mirror of
https://github.com/MariaDB/server.git
synced 2025-07-29 05:21:33 +03:00
MDEV-18601 Can't create table with ENCRYPTED=DEFAULT when innodb_default_encryption_key_id!=1
The problem with the InnoDB table attribute encryption_key_id is that it is not being persisted anywhere in InnoDB except if the table attribute encryption is specified and is something else than encryption=default. MDEV-17320 made it a hard error if encryption_key_id is specified to be anything else than 1 in that case. Ideally, we would always persist encryption_key_id in InnoDB. But, then we would have to be prepared for the case that when encryption is being enabled for a table whose encryption_key_id attribute refers to a non-existing key. In MariaDB Server 10.1, our best option remains to not store anything inside InnoDB. But, instead of returning the error that MDEV-17320 introduced, we should merely issue a warning that the specified encryption_key_id is going to be ignored if encryption=default. To improve the situation a little more, we will issue a warning if SET [GLOBAL|SESSION] innodb_default_encryption_key_id is being set to something that does not refer to an available encryption key. Starting with MariaDB Server 10.2, thanks to MDEV-5800, we could open the table definition from InnoDB side when the encryption is being enabled, and actually fix the root cause of what was reported in MDEV-17320.
This commit is contained in:
Marko Mäkelä
@ -4,9 +4,16 @@ SET GLOBAL innodb_encrypt_tables = ON;
|
||||
SET GLOBAL innodb_encryption_threads = 4;
|
||||
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=4;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: Ignored ENCRYPTION_KEY_ID 4 when encryption is disabled
|
||||
Warning 140 InnoDB: ENCRYPTED=NO implies ENCRYPTION_KEY_ID=1
|
||||
DROP TABLE t1;
|
||||
set @save_global = @@GLOBAL.innodb_default_encryption_key_id;
|
||||
set innodb_default_encryption_key_id = 99;
|
||||
Warnings:
|
||||
Warning 1210 innodb_default_encryption_key=99 is not available
|
||||
set global innodb_default_encryption_key_id = 99;
|
||||
Warnings:
|
||||
Warning 1210 innodb_default_encryption_key=99 is not available
|
||||
set global innodb_default_encryption_key_id = @save_global;
|
||||
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
|
||||
ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
||||
SHOW WARNINGS;
|
||||
@ -40,8 +47,6 @@ t1 CREATE TABLE `t1` (
|
||||
PRIMARY KEY (`pk`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1 `ENCRYPTION_KEY_ID`=4
|
||||
CREATE TABLE t2 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=1;
|
||||
Warnings:
|
||||
Warning 140 InnoDB: Ignored ENCRYPTION_KEY_ID 1 when encryption is disabled
|
||||
ALTER TABLE t1 ENCRYPTION_KEY_ID=99;
|
||||
ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
|
||||
SHOW WARNINGS;
|
||||
@ -53,37 +58,29 @@ drop table t1,t2;
|
||||
SET GLOBAL innodb_encrypt_tables=OFF;
|
||||
CREATE TABLE t1 (a int not null primary key) engine=innodb;
|
||||
ALTER TABLE t1 ENCRYPTION_KEY_ID=4;
|
||||
ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
|
||||
SHOW WARNINGS;
|
||||
Level Code Message
|
||||
Warning 140 InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1
|
||||
Error 1478 Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID'
|
||||
SHOW CREATE TABLE t1;
|
||||
Table Create Table
|
||||
t1 CREATE TABLE `t1` (
|
||||
`a` int(11) NOT NULL,
|
||||
PRIMARY KEY (`a`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1 `ENCRYPTION_KEY_ID`=4
|
||||
DROP TABLE t1;
|
||||
CREATE TABLE t2 (a int not null primary key) engine=innodb;
|
||||
ALTER TABLE t2 ENCRYPTION_KEY_ID=4, ALGORITHM=COPY;
|
||||
ERROR HY000: Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options")
|
||||
SHOW WARNINGS;
|
||||
Level Code Message
|
||||
Warning 140 InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1
|
||||
Error 1005 Can't create table `test`.`#sql-temporary` (errno: 140 "Wrong create options")
|
||||
Warning 1030 Got error 140 "Wrong create options" from storage engine InnoDB
|
||||
SHOW CREATE TABLE t2;
|
||||
Table Create Table
|
||||
t2 CREATE TABLE `t2` (
|
||||
`a` int(11) NOT NULL,
|
||||
PRIMARY KEY (`a`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1 `ENCRYPTION_KEY_ID`=4
|
||||
DROP TABLE t2;
|
||||
CREATE TABLE t3 (a int not null primary key) engine=innodb ENCRYPTION_KEY_ID=4;
|
||||
ERROR HY000: Can't create table `test`.`t3` (errno: 140 "Wrong create options")
|
||||
DROP TABLE t3;
|
||||
SET GLOBAL innodb_encrypt_tables='FORCE';
|
||||
CREATE TABLE t1 (a int primary key) engine=innodb encrypted=no;
|
||||
ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
||||
SHOW WARNINGS;
|
||||
Level Code Message
|
||||
Warning 140 InnoDB: innodb_encrypt_tables=OFF only allows ENCRYPTION_KEY_ID=1
|
||||
Error 1005 Can't create table `test`.`t3` (errno: 140 "Wrong create options")
|
||||
Warning 140 InnoDB: ENCRYPTED=NO cannot be used with innodb_encrypt_tables=FORCE
|
||||
Error 1005 Can't create table `test`.`t1` (errno: 140 "Wrong create options")
|
||||
Warning 1030 Got error 140 "Wrong create options" from storage engine InnoDB
|
||||
|
||||
Reference in New Issue
Block a user