mirror of
https://github.com/postgres/postgres.git
synced 2025-05-30 00:02:11 -04:00
Remove support for running pg_tde tests in global TDE mode
Now that we no longer run the pg_tde suite in the global TDE mode we can remove all the code which was there to support it.
This commit is contained in:
Andreas Karlsson
Andreas Karlsson
parent
e4c1cc012b
commit
6a1e1b6495
@ -8,10 +8,8 @@ DATA = pg_tde--1.0-rc.sql
|
||||
# Since meson supports skipping test suites this is a make only feature
|
||||
ifndef TDE_MODE
|
||||
REGRESS_OPTS = --temp-config $(top_srcdir)/contrib/pg_tde/pg_tde.conf
|
||||
# toast_decrypt needs to be the first test when running with pg_tde
|
||||
# preinstalled and default_principal_key needs to run after key_provider.
|
||||
REGRESS = toast_decrypt \
|
||||
access_control \
|
||||
# default_principal_key needs to run after key_provider.
|
||||
REGRESS = access_control \
|
||||
alter_index \
|
||||
cache_alloc \
|
||||
change_access_method \
|
||||
@ -23,6 +21,7 @@ pg_tde_is_encrypted \
|
||||
recreate_storage \
|
||||
relocate \
|
||||
tablespace \
|
||||
toast_decrypt \
|
||||
vault_v2_test \
|
||||
version \
|
||||
default_principal_key
|
||||
@ -56,7 +55,7 @@ src/libkmip/libkmip/src/kmip_memset.o
|
||||
|
||||
SCRIPTS_built = src/pg_tde_change_key_provider
|
||||
|
||||
EXTRA_INSTALL+=contrib/pg_buffercache contrib/test_decoding
|
||||
EXTRA_INSTALL += contrib/pg_buffercache contrib/test_decoding
|
||||
EXTRA_CLEAN += src/pg_tde_change_key_provider.o
|
||||
|
||||
ifdef USE_PGXS
|
||||
|
||||
@ -1,151 +0,0 @@
|
||||
CREATE EXTENSION IF NOT EXISTS pg_tde;
|
||||
CREATE EXTENSION IF NOT EXISTS pg_buffercache;
|
||||
SELECT pg_tde_add_global_key_provider_file('file-provider','/tmp/pg_tde_regression_default_key.per');
|
||||
pg_tde_add_global_key_provider_file
|
||||
-------------------------------------
|
||||
-4
|
||||
(1 row)
|
||||
|
||||
-- Should fail: no default principal key for the server yet
|
||||
SELECT pg_tde_verify_default_key();
|
||||
ERROR: principal key not configured for current database
|
||||
-- Should fail: no default principal key for the server yet
|
||||
SELECT key_provider_id, key_provider_name, key_name
|
||||
FROM pg_tde_default_key_info();
|
||||
ERROR: Principal key does not exists for the database
|
||||
HINT: Use set_key interface to set the principal key
|
||||
SELECT pg_tde_set_default_key_using_global_key_provider('default-key', 'file-provider', false);
|
||||
pg_tde_set_default_key_using_global_key_provider
|
||||
--------------------------------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT pg_tde_verify_default_key();
|
||||
pg_tde_verify_default_key
|
||||
---------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT key_provider_id, key_provider_name, key_name
|
||||
FROM pg_tde_default_key_info();
|
||||
key_provider_id | key_provider_name | key_name
|
||||
-----------------+-------------------+-------------
|
||||
-4 | file-provider | default-key
|
||||
(1 row)
|
||||
|
||||
-- fails
|
||||
SELECT pg_tde_delete_global_key_provider('file-provider');
|
||||
ERROR: Can't delete a provider which is currently in use
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
id | provider_name
|
||||
----+-----------------
|
||||
-1 | reg_file-global
|
||||
-2 | file-keyring
|
||||
-4 | file-provider
|
||||
(3 rows)
|
||||
|
||||
-- Should fail: no principal key for the database yet
|
||||
SELECT key_provider_id, key_provider_name, key_name
|
||||
FROM pg_tde_key_info();
|
||||
ERROR: Principal key does not exists for the database
|
||||
HINT: Use set_key interface to set the principal key
|
||||
|
||||
-- Should succeed: "localizes" the default principal key for the database
|
||||
CREATE TABLE test_enc(
|
||||
id SERIAL,
|
||||
k INTEGER DEFAULT '0' NOT NULL,
|
||||
PRIMARY KEY (id)
|
||||
) USING tde_heap;
|
||||
INSERT INTO test_enc (k) VALUES (1), (2), (3);
|
||||
-- Should succeed: create table localized the principal key
|
||||
SELECT key_provider_id, key_provider_name, key_name
|
||||
FROM pg_tde_key_info();
|
||||
key_provider_id | key_provider_name | key_name
|
||||
-----------------+-------------------+-------------
|
||||
-4 | file-provider | default-key
|
||||
(1 row)
|
||||
|
||||
SELECT current_database() AS regress_database
|
||||
\gset
|
||||
CREATE DATABASE regress_pg_tde_other;
|
||||
\c regress_pg_tde_other
|
||||
CREATE EXTENSION pg_tde;
|
||||
CREATE EXTENSION pg_buffercache;
|
||||
-- Should fail: no principal key for the database yet
|
||||
SELECT key_provider_id, key_provider_name, key_name
|
||||
FROM pg_tde_key_info();
|
||||
ERROR: Principal key does not exists for the database
|
||||
HINT: Use set_key interface to set the principal key
|
||||
-- Should succeed: "localizes" the default principal key for the database
|
||||
CREATE TABLE test_enc(
|
||||
id SERIAL,
|
||||
k INTEGER DEFAULT '0' NOT NULL,
|
||||
PRIMARY KEY (id)
|
||||
) USING tde_heap;
|
||||
INSERT INTO test_enc (k) VALUES (1), (2), (3);
|
||||
-- Should succeed: create table localized the principal key
|
||||
SELECT key_provider_id, key_provider_name, key_name
|
||||
FROM pg_tde_key_info();
|
||||
key_provider_id | key_provider_name | key_name
|
||||
-----------------+-------------------+-------------
|
||||
-4 | file-provider | default-key
|
||||
(1 row)
|
||||
|
||||
\c :regress_database
|
||||
CHECKPOINT;
|
||||
SELECT pg_tde_set_default_key_using_global_key_provider('new-default-key', 'file-provider', false);
|
||||
pg_tde_set_default_key_using_global_key_provider
|
||||
--------------------------------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT key_provider_id, key_provider_name, key_name
|
||||
FROM pg_tde_key_info();
|
||||
key_provider_id | key_provider_name | key_name
|
||||
-----------------+-------------------+-----------------
|
||||
-4 | file-provider | new-default-key
|
||||
(1 row)
|
||||
|
||||
\c regress_pg_tde_other
|
||||
SELECT key_provider_id, key_provider_name, key_name
|
||||
FROM pg_tde_key_info();
|
||||
key_provider_id | key_provider_name | key_name
|
||||
-----------------+-------------------+-----------------
|
||||
-4 | file-provider | new-default-key
|
||||
(1 row)
|
||||
|
||||
SELECT pg_buffercache_evict(bufferid) FROM pg_buffercache WHERE relfilenode = (SELECT relfilenode FROM pg_class WHERE oid = 'test_enc'::regclass);
|
||||
pg_buffercache_evict
|
||||
----------------------
|
||||
t
|
||||
(1 row)
|
||||
|
||||
SELECT * FROM test_enc;
|
||||
id | k
|
||||
----+---
|
||||
1 | 1
|
||||
2 | 2
|
||||
3 | 3
|
||||
(3 rows)
|
||||
|
||||
DROP TABLE test_enc;
|
||||
DROP EXTENSION pg_tde CASCADE;
|
||||
\c :regress_database
|
||||
SELECT pg_buffercache_evict(bufferid) FROM pg_buffercache WHERE relfilenode = (SELECT relfilenode FROM pg_class WHERE oid = 'test_enc'::regclass);
|
||||
pg_buffercache_evict
|
||||
----------------------
|
||||
t
|
||||
(1 row)
|
||||
|
||||
SELECT * FROM test_enc;
|
||||
id | k
|
||||
----+---
|
||||
1 | 1
|
||||
2 | 2
|
||||
3 | 3
|
||||
(3 rows)
|
||||
|
||||
DROP TABLE test_enc;
|
||||
DROP EXTENSION pg_tde CASCADE;
|
||||
DROP EXTENSION pg_buffercache;
|
||||
DROP DATABASE regress_pg_tde_other;
|
||||
@ -1,170 +0,0 @@
|
||||
CREATE EXTENSION IF NOT EXISTS pg_tde;
|
||||
SELECT * FROM pg_tde_key_info();
|
||||
ERROR: Principal key does not exists for the database
|
||||
HINT: Use set_key interface to set the principal key
|
||||
SELECT pg_tde_add_database_key_provider_file('incorrect-file-provider', json_object('foo' VALUE '/tmp/pg_tde_test_keyring.per'));
|
||||
ERROR: parse json keyring config: unexpected field foo
|
||||
SELECT * FROM pg_tde_list_all_database_key_providers();
|
||||
id | provider_name | provider_type | options
|
||||
----+---------------+---------------+---------
|
||||
(0 rows)
|
||||
|
||||
SELECT pg_tde_add_database_key_provider_file('file-provider','/tmp/pg_tde_test_keyring.per');
|
||||
pg_tde_add_database_key_provider_file
|
||||
---------------------------------------
|
||||
1
|
||||
(1 row)
|
||||
|
||||
SELECT * FROM pg_tde_list_all_database_key_providers();
|
||||
id | provider_name | provider_type | options
|
||||
----+---------------+---------------+------------------------------------------------------------
|
||||
1 | file-provider | file | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring.per"}
|
||||
(1 row)
|
||||
|
||||
SELECT pg_tde_add_database_key_provider_file('file-provider2','/tmp/pg_tde_test_keyring2.per');
|
||||
pg_tde_add_database_key_provider_file
|
||||
---------------------------------------
|
||||
2
|
||||
(1 row)
|
||||
|
||||
SELECT * FROM pg_tde_list_all_database_key_providers();
|
||||
id | provider_name | provider_type | options
|
||||
----+----------------+---------------+-------------------------------------------------------------
|
||||
1 | file-provider | file | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring.per"}
|
||||
2 | file-provider2 | file | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring2.per"}
|
||||
(2 rows)
|
||||
|
||||
SELECT pg_tde_verify_key();
|
||||
ERROR: principal key not configured for current database
|
||||
SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider');
|
||||
pg_tde_set_key_using_database_key_provider
|
||||
--------------------------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT pg_tde_verify_key();
|
||||
pg_tde_verify_key
|
||||
-------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT pg_tde_change_database_key_provider_file('not-existent-provider','/tmp/pg_tde_test_keyring.per');
|
||||
ERROR: key provider "not-existent-provider" does not exists
|
||||
HINT: Create the key provider
|
||||
SELECT * FROM pg_tde_list_all_database_key_providers();
|
||||
id | provider_name | provider_type | options
|
||||
----+----------------+---------------+-------------------------------------------------------------
|
||||
1 | file-provider | file | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring.per"}
|
||||
2 | file-provider2 | file | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring2.per"}
|
||||
(2 rows)
|
||||
|
||||
SELECT pg_tde_change_database_key_provider_file('file-provider','/tmp/pg_tde_test_keyring_other.per');
|
||||
pg_tde_change_database_key_provider_file
|
||||
------------------------------------------
|
||||
1
|
||||
(1 row)
|
||||
|
||||
SELECT * FROM pg_tde_list_all_database_key_providers();
|
||||
id | provider_name | provider_type | options
|
||||
----+----------------+---------------+------------------------------------------------------------------
|
||||
1 | file-provider | file | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring_other.per"}
|
||||
2 | file-provider2 | file | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring2.per"}
|
||||
(2 rows)
|
||||
|
||||
SELECT pg_tde_verify_key();
|
||||
ERROR: failed to retrieve principal key test-db-key from keyring with ID 1
|
||||
SELECT pg_tde_change_database_key_provider_file('file-provider', json_object('foo' VALUE '/tmp/pg_tde_test_keyring.per'));
|
||||
ERROR: parse json keyring config: unexpected field foo
|
||||
SELECT * FROM pg_tde_list_all_database_key_providers();
|
||||
id | provider_name | provider_type | options
|
||||
----+----------------+---------------+------------------------------------------------------------------
|
||||
1 | file-provider | file | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring_other.per"}
|
||||
2 | file-provider2 | file | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring2.per"}
|
||||
(2 rows)
|
||||
|
||||
SELECT pg_tde_add_global_key_provider_file('file-keyring','/tmp/pg_tde_test_keyring.per');
|
||||
pg_tde_add_global_key_provider_file
|
||||
-------------------------------------
|
||||
-2
|
||||
(1 row)
|
||||
|
||||
SELECT pg_tde_add_global_key_provider_file('file-keyring2','/tmp/pg_tde_test_keyring2.per');
|
||||
pg_tde_add_global_key_provider_file
|
||||
-------------------------------------
|
||||
-3
|
||||
(1 row)
|
||||
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
id | provider_name
|
||||
----+-----------------
|
||||
-1 | reg_file-global
|
||||
-2 | file-keyring
|
||||
-3 | file-keyring2
|
||||
(3 rows)
|
||||
|
||||
-- fails
|
||||
SELECT pg_tde_delete_database_key_provider('file-provider');
|
||||
ERROR: Can't delete a provider which is currently in use
|
||||
SELECT id, provider_name FROM pg_tde_list_all_database_key_providers();
|
||||
id | provider_name
|
||||
----+----------------
|
||||
1 | file-provider
|
||||
2 | file-provider2
|
||||
(2 rows)
|
||||
|
||||
-- works
|
||||
SELECT pg_tde_delete_database_key_provider('file-provider2');
|
||||
pg_tde_delete_database_key_provider
|
||||
-------------------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT id, provider_name FROM pg_tde_list_all_database_key_providers();
|
||||
id | provider_name
|
||||
----+---------------
|
||||
1 | file-provider
|
||||
(1 row)
|
||||
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
id | provider_name
|
||||
----+-----------------
|
||||
-1 | reg_file-global
|
||||
-2 | file-keyring
|
||||
-3 | file-keyring2
|
||||
(3 rows)
|
||||
|
||||
SELECT pg_tde_set_key_using_global_key_provider('test-db-key', 'file-keyring', false);
|
||||
pg_tde_set_key_using_global_key_provider
|
||||
------------------------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
-- fails
|
||||
SELECT pg_tde_delete_global_key_provider('file-keyring');
|
||||
ERROR: Can't delete a provider which is currently in use
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
id | provider_name
|
||||
----+-----------------
|
||||
-1 | reg_file-global
|
||||
-2 | file-keyring
|
||||
-3 | file-keyring2
|
||||
(3 rows)
|
||||
|
||||
-- works
|
||||
SELECT pg_tde_delete_global_key_provider('file-keyring2');
|
||||
pg_tde_delete_global_key_provider
|
||||
-----------------------------------
|
||||
|
||||
(1 row)
|
||||
|
||||
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
|
||||
id | provider_name
|
||||
----+-----------------
|
||||
-1 | reg_file-global
|
||||
-2 | file-keyring
|
||||
(2 rows)
|
||||
|
||||
-- Creating a file key provider fails if we can't open or create the file
|
||||
SELECT pg_tde_add_database_key_provider_file('will-not-work','/cant-create-file-in-root.per');
|
||||
ERROR: Failed to open keyring file /cant-create-file-in-root.per: Permission denied
|
||||
DROP EXTENSION pg_tde;
|
||||
File diff suppressed because one or more lines are too long
@ -80,10 +80,8 @@ install_data(
|
||||
kwargs: contrib_data_args,
|
||||
)
|
||||
|
||||
# toast_decrypt needs to be the first test when running with pg_tde
|
||||
# preinstalled and default_principal_key needs to run after key_provider.
|
||||
# default_principal_key needs to run after key_provider.
|
||||
sql_tests = [
|
||||
'toast_decrypt',
|
||||
'access_control',
|
||||
'alter_index',
|
||||
'cache_alloc',
|
||||
@ -96,6 +94,7 @@ sql_tests = [
|
||||
'relocate',
|
||||
'recreate_storage',
|
||||
'tablespace',
|
||||
'toast_decrypt',
|
||||
'vault_v2_test',
|
||||
'version',
|
||||
'default_principal_key',
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user