mirror of
https://github.com/MariaDB/server.git
synced 2025-01-27 01:04:19 +01:00
0cf39f401c
Analysis: Problem sees to be the fact that we allow creating or altering table to use encryption_key_id that does not exists in case where original table is not encrypted currently. Secondly we should not do key rotation to tables that are not encrypted or tablespaces that can't be found from tablespace cache. Fix: Do not allow creating unencrypted table with nondefault encryption key and do not rotate tablespaces that are not encrypted (FIL_SPACE_ENCRYPTION_OFF) or can't be found from tablespace cache.
108 lines
3.6 KiB
Text
108 lines
3.6 KiB
Text
-- source include/have_innodb.inc
|
|
-- source include/have_example_key_management_plugin.inc
|
|
|
|
# embedded does not support restart
|
|
-- source include/not_embedded.inc
|
|
|
|
#
|
|
# MDEV-8138: strange results from encrypt-and-grep test
|
|
#
|
|
--let $MYSQLD_DATADIR=`select @@datadir`
|
|
--let ib1_IBD = $MYSQLD_DATADIR/ibdata1
|
|
--let t1_IBD = $MYSQLD_DATADIR/test/t1.ibd
|
|
--let t2_IBD = $MYSQLD_DATADIR/test/t2.ibd
|
|
--let t3_IBD = $MYSQLD_DATADIR/test/t3.ibd
|
|
--let SEARCH_RANGE = 10000000
|
|
--let SEARCH_PATTERN=foobar
|
|
|
|
SET GLOBAL innodb_file_per_table = ON;
|
|
|
|
create table t1 (a varchar(255)) engine=innodb encrypted=yes;
|
|
create table t2 (a varchar(255)) engine=innodb;
|
|
create table t3 (a varchar(255)) engine=innodb encrypted=no;
|
|
|
|
insert t1 values (repeat('foobar', 42));
|
|
insert t2 values (repeat('temp', 42));
|
|
insert t3 values (repeat('dummy', 42));
|
|
|
|
--echo # Wait max 10 min for key encryption threads to encrypt all spaces
|
|
--let $wait_timeout= 600
|
|
--let $wait_condition=SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0
|
|
--source include/wait_condition.inc
|
|
|
|
--sleep 5
|
|
|
|
--let SEARCH_PATTERN=foobar
|
|
--echo # t1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$t1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--let SEARCH_PATTERN=temp
|
|
--echo # t2 ... on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$t2_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--let SEARCH_PATTERN=dummy
|
|
--echo # t3 no on expecting FOUND
|
|
-- let SEARCH_FILE=$t3_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--let SEARCH_PATTERN=foobar
|
|
--echo # ibdata1 expecting NOT FOUND
|
|
-- let SEARCH_FILE=$ib1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
|
|
--echo # Now turn off encryption and wait for threads to decrypt everything
|
|
SET GLOBAL innodb_encryption_threads = 4;
|
|
SET GLOBAL innodb_encrypt_tables = off;
|
|
|
|
--echo # Wait max 10 min for key encryption threads to decrypt all spaces
|
|
--let $wait_timeout= 600
|
|
--let $wait_condition=SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
|
|
--source include/wait_condition.inc
|
|
--sleep 5
|
|
|
|
--let SEARCH_PATTERN=foobar
|
|
--echo # t1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$t1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--let SEARCH_PATTERN=temp
|
|
--echo # t2 ... on expecting FOUND
|
|
-- let SEARCH_FILE=$t2_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--let SEARCH_PATTERN=dummy
|
|
--echo # t3 no on expecting FOUND
|
|
-- let SEARCH_FILE=$t3_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--let SEARCH_PATTERN=foobar
|
|
--echo # ibdata1 expecting NOT FOUND
|
|
-- let SEARCH_FILE=$ib1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
|
|
--echo # Now turn on encryption and wait for threads to encrypt all spaces
|
|
SET GLOBAL innodb_encryption_threads = 4;
|
|
SET GLOBAL innodb_encrypt_tables = on;
|
|
|
|
--echo # Wait max 10 min for key encryption threads to encrypt all spaces
|
|
--let $wait_timeout= 600
|
|
--let $wait_condition=SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
|
|
--source include/wait_condition.inc
|
|
--sleep 5
|
|
|
|
--let SEARCH_PATTERN=foobar
|
|
--echo # t1 yes on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$t1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--let SEARCH_PATTERN=temp
|
|
--echo # t2 ... on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$t2_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--let SEARCH_PATTERN=dummy
|
|
--echo # t3 no on expecting FOUND
|
|
-- let SEARCH_FILE=$t3_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
--let SEARCH_PATTERN=foobar
|
|
--echo # ibdata1 expecting NOT FOUND
|
|
-- let SEARCH_FILE=$ib1_IBD
|
|
-- source include/search_pattern_in_file.inc
|
|
|
|
--echo # TODO: add shutdown + grep tests
|
|
|
|
drop table t1, t2, t3;
|