database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-18601 Can't create table with ENCRYPTED=DEFAULT when innodb_default_encryption_key_id!=1

Browse Source 
The problem with the InnoDB table attribute encryption_key_id is that it is
not being persisted anywhere in InnoDB except if the table attribute
encryption is specified and is something else than encryption=default.
MDEV-17320 made it a hard error if encryption_key_id is specified to be
anything else than 1 in that case.

Ideally, we would always persist encryption_key_id in InnoDB. But, then we
would have to be prepared for the case that when encryption is being enabled
for a table whose encryption_key_id attribute refers to a non-existing key.

In MariaDB Server 10.1, our best option remains to not store anything
inside InnoDB. But, instead of returning the error that MDEV-17320
introduced, we should merely issue a warning that the specified
encryption_key_id is going to be ignored if encryption=default.

To improve the situation a little more, we will issue a warning if
SET [GLOBAL|SESSION] innodb_default_encryption_key_id is being set
to something that does not refer to an available encryption key.

Starting with MariaDB Server 10.2, thanks to MDEV-5800, we could open the
table definition from InnoDB side when the encryption is being enabled,
and actually fix the root cause of what was reported in MDEV-17320.
This commit is contained in:
Marko Mäkelä
2019-02-28 23:11:15 +02:00
parent 622e9e8a7a
commit e39d6e0c53
8 changed files with 182 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
mysql-test/suite/encryption/t/innodb-encryption-alter.test
View File

@ -19,7 +19,10 @@ SET GLOBAL innodb_encryption_threads = 4;
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB ENCRYPTED=NO ENCRYPTION_KEY_ID=4;
DROP TABLE t1;
set @save_global = @@GLOBAL.innodb_default_encryption_key_id;
set innodb_default_encryption_key_id = 99;
set global innodb_default_encryption_key_id = 99;
set global innodb_default_encryption_key_id = @save_global;
--error 1005
CREATE TABLE t1 (pk INT PRIMARY KEY AUTO_INCREMENT, c VARCHAR(256)) ENGINE=INNODB;
SHOW WARNINGS;
@ -90,25 +93,26 @@ drop table t1,t2;
#
# MDEV-17230: encryption_key_id from alter is ignored by encryption threads
#
--enable_warnings
SET GLOBAL innodb_encrypt_tables=OFF;
CREATE TABLE t1 (a int not null primary key) engine=innodb;
--error ER_ILLEGAL_HA_CREATE_OPTION
ALTER TABLE t1 ENCRYPTION_KEY_ID=4;
SHOW WARNINGS;
SHOW CREATE TABLE t1;
DROP TABLE t1;
CREATE TABLE t2 (a int not null primary key) engine=innodb;
--replace_regex /#sql-[0-9a-f_]*`/#sql-temporary`/
--error ER_CANT_CREATE_TABLE
ALTER TABLE t2 ENCRYPTION_KEY_ID=4, ALGORITHM=COPY;
--replace_regex /#sql-[0-9a-f_]*`/#sql-temporary`/
SHOW WARNINGS;
SHOW CREATE TABLE t2;
DROP TABLE t2;
--error ER_CANT_CREATE_TABLE
CREATE TABLE t3 (a int not null primary key) engine=innodb ENCRYPTION_KEY_ID=4;
DROP TABLE t3;
SET GLOBAL innodb_encrypt_tables='FORCE';
--error ER_CANT_CREATE_TABLE
CREATE TABLE t1 (a int primary key) engine=innodb encrypted=no;
SHOW WARNINGS;
# reset system