From 832cbb4f4dc069de737084b51de01a5b66c0dd13 Mon Sep 17 00:00:00 2001 From: Andreas Karlsson Date: Mon, 14 Apr 2025 17:57:09 +0200 Subject: [PATCH] Convert output of TAP tests to be more like pg_regress This improves readbility of diffs a lot. --- contrib/pg_tde/t/expected/001_basic.out | 32 ++- contrib/pg_tde/t/expected/002_rotate_key.out | 164 +++++++++++++--- .../pg_tde/t/expected/003_remote_config.out | 26 ++- contrib/pg_tde/t/expected/004_file_config.out | 26 ++- .../t/expected/006_remote_vault_config.out | 26 ++- contrib/pg_tde/t/expected/007_tde_heap.out | 90 +++++++-- .../t/expected/008_key_rotate_tablespace.out | 34 +++- contrib/pg_tde/t/expected/009_wal_encrypt.out | 84 +++++--- .../t/expected/010_change_key_provider.out | 184 +++++++++++++++--- .../pg_tde/t/expected/011_unlogged_tables.out | 14 +- contrib/pg_tde/t/pgtde.pm | 2 +- 11 files changed, 547 insertions(+), 135 deletions(-) diff --git a/contrib/pg_tde/t/expected/001_basic.out b/contrib/pg_tde/t/expected/001_basic.out index 21e08d26830..c1e385741b9 100644 --- a/contrib/pg_tde/t/expected/001_basic.out +++ b/contrib/pg_tde/t/expected/001_basic.out @@ -1,23 +1,43 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT extname, extversion FROM pg_extension WHERE extname = 'pg_tde'; -pg_tde|1.0-rc + extname | extversion +---------+------------ + pg_tde | 1.0-rc +(1 row) + CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; psql::1: ERROR: principal key not configured HINT: create one using pg_tde_set_key before using encrypted tables -- server restart SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per'); -1 + pg_tde_add_database_key_provider_file +--------------------------------------- + 1 +(1 row) + SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) CREATE TABLE test_enc(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc (k) VALUES ('foobar'),('barfoo'); SELECT * FROM test_enc ORDER BY id ASC; -1|foobar -2|barfoo + id | k +----+-------- + 1 | foobar + 2 | barfoo +(2 rows) + -- server restart SELECT * FROM test_enc ORDER BY id ASC; -1|foobar -2|barfoo + id | k +----+-------- + 1 | foobar + 2 | barfoo +(2 rows) + TABLEFILE FOUND: yes CONTAINS FOO (should be empty): diff --git a/contrib/pg_tde/t/expected/002_rotate_key.out b/contrib/pg_tde/t/expected/002_rotate_key.out index 8e178cd72b2..12129902d2d 100644 --- a/contrib/pg_tde/t/expected/002_rotate_key.out +++ b/contrib/pg_tde/t/expected/002_rotate_key.out @@ -4,92 +4,196 @@ psql::1: ERROR: principal key not configured HINT: create one using pg_tde_set_key before using encrypted tables -- server restart SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per'); -1 + pg_tde_add_database_key_provider_file +--------------------------------------- + 1 +(1 row) + SELECT pg_tde_add_database_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2.per'); -2 + pg_tde_add_database_key_provider_file +--------------------------------------- + 2 +(1 row) + SELECT pg_tde_add_global_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2g.per'); --1 + pg_tde_add_global_key_provider_file +------------------------------------- + -1 +(1 row) + SELECT pg_tde_add_global_key_provider_file('file-3','/tmp/pg_tde_test_keyring_3.per'); --2 + pg_tde_add_global_key_provider_file +------------------------------------- + -2 +(1 row) + SELECT pg_tde_list_all_database_key_providers(); -(1,file-vault,file,"{""type"" : ""file"", ""path"" : ""/tmp/pg_tde_test_keyring.per""}") -(2,file-2,file,"{""type"" : ""file"", ""path"" : ""/tmp/pg_tde_test_keyring_2.per""}") + pg_tde_list_all_database_key_providers +------------------------------------------------------------------------------------------ + (1,file-vault,file,"{""type"" : ""file"", ""path"" : ""/tmp/pg_tde_test_keyring.per""}") + (2,file-2,file,"{""type"" : ""file"", ""path"" : ""/tmp/pg_tde_test_keyring_2.per""}") +(2 rows) + SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc (k) VALUES (5),(6); SELECT * FROM test_enc ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + SELECT pg_tde_set_key_using_database_key_provider('rotated-key1'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) SELECT * FROM test_enc ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + -- server restart SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); -1|file-vault|rotated-key1 + key_provider_id | key_provider_name | key_name +-----------------+-------------------+-------------- + 1 | file-vault | rotated-key1 +(1 row) + SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); psql::1: ERROR: Principal key does not exists for the database HINT: Use set_key interface to set the principal key SELECT * FROM test_enc ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + SELECT pg_tde_set_key_using_database_key_provider('rotated-key2','file-2'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) SELECT * FROM test_enc ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + -- server restart SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); -2|file-2|rotated-key2 + key_provider_id | key_provider_name | key_name +-----------------+-------------------+-------------- + 2 | file-2 | rotated-key2 +(1 row) + SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); psql::1: ERROR: Principal key does not exists for the database HINT: Use set_key interface to set the principal key SELECT * FROM test_enc ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + SELECT pg_tde_set_key_using_global_key_provider('rotated-key', 'file-3', false); + pg_tde_set_key_using_global_key_provider +------------------------------------------ + +(1 row) SELECT * FROM test_enc ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + -- server restart SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); --2|file-3|rotated-key + key_provider_id | key_provider_name | key_name +-----------------+-------------------+------------- + -2 | file-3 | rotated-key +(1 row) + SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); psql::1: ERROR: Principal key does not exists for the database HINT: Use set_key interface to set the principal key SELECT * FROM test_enc ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX', 'file-2', false); + pg_tde_set_key_using_global_key_provider +------------------------------------------ + +(1 row) SELECT * FROM test_enc ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + -- server restart SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); --1|file-2|rotated-keyX + key_provider_id | key_provider_name | key_name +-----------------+-------------------+-------------- + -1 | file-2 | rotated-keyX +(1 row) + SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); psql::1: ERROR: Principal key does not exists for the database HINT: Use set_key interface to set the principal key SELECT * FROM test_enc ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + ALTER SYSTEM SET pg_tde.inherit_global_providers = OFF; -- server restart SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX2', 'file-2', false); psql::1: ERROR: Usage of global key providers is disabled. Enable it with pg_tde.inherit_global_providers = ON SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); --1|file-2|rotated-keyX + key_provider_id | key_provider_name | key_name +-----------------+-------------------+-------------- + -1 | file-2 | rotated-keyX +(1 row) + SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); psql::1: ERROR: Principal key does not exists for the database HINT: Use set_key interface to set the principal key SELECT pg_tde_set_key_using_database_key_provider('rotated-key2','file-2'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); -2|file-2|rotated-key2 + key_provider_id | key_provider_name | key_name +-----------------+-------------------+-------------- + 2 | file-2 | rotated-key2 +(1 row) + SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); psql::1: ERROR: Principal key does not exists for the database HINT: Use set_key interface to set the principal key diff --git a/contrib/pg_tde/t/expected/003_remote_config.out b/contrib/pg_tde/t/expected/003_remote_config.out index b4c5cc63fc5..fc4208ba360 100644 --- a/contrib/pg_tde/t/expected/003_remote_config.out +++ b/contrib/pg_tde/t/expected/003_remote_config.out @@ -1,16 +1,32 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT pg_tde_add_database_key_provider_file('file-provider', json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8888/hello' )); -1 + pg_tde_add_database_key_provider_file +--------------------------------------- + 1 +(1 row) + SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) CREATE TABLE test_enc2(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc2 (k) VALUES (5),(6); SELECT * FROM test_enc2 ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + -- server restart SELECT * FROM test_enc2 ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + DROP TABLE test_enc2; DROP EXTENSION pg_tde; diff --git a/contrib/pg_tde/t/expected/004_file_config.out b/contrib/pg_tde/t/expected/004_file_config.out index c9e6a895245..878e2d3621e 100644 --- a/contrib/pg_tde/t/expected/004_file_config.out +++ b/contrib/pg_tde/t/expected/004_file_config.out @@ -1,16 +1,32 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT pg_tde_add_database_key_provider_file('file-provider', json_object( 'type' VALUE 'file', 'path' VALUE '/tmp/datafile-location' )); -1 + pg_tde_add_database_key_provider_file +--------------------------------------- + 1 +(1 row) + SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) CREATE TABLE test_enc1(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc1 (k) VALUES (5),(6); SELECT * FROM test_enc1 ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + -- server restart SELECT * FROM test_enc1 ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + DROP TABLE test_enc1; DROP EXTENSION pg_tde; diff --git a/contrib/pg_tde/t/expected/006_remote_vault_config.out b/contrib/pg_tde/t/expected/006_remote_vault_config.out index 4110b74664e..8fe7b12360b 100644 --- a/contrib/pg_tde/t/expected/006_remote_vault_config.out +++ b/contrib/pg_tde/t/expected/006_remote_vault_config.out @@ -1,16 +1,32 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT pg_tde_add_database_key_provider_vault_v2('vault-provider', json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8889/token' ), json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8889/url' ), to_json('secret'::text), NULL); -1 + pg_tde_add_database_key_provider_vault_v2 +------------------------------------------- + 1 +(1 row) + SELECT pg_tde_set_key_using_database_key_provider('test-db-key','vault-provider'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) CREATE TABLE test_enc2(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc2 (k) VALUES (5),(6); SELECT * FROM test_enc2 ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + -- server restart SELECT * FROM test_enc2 ORDER BY id ASC; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + DROP TABLE test_enc2; DROP EXTENSION pg_tde; diff --git a/contrib/pg_tde/t/expected/007_tde_heap.out b/contrib/pg_tde/t/expected/007_tde_heap.out index 3d596657d0b..6a5aef32bf7 100644 --- a/contrib/pg_tde/t/expected/007_tde_heap.out +++ b/contrib/pg_tde/t/expected/007_tde_heap.out @@ -4,68 +4,116 @@ psql::1: ERROR: principal key not configured HINT: create one using pg_tde_set_key before using encrypted tables -- server restart SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per'); -1 + pg_tde_add_database_key_provider_file +--------------------------------------- + 1 +(1 row) + SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) CREATE TABLE test_enc1(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc1 (k) VALUES ('foobar'),('barfoo'); SELECT * FROM test_enc1 ORDER BY id ASC; -1|foobar -2|barfoo + id | k +----+-------- + 1 | foobar + 2 | barfoo +(2 rows) + CREATE TABLE test_enc2(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)); INSERT INTO test_enc2 (k) VALUES ('foobar'),('barfoo'); ALTER TABLE test_enc2 SET ACCESS METHOD tde_heap; SELECT * FROM test_enc2 ORDER BY id ASC; -1|foobar -2|barfoo + id | k +----+-------- + 1 | foobar + 2 | barfoo +(2 rows) + SET default_table_access_method = "tde_heap"; CREATE TABLE test_enc3(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)); INSERT INTO test_enc3 (k) VALUES ('foobar'),('barfoo'); SELECT * FROM test_enc3 ORDER BY id ASC; -1|foobar -2|barfoo + id | k +----+-------- + 1 | foobar + 2 | barfoo +(2 rows) + CREATE TABLE test_enc4(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING heap; INSERT INTO test_enc4 (k) VALUES ('foobar'),('barfoo'); SET default_table_access_method = "tde_heap"; ALTER TABLE test_enc4 SET ACCESS METHOD DEFAULT; SELECT * FROM test_enc4 ORDER BY id ASC; -1|foobar -2|barfoo + id | k +----+-------- + 1 | foobar + 2 | barfoo +(2 rows) + CREATE TABLE test_enc5(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc5 (k) VALUES ('foobar'),('barfoo'); CHECKPOINT; TRUNCATE test_enc5; INSERT INTO test_enc5 (k) VALUES ('foobar'),('barfoo'); SELECT * FROM test_enc5 ORDER BY id ASC; -3|foobar -4|barfoo + id | k +----+-------- + 3 | foobar + 4 | barfoo +(2 rows) + -- server restart ########################### SELECT * FROM test_enc1 ORDER BY id ASC; -1|foobar -2|barfoo + id | k +----+-------- + 1 | foobar + 2 | barfoo +(2 rows) + TABLEFILE FOR test_enc1 FOUND: yes CONTAINS FOO (should be empty): ########################### SELECT * FROM test_enc2 ORDER BY id ASC; -1|foobar -2|barfoo + id | k +----+-------- + 1 | foobar + 2 | barfoo +(2 rows) + TABLEFILE FOR test_enc2 FOUND: yes CONTAINS FOO (should be empty): ########################### SELECT * FROM test_enc3 ORDER BY id ASC; -1|foobar -2|barfoo + id | k +----+-------- + 1 | foobar + 2 | barfoo +(2 rows) + TABLEFILE FOR test_enc3 FOUND: yes CONTAINS FOO (should be empty): ########################### SELECT * FROM test_enc4 ORDER BY id ASC; -1|foobar -2|barfoo + id | k +----+-------- + 1 | foobar + 2 | barfoo +(2 rows) + TABLEFILE FOR test_enc4 FOUND: yes CONTAINS FOO (should be empty): ########################### SELECT * FROM test_enc5 ORDER BY id ASC; -3|foobar -4|barfoo + id | k +----+-------- + 3 | foobar + 4 | barfoo +(2 rows) + TABLEFILE FOR test_enc5 FOUND: yes CONTAINS FOO (should be empty): TABLEFILE2 FOUND: yes diff --git a/contrib/pg_tde/t/expected/008_key_rotate_tablespace.out b/contrib/pg_tde/t/expected/008_key_rotate_tablespace.out index 222742b1d84..7d88a74e1c4 100644 --- a/contrib/pg_tde/t/expected/008_key_rotate_tablespace.out +++ b/contrib/pg_tde/t/expected/008_key_rotate_tablespace.out @@ -2,8 +2,16 @@ SET allow_in_place_tablespaces = true; CREATE TABLESPACE test_tblspace LOCATION CREATE DATABASE tbc TABLESPACE = test_tblspace; CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per'); -1 + pg_tde_add_database_key_provider_file +--------------------------------------- + 1 +(1 row) + SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) CREATE TABLE country_table ( country_id serial primary key, @@ -15,16 +23,28 @@ INSERT INTO country_table (country_name, continent) ('UK', 'Europe'), ('USA', 'North America'); SELECT * FROM country_table; -1|Japan|Asia -2|UK|Europe -3|USA|North America + country_id | country_name | continent +------------+--------------+--------------- + 1 | Japan | Asia + 2 | UK | Europe + 3 | USA | North America +(3 rows) + SELECT pg_tde_set_key_using_database_key_provider('new-k', 'file-vault'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) -- server restart SELECT * FROM country_table; -1|Japan|Asia -2|UK|Europe -3|USA|North America + country_id | country_name | continent +------------+--------------+--------------- + 1 | Japan | Asia + 2 | UK | Europe + 3 | USA | North America +(3 rows) + DROP EXTENSION pg_tde CASCADE; psql::1: NOTICE: drop cascades to table country_table DROP DATABASE tbc; diff --git a/contrib/pg_tde/t/expected/009_wal_encrypt.out b/contrib/pg_tde/t/expected/009_wal_encrypt.out index 7d7c5726891..c0df1e2a031 100644 --- a/contrib/pg_tde/t/expected/009_wal_encrypt.out +++ b/contrib/pg_tde/t/expected/009_wal_encrypt.out @@ -1,49 +1,85 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT pg_tde_add_global_key_provider_file('file-keyring-010','/tmp/pg_tde_test_keyring010.per'); --1 + pg_tde_add_global_key_provider_file +------------------------------------- + -1 +(1 row) + SELECT pg_tde_set_server_key_using_global_key_provider('server-key', 'file-keyring-010'); + pg_tde_set_server_key_using_global_key_provider +------------------------------------------------- + +(1 row) ALTER SYSTEM SET pg_tde.wal_encrypt = on; -- server restart with wal encryption SHOW pg_tde.wal_encrypt; -on + pg_tde.wal_encrypt +-------------------- + on +(1 row) + SELECT slot_name FROM pg_create_logical_replication_slot('tde_slot', 'test_decoding'); -tde_slot + slot_name +----------- + tde_slot +(1 row) + CREATE TABLE test_wal (id SERIAL, k INTEGER, PRIMARY KEY (id)); INSERT INTO test_wal (k) VALUES (1), (2); ALTER SYSTEM SET pg_tde.wal_encrypt = off; -- server restart without wal encryption SHOW pg_tde.wal_encrypt; -off + pg_tde.wal_encrypt +-------------------- + off +(1 row) + INSERT INTO test_wal (k) VALUES (3), (4); ALTER SYSTEM SET pg_tde.wal_encrypt = on; -- server restart with wal encryption SHOW pg_tde.wal_encrypt; -on + pg_tde.wal_encrypt +-------------------- + on +(1 row) + INSERT INTO test_wal (k) VALUES (5), (6); -- server restart with still wal encryption SHOW pg_tde.wal_encrypt; -on + pg_tde.wal_encrypt +-------------------- + on +(1 row) + INSERT INTO test_wal (k) VALUES (7), (8); SELECT data FROM pg_logical_slot_get_changes('tde_slot', NULL, NULL); -BEGIN 739 -COMMIT 739 -BEGIN 740 -table public.test_wal: INSERT: id[integer]:1 k[integer]:1 -table public.test_wal: INSERT: id[integer]:2 k[integer]:2 -COMMIT 740 -BEGIN 741 -table public.test_wal: INSERT: id[integer]:3 k[integer]:3 -table public.test_wal: INSERT: id[integer]:4 k[integer]:4 -COMMIT 741 -BEGIN 742 -table public.test_wal: INSERT: id[integer]:5 k[integer]:5 -table public.test_wal: INSERT: id[integer]:6 k[integer]:6 -COMMIT 742 -BEGIN 743 -table public.test_wal: INSERT: id[integer]:7 k[integer]:7 -table public.test_wal: INSERT: id[integer]:8 k[integer]:8 -COMMIT 743 + data +----------------------------------------------------------- + BEGIN 739 + COMMIT 739 + BEGIN 740 + table public.test_wal: INSERT: id[integer]:1 k[integer]:1 + table public.test_wal: INSERT: id[integer]:2 k[integer]:2 + COMMIT 740 + BEGIN 741 + table public.test_wal: INSERT: id[integer]:3 k[integer]:3 + table public.test_wal: INSERT: id[integer]:4 k[integer]:4 + COMMIT 741 + BEGIN 742 + table public.test_wal: INSERT: id[integer]:5 k[integer]:5 + table public.test_wal: INSERT: id[integer]:6 k[integer]:6 + COMMIT 742 + BEGIN 743 + table public.test_wal: INSERT: id[integer]:7 k[integer]:7 + table public.test_wal: INSERT: id[integer]:8 k[integer]:8 + COMMIT 743 +(18 rows) + SELECT pg_drop_replication_slot('tde_slot'); + pg_drop_replication_slot +-------------------------- + +(1 row) DROP EXTENSION pg_tde; diff --git a/contrib/pg_tde/t/expected/010_change_key_provider.out b/contrib/pg_tde/t/expected/010_change_key_provider.out index 0849ff96822..ca988c62599 100644 --- a/contrib/pg_tde/t/expected/010_change_key_provider.out +++ b/contrib/pg_tde/t/expected/010_change_key_provider.out @@ -1,50 +1,122 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/change_key_provider_1.per'); -1 + pg_tde_add_database_key_provider_file +--------------------------------------- + 1 +(1 row) + SELECT pg_tde_list_all_database_key_providers(); -(1,file-vault,file,"{""type"" : ""file"", ""path"" : ""/tmp/change_key_provider_1.per""}") + pg_tde_list_all_database_key_providers +-------------------------------------------------------------------------------------------- + (1,file-vault,file,"{""type"" : ""file"", ""path"" : ""/tmp/change_key_provider_1.per""}") +(1 row) + SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) CREATE TABLE test_enc (id serial, k integer, PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc (k) VALUES (5), (6); SELECT pg_tde_verify_key(); + pg_tde_verify_key +------------------- + +(1 row) SELECT pg_tde_is_encrypted('test_enc'); -t + pg_tde_is_encrypted +--------------------- + t +(1 row) + SELECT * FROM test_enc ORDER BY id; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + -- mv /tmp/change_key_provider_1.per /tmp/change_key_provider_2.per SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_2.per'); -1 + pg_tde_change_database_key_provider_file +------------------------------------------ + 1 +(1 row) + SELECT pg_tde_list_all_database_key_providers(); -(1,file-vault,file,"{""type"" : ""file"", ""path"" : ""/tmp/change_key_provider_2.per""}") + pg_tde_list_all_database_key_providers +-------------------------------------------------------------------------------------------- + (1,file-vault,file,"{""type"" : ""file"", ""path"" : ""/tmp/change_key_provider_2.per""}") +(1 row) + SELECT pg_tde_verify_key(); + pg_tde_verify_key +------------------- + +(1 row) SELECT pg_tde_is_encrypted('test_enc'); -t + pg_tde_is_encrypted +--------------------- + t +(1 row) + SELECT * FROM test_enc ORDER BY id; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + -- server restart SELECT pg_tde_verify_key(); + pg_tde_verify_key +------------------- + +(1 row) SELECT pg_tde_is_encrypted('test_enc'); -t + pg_tde_is_encrypted +--------------------- + t +(1 row) + SELECT * FROM test_enc ORDER BY id; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_3.per'); -1 + pg_tde_change_database_key_provider_file +------------------------------------------ + 1 +(1 row) + SELECT pg_tde_list_all_database_key_providers(); -(1,file-vault,file,"{""type"" : ""file"", ""path"" : ""/tmp/change_key_provider_3.per""}") + pg_tde_list_all_database_key_providers +-------------------------------------------------------------------------------------------- + (1,file-vault,file,"{""type"" : ""file"", ""path"" : ""/tmp/change_key_provider_3.per""}") +(1 row) + SELECT pg_tde_verify_key(); psql::1: ERROR: failed to retrieve principal key test-key from keyring with ID 1 SELECT pg_tde_is_encrypted('test_enc'); -t + pg_tde_is_encrypted +--------------------- + t +(1 row) + SELECT * FROM test_enc ORDER BY id; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + -- server restart SELECT pg_tde_verify_key(); psql::1: ERROR: failed to retrieve principal key test-key from keyring with ID 1 @@ -55,30 +127,66 @@ psql::1: ERROR: failed to retrieve principal key test-key from keyring w -- mv /tmp/change_key_provider_2.per /tmp/change_key_provider_3.per -- server restart SELECT pg_tde_verify_key(); + pg_tde_verify_key +------------------- + +(1 row) SELECT pg_tde_is_encrypted('test_enc'); -t + pg_tde_is_encrypted +--------------------- + t +(1 row) + SELECT * FROM test_enc ORDER BY id; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + DROP EXTENSION pg_tde CASCADE; psql::1: NOTICE: drop cascades to table test_enc CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/change_key_provider_4.per'); -1 + pg_tde_add_database_key_provider_file +--------------------------------------- + 1 +(1 row) + SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) CREATE TABLE test_enc (id serial, k integer, PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc (k) VALUES (5), (6); SELECT pg_tde_verify_key(); + pg_tde_verify_key +------------------- + +(1 row) SELECT pg_tde_is_encrypted('test_enc'); -t + pg_tde_is_encrypted +--------------------- + t +(1 row) + SELECT * FROM test_enc ORDER BY id; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_3.per'); -1 + pg_tde_change_database_key_provider_file +------------------------------------------ + 1 +(1 row) + -- server restart SELECT pg_tde_verify_key(); psql::1: ERROR: Failed to verify principal key header for key test-key, incorrect principal key or corrupted key file @@ -89,13 +197,29 @@ psql::1: ERROR: Failed to verify principal key header for key test-key, CREATE TABLE test_enc2 (id serial, k integer, PRIMARY KEY (id)) USING tde_heap; psql::1: ERROR: Failed to verify principal key header for key test-key, incorrect principal key or corrupted key file SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_4.per'); -1 + pg_tde_change_database_key_provider_file +------------------------------------------ + 1 +(1 row) + SELECT pg_tde_verify_key(); + pg_tde_verify_key +------------------- + +(1 row) SELECT pg_tde_is_encrypted('test_enc'); -t + pg_tde_is_encrypted +--------------------- + t +(1 row) + SELECT * FROM test_enc ORDER BY id; -1|5 -2|6 + id | k +----+--- + 1 | 5 + 2 | 6 +(2 rows) + DROP EXTENSION pg_tde CASCADE; psql::1: NOTICE: drop cascades to table test_enc diff --git a/contrib/pg_tde/t/expected/011_unlogged_tables.out b/contrib/pg_tde/t/expected/011_unlogged_tables.out index 031fd4f80b2..71c52786b13 100644 --- a/contrib/pg_tde/t/expected/011_unlogged_tables.out +++ b/contrib/pg_tde/t/expected/011_unlogged_tables.out @@ -1,7 +1,15 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/unlogged_tables.per'); -1 + pg_tde_add_database_key_provider_file +--------------------------------------- + 1 +(1 row) + SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault'); + pg_tde_set_key_using_database_key_provider +-------------------------------------------- + +(1 row) CREATE UNLOGGED TABLE t (x int PRIMARY KEY) USING tde_heap; INSERT INTO t SELECT generate_series(1, 4); @@ -9,4 +17,8 @@ CHECKPOINT; -- kill -9 -- server start TABLE t; + x +--- +(0 rows) + INSERT INTO t SELECT generate_series(1, 4); diff --git a/contrib/pg_tde/t/pgtde.pm b/contrib/pg_tde/t/pgtde.pm index 0a313ad1518..989b41089c3 100644 --- a/contrib/pg_tde/t/pgtde.pm +++ b/contrib/pg_tde/t/pgtde.pm @@ -61,7 +61,7 @@ sub psql { my ($node, $dbname, $sql) = @_; - my (undef, $stdout, $stderr) = $node->psql($dbname, $sql, extra_params => ['-a']); + my (undef, $stdout, $stderr) = $node->psql($dbname, $sql, extra_params => ['-a', '-Pformat=aligned', '-Ptuples_only=off']); if ($stdout ne '') { append_to_result_file($stdout);