Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Require vault access token to always be in file #378

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 4, 2025
Merged

Require vault access token to always be in file #378

merged 2 commits into from
Jun 4, 2025

Conversation

dAdAbird
Copy link
Member

@dAdAbird dAdAbird commented May 30, 2025
edited
Loading

Before this PR, we allowed for the access token for the Vault key provider to be specified directly in the argument of SQL functions. And that's a security issue.

After this PR, the access token must always be in a file, and SQL functions accept a path to that file.

It also removes the support for external fields from the key provider options parser. The JSON parser now accepts only one-dimensional documents, with option values that must be scalars. Any data extraction and other now should be done by callers.

Fixes PG-1477, PG-1589

jeltz
jeltz requested changes May 30, 2025
View reviewed changes
@codecov-commenter
Copy link

codecov-commenter commented Jun 3, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 80.55556% with 7 lines in your changes missing coverage. Please review.

Project coverage is 85.23%. Comparing base (ad8a0f0) to head (4a218cf).
Report is 1 commits behind head on TDE_REL_17_STABLE.

❌ Your project status has failed because the head coverage (85.23%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files 
@@                  Coverage Diff                  @@
##           TDE_REL_17_STABLE     #378      +/-   ##
=====================================================
- Coverage              85.39%   85.23%   -0.17%     
=====================================================
  Files                     22       22              
  Lines                   2602     2533      -69     
  Branches                 393      384       -9     
=====================================================
- Hits                    2222     2159      -63     
+ Misses                   304      300       -4     
+ Partials                  76       74       -2
Components Coverage Δ
access 84.20% <ø> (ø)
catalog 87.95% <79.41%> (-0.26%) ⬇️
common 91.80% <ø> (ø)
encryption 73.45% <ø> (ø)
keyring 72.00% <ø> (ø)
src 91.40% <100.00%> (ø)
smgr 97.41% <ø> (ø)
transam ∅ <ø> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dAdAbird dAdAbird requested review from jeltz and Andriciuc June 3, 2025 15:42
@AndersAstrand
Copy link
Collaborator

AndersAstrand commented Jun 4, 2025
edited
Loading

I love this PR! Getting rid of unnecessary features this close to release feels amazing 🎉

Do we need to rename unrelated tests though? I think I'd prefer to just leave the holes in the sequence over changing the filenames of them.

EDIT: Because commit archaeology gets harder when they're renamed unnecessarily.

@Andriciuc
Copy link
Collaborator

Changes approved from docs side, thank you for the replies!

@dAdAbird dAdAbird merged commit 75aad06 into percona:TDE_REL_17_STABLE Jun 4, 2025
16 checks passed
@dAdAbird dAdAbird deleted the no_vault_token branch June 5, 2025 08:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeltz jeltz jeltz approved these changes

@Andriciuc Andriciuc Andriciuc approved these changes

@nastena1606 nastena1606 Awaiting requested review from nastena1606 nastena1606 is a code owner

@dutow dutow Awaiting requested review from dutow dutow is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dAdAbird @codecov-commenter @AndersAstrand @Andriciuc @jeltz @dutow