The database is still accessible after the lease expires

[q1979635364]

Describe the bug If the rental user is already logged in to MySQL, they can still work with the MySQL database after the expiration date.

To Reproduce Steps to reproduce the behavior:

1. Run vault secrets enable database
2. Run vault write database/config/my-mysql-database plugin_name=mysql-database-plugin connection_url="{{username}}:{{password}}@tcp(127.0.0.1:3306)/" allowed_roles="my-role" username="vault" password="123456" 3.Run vault write database/roles/my-role db_name=my-mysql-database creation_statements="CREATE USER '{{name}}'@'%' IDENTIFIED BY '{{password}}';GRANT SELECT ON *.* TO '{{name}}'@'%';" default_ttl="20s" max_ttl="24h" Success! Data written to: database/roles/my-role.
3. Run vault read database/creds/my-role. Got the username and password.
4. Run mysql -hlocalhost -p<password> -u<username>.
5. Wait for 20s.
6. You can still do the query in the session established in step 5. For example Run use mysql; select user from user;

The user has been deleted, but the database can still be manipulated, which is not in line with Vault's design philosophy. It would be nice if you could delete the MySQL Session at the same time as you delete the lease data.

Expected behavior A clear and concise description of what you expected to happen.

Environment:

• Vault Server Version (retrieve with vault status):

  Key                     Value
  ---                     -----
  Seal Type               shamir
  Initialized             true
  Sealed                  false
  Total Shares            5
  Threshold               3
  Version                 1.6.1
  Storage Type            raft
  Cluster Name            vault-cluster-5816945e
  Cluster ID              4a229188-a454-aebd-e4a1-06c9c24930b8
  HA Enabled              true
  HA Cluster              https://127.0.0.1:8201
  HA Mode                 active
  Raft Committed Index    400
  Raft Applied Index      400

• Vault CLI Version (retrieve with vault version):

  Vault v1.6.1 (6d2db3f033e02e70202bef9ec896360062b88b03)

• Server Operating System/Architecture:

Vault server configuration file(s):

storage "raft" {
  path    = "./vault/data"
  node_id = "node1"
}

listener "tcp" {
  address     = "127.0.0.1:8200"
  tls_disable = 1
}

api_addr = "https://127.0.0.1:8200"
cluster_addr = "https://127.0.0.1:8201"
ui = true

[UmedJadhav]

Hi team, I have been exploring vault source code for a while for my work and would love to pick this issue up. Let me know if there are any pre requisites on how to get started with this ?