mirror of
https://github.com/postgres/postgres.git
synced 2025-06-14 00:01:55 -04:00
Removing the pg_tde_global enum
As this causes issues with overload resolution, this commit instead separates global and local key handling into differently named functions. From now on, functions that deal with global keys have "global" in the name.
This commit is contained in:
parent
747d93f039
commit
0a451edbcc
@ -1,6 +1,6 @@
|
||||
CREATE EXTENSION IF NOT EXISTS pg_tde;
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'reg_file-global', '/tmp/pg_tde_test_keyring.per');
|
||||
SELECT pg_tde_set_server_principal_key('global-principal-key', 'PG_TDE_GLOBAL', 'reg_file-global');
|
||||
SELECT pg_tde_add_global_key_provider_file('reg_file-global', '/tmp/pg_tde_test_keyring.per');
|
||||
SELECT pg_tde_set_server_principal_key('global-principal-key', 'reg_file-global');
|
||||
SELECT pg_tde_create_wal_key();
|
||||
ALTER SYSTEM SET pg_tde.wal_encrypt = on;
|
||||
ALTER SYSTEM SET default_table_access_method = 'tde_heap';
|
||||
|
@ -963,13 +963,12 @@ SELECT abs(cube_distance(ll_to_earth(-30,-90), '(0)'::cube) / earth() - 1) <
|
||||
--
|
||||
-- list what's installed
|
||||
\dT
|
||||
List of data types
|
||||
Schema | Name | Description
|
||||
--------+---------------+---------------------------------------------------------------------------------------------
|
||||
public | cube | multi-dimensional cube '(FLOAT-1, FLOAT-2, ..., FLOAT-N), (FLOAT-1, FLOAT-2, ..., FLOAT-N)'
|
||||
public | earth |
|
||||
public | pg_tde_global |
|
||||
(3 rows)
|
||||
List of data types
|
||||
Schema | Name | Description
|
||||
--------+-------+---------------------------------------------------------------------------------------------
|
||||
public | cube | multi-dimensional cube '(FLOAT-1, FLOAT-2, ..., FLOAT-N), (FLOAT-1, FLOAT-2, ..., FLOAT-N)'
|
||||
public | earth |
|
||||
(2 rows)
|
||||
|
||||
drop extension cube; -- fail, earthdistance requires it
|
||||
ERROR: cannot drop extension cube because other objects depend on it
|
||||
@ -981,12 +980,11 @@ ERROR: cannot drop type cube because extension cube requires it
|
||||
HINT: You can drop extension cube instead.
|
||||
-- list what's installed
|
||||
\dT
|
||||
List of data types
|
||||
Schema | Name | Description
|
||||
--------+---------------+---------------------------------------------------------------------------------------------
|
||||
public | cube | multi-dimensional cube '(FLOAT-1, FLOAT-2, ..., FLOAT-N), (FLOAT-1, FLOAT-2, ..., FLOAT-N)'
|
||||
public | pg_tde_global |
|
||||
(2 rows)
|
||||
List of data types
|
||||
Schema | Name | Description
|
||||
--------+------+---------------------------------------------------------------------------------------------
|
||||
public | cube | multi-dimensional cube '(FLOAT-1, FLOAT-2, ..., FLOAT-N), (FLOAT-1, FLOAT-2, ..., FLOAT-N)'
|
||||
(1 row)
|
||||
|
||||
create table foo (f1 cube, f2 int);
|
||||
drop extension cube; -- fail, foo.f1 requires it
|
||||
@ -997,73 +995,72 @@ drop table foo;
|
||||
drop extension cube;
|
||||
-- list what's installed
|
||||
\dT
|
||||
List of data types
|
||||
Schema | Name | Description
|
||||
--------+---------------+-------------
|
||||
public | pg_tde_global |
|
||||
(1 row)
|
||||
List of data types
|
||||
Schema | Name | Description
|
||||
--------+------+-------------
|
||||
(0 rows)
|
||||
|
||||
\df
|
||||
List of functions
|
||||
Schema | Name | Result data type | Argument data types | Type
|
||||
--------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+------
|
||||
public | pg_tde_add_key_provider | integer | pg_tde_global, provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_key_provider | integer | pg_tde_global, provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_create_wal_key | boolean | | func
|
||||
public | pg_tde_ddl_command_end_capture | event_trigger | | func
|
||||
public | pg_tde_ddl_command_start_capture | event_trigger | | func
|
||||
public | pg_tde_delete_key_provider | void | pg_tde_global, provider_name character varying | func
|
||||
public | pg_tde_delete_key_provider | void | provider_name character varying | func
|
||||
public | pg_tde_extension_initialize | void | | func
|
||||
public | pg_tde_grant_global_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_grant_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_key_viewer_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_local_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_internal_has_key | boolean | oid oid | func
|
||||
public | pg_tde_is_encrypted | boolean | table_name character varying | func
|
||||
public | pg_tde_list_all_key_providers | SETOF record | OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_list_all_key_providers | SETOF record | pg_tde_global, OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | | func
|
||||
public | pg_tde_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | pg_tde_global | func
|
||||
public | pg_tde_revoke_global_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_grant_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_key_viewer_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_local_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_set_default_principal_key | boolean | principal_key_name character varying, pg_tde_global, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_principal_key | boolean | principal_key_name character varying, pg_tde_global, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_server_principal_key | boolean | principal_key_name character varying, pg_tde_global, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_verify_global_principal_key | void | | func
|
||||
public | pg_tde_verify_principal_key | void | | func
|
||||
public | pg_tde_version | text | | func
|
||||
public | pg_tdeam_basic_handler | table_am_handler | internal | func
|
||||
public | pg_tdeam_handler | table_am_handler | internal | func
|
||||
List of functions
|
||||
Schema | Name | Result data type | Argument data types | Type
|
||||
--------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+------
|
||||
public | pg_tde_add_global_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_global_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_global_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_global_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_global_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_add_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_global_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_global_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_global_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_global_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_global_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_create_wal_key | boolean | | func
|
||||
public | pg_tde_ddl_command_end_capture | event_trigger | | func
|
||||
public | pg_tde_ddl_command_start_capture | event_trigger | | func
|
||||
public | pg_tde_delete_global_key_provider | void | provider_name character varying | func
|
||||
public | pg_tde_delete_key_provider | void | provider_name character varying | func
|
||||
public | pg_tde_extension_initialize | void | | func
|
||||
public | pg_tde_global_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | | func
|
||||
public | pg_tde_grant_global_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_grant_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_key_viewer_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_local_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_internal_has_key | boolean | oid oid | func
|
||||
public | pg_tde_is_encrypted | boolean | table_name character varying | func
|
||||
public | pg_tde_list_all_global_key_providers | SETOF record | OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_list_all_key_providers | SETOF record | OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | | func
|
||||
public | pg_tde_revoke_global_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_grant_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_key_viewer_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_local_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_set_default_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_global_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_server_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_verify_global_principal_key | void | | func
|
||||
public | pg_tde_verify_principal_key | void | | func
|
||||
public | pg_tde_version | text | | func
|
||||
public | pg_tdeam_basic_handler | table_am_handler | internal | func
|
||||
public | pg_tdeam_handler | table_am_handler | internal | func
|
||||
(57 rows)
|
||||
|
||||
\do
|
||||
@ -1076,73 +1073,72 @@ create schema c;
|
||||
create extension cube with schema c;
|
||||
-- list what's installed
|
||||
\dT public.*
|
||||
List of data types
|
||||
Schema | Name | Description
|
||||
--------+---------------+-------------
|
||||
public | pg_tde_global |
|
||||
(1 row)
|
||||
List of data types
|
||||
Schema | Name | Description
|
||||
--------+------+-------------
|
||||
(0 rows)
|
||||
|
||||
\df public.*
|
||||
List of functions
|
||||
Schema | Name | Result data type | Argument data types | Type
|
||||
--------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+------
|
||||
public | pg_tde_add_key_provider | integer | pg_tde_global, provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_key_provider | integer | pg_tde_global, provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_create_wal_key | boolean | | func
|
||||
public | pg_tde_ddl_command_end_capture | event_trigger | | func
|
||||
public | pg_tde_ddl_command_start_capture | event_trigger | | func
|
||||
public | pg_tde_delete_key_provider | void | pg_tde_global, provider_name character varying | func
|
||||
public | pg_tde_delete_key_provider | void | provider_name character varying | func
|
||||
public | pg_tde_extension_initialize | void | | func
|
||||
public | pg_tde_grant_global_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_grant_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_key_viewer_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_local_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_internal_has_key | boolean | oid oid | func
|
||||
public | pg_tde_is_encrypted | boolean | table_name character varying | func
|
||||
public | pg_tde_list_all_key_providers | SETOF record | OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_list_all_key_providers | SETOF record | pg_tde_global, OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | | func
|
||||
public | pg_tde_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | pg_tde_global | func
|
||||
public | pg_tde_revoke_global_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_grant_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_key_viewer_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_local_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_set_default_principal_key | boolean | principal_key_name character varying, pg_tde_global, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_principal_key | boolean | principal_key_name character varying, pg_tde_global, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_server_principal_key | boolean | principal_key_name character varying, pg_tde_global, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_verify_global_principal_key | void | | func
|
||||
public | pg_tde_verify_principal_key | void | | func
|
||||
public | pg_tde_version | text | | func
|
||||
public | pg_tdeam_basic_handler | table_am_handler | internal | func
|
||||
public | pg_tdeam_handler | table_am_handler | internal | func
|
||||
List of functions
|
||||
Schema | Name | Result data type | Argument data types | Type
|
||||
--------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+------
|
||||
public | pg_tde_add_global_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_global_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_global_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_global_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_global_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_add_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_global_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_global_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_global_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_global_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_global_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_create_wal_key | boolean | | func
|
||||
public | pg_tde_ddl_command_end_capture | event_trigger | | func
|
||||
public | pg_tde_ddl_command_start_capture | event_trigger | | func
|
||||
public | pg_tde_delete_global_key_provider | void | provider_name character varying | func
|
||||
public | pg_tde_delete_key_provider | void | provider_name character varying | func
|
||||
public | pg_tde_extension_initialize | void | | func
|
||||
public | pg_tde_global_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | | func
|
||||
public | pg_tde_grant_global_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_grant_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_key_viewer_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_local_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_internal_has_key | boolean | oid oid | func
|
||||
public | pg_tde_is_encrypted | boolean | table_name character varying | func
|
||||
public | pg_tde_list_all_global_key_providers | SETOF record | OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_list_all_key_providers | SETOF record | OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | | func
|
||||
public | pg_tde_revoke_global_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_grant_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_key_viewer_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_local_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_set_default_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_global_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_server_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_verify_global_principal_key | void | | func
|
||||
public | pg_tde_verify_principal_key | void | | func
|
||||
public | pg_tde_version | text | | func
|
||||
public | pg_tdeam_basic_handler | table_am_handler | internal | func
|
||||
public | pg_tdeam_handler | table_am_handler | internal | func
|
||||
(57 rows)
|
||||
|
||||
\do public.*
|
||||
@ -1178,73 +1174,72 @@ NOTICE: drop cascades to column f1 of table foo
|
||||
|
||||
-- list what's installed
|
||||
\dT public.*
|
||||
List of data types
|
||||
Schema | Name | Description
|
||||
--------+---------------+-------------
|
||||
public | pg_tde_global |
|
||||
(1 row)
|
||||
List of data types
|
||||
Schema | Name | Description
|
||||
--------+------+-------------
|
||||
(0 rows)
|
||||
|
||||
\df public.*
|
||||
List of functions
|
||||
Schema | Name | Result data type | Argument data types | Type
|
||||
--------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------+------
|
||||
public | pg_tde_add_key_provider | integer | pg_tde_global, provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_key_provider | integer | pg_tde_global, provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_key_provider_file | integer | pg_tde_global, provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | pg_tde_global, provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | pg_tde_global, provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_create_wal_key | boolean | | func
|
||||
public | pg_tde_ddl_command_end_capture | event_trigger | | func
|
||||
public | pg_tde_ddl_command_start_capture | event_trigger | | func
|
||||
public | pg_tde_delete_key_provider | void | pg_tde_global, provider_name character varying | func
|
||||
public | pg_tde_delete_key_provider | void | provider_name character varying | func
|
||||
public | pg_tde_extension_initialize | void | | func
|
||||
public | pg_tde_grant_global_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_grant_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_key_viewer_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_local_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_internal_has_key | boolean | oid oid | func
|
||||
public | pg_tde_is_encrypted | boolean | table_name character varying | func
|
||||
public | pg_tde_list_all_key_providers | SETOF record | OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_list_all_key_providers | SETOF record | pg_tde_global, OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | | func
|
||||
public | pg_tde_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | pg_tde_global | func
|
||||
public | pg_tde_revoke_global_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_grant_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_key_viewer_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_local_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_set_default_principal_key | boolean | principal_key_name character varying, pg_tde_global, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_principal_key | boolean | principal_key_name character varying, pg_tde_global, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_server_principal_key | boolean | principal_key_name character varying, pg_tde_global, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_verify_global_principal_key | void | | func
|
||||
public | pg_tde_verify_principal_key | void | | func
|
||||
public | pg_tde_version | text | | func
|
||||
public | pg_tdeam_basic_handler | table_am_handler | internal | func
|
||||
public | pg_tdeam_handler | table_am_handler | internal | func
|
||||
List of functions
|
||||
Schema | Name | Result data type | Argument data types | Type
|
||||
--------+-----------------------------------------------+------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------+------
|
||||
public | pg_tde_add_global_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_global_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_global_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_global_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_global_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_add_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_add_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_add_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_add_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_global_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_global_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_global_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_global_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_global_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_global_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_change_key_provider | integer | provider_type character varying, provider_name character varying, options json | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path json | func
|
||||
public | pg_tde_change_key_provider_file | integer | provider_name character varying, file_path text | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host json, kmip_port json, kmip_ca_path json, kmip_cert_path json | func
|
||||
public | pg_tde_change_key_provider_kmip | integer | provider_name character varying, kmip_host text, kmip_port integer, kmip_ca_path text, kmip_cert_path text | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token json, vault_url json, vault_mount_path json, vault_ca_path json | func
|
||||
public | pg_tde_change_key_provider_vault_v2 | integer | provider_name character varying, vault_token text, vault_url text, vault_mount_path text, vault_ca_path text | func
|
||||
public | pg_tde_create_wal_key | boolean | | func
|
||||
public | pg_tde_ddl_command_end_capture | event_trigger | | func
|
||||
public | pg_tde_ddl_command_start_capture | event_trigger | | func
|
||||
public | pg_tde_delete_global_key_provider | void | provider_name character varying | func
|
||||
public | pg_tde_delete_key_provider | void | provider_name character varying | func
|
||||
public | pg_tde_extension_initialize | void | | func
|
||||
public | pg_tde_global_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | | func
|
||||
public | pg_tde_grant_global_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_grant_management_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_key_viewer_to_role | void | target_role text | func
|
||||
public | pg_tde_grant_local_key_management_to_role | void | target_role text | func
|
||||
public | pg_tde_internal_has_key | boolean | oid oid | func
|
||||
public | pg_tde_is_encrypted | boolean | table_name character varying | func
|
||||
public | pg_tde_list_all_global_key_providers | SETOF record | OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_list_all_key_providers | SETOF record | OUT id integer, OUT provider_name character varying, OUT provider_type character varying, OUT options json | func
|
||||
public | pg_tde_principal_key_info | TABLE(principal_key_name text, key_provider_name text, key_provider_id integer, key_createion_time timestamp with time zone) | | func
|
||||
public | pg_tde_revoke_global_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_grant_management_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_key_viewer_from_role | void | target_role text | func
|
||||
public | pg_tde_revoke_local_key_management_from_role | void | target_role text | func
|
||||
public | pg_tde_set_default_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_global_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_set_server_principal_key | boolean | principal_key_name character varying, provider_name character varying DEFAULT NULL::character varying, ensure_new_key boolean DEFAULT false | func
|
||||
public | pg_tde_verify_global_principal_key | void | | func
|
||||
public | pg_tde_verify_principal_key | void | | func
|
||||
public | pg_tde_version | text | | func
|
||||
public | pg_tdeam_basic_handler | table_am_handler | internal | func
|
||||
public | pg_tdeam_handler | table_am_handler | internal | func
|
||||
(57 rows)
|
||||
|
||||
\do public.*
|
||||
|
@ -1,20 +1,20 @@
|
||||
CREATE EXTENSION IF NOT EXISTS pg_tde;
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-provider','/tmp/pg_tde_regression_default_principal_key.per');
|
||||
pg_tde_add_key_provider_file
|
||||
------------------------------
|
||||
-4
|
||||
SELECT pg_tde_add_global_key_provider_file('file-provider','/tmp/pg_tde_regression_default_principal_key.per');
|
||||
pg_tde_add_global_key_provider_file
|
||||
-------------------------------------
|
||||
-4
|
||||
(1 row)
|
||||
|
||||
SELECT pg_tde_set_default_principal_key('default-principal-key', 'PG_TDE_GLOBAL', 'file-provider', false);
|
||||
SELECT pg_tde_set_default_principal_key('default-principal-key', 'file-provider', false);
|
||||
pg_tde_set_default_principal_key
|
||||
----------------------------------
|
||||
t
|
||||
(1 row)
|
||||
|
||||
-- fails
|
||||
SELECT pg_tde_delete_key_provider('PG_TDE_GLOBAL', 'file-provider');
|
||||
SELECT pg_tde_delete_global_key_provider('file-provider');
|
||||
ERROR: Can't delete a provider which is currently in use
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers('PG_TDE_GLOBAL');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
id | provider_name
|
||||
----+---------------
|
||||
-2 | file-keyring2
|
||||
@ -67,7 +67,7 @@ SELECT key_provider_id, key_provider_name, principal_key_name
|
||||
(1 row)
|
||||
|
||||
\c regression_pg_tde
|
||||
SELECT pg_tde_set_default_principal_key('new-default-principal-key', 'PG_TDE_GLOBAL', 'file-provider', false);
|
||||
SELECT pg_tde_set_default_principal_key('new-default-principal-key', 'file-provider', false);
|
||||
WARNING: you don't own a lock of type AccessExclusiveLock
|
||||
pg_tde_set_default_principal_key
|
||||
----------------------------------
|
||||
|
@ -80,19 +80,19 @@ SELECT * FROM pg_tde_list_all_key_providers();
|
||||
2 | file-provider2 | file | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring2.per"}
|
||||
(2 rows)
|
||||
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-keyring','/tmp/pg_tde_test_keyring.per');
|
||||
pg_tde_add_key_provider_file
|
||||
------------------------------
|
||||
-1
|
||||
SELECT pg_tde_add_global_key_provider_file('file-keyring','/tmp/pg_tde_test_keyring.per');
|
||||
pg_tde_add_global_key_provider_file
|
||||
-------------------------------------
|
||||
-1
|
||||
(1 row)
|
||||
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-keyring2','/tmp/pg_tde_test_keyring2.per');
|
||||
pg_tde_add_key_provider_file
|
||||
------------------------------
|
||||
-2
|
||||
SELECT pg_tde_add_global_key_provider_file('file-keyring2','/tmp/pg_tde_test_keyring2.per');
|
||||
pg_tde_add_global_key_provider_file
|
||||
-------------------------------------
|
||||
-2
|
||||
(1 row)
|
||||
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers('PG_TDE_GLOBAL');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
id | provider_name
|
||||
----+---------------
|
||||
-1 | file-keyring
|
||||
@ -123,40 +123,40 @@ SELECT id, provider_name FROM pg_tde_list_all_key_providers();
|
||||
1 | file-provider
|
||||
(1 row)
|
||||
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers('PG_TDE_GLOBAL');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
id | provider_name
|
||||
----+---------------
|
||||
-1 | file-keyring
|
||||
-2 | file-keyring2
|
||||
(2 rows)
|
||||
|
||||
SELECT pg_tde_set_principal_key('test-db-principal-key', 'PG_TDE_GLOBAL', 'file-keyring', false);
|
||||
pg_tde_set_principal_key
|
||||
--------------------------
|
||||
SELECT pg_tde_set_global_principal_key('test-db-principal-key', 'file-keyring', false);
|
||||
pg_tde_set_global_principal_key
|
||||
---------------------------------
|
||||
t
|
||||
(1 row)
|
||||
|
||||
-- fails
|
||||
SELECT pg_tde_delete_key_provider('PG_TDE_GLOBAL', 'file-keyring');
|
||||
pg_tde_delete_key_provider
|
||||
----------------------------
|
||||
SELECT pg_tde_delete_global_key_provider('file-keyring');
|
||||
pg_tde_delete_global_key_provider
|
||||
-----------------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers('PG_TDE_GLOBAL');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
id | provider_name
|
||||
----+---------------
|
||||
-2 | file-keyring2
|
||||
(1 row)
|
||||
|
||||
-- works
|
||||
SELECT pg_tde_delete_key_provider('PG_TDE_GLOBAL', 'file-keyring2');
|
||||
pg_tde_delete_key_provider
|
||||
----------------------------
|
||||
SELECT pg_tde_delete_global_key_provider('file-keyring2');
|
||||
pg_tde_delete_global_key_provider
|
||||
-----------------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers('PG_TDE_GLOBAL');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
id | provider_name
|
||||
----+---------------
|
||||
-2 | file-keyring2
|
||||
|
@ -4,20 +4,20 @@
|
||||
CREATE EXTENSION IF NOT EXISTS pg_tde;
|
||||
SELECT pg_tde_create_wal_key();
|
||||
ERROR: failed to retrieve principal key. Create one using pg_tde_set_principal_key before using encrypted tables.
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-keyring','/tmp/pg_tde_test_keyring.per');
|
||||
pg_tde_add_key_provider_file
|
||||
------------------------------
|
||||
-3
|
||||
SELECT pg_tde_add_global_key_provider_file('file-keyring','/tmp/pg_tde_test_keyring.per');
|
||||
pg_tde_add_global_key_provider_file
|
||||
-------------------------------------
|
||||
-3
|
||||
(1 row)
|
||||
|
||||
SELECT pg_tde_create_wal_key();
|
||||
ERROR: failed to retrieve principal key. Create one using pg_tde_set_principal_key before using encrypted tables.
|
||||
-- db local principal key with global provider
|
||||
SELECT pg_tde_set_principal_key('test-db-principal-key', 'PG_TDE_GLOBAL', 'file-keyring', true);
|
||||
SELECT pg_tde_set_global_principal_key('test-db-principal-key', 'file-keyring', true);
|
||||
ERROR: failed to create principal key: already exists
|
||||
SELECT pg_tde_create_wal_key();
|
||||
ERROR: failed to retrieve principal key. Create one using pg_tde_set_principal_key before using encrypted tables.
|
||||
SELECT pg_tde_set_server_principal_key('test-db-principal-key', 'PG_TDE_GLOBAL', 'file-keyring');
|
||||
SELECT pg_tde_set_server_principal_key('test-db-principal-key', 'file-keyring');
|
||||
pg_tde_set_server_principal_key
|
||||
---------------------------------
|
||||
t
|
||||
|
@ -3,8 +3,6 @@
|
||||
-- complain if script is sourced in psql, rather than via CREATE EXTENSION
|
||||
\echo Use "CREATE EXTENSION pg_tde" to load this file. \quit
|
||||
|
||||
CREATE type PG_TDE_GLOBAL AS ENUM('PG_TDE_GLOBAL');
|
||||
|
||||
-- Key Provider Management
|
||||
CREATE FUNCTION pg_tde_add_key_provider(provider_type VARCHAR(10), provider_name VARCHAR(128), options JSON)
|
||||
RETURNS INT
|
||||
@ -103,7 +101,7 @@ BEGIN ATOMIC
|
||||
'certPath' VALUE kmip_cert_path));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_set_default_principal_key(principal_key_name VARCHAR(255), PG_TDE_GLOBAL, provider_name VARCHAR(255) DEFAULT NULL, ensure_new_key BOOLEAN DEFAULT FALSE)
|
||||
CREATE FUNCTION pg_tde_set_default_principal_key(principal_key_name VARCHAR(255), provider_name VARCHAR(255) DEFAULT NULL, ensure_new_key BOOLEAN DEFAULT FALSE)
|
||||
RETURNS boolean
|
||||
AS 'MODULE_PATHNAME'
|
||||
LANGUAGE C;
|
||||
@ -117,8 +115,8 @@ RETURNS SETOF record
|
||||
LANGUAGE C STRICT
|
||||
AS 'MODULE_PATHNAME';
|
||||
|
||||
CREATE FUNCTION pg_tde_list_all_key_providers
|
||||
(PG_TDE_GLOBAL, OUT id INT,
|
||||
CREATE FUNCTION pg_tde_list_all_global_key_providers
|
||||
(OUT id INT,
|
||||
OUT provider_name VARCHAR(128),
|
||||
OUT provider_type VARCHAR(10),
|
||||
OUT options JSON)
|
||||
@ -127,43 +125,42 @@ LANGUAGE C STRICT
|
||||
AS 'MODULE_PATHNAME';
|
||||
|
||||
-- Global Tablespace Key Provider Management
|
||||
CREATE FUNCTION pg_tde_add_key_provider(PG_TDE_GLOBAL, provider_type VARCHAR(10), provider_name VARCHAR(128), options JSON)
|
||||
CREATE FUNCTION pg_tde_add_global_key_provider(provider_type VARCHAR(10), provider_name VARCHAR(128), options JSON)
|
||||
RETURNS INT
|
||||
LANGUAGE C
|
||||
AS 'MODULE_PATHNAME', 'pg_tde_add_key_provider_global';
|
||||
AS 'MODULE_PATHNAME';
|
||||
|
||||
CREATE FUNCTION pg_tde_add_key_provider_file(PG_TDE_GLOBAL, provider_name VARCHAR(128), file_path TEXT)
|
||||
CREATE FUNCTION pg_tde_add_global_key_provider_file(provider_name VARCHAR(128), file_path TEXT)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_file_keyring_provider_options function.
|
||||
SELECT pg_tde_add_key_provider('PG_TDE_GLOBAL', 'file', provider_name,
|
||||
SELECT pg_tde_add_global_key_provider('file', provider_name,
|
||||
json_object('type' VALUE 'file', 'path' VALUE COALESCE(file_path, '')));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_add_key_provider_file(PG_TDE_GLOBAL, provider_name VARCHAR(128), file_path JSON)
|
||||
CREATE FUNCTION pg_tde_add_global_key_provider_file(provider_name VARCHAR(128), file_path JSON)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_file_keyring_provider_options function.
|
||||
SELECT pg_tde_add_key_provider('PG_TDE_GLOBAL', 'file', provider_name,
|
||||
SELECT pg_tde_add_global_key_provider('file', provider_name,
|
||||
json_object('type' VALUE 'file', 'path' VALUE file_path));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_add_key_provider_vault_v2(PG_TDE_GLOBAL,
|
||||
provider_name VARCHAR(128),
|
||||
vault_token TEXT,
|
||||
vault_url TEXT,
|
||||
vault_mount_path TEXT,
|
||||
vault_ca_path TEXT)
|
||||
CREATE FUNCTION pg_tde_add_global_key_provider_vault_v2(provider_name VARCHAR(128),
|
||||
vault_token TEXT,
|
||||
vault_url TEXT,
|
||||
vault_mount_path TEXT,
|
||||
vault_ca_path TEXT)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_vaultV2_keyring_provider_options function.
|
||||
SELECT pg_tde_add_key_provider('PG_TDE_GLOBAL', 'vault-v2', provider_name,
|
||||
SELECT pg_tde_add_global_key_provider('vault-v2', provider_name,
|
||||
json_object('type' VALUE 'vault-v2',
|
||||
'url' VALUE COALESCE(vault_url, ''),
|
||||
'token' VALUE COALESCE(vault_token, ''),
|
||||
@ -171,18 +168,17 @@ BEGIN ATOMIC
|
||||
'caPath' VALUE COALESCE(vault_ca_path, '')));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_add_key_provider_vault_v2(PG_TDE_GLOBAL,
|
||||
provider_name VARCHAR(128),
|
||||
vault_token JSON,
|
||||
vault_url JSON,
|
||||
vault_mount_path JSON,
|
||||
vault_ca_path JSON)
|
||||
CREATE FUNCTION pg_tde_add_global_key_provider_vault_v2(provider_name VARCHAR(128),
|
||||
vault_token JSON,
|
||||
vault_url JSON,
|
||||
vault_mount_path JSON,
|
||||
vault_ca_path JSON)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_vaultV2_keyring_provider_options function.
|
||||
SELECT pg_tde_add_key_provider('PG_TDE_GLOBAL', 'vault-v2', provider_name,
|
||||
SELECT pg_tde_add_global_key_provider('vault-v2', provider_name,
|
||||
json_object('type' VALUE 'vault-v2',
|
||||
'url' VALUE vault_url,
|
||||
'token' VALUE vault_token,
|
||||
@ -190,18 +186,17 @@ BEGIN ATOMIC
|
||||
'caPath' VALUE vault_ca_path));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_add_key_provider_kmip(PG_TDE_GLOBAL,
|
||||
provider_name VARCHAR(128),
|
||||
kmip_host TEXT,
|
||||
kmip_port INT,
|
||||
kmip_ca_path TEXT,
|
||||
kmip_cert_path TEXT)
|
||||
CREATE FUNCTION pg_tde_add_global_key_provider_kmip(provider_name VARCHAR(128),
|
||||
kmip_host TEXT,
|
||||
kmip_port INT,
|
||||
kmip_ca_path TEXT,
|
||||
kmip_cert_path TEXT)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_kmip_keyring_provider_options function.
|
||||
SELECT pg_tde_add_key_provider('PG_TDE_GLOBAL', 'kmip', provider_name,
|
||||
SELECT pg_tde_add_global_key_provider('kmip', provider_name,
|
||||
json_object('type' VALUE 'kmip',
|
||||
'host' VALUE COALESCE(kmip_host, ''),
|
||||
'port' VALUE kmip_port,
|
||||
@ -209,18 +204,17 @@ BEGIN ATOMIC
|
||||
'certPath' VALUE COALESCE(kmip_cert_path, '')));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_add_key_provider_kmip(PG_TDE_GLOBAL,
|
||||
provider_name VARCHAR(128),
|
||||
kmip_host JSON,
|
||||
kmip_port JSON,
|
||||
kmip_ca_path JSON,
|
||||
kmip_cert_path JSON)
|
||||
CREATE FUNCTION pg_tde_add_global_key_provider_kmip(provider_name VARCHAR(128),
|
||||
kmip_host JSON,
|
||||
kmip_port JSON,
|
||||
kmip_ca_path JSON,
|
||||
kmip_cert_path JSON)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_kmip_keyring_provider_options function.
|
||||
SELECT pg_tde_add_key_provider('PG_TDE_GLOBAL', 'vault-v2', provider_name,
|
||||
SELECT pg_tde_add_global_key_provider('vault-v2', provider_name,
|
||||
json_object('type' VALUE 'vault-v2',
|
||||
'host' VALUE kmip_host,
|
||||
'port' VALUE kmip_port,
|
||||
@ -327,43 +321,42 @@ BEGIN ATOMIC
|
||||
END;
|
||||
|
||||
-- Global Tablespace Key Provider Management
|
||||
CREATE FUNCTION pg_tde_change_key_provider(PG_TDE_GLOBAL, provider_type VARCHAR(10), provider_name VARCHAR(128), options JSON)
|
||||
CREATE FUNCTION pg_tde_change_global_key_provider(provider_type VARCHAR(10), provider_name VARCHAR(128), options JSON)
|
||||
RETURNS INT
|
||||
LANGUAGE C
|
||||
AS 'MODULE_PATHNAME', 'pg_tde_change_key_provider_global';
|
||||
AS 'MODULE_PATHNAME';
|
||||
|
||||
CREATE FUNCTION pg_tde_change_key_provider_file(PG_TDE_GLOBAL, provider_name VARCHAR(128), file_path TEXT)
|
||||
CREATE FUNCTION pg_tde_change_global_key_provider_file(provider_name VARCHAR(128), file_path TEXT)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_file_keyring_provider_options function.
|
||||
SELECT pg_tde_change_key_provider('PG_TDE_GLOBAL', 'file', provider_name,
|
||||
SELECT pg_tde_change_global_key_provider('file', provider_name,
|
||||
json_object('type' VALUE 'file', 'path' VALUE COALESCE(file_path, '')));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_change_key_provider_file(PG_TDE_GLOBAL, provider_name VARCHAR(128), file_path JSON)
|
||||
CREATE FUNCTION pg_tde_change_global_key_provider_file(provider_name VARCHAR(128), file_path JSON)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_file_keyring_provider_options function.
|
||||
SELECT pg_tde_change_key_provider('PG_TDE_GLOBAL', 'file', provider_name,
|
||||
SELECT pg_tde_change_global_key_provider('file', provider_name,
|
||||
json_object('type' VALUE 'file', 'path' VALUE file_path));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_change_key_provider_vault_v2(PG_TDE_GLOBAL,
|
||||
provider_name VARCHAR(128),
|
||||
vault_token TEXT,
|
||||
vault_url TEXT,
|
||||
vault_mount_path TEXT,
|
||||
vault_ca_path TEXT)
|
||||
CREATE FUNCTION pg_tde_change_global_key_provider_vault_v2(provider_name VARCHAR(128),
|
||||
vault_token TEXT,
|
||||
vault_url TEXT,
|
||||
vault_mount_path TEXT,
|
||||
vault_ca_path TEXT)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_vaultV2_keyring_provider_options function.
|
||||
SELECT pg_tde_change_key_provider('PG_TDE_GLOBAL', 'vault-v2', provider_name,
|
||||
SELECT pg_tde_change_global_key_provider('vault-v2', provider_name,
|
||||
json_object('type' VALUE 'vault-v2',
|
||||
'url' VALUE COALESCE(vault_url, ''),
|
||||
'token' VALUE COALESCE(vault_token, ''),
|
||||
@ -371,18 +364,17 @@ BEGIN ATOMIC
|
||||
'caPath' VALUE COALESCE(vault_ca_path, '')));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_change_key_provider_vault_v2(PG_TDE_GLOBAL,
|
||||
provider_name VARCHAR(128),
|
||||
vault_token JSON,
|
||||
vault_url JSON,
|
||||
vault_mount_path JSON,
|
||||
vault_ca_path JSON)
|
||||
CREATE FUNCTION pg_tde_change_global_key_provider_vault_v2(provider_name VARCHAR(128),
|
||||
vault_token JSON,
|
||||
vault_url JSON,
|
||||
vault_mount_path JSON,
|
||||
vault_ca_path JSON)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_vaultV2_keyring_provider_options function.
|
||||
SELECT pg_tde_change_key_provider('PG_TDE_GLOBAL', 'vault-v2', provider_name,
|
||||
SELECT pg_tde_change_global_key_provider('vault-v2', provider_name,
|
||||
json_object('type' VALUE 'vault-v2',
|
||||
'url' VALUE vault_url,
|
||||
'token' VALUE vault_token,
|
||||
@ -390,18 +382,17 @@ BEGIN ATOMIC
|
||||
'caPath' VALUE vault_ca_path));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_change_key_provider_kmip(PG_TDE_GLOBAL,
|
||||
provider_name VARCHAR(128),
|
||||
kmip_host TEXT,
|
||||
kmip_port INT,
|
||||
kmip_ca_path TEXT,
|
||||
kmip_cert_path TEXT)
|
||||
CREATE FUNCTION pg_tde_change_global_key_provider_kmip(provider_name VARCHAR(128),
|
||||
kmip_host TEXT,
|
||||
kmip_port INT,
|
||||
kmip_ca_path TEXT,
|
||||
kmip_cert_path TEXT)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_kmip_keyring_provider_options function.
|
||||
SELECT pg_tde_change_key_provider('PG_TDE_GLOBAL', 'kmip', provider_name,
|
||||
SELECT pg_tde_change_global_key_provider('kmip', provider_name,
|
||||
json_object('type' VALUE 'kmip',
|
||||
'host' VALUE COALESCE(kmip_host, ''),
|
||||
'port' VALUE kmip_port,
|
||||
@ -409,18 +400,17 @@ BEGIN ATOMIC
|
||||
'certPath' VALUE COALESCE(kmip_cert_path, '')));
|
||||
END;
|
||||
|
||||
CREATE FUNCTION pg_tde_change_key_provider_kmip(PG_TDE_GLOBAL,
|
||||
provider_name VARCHAR(128),
|
||||
kmip_host JSON,
|
||||
kmip_port JSON,
|
||||
kmip_ca_path JSON,
|
||||
kmip_cert_path JSON)
|
||||
CREATE FUNCTION pg_tde_change_global_key_provider_kmip(provider_name VARCHAR(128),
|
||||
kmip_host JSON,
|
||||
kmip_port JSON,
|
||||
kmip_ca_path JSON,
|
||||
kmip_cert_path JSON)
|
||||
RETURNS INT
|
||||
LANGUAGE SQL
|
||||
BEGIN ATOMIC
|
||||
-- JSON keys in the options must be matched to the keys in
|
||||
-- load_kmip_keyring_provider_options function.
|
||||
SELECT pg_tde_change_key_provider('PG_TDE_GLOBAL', 'vault-v2', provider_name,
|
||||
SELECT pg_tde_change_global_key_provider('vault-v2', provider_name,
|
||||
json_object('type' VALUE 'vault-v2',
|
||||
'host' VALUE kmip_host,
|
||||
'port' VALUE kmip_port,
|
||||
@ -458,15 +448,15 @@ RETURNS boolean
|
||||
LANGUAGE C
|
||||
AS 'MODULE_PATHNAME';
|
||||
|
||||
CREATE FUNCTION pg_tde_set_principal_key(principal_key_name VARCHAR(255), PG_TDE_GLOBAL, provider_name VARCHAR(255) DEFAULT NULL, ensure_new_key BOOLEAN DEFAULT FALSE)
|
||||
CREATE FUNCTION pg_tde_set_global_principal_key(principal_key_name VARCHAR(255), provider_name VARCHAR(255) DEFAULT NULL, ensure_new_key BOOLEAN DEFAULT FALSE)
|
||||
RETURNS boolean
|
||||
LANGUAGE C
|
||||
AS 'MODULE_PATHNAME', 'pg_tde_set_principal_key_global';
|
||||
AS 'MODULE_PATHNAME';
|
||||
|
||||
CREATE FUNCTION pg_tde_set_server_principal_key(principal_key_name VARCHAR(255), PG_TDE_GLOBAL, provider_name VARCHAR(255) DEFAULT NULL, ensure_new_key BOOLEAN DEFAULT FALSE)
|
||||
CREATE FUNCTION pg_tde_set_server_principal_key(principal_key_name VARCHAR(255), provider_name VARCHAR(255) DEFAULT NULL, ensure_new_key BOOLEAN DEFAULT FALSE)
|
||||
RETURNS boolean
|
||||
LANGUAGE C
|
||||
AS 'MODULE_PATHNAME', 'pg_tde_set_principal_key_server';
|
||||
AS 'MODULE_PATHNAME';
|
||||
|
||||
CREATE FUNCTION pg_tde_create_wal_key()
|
||||
RETURNS boolean
|
||||
@ -496,18 +486,18 @@ RETURNS TABLE ( principal_key_name text,
|
||||
LANGUAGE C
|
||||
AS 'MODULE_PATHNAME';
|
||||
|
||||
CREATE FUNCTION pg_tde_principal_key_info(PG_TDE_GLOBAL)
|
||||
CREATE FUNCTION pg_tde_global_principal_key_info()
|
||||
RETURNS TABLE ( principal_key_name text,
|
||||
key_provider_name text,
|
||||
key_provider_name text,
|
||||
key_provider_id integer,
|
||||
key_createion_time timestamp with time zone)
|
||||
LANGUAGE C
|
||||
AS 'MODULE_PATHNAME', 'pg_tde_principal_key_info_global';
|
||||
AS 'MODULE_PATHNAME';
|
||||
|
||||
CREATE FUNCTION pg_tde_delete_key_provider(PG_TDE_GLOBAL, provider_name VARCHAR)
|
||||
CREATE FUNCTION pg_tde_delete_global_key_provider(provider_name VARCHAR)
|
||||
RETURNS VOID
|
||||
LANGUAGE C
|
||||
AS 'MODULE_PATHNAME', 'pg_tde_delete_key_provider_global';
|
||||
AS 'MODULE_PATHNAME';
|
||||
|
||||
CREATE FUNCTION pg_tde_delete_key_provider(provider_name VARCHAR)
|
||||
RETURNS VOID
|
||||
@ -564,30 +554,30 @@ LANGUAGE plpgsql
|
||||
SET search_path = @extschema@
|
||||
AS $$
|
||||
BEGIN
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_key_provider(pg_tde_global, varchar, varchar, JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_global_key_provider(varchar, varchar, JSON) TO %I', target_role);
|
||||
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_key_provider_file(pg_tde_global, varchar, json) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_key_provider_file(pg_tde_global, varchar, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_key_provider_vault_v2(pg_tde_global, varchar, text, text, text, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_key_provider_vault_v2(pg_tde_global, varchar, JSON, JSON, JSON, JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_key_provider_kmip(pg_tde_global, varchar, text, int, text, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_key_provider_kmip(pg_tde_global, varchar, JSON, JSON, JSON, JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_global_key_provider_file(varchar, json) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_global_key_provider_file(varchar, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_global_key_provider_vault_v2(varchar, text, text, text, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_global_key_provider_vault_v2(varchar, JSON, JSON, JSON, JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_global_key_provider_kmip(varchar, text, int, text, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_add_global_key_provider_kmip(varchar, JSON, JSON, JSON, JSON) TO %I', target_role);
|
||||
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_key_provider(pg_tde_global, varchar, varchar, JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_global_key_provider(varchar, varchar, JSON) TO %I', target_role);
|
||||
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_key_provider_file(pg_tde_global, varchar, json) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_key_provider_file(pg_tde_global, varchar, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_key_provider_vault_v2(pg_tde_global, varchar, text, text, text, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_key_provider_vault_v2(pg_tde_global, varchar, JSON, JSON, JSON, JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_key_provider_kmip(pg_tde_global, varchar, text, int, text, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_key_provider_kmip(pg_tde_global, varchar, JSON, JSON, JSON, JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_global_key_provider_file(varchar, json) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_global_key_provider_file(varchar, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_global_key_provider_vault_v2(varchar, text, text, text, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_global_key_provider_vault_v2(varchar, JSON, JSON, JSON, JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_global_key_provider_kmip(varchar, text, int, text, text) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_change_global_key_provider_kmip(varchar, JSON, JSON, JSON, JSON) TO %I', target_role);
|
||||
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_delete_key_provider(pg_tde_global, varchar) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_delete_global_key_provider(varchar) TO %I', target_role);
|
||||
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_set_principal_key(varchar, pg_tde_global, varchar, BOOLEAN) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_set_server_principal_key(varchar, pg_tde_global, varchar, BOOLEAN) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_set_global_principal_key(varchar, varchar, BOOLEAN) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_set_server_principal_key(varchar, varchar, BOOLEAN) TO %I', target_role);
|
||||
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_set_default_principal_key(varchar, pg_tde_global, varchar, BOOLEAN) FROM %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_set_default_principal_key(varchar, varchar, BOOLEAN) FROM %I', target_role);
|
||||
END;
|
||||
$$;
|
||||
|
||||
@ -630,11 +620,11 @@ SET search_path = @extschema@
|
||||
AS $$
|
||||
BEGIN
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_list_all_key_providers(OUT INT, OUT varchar, OUT varchar, OUT JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_list_all_key_providers(pg_tde_global, OUT INT, OUT varchar, OUT varchar, OUT JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_list_all_global_key_providers(OUT INT, OUT varchar, OUT varchar, OUT JSON) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_is_encrypted(VARCHAR) TO %I', target_role);
|
||||
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_principal_key_info() TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_principal_key_info(pg_tde_global) TO %I', target_role);
|
||||
EXECUTE format('GRANT EXECUTE ON FUNCTION pg_tde_global_principal_key_info() TO %I', target_role);
|
||||
END;
|
||||
$$;
|
||||
|
||||
@ -645,30 +635,30 @@ LANGUAGE plpgsql
|
||||
SET search_path = @extschema@
|
||||
AS $$
|
||||
BEGIN
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_key_provider(pg_tde_global, varchar, varchar, JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_global_key_provider(varchar, varchar, JSON) FROM %I', target_role);
|
||||
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_key_provider_file(pg_tde_global, varchar, json) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_key_provider_file(pg_tde_global, varchar, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_key_provider_vault_v2(pg_tde_global, varchar, text, text, text, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_key_provider_vault_v2(pg_tde_global, varchar, JSON, JSON, JSON, JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_key_provider_kmip(pg_tde_global, varchar, text, int, text, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_key_provider_kmip(pg_tde_global, varchar, JSON, JSON, JSON, JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_global_key_provider_file(varchar, json) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_global_key_provider_file(varchar, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_global_key_provider_vault_v2(varchar, text, text, text, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_global_key_provider_vault_v2(varchar, JSON, JSON, JSON, JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_global_key_provider_kmip(varchar, text, int, text, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_add_global_key_provider_kmip(varchar, JSON, JSON, JSON, JSON) FROM %I', target_role);
|
||||
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_key_provider(pg_tde_global, varchar, varchar, JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_global_key_provider(varchar, varchar, JSON) FROM %I', target_role);
|
||||
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_key_provider_file(pg_tde_global, varchar, json) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_key_provider_file(pg_tde_global, varchar, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_key_provider_vault_v2(pg_tde_global, varchar, text, text, text, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_key_provider_vault_v2(pg_tde_global, varchar, JSON, JSON, JSON, JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_key_provider_kmip(pg_tde_global, varchar, text, int, text, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_key_provider_kmip(pg_tde_global, varchar, JSON, JSON, JSON, JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_global_key_provider_file(varchar, json) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_global_key_provider_file(varchar, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_global_key_provider_vault_v2(varchar, text, text, text, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_global_key_provider_vault_v2(varchar, JSON, JSON, JSON, JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_global_key_provider_kmip(varchar, text, int, text, text) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_change_global_key_provider_kmip(varchar, JSON, JSON, JSON, JSON) FROM %I', target_role);
|
||||
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_delete_key_provider(pg_tde_global, varchar) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_delete_global_key_provider(varchar) FROM %I', target_role);
|
||||
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_set_principal_key(varchar, pg_tde_global, varchar, BOOLEAN) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_set_server_principal_key(varchar, pg_tde_global, varchar, BOOLEAN) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_set_global_principal_key(varchar, varchar, BOOLEAN) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_set_server_principal_key(varchar, varchar, BOOLEAN) FROM %I', target_role);
|
||||
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_set_default_principal_key(varchar, pg_tde_global, varchar, BOOLEAN) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_set_default_principal_key(varchar, varchar, BOOLEAN) FROM %I', target_role);
|
||||
END;
|
||||
$$;
|
||||
|
||||
@ -711,11 +701,11 @@ SET search_path = @extschema@
|
||||
AS $$
|
||||
BEGIN
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_list_all_key_providers(OUT INT, OUT varchar, OUT varchar, OUT JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_list_all_key_providers(pg_tde_global, OUT INT, OUT varchar, OUT varchar, OUT JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_list_all_global_key_providers(OUT INT, OUT varchar, OUT varchar, OUT JSON) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_is_encrypted(VARCHAR) FROM %I', target_role);
|
||||
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_principal_key_info() FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_principal_key_info(pg_tde_global) FROM %I', target_role);
|
||||
EXECUTE format('REVOKE EXECUTE ON FUNCTION pg_tde_global_principal_key_info() FROM %I', target_role);
|
||||
END;
|
||||
$$;
|
||||
|
||||
|
@ -1,12 +1,12 @@
|
||||
CREATE EXTENSION IF NOT EXISTS pg_tde;
|
||||
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-provider','/tmp/pg_tde_regression_default_principal_key.per');
|
||||
SELECT pg_tde_add_global_key_provider_file('file-provider','/tmp/pg_tde_regression_default_principal_key.per');
|
||||
|
||||
SELECT pg_tde_set_default_principal_key('default-principal-key', 'PG_TDE_GLOBAL', 'file-provider', false);
|
||||
SELECT pg_tde_set_default_principal_key('default-principal-key', 'file-provider', false);
|
||||
|
||||
-- fails
|
||||
SELECT pg_tde_delete_key_provider('PG_TDE_GLOBAL', 'file-provider');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers('PG_TDE_GLOBAL');
|
||||
SELECT pg_tde_delete_global_key_provider('file-provider');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
|
||||
-- Should fail: no principal key for the database yet
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name
|
||||
@ -50,7 +50,7 @@ SELECT key_provider_id, key_provider_name, principal_key_name
|
||||
|
||||
\c regression_pg_tde
|
||||
|
||||
SELECT pg_tde_set_default_principal_key('new-default-principal-key', 'PG_TDE_GLOBAL', 'file-provider', false);
|
||||
SELECT pg_tde_set_default_principal_key('new-default-principal-key', 'file-provider', false);
|
||||
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name
|
||||
FROM pg_tde_principal_key_info();
|
||||
|
@ -24,11 +24,11 @@ SELECT pg_tde_verify_principal_key();
|
||||
SELECT pg_tde_change_key_provider_file('file-provider', json_object('foo' VALUE '/tmp/pg_tde_test_keyring.per'));
|
||||
SELECT * FROM pg_tde_list_all_key_providers();
|
||||
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-keyring','/tmp/pg_tde_test_keyring.per');
|
||||
SELECT pg_tde_add_global_key_provider_file('file-keyring','/tmp/pg_tde_test_keyring.per');
|
||||
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-keyring2','/tmp/pg_tde_test_keyring2.per');
|
||||
SELECT pg_tde_add_global_key_provider_file('file-keyring2','/tmp/pg_tde_test_keyring2.per');
|
||||
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers('PG_TDE_GLOBAL');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
|
||||
-- TODO: verify that we can also can change the type of it
|
||||
|
||||
@ -40,16 +40,16 @@ SELECT id, provider_name FROM pg_tde_list_all_key_providers();
|
||||
SELECT pg_tde_delete_key_provider('file-provider2');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers();
|
||||
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers('PG_TDE_GLOBAL');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
|
||||
SELECT pg_tde_set_principal_key('test-db-principal-key', 'PG_TDE_GLOBAL', 'file-keyring', false);
|
||||
SELECT pg_tde_set_global_principal_key('test-db-principal-key', 'file-keyring', false);
|
||||
|
||||
-- fails
|
||||
SELECT pg_tde_delete_key_provider('PG_TDE_GLOBAL', 'file-keyring');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers('PG_TDE_GLOBAL');
|
||||
SELECT pg_tde_delete_global_key_provider('file-keyring');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
|
||||
-- works
|
||||
SELECT pg_tde_delete_key_provider('PG_TDE_GLOBAL', 'file-keyring2');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_key_providers('PG_TDE_GLOBAL');
|
||||
SELECT pg_tde_delete_global_key_provider('file-keyring2');
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
|
||||
DROP EXTENSION pg_tde;
|
@ -5,16 +5,16 @@ CREATE EXTENSION IF NOT EXISTS pg_tde;
|
||||
|
||||
SELECT pg_tde_create_wal_key();
|
||||
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-keyring','/tmp/pg_tde_test_keyring.per');
|
||||
SELECT pg_tde_add_global_key_provider_file('file-keyring','/tmp/pg_tde_test_keyring.per');
|
||||
|
||||
SELECT pg_tde_create_wal_key();
|
||||
|
||||
-- db local principal key with global provider
|
||||
SELECT pg_tde_set_principal_key('test-db-principal-key', 'PG_TDE_GLOBAL', 'file-keyring', true);
|
||||
SELECT pg_tde_set_global_principal_key('test-db-principal-key', 'file-keyring', true);
|
||||
|
||||
SELECT pg_tde_create_wal_key();
|
||||
|
||||
SELECT pg_tde_set_server_principal_key('test-db-principal-key', 'PG_TDE_GLOBAL', 'file-keyring');
|
||||
SELECT pg_tde_set_server_principal_key('test-db-principal-key', 'file-keyring');
|
||||
|
||||
-- and now it should work!
|
||||
SELECT pg_tde_create_wal_key();
|
||||
|
@ -75,21 +75,26 @@ static List *scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oi
|
||||
PG_FUNCTION_INFO_V1(pg_tde_add_key_provider);
|
||||
Datum pg_tde_add_key_provider(PG_FUNCTION_ARGS);
|
||||
|
||||
PG_FUNCTION_INFO_V1(pg_tde_add_key_provider_global);
|
||||
Datum pg_tde_add_key_provider_global(PG_FUNCTION_ARGS);
|
||||
PG_FUNCTION_INFO_V1(pg_tde_add_global_key_provider);
|
||||
Datum pg_tde_add_global_key_provider(PG_FUNCTION_ARGS);
|
||||
|
||||
PG_FUNCTION_INFO_V1(pg_tde_change_key_provider);
|
||||
Datum pg_tde_change_key_provider(PG_FUNCTION_ARGS);
|
||||
|
||||
PG_FUNCTION_INFO_V1(pg_tde_change_key_provider_global);
|
||||
Datum pg_tde_change_key_provider_global(PG_FUNCTION_ARGS);
|
||||
PG_FUNCTION_INFO_V1(pg_tde_change_global_key_provider);
|
||||
Datum pg_tde_change_global_key_provider(PG_FUNCTION_ARGS);
|
||||
|
||||
static Datum pg_tde_list_all_key_providers_internal(const char *fname, bool global, PG_FUNCTION_ARGS);
|
||||
|
||||
PG_FUNCTION_INFO_V1(pg_tde_list_all_key_providers);
|
||||
Datum pg_tde_list_all_key_providers(PG_FUNCTION_ARGS);
|
||||
|
||||
static Datum pg_tde_change_key_provider_internal(PG_FUNCTION_ARGS, Oid dbOid, int shift);
|
||||
PG_FUNCTION_INFO_V1(pg_tde_list_all_global_key_providers);
|
||||
Datum pg_tde_list_all_global_key_providers(PG_FUNCTION_ARGS);
|
||||
|
||||
static Datum pg_tde_add_key_provider_internal(PG_FUNCTION_ARGS, Oid dbOid, int shift);
|
||||
static Datum pg_tde_change_key_provider_internal(PG_FUNCTION_ARGS, Oid dbOid);
|
||||
|
||||
static Datum pg_tde_add_key_provider_internal(PG_FUNCTION_ARGS, Oid dbOid);
|
||||
|
||||
#define PG_TDE_LIST_PROVIDERS_COLS 4
|
||||
|
||||
@ -197,21 +202,21 @@ cleanup_key_provider_info(Oid databaseId)
|
||||
Datum
|
||||
pg_tde_change_key_provider(PG_FUNCTION_ARGS)
|
||||
{
|
||||
return pg_tde_change_key_provider_internal(fcinfo, MyDatabaseId, 0);
|
||||
return pg_tde_change_key_provider_internal(fcinfo, MyDatabaseId);
|
||||
}
|
||||
|
||||
Datum
|
||||
pg_tde_change_key_provider_global(PG_FUNCTION_ARGS)
|
||||
pg_tde_change_global_key_provider(PG_FUNCTION_ARGS)
|
||||
{
|
||||
return pg_tde_change_key_provider_internal(fcinfo, GLOBAL_DATA_TDE_OID, 1);
|
||||
return pg_tde_change_key_provider_internal(fcinfo, GLOBAL_DATA_TDE_OID);
|
||||
}
|
||||
|
||||
static Datum
|
||||
pg_tde_change_key_provider_internal(PG_FUNCTION_ARGS, Oid dbOid, int shift)
|
||||
pg_tde_change_key_provider_internal(PG_FUNCTION_ARGS, Oid dbOid)
|
||||
{
|
||||
char *provider_type = text_to_cstring(PG_GETARG_TEXT_PP(0 + shift));
|
||||
char *provider_name = text_to_cstring(PG_GETARG_TEXT_PP(1 + shift));
|
||||
char *options = text_to_cstring(PG_GETARG_TEXT_PP(2 + shift));
|
||||
char *provider_type = text_to_cstring(PG_GETARG_TEXT_PP(0));
|
||||
char *provider_name = text_to_cstring(PG_GETARG_TEXT_PP(1));
|
||||
char *options = text_to_cstring(PG_GETARG_TEXT_PP(2));
|
||||
KeyringProvideRecord provider;
|
||||
|
||||
/* reports error if not found */
|
||||
@ -231,21 +236,21 @@ pg_tde_change_key_provider_internal(PG_FUNCTION_ARGS, Oid dbOid, int shift)
|
||||
Datum
|
||||
pg_tde_add_key_provider(PG_FUNCTION_ARGS)
|
||||
{
|
||||
return pg_tde_add_key_provider_internal(fcinfo, MyDatabaseId, 0);
|
||||
return pg_tde_add_key_provider_internal(fcinfo, MyDatabaseId);
|
||||
}
|
||||
|
||||
Datum
|
||||
pg_tde_add_key_provider_global(PG_FUNCTION_ARGS)
|
||||
pg_tde_add_global_key_provider(PG_FUNCTION_ARGS)
|
||||
{
|
||||
return pg_tde_add_key_provider_internal(fcinfo, GLOBAL_DATA_TDE_OID, 1);
|
||||
return pg_tde_add_key_provider_internal(fcinfo, GLOBAL_DATA_TDE_OID);
|
||||
}
|
||||
|
||||
Datum
|
||||
pg_tde_add_key_provider_internal(PG_FUNCTION_ARGS, Oid dbOid, int shift)
|
||||
pg_tde_add_key_provider_internal(PG_FUNCTION_ARGS, Oid dbOid)
|
||||
{
|
||||
char *provider_type = text_to_cstring(PG_GETARG_TEXT_PP(0 + shift));
|
||||
char *provider_name = text_to_cstring(PG_GETARG_TEXT_PP(1 + shift));
|
||||
char *options = text_to_cstring(PG_GETARG_TEXT_PP(2 + shift));
|
||||
char *provider_type = text_to_cstring(PG_GETARG_TEXT_PP(0));
|
||||
char *provider_name = text_to_cstring(PG_GETARG_TEXT_PP(1));
|
||||
char *options = text_to_cstring(PG_GETARG_TEXT_PP(2));
|
||||
KeyringProvideRecord provider;
|
||||
|
||||
provider.provider_id = 0;
|
||||
@ -260,7 +265,20 @@ pg_tde_add_key_provider_internal(PG_FUNCTION_ARGS, Oid dbOid, int shift)
|
||||
Datum
|
||||
pg_tde_list_all_key_providers(PG_FUNCTION_ARGS)
|
||||
{
|
||||
List *all_providers = GetAllKeyringProviders(PG_NARGS() == 1 ? GLOBAL_DATA_TDE_OID : MyDatabaseId);
|
||||
return pg_tde_list_all_key_providers_internal("pg_tde_list_all_key_providers", false, fcinfo);
|
||||
}
|
||||
|
||||
Datum
|
||||
pg_tde_list_all_global_key_providers(PG_FUNCTION_ARGS)
|
||||
{
|
||||
return pg_tde_list_all_key_providers_internal("pg_tde_list_all_key_providers_global", true, fcinfo);
|
||||
}
|
||||
|
||||
static Datum
|
||||
pg_tde_list_all_key_providers_internal(const char *fname, bool global, PG_FUNCTION_ARGS)
|
||||
{
|
||||
Oid database = (global ? GLOBAL_DATA_TDE_OID : MyDatabaseId);
|
||||
List *all_providers = GetAllKeyringProviders(database);
|
||||
ListCell *lc;
|
||||
Tuplestorestate *tupstore;
|
||||
TupleDesc tupdesc;
|
||||
@ -272,11 +290,11 @@ pg_tde_list_all_key_providers(PG_FUNCTION_ARGS)
|
||||
if (rsinfo == NULL || !IsA(rsinfo, ReturnSetInfo))
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
|
||||
errmsg("pg_tde_list_all_key_providers: set-valued function called in context that cannot accept a set")));
|
||||
errmsg("%s: set-valued function called in context that cannot accept a set", fname)));
|
||||
if (!(rsinfo->allowedModes & SFRM_Materialize))
|
||||
ereport(ERROR,
|
||||
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
|
||||
errmsg("pg_tde_list_all_key_providers: materialize mode required, but it is not allowed in this context")));
|
||||
errmsg("%s: materialize mode required, but it is not allowed in this context", fname)));
|
||||
|
||||
/* Switch into long-lived context to construct returned data structures */
|
||||
per_query_ctx = rsinfo->econtext->ecxt_per_query_memory;
|
||||
@ -284,7 +302,7 @@ pg_tde_list_all_key_providers(PG_FUNCTION_ARGS)
|
||||
|
||||
/* Build a tuple descriptor for our result type */
|
||||
if (get_call_result_type(fcinfo, NULL, &tupdesc) != TYPEFUNC_COMPOSITE)
|
||||
elog(ERROR, "pg_tde_list_all_key_providers: return type must be a row type");
|
||||
elog(ERROR, "%s: return type must be a row type", fname);
|
||||
|
||||
tupstore = tuplestore_begin_heap(true, false, work_mem);
|
||||
rsinfo->returnMode = SFRM_Materialize;
|
||||
|
@ -47,7 +47,7 @@
|
||||
#ifndef FRONTEND
|
||||
|
||||
PG_FUNCTION_INFO_V1(pg_tde_delete_key_provider);
|
||||
PG_FUNCTION_INFO_V1(pg_tde_delete_key_provider_global);
|
||||
PG_FUNCTION_INFO_V1(pg_tde_delete_global_key_provider);
|
||||
|
||||
PG_FUNCTION_INFO_V1(pg_tde_verify_principal_key);
|
||||
PG_FUNCTION_INFO_V1(pg_tde_verify_global_principal_key);
|
||||
@ -109,10 +109,10 @@ Datum pg_tde_set_default_principal_key(PG_FUNCTION_ARGS);
|
||||
PG_FUNCTION_INFO_V1(pg_tde_set_principal_key);
|
||||
Datum pg_tde_set_principal_key(PG_FUNCTION_ARGS);
|
||||
|
||||
PG_FUNCTION_INFO_V1(pg_tde_set_principal_key_global);
|
||||
PG_FUNCTION_INFO_V1(pg_tde_set_global_principal_key);
|
||||
Datum pg_tde_set_principal_key(PG_FUNCTION_ARGS);
|
||||
|
||||
PG_FUNCTION_INFO_V1(pg_tde_set_principal_key_server);
|
||||
PG_FUNCTION_INFO_V1(pg_tde_set_server_principal_key);
|
||||
Datum pg_tde_set_principal_key(PG_FUNCTION_ARGS);
|
||||
|
||||
enum global_status
|
||||
@ -565,8 +565,8 @@ Datum
|
||||
pg_tde_set_default_principal_key(PG_FUNCTION_ARGS)
|
||||
{
|
||||
char *principal_key_name = text_to_cstring(PG_GETARG_TEXT_PP(0));
|
||||
char *provider_name = PG_ARGISNULL(2) ? NULL : text_to_cstring(PG_GETARG_TEXT_PP(2));
|
||||
bool ensure_new_key = PG_GETARG_BOOL(3);
|
||||
char *provider_name = PG_ARGISNULL(1) ? NULL : text_to_cstring(PG_GETARG_TEXT_PP(1));
|
||||
bool ensure_new_key = PG_GETARG_BOOL(2);
|
||||
|
||||
return pg_tde_set_principal_key_internal(principal_key_name, GS_DEFAULT, provider_name, ensure_new_key);
|
||||
}
|
||||
@ -582,21 +582,21 @@ pg_tde_set_principal_key(PG_FUNCTION_ARGS)
|
||||
}
|
||||
|
||||
Datum
|
||||
pg_tde_set_principal_key_global(PG_FUNCTION_ARGS)
|
||||
pg_tde_set_global_principal_key(PG_FUNCTION_ARGS)
|
||||
{
|
||||
char *principal_key_name = text_to_cstring(PG_GETARG_TEXT_PP(0));
|
||||
char *provider_name = PG_ARGISNULL(2) ? NULL : text_to_cstring(PG_GETARG_TEXT_PP(2));
|
||||
bool ensure_new_key = PG_GETARG_BOOL(3);
|
||||
char *provider_name = PG_ARGISNULL(1) ? NULL : text_to_cstring(PG_GETARG_TEXT_PP(1));
|
||||
bool ensure_new_key = PG_GETARG_BOOL(2);
|
||||
|
||||
return pg_tde_set_principal_key_internal(principal_key_name, GS_GLOBAL, provider_name, ensure_new_key);
|
||||
}
|
||||
|
||||
Datum
|
||||
pg_tde_set_principal_key_server(PG_FUNCTION_ARGS)
|
||||
pg_tde_set_server_principal_key(PG_FUNCTION_ARGS)
|
||||
{
|
||||
char *principal_key_name = text_to_cstring(PG_GETARG_TEXT_PP(0));
|
||||
char *provider_name = PG_ARGISNULL(2) ? NULL : text_to_cstring(PG_GETARG_TEXT_PP(2));
|
||||
bool ensure_new_key = PG_GETARG_BOOL(3);
|
||||
char *provider_name = PG_ARGISNULL(1) ? NULL : text_to_cstring(PG_GETARG_TEXT_PP(1));
|
||||
bool ensure_new_key = PG_GETARG_BOOL(2);
|
||||
|
||||
return pg_tde_set_principal_key_internal(principal_key_name, GS_SERVER, provider_name, ensure_new_key);
|
||||
}
|
||||
@ -679,9 +679,9 @@ pg_tde_principal_key_info(PG_FUNCTION_ARGS)
|
||||
return pg_tde_get_key_info(fcinfo, MyDatabaseId);
|
||||
}
|
||||
|
||||
PG_FUNCTION_INFO_V1(pg_tde_principal_key_info_global);
|
||||
PG_FUNCTION_INFO_V1(pg_tde_global_principal_key_info);
|
||||
Datum
|
||||
pg_tde_principal_key_info_global(PG_FUNCTION_ARGS)
|
||||
pg_tde_global_principal_key_info(PG_FUNCTION_ARGS)
|
||||
{
|
||||
return pg_tde_get_key_info(fcinfo, GLOBAL_DATA_TDE_OID);
|
||||
}
|
||||
@ -1090,7 +1090,7 @@ pg_tde_delete_key_provider(PG_FUNCTION_ARGS)
|
||||
}
|
||||
|
||||
Datum
|
||||
pg_tde_delete_key_provider_global(PG_FUNCTION_ARGS)
|
||||
pg_tde_delete_global_key_provider(PG_FUNCTION_ARGS)
|
||||
{
|
||||
return pg_tde_delete_key_provider_internal(fcinfo, 1);
|
||||
}
|
||||
@ -1098,7 +1098,7 @@ pg_tde_delete_key_provider_global(PG_FUNCTION_ARGS)
|
||||
Datum
|
||||
pg_tde_delete_key_provider_internal(PG_FUNCTION_ARGS, int is_global)
|
||||
{
|
||||
char *provider_name = text_to_cstring(PG_GETARG_TEXT_PP(0 + is_global));
|
||||
char *provider_name = text_to_cstring(PG_GETARG_TEXT_PP(0));
|
||||
Oid db_oid = (is_global == 1) ? GLOBAL_DATA_TDE_OID : MyDatabaseId;
|
||||
GenericKeyring *provider = GetKeyProviderByName(provider_name, db_oid);
|
||||
int provider_id;
|
||||
|
@ -46,9 +46,9 @@ $stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_key_provider_file('fil
|
||||
PGTDE::append_to_file($stdout);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2.per');", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-2','/tmp/pg_tde_test_keyring_2g.per');", extra_params => ['-a']);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_global_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2g.per');", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-3','/tmp/pg_tde_test_keyring_3.per');", extra_params => ['-a']);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_global_key_provider_file('file-3','/tmp/pg_tde_test_keyring_3.per');", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_list_all_key_providers();", extra_params => ['-a']);
|
||||
@ -79,7 +79,7 @@ $rt_value = $node->start();
|
||||
|
||||
$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');", extra_params => ['-a']);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
PGTDE::append_to_file($stderr);
|
||||
$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']);
|
||||
@ -99,14 +99,14 @@ $rt_value = $node->start();
|
||||
|
||||
$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');", extra_params => ['-a']);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
PGTDE::append_to_file($stderr);
|
||||
$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
|
||||
#Again rotate key
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_principal_key('rotated-principal-key', 'PG_TDE_GLOBAL', 'file-3', false);", extra_params => ['-a']);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_global_principal_key('rotated-principal-key', 'file-3', false);", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
@ -118,7 +118,7 @@ $rt_value = $node->start();
|
||||
|
||||
$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');", extra_params => ['-a']);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
PGTDE::append_to_file($stderr);
|
||||
$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']);
|
||||
@ -128,7 +128,7 @@ PGTDE::append_to_file($stdout);
|
||||
# And maybe debug tools to show what's in a file keyring?
|
||||
|
||||
#Again rotate key
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_principal_key('rotated-principal-keyX', 'PG_TDE_GLOBAL', 'file-2', false);", extra_params => ['-a']);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_global_principal_key('rotated-principal-keyX', 'file-2', false);", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
@ -140,7 +140,7 @@ $rt_value = $node->start();
|
||||
|
||||
$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');", extra_params => ['-a']);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
PGTDE::append_to_file($stderr);
|
||||
$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']);
|
||||
@ -156,11 +156,11 @@ $rt_value = $node->stop();
|
||||
$rt_value = $node->start();
|
||||
|
||||
# But now can't be changed to another global provider
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT pg_tde_set_principal_key('rotated-principal-keyX2', 'PG_TDE_GLOBAL', 'file-2', false);", extra_params => ['-a']);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT pg_tde_set_global_principal_key('rotated-principal-keyX2', 'file-2', false);", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stderr);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');", extra_params => ['-a']);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
PGTDE::append_to_file($stderr);
|
||||
|
||||
@ -168,7 +168,7 @@ $stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_principal_key('rotated
|
||||
PGTDE::append_to_file($stdout);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');", extra_params => ['-a']);
|
||||
($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
PGTDE::append_to_file($stderr);
|
||||
|
||||
|
@ -29,10 +29,10 @@ ok($rt_value == 1, "Start Server");
|
||||
my $stdout = $node->safe_psql('postgres', "CREATE EXTENSION IF NOT EXISTS pg_tde;", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-keyring-010','/tmp/pg_tde_test_keyring010.per');", extra_params => ['-a']);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_global_key_provider_file('file-keyring-010','/tmp/pg_tde_test_keyring010.per');", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_server_principal_key('global-db-principal-key', 'PG_TDE_GLOBAL', 'file-keyring-010');", extra_params => ['-a']);
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_server_principal_key('global-db-principal-key', 'file-keyring-010');", extra_params => ['-a']);
|
||||
PGTDE::append_to_file($stdout);
|
||||
|
||||
$stdout = $node->safe_psql('postgres', "SELECT pg_tde_create_wal_key();", extra_params => ['-a']);
|
||||
|
@ -4,9 +4,9 @@ SELECT pg_tde_add_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per')
|
||||
1
|
||||
SELECT pg_tde_add_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2.per');
|
||||
2
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-2','/tmp/pg_tde_test_keyring_2g.per');
|
||||
SELECT pg_tde_add_global_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2g.per');
|
||||
-1
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-3','/tmp/pg_tde_test_keyring_3.per');
|
||||
SELECT pg_tde_add_global_key_provider_file('file-3','/tmp/pg_tde_test_keyring_3.per');
|
||||
-2
|
||||
SELECT pg_tde_list_all_key_providers();
|
||||
(1,file-vault,file,"{""type"" : ""file"", ""path"" : ""/tmp/pg_tde_test_keyring.per""}")
|
||||
@ -25,7 +25,7 @@ SELECT * FROM test_enc ORDER BY id ASC;
|
||||
-- server restart
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();
|
||||
1|file-vault|rotated-principal-key1
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();
|
||||
psql:<stdin>:1: ERROR: Principal key does not exists for the database
|
||||
HINT: Use set_principal_key interface to set the principal key
|
||||
SELECT * FROM test_enc ORDER BY id ASC;
|
||||
@ -39,13 +39,13 @@ SELECT * FROM test_enc ORDER BY id ASC;
|
||||
-- server restart
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();
|
||||
2|file-2|rotated-principal-key2
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();
|
||||
psql:<stdin>:1: ERROR: Principal key does not exists for the database
|
||||
HINT: Use set_principal_key interface to set the principal key
|
||||
SELECT * FROM test_enc ORDER BY id ASC;
|
||||
1|5
|
||||
2|6
|
||||
SELECT pg_tde_set_principal_key('rotated-principal-key', 'PG_TDE_GLOBAL', 'file-3', false);
|
||||
SELECT pg_tde_set_global_principal_key('rotated-principal-key', 'file-3', false);
|
||||
t
|
||||
SELECT * FROM test_enc ORDER BY id ASC;
|
||||
1|5
|
||||
@ -53,13 +53,13 @@ SELECT * FROM test_enc ORDER BY id ASC;
|
||||
-- server restart
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();
|
||||
-2|file-3|rotated-principal-key
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();
|
||||
psql:<stdin>:1: ERROR: Principal key does not exists for the database
|
||||
HINT: Use set_principal_key interface to set the principal key
|
||||
SELECT * FROM test_enc ORDER BY id ASC;
|
||||
1|5
|
||||
2|6
|
||||
SELECT pg_tde_set_principal_key('rotated-principal-keyX', 'PG_TDE_GLOBAL', 'file-2', false);
|
||||
SELECT pg_tde_set_global_principal_key('rotated-principal-keyX', 'file-2', false);
|
||||
t
|
||||
SELECT * FROM test_enc ORDER BY id ASC;
|
||||
1|5
|
||||
@ -67,7 +67,7 @@ SELECT * FROM test_enc ORDER BY id ASC;
|
||||
-- server restart
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();
|
||||
-1|file-2|rotated-principal-keyX
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();
|
||||
psql:<stdin>:1: ERROR: Principal key does not exists for the database
|
||||
HINT: Use set_principal_key interface to set the principal key
|
||||
SELECT * FROM test_enc ORDER BY id ASC;
|
||||
@ -78,14 +78,14 @@ ALTER SYSTEM SET pg_tde.inherit_global_providers = OFF;
|
||||
psql:<stdin>:1: ERROR: Usage of global key providers is disabled. Enable it with pg_tde.inherit_global_providers = ON
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();
|
||||
-1|file-2|rotated-principal-keyX
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();
|
||||
psql:<stdin>:1: ERROR: Principal key does not exists for the database
|
||||
HINT: Use set_principal_key interface to set the principal key
|
||||
SELECT pg_tde_set_principal_key('rotated-principal-key2','file-2');
|
||||
t
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info();
|
||||
2|file-2|rotated-principal-key2
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_principal_key_info('PG_TDE_GLOBAL');
|
||||
SELECT key_provider_id, key_provider_name, principal_key_name FROM pg_tde_global_principal_key_info();
|
||||
psql:<stdin>:1: ERROR: Principal key does not exists for the database
|
||||
HINT: Use set_principal_key interface to set the principal key
|
||||
DROP TABLE test_enc;
|
||||
|
@ -1,7 +1,7 @@
|
||||
CREATE EXTENSION IF NOT EXISTS pg_tde;
|
||||
SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-keyring-010','/tmp/pg_tde_test_keyring010.per');
|
||||
SELECT pg_tde_add_global_key_provider_file('file-keyring-010','/tmp/pg_tde_test_keyring010.per');
|
||||
-1
|
||||
SELECT pg_tde_set_server_principal_key('global-db-principal-key', 'PG_TDE_GLOBAL', 'file-keyring-010');
|
||||
SELECT pg_tde_set_server_principal_key('global-db-principal-key', 'file-keyring-010');
|
||||
t
|
||||
SELECT pg_tde_create_wal_key();
|
||||
t
|
||||
|
@ -27,8 +27,8 @@ shared_preload_libraries = 'pg_tde'
|
||||
$node->start;
|
||||
|
||||
$node->safe_psql('postgres', "CREATE EXTENSION IF NOT EXISTS pg_tde;");
|
||||
$node->safe_psql('postgres', "SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-keyring-wal','/tmp/pg_tde_test_keyring-wal.per');");;
|
||||
$node->safe_psql('postgres', "SELECT pg_tde_set_server_principal_key('global-db-principal-key', 'PG_TDE_GLOBAL', 'file-keyring-wal');");
|
||||
$node->safe_psql('postgres', "SELECT pg_tde_add_global_key_provider_file('file-keyring-wal','/tmp/pg_tde_test_keyring-wal.per');");;
|
||||
$node->safe_psql('postgres', "SELECT pg_tde_set_server_principal_key('global-db-principal-key', 'file-keyring-wal');");
|
||||
$node->safe_psql('postgres', "SELECT pg_tde_create_wal_key();");
|
||||
|
||||
$node->append_conf(
|
||||
|
@ -41,8 +41,8 @@ shared_preload_libraries = 'pg_tde'
|
||||
$node->start;
|
||||
|
||||
$node->safe_psql('postgres', "CREATE EXTENSION IF NOT EXISTS pg_tde;");
|
||||
$node->safe_psql('postgres', "SELECT pg_tde_add_key_provider_file('PG_TDE_GLOBAL', 'file-keyring-wal','/tmp/pg_tde_test_keyring-wal.per');");;
|
||||
$node->safe_psql('postgres', "SELECT pg_tde_set_server_principal_key('global-db-principal-key', 'PG_TDE_GLOBAL', 'file-keyring-wal');");
|
||||
$node->safe_psql('postgres', "SELECT pg_tde_add_global_key_provider_file('file-keyring-wal','/tmp/pg_tde_test_keyring-wal.per');");;
|
||||
$node->safe_psql('postgres', "SELECT pg_tde_set_server_principal_key('global-db-principal-key', 'file-keyring-wal');");
|
||||
$node->safe_psql('postgres', "SELECT pg_tde_create_wal_key();");
|
||||
|
||||
$node->append_conf(
|
||||
|
Loading…
x
Reference in New Issue
Block a user