Do the rotate-root query without prepared statements, as we do for create/revoke user. Fixes #6116. (#6119)

2025-11-01 02:57:59 +00:00 · 2019-02-05 16:02:48 -05:00
parent 20423f7082
commit 78edbf6d1f
1 changed files with 7 additions and 6 deletions
--- a/plugins/database/mysql/mysql.go
+++ b/plugins/database/mysql/mysql.go
@@ -10,7 +10,6 @@ import (
 	stdmysql "github.com/go-sql-driver/mysql"
 	"github.com/hashicorp/vault/api"
 	"github.com/hashicorp/vault/builtin/logical/database/dbplugin"
-	"github.com/hashicorp/vault/helper/dbtxn"
 	"github.com/hashicorp/vault/helper/strutil"
 	"github.com/hashicorp/vault/plugins"
 	"github.com/hashicorp/vault/plugins/helper/database/connutil"
@@ -294,11 +293,13 @@ func (m *MySQL) RotateRootCredentials(ctx context.Context, statements []string)
 				continue
 			}

-			m := map[string]string{
-				"username": m.Username,
-				"password": password,
-			}
-			if err := dbtxn.ExecuteTxQuery(ctx, tx, m, query); err != nil {
+			// This is not a prepared statement because not all commands are supported
+			// 1295: This command is not supported in the prepared statement protocol yet
+			// Reference https://mariadb.com/kb/en/mariadb/prepare-statement/
+			query = strings.Replace(query, "{{username}}", m.Username, -1)
+			query = strings.Replace(query, "{{password}}", password, -1)
+
+			if _, err := tx.ExecContext(ctx, query); err != nil {
 				return nil, err
 			}
 		}