mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-02-09 23:24:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/suite/encryption/t/key_version_rotation.test
Thirunarayanan Balathandayuthapani 8c7d8b716c MDEV-14180 Automatically disable key rotation checks for file_key_managment plugin 
Problem:
=======
- InnoDB iterates the fil_system space list to encrypt the
tablespace in case of key rotation. But it is not
necessary for any encryption plugin which doesn't do
key version rotation.

Solution:
=========
- Introduce a new variable called srv_encrypt_rotate to
indicate whether encryption plugin does key rotation

fil_space_crypt_t::key_get_latest_version(): Enable the
srv_encrypt_rotate only once if current key version is
higher than innodb_encyrption_rotate_key_age

fil_crypt_must_default_encrypt(): Default encryption tables
should be added to default_encryp_tables list if
innodb_encyrption_rotate_key_age is zero and encryption
plugin doesn't do key version rotation

fil_space_create(): Add the newly created space to
default_encrypt_tables list if
fil_crypt_must_default_encrypt() returns true

Removed the nondeterministic select from
innodb-key-rotation-disable test. By default,
InnoDB adds the tablespace to the rotation list and
background crypt thread does encryption of tablespace.
So these select doesn't give reliable results.
2021-06-15 13:15:32 +05:30

41 lines
1.7 KiB
Text
Raw Permalink Blame History

--source include/have_innodb.inc
--source include/have_debug.inc
--source include/have_sequence.inc
create table t1(f1 int not null)engine=innodb;
create table t2(f1 int not null)engine=innodb;
insert into t1 select * from seq_1_to_100;
insert into t2 select * from seq_1_to_100;
let $restart_parameters=--innodb_encrypt_tables=0 --innodb_encryption_threads=1 --innodb_encryption_rotate_key_age=9;
--source include/restart_mysqld.inc
--echo # Enable encryption
set global innodb_encrypt_tables=ON;
--let $tables_count= `select count(*) from information_schema.tables where engine = 'InnoDB'`
--let $wait_timeout= 600
--let $wait_condition=SELECT COUNT(*) >= $tables_count FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
--echo # Create a new table and it is added to rotation list
create table t3(f1 int not null)engine=innodb;
insert into t3 select * from seq_1_to_100;
--echo # Increase the version and it should set rotation
--echo # variable for the encryption plugin
set global debug_key_management_version=10;
select @@debug_key_management_version;
--let $tables_count= `select count(*) from information_schema.tables where engine = 'InnoDB'`
--let $wait_timeout= 600
--let $wait_condition=SELECT COUNT(*) >= $tables_count FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
--source include/wait_condition.inc
--echo # Decrease the key version and Disable the encryption
set global debug_key_management_version=1;
set global innodb_encrypt_tables=off;
--let $wait_timeout= 600
--let $wait_condition=SELECT COUNT(*) >= $tables_count FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
--source include/wait_condition.inc
DROP TABLE t1, t2, t3;
Reference in a new issue View git blame Copy permalink