mirror of
https://github.com/MariaDB/server.git
synced 2025-09-08 06:27:57 +03:00
8c7d8b716c
Problem: ======= - InnoDB iterates the fil_system space list to encrypt the tablespace in case of key rotation. But it is not necessary for any encryption plugin which doesn't do key version rotation. Solution: ========= - Introduce a new variable called srv_encrypt_rotate to indicate whether encryption plugin does key rotation fil_space_crypt_t::key_get_latest_version(): Enable the srv_encrypt_rotate only once if current key version is higher than innodb_encyrption_rotate_key_age fil_crypt_must_default_encrypt(): Default encryption tables should be added to default_encryp_tables list if innodb_encyrption_rotate_key_age is zero and encryption plugin doesn't do key version rotation fil_space_create(): Add the newly created space to default_encrypt_tables list if fil_crypt_must_default_encrypt() returns true Removed the nondeterministic select from innodb-key-rotation-disable test. By default, InnoDB adds the tablespace to the rotation list and background crypt thread does encryption of tablespace. So these select doesn't give reliable results.
81 lines
3.6 KiB
Plaintext
81 lines
3.6 KiB
Plaintext
-- source include/have_innodb.inc
|
|
-- source include/have_file_key_management_plugin.inc
|
|
# not embedded because of restarts
|
|
-- source include/not_embedded.inc
|
|
|
|
--disable_query_log
|
|
--disable_warnings
|
|
let $encryption = `SELECT @@innodb_encrypt_tables`;
|
|
SET GLOBAL innodb_file_format = `Barracuda`;
|
|
SET GLOBAL innodb_file_per_table = ON;
|
|
# zlib
|
|
set global innodb_compression_algorithm = 1;
|
|
--enable_warnings
|
|
--enable_query_log
|
|
|
|
create database enctests;
|
|
use enctests;
|
|
create table t1(a int not null primary key, b char(200)) engine=innodb;
|
|
create table t2(a int not null primary key, b char(200)) engine=innodb row_format=compressed;
|
|
create table t3(a int not null primary key, b char(200)) engine=innodb page_compressed=yes;
|
|
create table t4(a int not null primary key, b char(200)) engine=innodb encrypted=yes;
|
|
create table t5(a int not null primary key, b char(200)) engine=innodb encrypted=yes row_format=compressed;
|
|
create table t6(a int not null primary key, b char(200)) engine=innodb encrypted=yes page_compressed=yes;
|
|
create table t7(a int not null primary key, b char(200)) engine=innodb encrypted=no;
|
|
create table t8(a int not null primary key, b char(200)) engine=innodb encrypted=no row_format=compressed;
|
|
create table t9(a int not null primary key, b char(200)) engine=innodb encrypted=no page_compressed=yes;
|
|
|
|
insert into t1 values (1, 'secredmessage');
|
|
insert into t2 values (1, 'secredmessage');
|
|
insert into t3 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc');
|
|
insert into t4 values (1, 'secredmessage');
|
|
insert into t5 values (1, 'secredmessage');
|
|
insert into t6 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc');
|
|
insert into t7 values (1, 'publicmessage');
|
|
insert into t8 values (1, 'publicmessage');
|
|
insert into t9 values (1, 'pugliccompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc');
|
|
|
|
--echo # should list tables t1-t6
|
|
SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'enctests%';
|
|
--echo # should list tables t7-t9
|
|
SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 and NAME LIKE 'enctests%';
|
|
|
|
--let $MYSQLD_DATADIR=`select @@datadir`
|
|
|
|
-- source include/shutdown_mysqld.inc
|
|
|
|
--let SEARCH_RANGE = 10000000
|
|
--let SEARCH_PATTERN=secred
|
|
--echo # t1 default on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t1.ibd
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # t2 default on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t2.ibd
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # t3 default on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t3.ibd
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # t4 on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t4.ibd
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # t5 on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t5.ibd
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # t6 on expecting NOT FOUND
|
|
-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t6.ibd
|
|
-- source include/search_pattern_in_file.inc
|
|
--let SEARCH_PATTERN=public
|
|
--echo # t7 off expecting FOUND
|
|
-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t7.ibd
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # t8 row compressed expecting NOT FOUND
|
|
-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t8.ibd
|
|
-- source include/search_pattern_in_file.inc
|
|
--echo # t9 page compressed expecting NOT FOUND
|
|
-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t9.ibd
|
|
-- source include/search_pattern_in_file.inc
|
|
|
|
-- source include/start_mysqld.inc
|
|
|
|
drop database enctests;
|