Increase column width of vault_key on mysql

[drawks]

• resolves The default schema used in the mysql backend is insufficient for KVv2 storage The default schema used in the mysql backend is insufficient for KVv2 storage #14114
• increases column width of vault_key from 512 to 3072 in mysql physical backend

As noted in #14114 the vault_key column is too narrow in the default schema. This fix will fix new installations, existing installations will still need to modify their schema in place.

[hsimon-hashicorp]

Thanks, @drawks! Can you also add a changelog entry? :)

[ccapurso]

Hi, @drawks. Thank you for the contribution! The increased width of 3072 is a reasonable change given how MySQL allocates for VARBINARY columns. Is the new width necessary or is it an attempt to provide so much headroom to completely avoid the issue?

[drawks]

@ccapurso 3072 is just the max width for that column type. AFAICT the actual data width of the column is not logically bounded and increases relative to the number of "directory parts" of the key. In my use case a width of ~600 is sufficient, but I imagine there are others with arbitrarily deep paths in their kv stores and an upgrade from KVv1 to KVv2 is not recoverable if the column is too narrow so I just opted for the maximum width.

[ccapurso]

Great, thanks for the context!

[ccapurso]

This looks good overall, just one comment on the changelog entry which needs to be addressed prior to merging.

[ccapurso]

Looks good! I will merge once CircleCI checks pass.

[ypid-work]

existing installations will still need to modify their schema in place.

In that case there should be either:

• A database migration script that does this change for existing setups.
• Mentioned in the changelog/upgrade guide that the following needs to be executed:

ALTER TABLE `vault` CHANGE `vault_key` `vault_key` VARBINARY(3072) NOT NULL;

I am not that familiar with Vault but that is how other projects do it. If I miss something please excuse me and feel free to educate me.