Remove support for running pg_tde tests in global TDE mode

Now that we no longer run the pg_tde suite in the global TDE mode we can
remove all the code which was there to support it.

contrib/pg_tde/Makefile

@@ -8,10 +8,8 @@ DATA = pg_tde--1.0-rc.sql
 # Since meson supports skipping test suites this is a make only feature
 ifndef TDE_MODE
 REGRESS_OPTS = --temp-config $(top_srcdir)/contrib/pg_tde/pg_tde.conf
-# toast_decrypt needs to be the first test when running with pg_tde
+# default_principal_key needs to run after key_provider.
-# preinstalled and default_principal_key needs to run after key_provider.
+REGRESS = access_control \
-REGRESS = toast_decrypt \
-access_control \
 alter_index \
 cache_alloc \
 change_access_method \
@@ -23,6 +21,7 @@ pg_tde_is_encrypted \
 recreate_storage \
 relocate \
 tablespace \
+toast_decrypt \
 vault_v2_test \
 version \
 default_principal_key
@@ -56,7 +55,7 @@ src/libkmip/libkmip/src/kmip_memset.o
 
 SCRIPTS_built = src/pg_tde_change_key_provider
 
-EXTRA_INSTALL+=contrib/pg_buffercache contrib/test_decoding
+EXTRA_INSTALL += contrib/pg_buffercache contrib/test_decoding
 EXTRA_CLEAN += src/pg_tde_change_key_provider.o
 
 ifdef USE_PGXS

contrib/pg_tde/expected/default_principal_key_1.out

@@ -1,151 +0,0 @@
-CREATE EXTENSION IF NOT EXISTS pg_tde;
-CREATE EXTENSION IF NOT EXISTS pg_buffercache;
-SELECT pg_tde_add_global_key_provider_file('file-provider','/tmp/pg_tde_regression_default_key.per');
- pg_tde_add_global_key_provider_file 
--------------------------------------
-                                  -4
-(1 row)
-
--- Should fail: no default principal key for the server yet
-SELECT pg_tde_verify_default_key();
-ERROR:  principal key not configured for current database
--- Should fail: no default principal key for the server yet
-SELECT key_provider_id, key_provider_name, key_name 
-		FROM pg_tde_default_key_info();
-ERROR:  Principal key does not exists for the database
-HINT:  Use set_key interface to set the principal key
-SELECT pg_tde_set_default_key_using_global_key_provider('default-key', 'file-provider', false);
- pg_tde_set_default_key_using_global_key_provider 
---------------------------------------------------
- 
-(1 row)
-
-SELECT pg_tde_verify_default_key();
- pg_tde_verify_default_key 
----------------------------
- 
-(1 row)
-
-SELECT key_provider_id, key_provider_name, key_name 
-		FROM pg_tde_default_key_info();
- key_provider_id | key_provider_name |  key_name   
------------------+-------------------+-------------
-              -4 | file-provider     | default-key
-(1 row)
-
--- fails
-SELECT pg_tde_delete_global_key_provider('file-provider');
-ERROR:  Can't delete a provider which is currently in use
-SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
- id |  provider_name  
-----+-----------------
- -1 | reg_file-global
- -2 | file-keyring
- -4 | file-provider
-(3 rows)
-
--- Should fail: no principal key for the database yet
-SELECT  key_provider_id, key_provider_name, key_name
-		FROM pg_tde_key_info();
-ERROR:  Principal key does not exists for the database
-HINT:  Use set_key interface to set the principal key
- 
--- Should succeed: "localizes" the default principal key for the database
-CREATE TABLE test_enc(
-	id SERIAL,
-	k INTEGER DEFAULT '0' NOT NULL,
-	PRIMARY KEY (id)
-) USING tde_heap;
-INSERT INTO test_enc (k) VALUES (1), (2), (3);
--- Should succeed: create table localized the principal key
-SELECT  key_provider_id, key_provider_name, key_name
-		FROM pg_tde_key_info();
- key_provider_id | key_provider_name |  key_name   
------------------+-------------------+-------------
-              -4 | file-provider     | default-key
-(1 row)
-
-SELECT current_database() AS regress_database
-\gset
-CREATE DATABASE regress_pg_tde_other;
-\c regress_pg_tde_other
-CREATE EXTENSION pg_tde;
-CREATE EXTENSION pg_buffercache;
--- Should fail: no principal key for the database yet
-SELECT  key_provider_id, key_provider_name, key_name
-		FROM pg_tde_key_info();
-ERROR:  Principal key does not exists for the database
-HINT:  Use set_key interface to set the principal key
--- Should succeed: "localizes" the default principal key for the database
-CREATE TABLE test_enc(
-	id SERIAL,
-	k INTEGER DEFAULT '0' NOT NULL,
-	PRIMARY KEY (id)
-) USING tde_heap;
-INSERT INTO test_enc (k) VALUES (1), (2), (3);
--- Should succeed: create table localized the principal key
-SELECT  key_provider_id, key_provider_name, key_name
-		FROM pg_tde_key_info();
- key_provider_id | key_provider_name |  key_name   
------------------+-------------------+-------------
-              -4 | file-provider     | default-key
-(1 row)
-
-\c :regress_database
-CHECKPOINT;
-SELECT pg_tde_set_default_key_using_global_key_provider('new-default-key', 'file-provider', false);
- pg_tde_set_default_key_using_global_key_provider 
---------------------------------------------------
- 
-(1 row)
-
-SELECT  key_provider_id, key_provider_name, key_name
-		FROM pg_tde_key_info();
- key_provider_id | key_provider_name |    key_name     
------------------+-------------------+-----------------
-              -4 | file-provider     | new-default-key
-(1 row)
-
-\c regress_pg_tde_other
-SELECT  key_provider_id, key_provider_name, key_name
-		FROM pg_tde_key_info();
- key_provider_id | key_provider_name |    key_name     
------------------+-------------------+-----------------
-              -4 | file-provider     | new-default-key
-(1 row)
-
-SELECT pg_buffercache_evict(bufferid) FROM pg_buffercache WHERE relfilenode = (SELECT relfilenode FROM pg_class WHERE oid = 'test_enc'::regclass);
- pg_buffercache_evict 
-----------------------
- t
-(1 row)
-
-SELECT * FROM test_enc;
- id | k 
-----+---
-  1 | 1
-  2 | 2
-  3 | 3
-(3 rows)
-
-DROP TABLE test_enc;
-DROP EXTENSION pg_tde CASCADE;
-\c :regress_database
-SELECT pg_buffercache_evict(bufferid) FROM pg_buffercache WHERE relfilenode = (SELECT relfilenode FROM pg_class WHERE oid = 'test_enc'::regclass);
- pg_buffercache_evict 
-----------------------
- t
-(1 row)
-
-SELECT * FROM test_enc;
- id | k 
-----+---
-  1 | 1
-  2 | 2
-  3 | 3
-(3 rows)
-
-DROP TABLE test_enc;
-DROP EXTENSION pg_tde CASCADE;
-DROP EXTENSION pg_buffercache;
-DROP DATABASE regress_pg_tde_other;

contrib/pg_tde/expected/key_provider_1.out

@@ -1,170 +0,0 @@
-CREATE EXTENSION IF NOT EXISTS pg_tde;
-SELECT  * FROM pg_tde_key_info();
-ERROR:  Principal key does not exists for the database
-HINT:  Use set_key interface to set the principal key
-SELECT pg_tde_add_database_key_provider_file('incorrect-file-provider',  json_object('foo' VALUE '/tmp/pg_tde_test_keyring.per'));
-ERROR:  parse json keyring config: unexpected field foo
-SELECT * FROM pg_tde_list_all_database_key_providers();
- id | provider_name | provider_type | options 
-----+---------------+---------------+---------
-(0 rows)
-
-SELECT pg_tde_add_database_key_provider_file('file-provider','/tmp/pg_tde_test_keyring.per');
- pg_tde_add_database_key_provider_file 
----------------------------------------
-                                     1
-(1 row)
-
-SELECT * FROM pg_tde_list_all_database_key_providers();
- id | provider_name | provider_type |                          options                           
-----+---------------+---------------+------------------------------------------------------------
-  1 | file-provider | file          | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring.per"}
-(1 row)
-
-SELECT pg_tde_add_database_key_provider_file('file-provider2','/tmp/pg_tde_test_keyring2.per');
- pg_tde_add_database_key_provider_file 
----------------------------------------
-                                     2
-(1 row)
-
-SELECT * FROM pg_tde_list_all_database_key_providers();
- id | provider_name  | provider_type |                           options                           
-----+----------------+---------------+-------------------------------------------------------------
-  1 | file-provider  | file          | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring.per"}
-  2 | file-provider2 | file          | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring2.per"}
-(2 rows)
-
-SELECT pg_tde_verify_key();
-ERROR:  principal key not configured for current database
-SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider');
- pg_tde_set_key_using_database_key_provider 
---------------------------------------------
- 
-(1 row)
-
-SELECT pg_tde_verify_key();
- pg_tde_verify_key 
--------------------
- 
-(1 row)
-
-SELECT pg_tde_change_database_key_provider_file('not-existent-provider','/tmp/pg_tde_test_keyring.per');
-ERROR:  key provider "not-existent-provider" does not exists
-HINT:  Create the key provider
-SELECT * FROM pg_tde_list_all_database_key_providers();
- id | provider_name  | provider_type |                           options                           
-----+----------------+---------------+-------------------------------------------------------------
-  1 | file-provider  | file          | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring.per"}
-  2 | file-provider2 | file          | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring2.per"}
-(2 rows)
-
-SELECT pg_tde_change_database_key_provider_file('file-provider','/tmp/pg_tde_test_keyring_other.per');
- pg_tde_change_database_key_provider_file 
-------------------------------------------
-                                        1
-(1 row)
-
-SELECT * FROM pg_tde_list_all_database_key_providers();
- id | provider_name  | provider_type |                             options                              
-----+----------------+---------------+------------------------------------------------------------------
-  1 | file-provider  | file          | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring_other.per"}
-  2 | file-provider2 | file          | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring2.per"}
-(2 rows)
-
-SELECT pg_tde_verify_key();
-ERROR:  failed to retrieve principal key test-db-key from keyring with ID 1
-SELECT pg_tde_change_database_key_provider_file('file-provider',  json_object('foo' VALUE '/tmp/pg_tde_test_keyring.per'));
-ERROR:  parse json keyring config: unexpected field foo
-SELECT * FROM pg_tde_list_all_database_key_providers();
- id | provider_name  | provider_type |                             options                              
-----+----------------+---------------+------------------------------------------------------------------
-  1 | file-provider  | file          | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring_other.per"}
-  2 | file-provider2 | file          | {"type" : "file", "path" : "/tmp/pg_tde_test_keyring2.per"}
-(2 rows)
-
-SELECT pg_tde_add_global_key_provider_file('file-keyring','/tmp/pg_tde_test_keyring.per');
- pg_tde_add_global_key_provider_file 
--------------------------------------
-                                  -2
-(1 row)
-
-SELECT pg_tde_add_global_key_provider_file('file-keyring2','/tmp/pg_tde_test_keyring2.per');
- pg_tde_add_global_key_provider_file 
--------------------------------------
-                                  -3
-(1 row)
-
-SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
- id |  provider_name  
-----+-----------------
- -1 | reg_file-global
- -2 | file-keyring
- -3 | file-keyring2
-(3 rows)
-
--- fails
-SELECT pg_tde_delete_database_key_provider('file-provider');
-ERROR:  Can't delete a provider which is currently in use
-SELECT id, provider_name FROM pg_tde_list_all_database_key_providers();
- id | provider_name  
-----+----------------
-  1 | file-provider
-  2 | file-provider2
-(2 rows)
-
--- works
-SELECT pg_tde_delete_database_key_provider('file-provider2');
- pg_tde_delete_database_key_provider 
--------------------------------------
- 
-(1 row)
-
-SELECT id, provider_name FROM pg_tde_list_all_database_key_providers();
- id | provider_name 
-----+---------------
-  1 | file-provider
-(1 row)
-
-SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
- id |  provider_name  
-----+-----------------
- -1 | reg_file-global
- -2 | file-keyring
- -3 | file-keyring2
-(3 rows)
-
-SELECT pg_tde_set_key_using_global_key_provider('test-db-key', 'file-keyring', false);
- pg_tde_set_key_using_global_key_provider 
-------------------------------------------
- 
-(1 row)
-
--- fails
-SELECT pg_tde_delete_global_key_provider('file-keyring');
-ERROR:  Can't delete a provider which is currently in use
-SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
- id |  provider_name  
-----+-----------------
- -1 | reg_file-global
- -2 | file-keyring
- -3 | file-keyring2
-(3 rows)
-
--- works
-SELECT pg_tde_delete_global_key_provider('file-keyring2');
- pg_tde_delete_global_key_provider 
------------------------------------
- 
-(1 row)
-
-SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
- id |  provider_name  
-----+-----------------
- -1 | reg_file-global
- -2 | file-keyring
-(2 rows)
-
--- Creating a file key provider fails if we can't open or create the file
-SELECT pg_tde_add_database_key_provider_file('will-not-work','/cant-create-file-in-root.per');
-ERROR:  Failed to open keyring file /cant-create-file-in-root.per: Permission denied
-DROP EXTENSION pg_tde;

contrib/pg_tde/meson.build

@@ -80,10 +80,8 @@ install_data(
   kwargs: contrib_data_args,
 )
 
-# toast_decrypt needs to be the first test when running with pg_tde
+# default_principal_key needs to run after key_provider.
-# preinstalled and default_principal_key needs to run after key_provider.
 sql_tests = [
-  'toast_decrypt',
   'access_control',
   'alter_index',
   'cache_alloc',
@@ -96,6 +94,7 @@ sql_tests = [
   'relocate',
   'recreate_storage',
   'tablespace',
+  'toast_decrypt',
   'vault_v2_test',
   'version',
   'default_principal_key',