>
-
-  The time (in milliseconds) after which the value of the key
-  stored in the cache becomes invalid and an attempt to read this
-  data causes a new request send to the vault server. By default,
-  cache entries become invalid after 60,000 milliseconds (after
-  one minute).
-
-  If the value of this parameter is zero, then the keys will always
-  be considered invalid, but they still can be used if the vault
-  server is unavailable and the corresponding cache operating mode
-  (--[loose-]hashicorp-key-management-use-cache-on-timeout="on")
-  is enabled.
-
 --[loose-]hashicorp-key-management-cache-version-timeout=<timeout>
 
   The time (in milliseconds) after which the information about
@@ -164,14 +137,11 @@ operation:
   a new request send to the vault server.
 
   If the value of this parameter is zero, then information about
-  latest key version numbers is always considered invalid, unless
-  there is no communication with the vault server and use of the
-  cache is allowed when the server is unavailable.
+  latest key version numbers is always considered invalid.
 
   By default, this parameter is zero, that is, the latest version
   numbers for the keys stored in the cache are considered always
-  invalid, except when the vault server is unavailable and use
-  of the cache is allowed on server failures.
+  invalid.
 
 --[loose-]hashicorp-key-management-check-kv-version="on"|"off"
 

plugin/hashicorp_key_management/hashicorp_key_management_plugin.cc

@@ -164,7 +164,6 @@ class HCData
 static HCData data;
 static bool loaded= true;
 
-static clock_t cache_max_time;
 static clock_t cache_max_ver_time;
 
 /*
@@ -254,17 +253,11 @@ unsigned int
 #if HASHICORP_DEBUG_LOGGING
   my_printf_error(ER_UNKNOWN_ERROR, PLUGIN_ERROR_HEADER
                   "cache_get: key_id = %u, key_version = %u, "
-                  "effective version = %u, key data timestamp = %u, "
-                  "current time = %u, diff = %u",
+                  "effective version = %u",
                   ME_ERROR_LOG_ONLY | ME_NOTE, key_id, key_version,
-                  version, info.timestamp, current_time,
-                  current_time - info.timestamp);
+                  version);
 #endif
   unsigned int length= info.length;
-  if (with_timeouts && current_time - info.timestamp > cache_max_time)
-  {
-    return ENCRYPTION_KEY_VERSION_INVALID;
-  }
   unsigned int max_length = *buflen;
   *buflen = length;
   if (max_length >= length)
@@ -353,10 +346,6 @@ static int timeout;
 static int max_retries;
 static char caching_enabled;
 static char check_kv_version;
-#if MYSQL_VERSION_ID < 130300
-static long long cache_timeout;         // for KEY_MAP key_info_cache
-static char use_cache_on_timeout;
-#endif
 static long cache_version_timeout;      // for VER_MAP latest_version_cache
 
 static MYSQL_SYSVAR_STR(vault_ca, vault_ca,
@@ -398,21 +387,6 @@ static MYSQL_SYSVAR_BOOL(check_kv_version, check_kv_version,
   "Enable kv storage version check during plugin initialization",
   NULL, NULL, 1);
 
-static void cache_timeout_update (MYSQL_THD thd,
-                                  struct st_mysql_sys_var *var,
-                                  void *var_ptr,
-                                  const void *save)
-{
-  long long timeout = * (long long *) save;
-  * (long long *) var_ptr = timeout;
-  cache_max_time = ms_to_ticks(timeout);
-}
-
-static MYSQL_SYSVAR_LONGLONG(cache_timeout, cache_timeout,
-  PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_DEPRECATED,
-  "Cache timeout for key data (in milliseconds)",
-  NULL, cache_timeout_update, INT64_MAX, 0, INT64_MAX, 1);
-
 static void
   cache_version_timeout_update (MYSQL_THD thd,
                                 struct st_mysql_sys_var *var,
@@ -429,22 +403,14 @@ static MYSQL_SYSVAR_LONG(cache_version_timeout, cache_version_timeout,
   "Cache timeout for key version (in milliseconds)",
   NULL, cache_version_timeout_update, 60*1000, 0, LONG_MAX, 1);
 
-static MYSQL_SYSVAR_BOOL(use_cache_on_timeout, use_cache_on_timeout,
-  PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_DEPRECATED,
-  "In case of an error when accessing the vault server "
-  "use the value taken from the cache",
-  NULL, NULL, 1);
-
 static struct st_mysql_sys_var *settings[] = {
   MYSQL_SYSVAR(vault_url),
   MYSQL_SYSVAR(token),
   MYSQL_SYSVAR(vault_ca),
   MYSQL_SYSVAR(timeout),
   MYSQL_SYSVAR(max_retries),
   MYSQL_SYSVAR(caching_enabled),
-  MYSQL_SYSVAR(cache_timeout),
   MYSQL_SYSVAR(cache_version_timeout),
-  MYSQL_SYSVAR(use_cache_on_timeout),
   MYSQL_SYSVAR(check_kv_version),
   NULL
 };
@@ -759,7 +725,7 @@ unsigned int HCData::get_latest_version (unsigned int key_id)
   size_t buf_len = vault_url_len + (20 + 6 + 1);
   char *url = (char *) alloca(buf_len);
   snprintf(url, buf_len, "%s%u", vault_url_data, key_id);
-  bool use_cache= caching_enabled && use_cache_on_timeout;
+  bool use_cache= caching_enabled;
   int rc;
   if ((rc= curl_run(url, &response_str, use_cache)) != OPERATION_OK)
   {
@@ -841,7 +807,7 @@ unsigned int HCData::get_key_from_vault (unsigned int key_id,
              vault_url_data, key_id, key_version);
   else
     snprintf(url, buf_len, "%s%u", vault_url_data, key_id);
-  bool use_cache= caching_enabled && use_cache_on_timeout;
+  bool use_cache= caching_enabled;
   int rc;
   if ((rc= curl_run(url, &response_str, use_cache)) != OPERATION_OK)
   {
@@ -1162,7 +1128,6 @@ int HCData::init ()
   }
   memcpy(vault_url_data, vault_url, vault_url_len);
   memcpy(vault_url_data + vault_url_len, "/data/", 7);
-  cache_max_time = ms_to_ticks(cache_timeout);
   cache_max_ver_time = ms_to_ticks(cache_version_timeout);
   /* Initialize curl: */
   CURLcode curl_res = curl_global_init(CURL_GLOBAL_ALL);

plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_cache_after_recreate.result

@@ -1,9 +1,9 @@
 # restart: with restart_parameters
 CREATE TABLE t1 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=4;
 INSERT INTO t1 VALUES ('foo'),('bar');
-select @@hashicorp_key_management_caching_enabled, @@hashicorp_key_management_cache_timeout;
-@@hashicorp_key_management_caching_enabled	@@hashicorp_key_management_cache_timeout
-1	180000
+select @@hashicorp_key_management_caching_enabled;
+@@hashicorp_key_management_caching_enabled
+1
 CREATE TABLE t2 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=4;
 DROP TABLE IF EXISTS t1, t2;
 # restart

plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_cache_timeout_update.result

@@ -1,23 +1,15 @@
 SELECT
-@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT,
-@@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT;
-@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT	@@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT
-0	180000
+@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT;
+@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT
+0
 SET GLOBAL
-HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT= 1,
-HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT= 1;
-Warnings:
-Warning	1287	'@@hashicorp_key_management_cache_timeout' is deprecated and will be removed in a future release
+HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT= 1;
 SELECT
-@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT,
-@@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT;
-@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT	@@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT
-1	1
-SET GLOBAL HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT=0, HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT=180000;
-Warnings:
-Warning	1287	'@@hashicorp_key_management_cache_timeout' is deprecated and will be removed in a future release
+@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT;
+@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT
+1
+SET GLOBAL HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT=0;
 SELECT
-@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT,
-@@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT;
-@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT	@@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT
-0	180000
+@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT;
+@@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT
+0

plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_encode.result

@@ -1,12 +1,10 @@
 SHOW GLOBAL variables LIKE "hashicorp%";
 Variable_name	Value
-hashicorp_key_management_cache_timeout	9223372036854775807
 hashicorp_key_management_cache_version_timeout	60000
 hashicorp_key_management_caching_enabled	ON
 hashicorp_key_management_check_kv_version	OFF
 hashicorp_key_management_max_retries	3
 hashicorp_key_management_timeout	60
-hashicorp_key_management_use_cache_on_timeout	ON
 hashicorp_key_management_vault_ca	
 hashicorp_key_management_vault_url	VAULT_ADDR/v1/mariadbtest/
 create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;

plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result

@@ -1,12 +1,10 @@
 SHOW GLOBAL variables LIKE "hashicorp%";
 Variable_name	Value
-hashicorp_key_management_cache_timeout	9223372036854775807
 hashicorp_key_management_cache_version_timeout	0
 hashicorp_key_management_caching_enabled	ON
 hashicorp_key_management_check_kv_version	OFF
 hashicorp_key_management_max_retries	3
 hashicorp_key_management_timeout	60
-hashicorp_key_management_use_cache_on_timeout	ON
 hashicorp_key_management_vault_ca	
 hashicorp_key_management_vault_url	VAULT_ADDR/v1/mariadbtest/
 # Restart the server with encryption

plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.opt

@@ -1,2 +1 @@
---loose-hashicorp-key-management-cache-timeout=180000
 --loose-hashicorp-key-management-cache-version-timeout=180000

plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_after_recreate.test

@@ -18,7 +18,7 @@
 CREATE TABLE t1 (a VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=4;
 INSERT INTO t1 VALUES ('foo'),('bar');
 
-select @@hashicorp_key_management_caching_enabled, @@hashicorp_key_management_cache_timeout;
+select @@hashicorp_key_management_caching_enabled;
 
 --exec vault secrets disable bug > /dev/null
 --exec vault secrets enable -path /bug -version=2 kv > /dev/null

plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_timeout_update.opt

@@ -1,2 +1 @@
---loose-hashicorp-key-management-cache-timeout=180000
 --loose-hashicorp-key-management-cache-version-timeout=0

plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_cache_timeout_update.test

@@ -3,21 +3,16 @@
 --source hashicorp_plugin.inc
 --source hashicorp_init.inc
 
---let $ct=`SELECT @@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT`
 --let $vt=`SELECT @@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT`
 
 SELECT
-  @@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT,
-  @@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT;
+  @@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT;
 SET GLOBAL
-  HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT= 1,
-  HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT= 1;
+  HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT= 1;
 SELECT
-  @@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT,
-  @@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT;
---eval SET GLOBAL HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT=$vt, HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT=$ct
+  @@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT;
+--eval SET GLOBAL HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT=$vt
 SELECT
-  @@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT,
-  @@HASHICORP_KEY_MANAGEMENT_CACHE_TIMEOUT;
+  @@HASHICORP_KEY_MANAGEMENT_CACHE_VERSION_TIMEOUT;
 
 --source hashicorp_deinit.inc