Skip to content

Commit 3f5aedc

Browse files
vaintroubvaintroub
committed
MDEV-10847 Bring AWS KMS encryption plugin up-to-date with released SDK
- Library path's are different now - New dependency on Linux libuuid - Add calls for SDK Initialization/shutdown - Also add request_timeout parameter, default SDK HTTPs timeout appears to be too short in my tests
1 parent f1aefd9 commit 3f5aedc

File tree

2 files changed

+57
-34
lines changed

2 files changed

+57
-34
lines changed

plugin/aws_key_management/CMakeLists.txt

Lines changed: 25 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
# are
44

55
# - OS : Windows,Linux or OSX
6-
# - C++11 compiler : VS2013+, gcc 4.7+, clang 3.3+
6+
# - C++11 compiler : VS2013+, gcc 4.8+, clang 3.3+
77
# - libcurl development package needs to be present on Unixes
88
#
99
# If we build SDK outselves, we'll need require GIT to be present on the build machine
@@ -13,7 +13,10 @@
1313
# or if plugin is explicitely requested to build. Then bail out.
1414
MACRO(SKIP_AWS_PLUGIN msg)
1515
IF(VERBOSE OR "${PLUGIN_AWS_KEY_MANAGEMENT}" MATCHES "^(STATIC|DYNAMIC)$")
16-
MESSAGE(STATUS "Skip aws_key_management - ${msg}")
16+
MESSAGE(STATUS "Can't build aws_key_management - ${msg}")
17+
ENDIF()
18+
IF(TARGET aws_key_management)
19+
MESSAGE(FATAL_ERROR "Error configuring aws_key_management - aborting")
1720
ENDIF()
1821
RETURN()
1922
ENDMACRO()
@@ -27,7 +30,7 @@ ENDIF()
2730

2831
# This plugin needs recent C++ compilers (AWS C++ SDK header files are using C++11 features)
2932
SET(CXX11_FLAGS)
30-
SET(OLD_COMPILER_MSG "AWS SDK requires c++11 -capable compiler (minimal supported versions are g++ 4.7, clang 3.3, VS2103)")
33+
SET(OLD_COMPILER_MSG "AWS SDK requires c++11 -capable compiler (minimal supported versions are g++ 4.8, clang 3.3, VS2103)")
3134

3235
IF(CMAKE_CXX_COMPILER_ID MATCHES "GNU")
3336
EXECUTE_PROCESS(COMMAND ${CMAKE_CXX_COMPILER} -dumpversion OUTPUT_VARIABLE GCC_VERSION)
@@ -54,26 +57,6 @@ IF (NOT(WIN32 OR APPLE OR (CMAKE_SYSTEM_NAME MATCHES "Linux")))
5457
ENDIF()
5558

5659

57-
# Figure out where AWS installs SDK libraries
58-
# The below is defined in AWS SDK's CMakeLists.txt
59-
# (and their handling is weird, every OS has special install directory)
60-
IF(WIN32)
61-
SET(SDK_INSTALL_BINARY_PREFIX "windows")
62-
ELSEIF(APPLE)
63-
SET(SDK_INSTALL_BINARY_PREFIX "mac")
64-
ELSEIF(UNIX)
65-
SET(SDK_INSTALL_BINARY_PREFIX "linux")
66-
ENDIF()
67-
IF(NOT APPLE)
68-
IF(CMAKE_SIZEOF_VOID_P EQUAL 8)
69-
SET(SDK_INSTALL_BINARY_PREFIX "${SDK_INSTALL_BINARY_PREFIX}/intel64")
70-
ELSE()
71-
SET(SDK_INSTALL_BINARY_PREFIX "${SDK_INSTALL_BINARY_PREFIX}/ia32")
72-
ENDIF()
73-
ENDIF()
74-
IF(CMAKE_CONFIGURATION_TYPES)
75-
SET(SDK_INSTALL_BINARY_PREFIX "${SDK_INSTALL_BINARY_PREFIX}/${CMAKE_CFG_INTDIR}")
76-
ENDIF()
7760

7861
FIND_LIBRARY(AWS_CPP_SDK_CORE NAMES aws-cpp-sdk-core PATH_SUFFIXES "${SDK_INSTALL_BINARY_PREFIX}")
7962
FIND_LIBRARY(AWS_CPP_SDK_KMS NAMES aws-cpp-sdk-core PATH_SUFFIXES "${SDK_INSTALL_BINARY_PREFIX}")
@@ -99,26 +82,35 @@ ELSE()
9982
SKIP_AWS_PLUGIN("AWS C++ SDK requires libcurl development package")
10083
ENDIF()
10184
SET(PIC_FLAG -fPIC)
85+
FIND_PATH(UUID_INCLUDE_DIR uuid/uuid.h)
86+
IF(NOT UUID_INCLUDE_DIR)
87+
SKIP_AWS_PLUGIN("AWS C++ SDK requires uuid development package")
88+
ENDIF()
89+
IF(NOT APPLE)
90+
FIND_LIBRARY(UUID_LIBRARIES uuid)
91+
IF(NOT UUID_LIBRARIES)
92+
SKIP_AWS_PLUGIN("AWS C++ SDK requires uuid development package")
93+
ENDIF()
94+
ENDIF()
10295
ENDIF()
10396
IF(MSVC)
104-
SET(EXTRA_SDK_CMAKE_FLAGS -DCMAKE_CXX_FLAGS_DEBUGOPT="" -DCMAKE_EXE_LINKER_FLAGS_DEBUGOPT="" -DCMAKE_CXX_FLAGS=/wd4592)
97+
SET(EXTRA_SDK_CMAKE_FLAGS -DCMAKE_CXX_FLAGS_DEBUGOPT="" -DCMAKE_EXE_LINKER_FLAGS_DEBUGOPT="" "-DCMAKE_CXX_FLAGS=/wd4530 /WX-")
10598
ENDIF()
10699
IF(CMAKE_CXX_COMPILER)
107100
SET(EXTRA_SDK_CMAKE_FLAGS ${EXTRA_SDK_CMAKE_FLAGS} -DCMAKE_CXX_COMPILER=${CMAKE_CXX_COMPILER})
108101
ENDIF()
109102

110-
# Relax AWS C++ SDK unreasonably high requirements for CMake version. Use replace utility (from MariaDB build)
111-
# to patch their CMakeLists.txt
112103
SET(AWS_SDK_PATCH_COMMAND )
113104
ExternalProject_Add(
114105
aws_sdk_cpp
115106
GIT_REPOSITORY "https://github.com/awslabs/aws-sdk-cpp.git"
116-
GIT_TAG "0.9.6" # single tag
107+
GIT_TAG "1.0.8"
117108
UPDATE_COMMAND ""
118-
PATCH_COMMAND replace 3.1.2 2.8 -- ${CMAKE_BINARY_DIR}/aws-sdk-cpp/CMakeLists.txt
119109
SOURCE_DIR "${CMAKE_BINARY_DIR}/aws-sdk-cpp"
120110
CMAKE_ARGS
121-
-DBUILD_ONLY=aws-cpp-sdk-kms -DSTATIC_LINKING=1
111+
-DBUILD_ONLY=kms
112+
-DBUILD_SHARED_LIBS=OFF
113+
-DFORCE_SHARED_CRT=OFF
122114
"-DCMAKE_CXX_FLAGS_DEBUG=${CMAKE_CXX_FLAGS_DEBUG} ${PIC_FLAG}"
123115
"-DCMAKE_CXX_FLAGS_RELWITHDEBINFO=${CMAKE_CXX_FLAGS_RELWITHDEBINFO} ${PIC_FLAG}"
124116
"-DCMAKE_CXX_FLAGS_RELEASE=${CMAKE_CXX_FLAGS_RELEASE} ${PIC_FLAG}"
@@ -127,18 +119,18 @@ ELSE()
127119
-DCMAKE_INSTALL_PREFIX=${CMAKE_BINARY_DIR}/aws_sdk_cpp
128120
TEST_COMMAND ""
129121
)
130-
122+
SET_TARGET_PROPERTIES(aws_sdk_cpp PROPERTIES EXCLUDE_FROM_ALL TRUE)
131123
# We do not need to build the whole SDK , just 2 of its libs
132124
set(AWS_SDK_LIBS aws-cpp-sdk-core aws-cpp-sdk-kms)
133125
FOREACH(lib ${AWS_SDK_LIBS})
134126
ADD_LIBRARY(${lib} STATIC IMPORTED GLOBAL)
135127
ADD_DEPENDENCIES(${lib} aws_sdk_cpp)
136-
SET(loc "${CMAKE_BINARY_DIR}/aws_sdk_cpp/lib/${SDK_INSTALL_BINARY_PREFIX}/${CMAKE_STATIC_LIBRARY_PREFIX}${lib}${CMAKE_STATIC_LIBRARY_SUFFIX}")
128+
SET(loc "${CMAKE_BINARY_DIR}/aws_sdk_cpp/lib/${CMAKE_STATIC_LIBRARY_PREFIX}${lib}${CMAKE_STATIC_LIBRARY_SUFFIX}")
137129
SET_TARGET_PROPERTIES(${lib} PROPERTIES IMPORTED_LOCATION ${loc})
138130
IF(WIN32)
139131
SET_TARGET_PROPERTIES(${lib} PROPERTIES IMPORTED_LINK_INTERFACE_LIBRARIES "bcrypt;winhttp;wininet;userenv")
140132
ELSE()
141-
SET_TARGET_PROPERTIES(${lib} PROPERTIES IMPORTED_LINK_INTERFACE_LIBRARIES "${SSL_LIBRARIES};${CURL_LIBRARIES}")
133+
SET_TARGET_PROPERTIES(${lib} PROPERTIES IMPORTED_LINK_INTERFACE_LIBRARIES "${SSL_LIBRARIES};${CURL_LIBRARIES};${UUID_LIBRARIES}")
142134
ENDIF()
143135
ENDFOREACH()
144136

@@ -150,5 +142,6 @@ ELSE()
150142
INCLUDE_DIRECTORIES(${CMAKE_BINARY_DIR}/aws_sdk_cpp/include)
151143
ENDIF()
152144

145+
ADD_DEFINITIONS(${SSL_DEFINES}) # Need to know whether openssl should be initialized
153146
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${CXX11_FLAGS}")
154147
TARGET_LINK_LIBRARIES(aws_key_management ${AWS_SDK_LIBS})

plugin/aws_key_management/aws_key_management_plugin.cc

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@
3434
#include <sstream>
3535
#include <fstream>
3636

37+
#include <aws/core/Aws.h>
3738
#include <aws/core/client/AWSError.h>
3839
#include <aws/core/utils/logging/AWSLogging.h>
3940
#include <aws/core/utils/logging/ConsoleLogSystem.h>
@@ -79,6 +80,7 @@ static char* master_key_id;
7980
static unsigned long key_spec;
8081
static unsigned long log_level;
8182
static int rotate_key;
83+
static int request_timeout;
8284

8385
/* AWS functionality*/
8486
static int aws_decrypt_key(const char *path, KEY_INFO *info);
@@ -138,6 +140,7 @@ class MySQLLogSystem : public Aws::Utils::Logging::FormattedLogSystem
138140
}
139141
};
140142

143+
Aws::SDKOptions sdkOptions;
141144

142145
/*
143146
Plugin initialization.
@@ -148,13 +151,30 @@ class MySQLLogSystem : public Aws::Utils::Logging::FormattedLogSystem
148151
static int plugin_init(void *p)
149152
{
150153
DBUG_ENTER("plugin_init");
151-
client = new KMSClient();
154+
155+
#ifdef HAVE_YASSL
156+
sdkOptions.cryptoOptions.initAndCleanupOpenSSL = true;
157+
#else
158+
/* Server initialized OpenSSL already, thus AWS must skip it */
159+
sdkOptions.cryptoOptions.initAndCleanupOpenSSL = false;
160+
#endif
161+
162+
Aws::InitAPI(sdkOptions);
163+
InitializeAWSLogging(Aws::MakeShared<MySQLLogSystem>("aws_key_management_plugin", (Aws::Utils::Logging::LogLevel) log_level));
164+
165+
Aws::Client::ClientConfiguration clientConfiguration;
166+
if (request_timeout)
167+
{
168+
clientConfiguration.requestTimeoutMs= request_timeout;
169+
clientConfiguration.connectTimeoutMs= request_timeout;
170+
}
171+
client = new KMSClient(clientConfiguration);
152172
if (!client)
153173
{
154174
sql_print_error("Can not initialize KMS client");
155175
DBUG_RETURN(-1);
156176
}
157-
InitializeAWSLogging(Aws::MakeShared<MySQLLogSystem>("aws_key_management_plugin", (Aws::Utils::Logging::LogLevel) log_level));
177+
158178
#ifdef HAVE_PSI_INTERFACE
159179
mysql_mutex_register("aws_key_management", &mtx_info, 1);
160180
#endif
@@ -189,6 +209,8 @@ static int plugin_deinit(void *p)
189209
mysql_mutex_destroy(&mtx);
190210
delete client;
191211
ShutdownAWSLogging();
212+
213+
Aws::ShutdownAPI(sdkOptions);
192214
DBUG_RETURN(0);
193215
}
194216

@@ -557,11 +579,19 @@ static MYSQL_SYSVAR_INT(rotate_key, rotate_key,
557579
"Set this variable to key id to perform rotation of the key. Specify -1 to rotate all keys",
558580
NULL, update_rotate, 0, -1, INT_MAX, 1);
559581

582+
583+
static MYSQL_SYSVAR_INT(request_timeout, request_timeout,
584+
PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY,
585+
"Timeout in milliseconds for create HTTPS connection or execute AWS request. Specify 0 to use SDK default.",
586+
NULL, NULL, 0, 0, INT_MAX, 1);
587+
588+
560589
static struct st_mysql_sys_var* settings[]= {
561590
MYSQL_SYSVAR(master_key_id),
562591
MYSQL_SYSVAR(key_spec),
563592
MYSQL_SYSVAR(rotate_key),
564593
MYSQL_SYSVAR(log_level),
594+
MYSQL_SYSVAR(request_timeout),
565595
NULL
566596
};
567597

0 commit comments

Comments
 (0)