diff options
Diffstat (limited to 'mysql-test/suite/encryption/t')
13 files changed, 228 insertions, 264 deletions
diff --git a/mysql-test/suite/encryption/t/debug_key_management.test b/mysql-test/suite/encryption/t/debug_key_management.test index b4dc8c41916..5001ac6a516 100644 --- a/mysql-test/suite/encryption/t/debug_key_management.test +++ b/mysql-test/suite/encryption/t/debug_key_management.test @@ -11,14 +11,15 @@ show variables like 'innodb_encrypt%'; let $wait_condition= select count(*) = 3 from information_schema.innodb_tablespaces_encryption where current_key_version=1; --source include/wait_condition.inc -select space,name,current_key_version from information_schema.innodb_tablespaces_encryption order by space; +select count(*) from information_schema.innodb_tablespaces_encryption where current_key_version <> 1; set global debug_key_management_version=10; let $wait_condition= select count(*) = 3 from information_schema.innodb_tablespaces_encryption where current_key_version=10; --source include/wait_condition.inc -select space,name,current_key_version from information_schema.innodb_tablespaces_encryption order by space; +select count(*) from information_schema.innodb_tablespaces_encryption where current_key_version <> 10; # Note that we expect that key_version is increasing so disable encryption before reset + set global innodb_encrypt_tables=OFF; set global debug_key_management_version=1; diff --git a/mysql-test/suite/encryption/t/encrypt_and_grep.opt b/mysql-test/suite/encryption/t/encrypt_and_grep.opt index bcff011eb82..5c9aaf65b06 100644 --- a/mysql-test/suite/encryption/t/encrypt_and_grep.opt +++ b/mysql-test/suite/encryption/t/encrypt_and_grep.opt @@ -1,8 +1,7 @@ --innodb-encrypt-tables=ON --innodb-encrypt-log=ON --innodb-encryption-rotate-key-age=15 ---innodb-encryption-threads=4 +--innodb-encryption-threads=1 --innodb-tablespaces-encryption ---innodb-max-dirty-pages-pct=0.001 diff --git a/mysql-test/suite/encryption/t/encrypt_and_grep.test b/mysql-test/suite/encryption/t/encrypt_and_grep.test index 2a5fcbcebf8..fd54fc74f0a 100644 --- a/mysql-test/suite/encryption/t/encrypt_and_grep.test +++ b/mysql-test/suite/encryption/t/encrypt_and_grep.test @@ -1,5 +1,5 @@ -- source include/have_innodb.inc --- source include/have_example_key_management_plugin.inc +-- source include/have_file_key_management_plugin.inc # embedded does not support restart -- source include/not_embedded.inc @@ -30,7 +30,10 @@ insert t3 values (repeat('dummy', 42)); --let $wait_condition=SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 --source include/wait_condition.inc ---sleep 5 +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; + +--source include/shutdown_mysqld.inc --let SEARCH_PATTERN=foobar --echo # t1 yes on expecting NOT FOUND @@ -49,15 +52,21 @@ insert t3 values (repeat('dummy', 42)); -- let SEARCH_FILE=$ib1_IBD -- source include/search_pattern_in_file.inc +-- source include/start_mysqld.inc + --echo # Now turn off encryption and wait for threads to decrypt everything -SET GLOBAL innodb_encryption_threads = 4; +SET GLOBAL innodb_encryption_threads = 1; SET GLOBAL innodb_encrypt_tables = off; --echo # Wait max 10 min for key encryption threads to decrypt all spaces --let $wait_timeout= 600 ---let $wait_condition=SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +--let $wait_condition=SELECT COUNT(*) = 5 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND KEY_ROTATION_PAGE_NUMBER IS NULL; --source include/wait_condition.inc ---sleep 5 + +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; + +--source include/shutdown_mysqld.inc --let SEARCH_PATTERN=foobar --echo # t1 yes on expecting NOT FOUND @@ -76,6 +85,8 @@ SET GLOBAL innodb_encrypt_tables = off; -- let SEARCH_FILE=$ib1_IBD -- source include/search_pattern_in_file.inc +-- source include/start_mysqld.inc + --echo # Now turn on encryption and wait for threads to encrypt all spaces SET GLOBAL innodb_encryption_threads = 4; SET GLOBAL innodb_encrypt_tables = on; @@ -84,7 +95,11 @@ SET GLOBAL innodb_encrypt_tables = on; --let $wait_timeout= 600 --let $wait_condition=SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; --source include/wait_condition.inc ---sleep 5 + +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; + +--source include/shutdown_mysqld.inc --let SEARCH_PATTERN=foobar --echo # t1 yes on expecting NOT FOUND @@ -103,6 +118,6 @@ SET GLOBAL innodb_encrypt_tables = on; -- let SEARCH_FILE=$ib1_IBD -- source include/search_pattern_in_file.inc ---echo # TODO: add shutdown + grep tests +-- source include/start_mysqld.inc drop table t1, t2, t3; diff --git a/mysql-test/suite/encryption/t/innodb-bad-key-change.test b/mysql-test/suite/encryption/t/innodb-bad-key-change.test index cc5e6b36ac3..e8b5de99d80 100644 --- a/mysql-test/suite/encryption/t/innodb-bad-key-change.test +++ b/mysql-test/suite/encryption/t/innodb-bad-key-change.test @@ -13,16 +13,9 @@ # call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); -call mtr.add_suppression("InnoDB: Database page corruption on disk or a failed.*"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id .* is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -call mtr.add_suppression("mysqld: File .*"); -call mtr.add_suppression("InnoDB: Tablespace id .* is encrypted but encryption service or used key_id .* is not available. Can't continue opening tablespace."); -call mtr.add_suppression("InnoDB: InnoDB: Page may be an index page where index id is .*"); +call mtr.add_suppression("InnoDB: The page .* in file test/.* cannot be decrypted"); +call mtr.add_suppression("mysqld: File .* not found"); --echo --echo # Start server with keys2.txt diff --git a/mysql-test/suite/encryption/t/innodb-bad-key-change2.test b/mysql-test/suite/encryption/t/innodb-bad-key-change2.test index 7c61c34ec59..c7c9e66dcf8 100644 --- a/mysql-test/suite/encryption/t/innodb-bad-key-change2.test +++ b/mysql-test/suite/encryption/t/innodb-bad-key-change2.test @@ -8,42 +8,28 @@ # # MDEV-8750: Server crashes in page_cur_is_after_last on altering table using a wrong encryption key # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); # Suppression for builds where file_key_management plugin is linked statically -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); --write_file $MYSQLTEST_VARDIR/keys1.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530143 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc CREATE TABLE t1 (pk INT PRIMARY KEY, f VARCHAR(8)) ENGINE=InnoDB ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1,'foo'),(2,'bar'); ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - --write_file $MYSQLTEST_VARDIR/keys2.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530144 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt +--source include/restart_mysqld.inc --error ER_GET_ERRMSG select * from t1; @@ -55,5 +41,9 @@ show warnings; alter table t1 engine=InnoDB; show warnings; +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc + +DROP TABLE t1; --remove_file $MYSQLTEST_VARDIR/keys1.txt --remove_file $MYSQLTEST_VARDIR/keys2.txt diff --git a/mysql-test/suite/encryption/t/innodb-bad-key-change4.test b/mysql-test/suite/encryption/t/innodb-bad-key-change4.test index 0b1db40b866..0459c433ece 100644 --- a/mysql-test/suite/encryption/t/innodb-bad-key-change4.test +++ b/mysql-test/suite/encryption/t/innodb-bad-key-change4.test @@ -8,66 +8,36 @@ # # MDEV-8768: Server crash at file btr0btr.ic line 122 when checking encrypted table using incorrect keys # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); # Suppression for builds where file_key_management plugin is linked statically -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); --write_file $MYSQLTEST_VARDIR/keys1.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530143 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc - ---let $MYSQLD_TMPDIR = `SELECT @@tmpdir` ---let $MYSQLD_DATADIR = `SELECT @@datadir` +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc CREATE TABLE t1 (pk INT PRIMARY KEY, f VARCHAR(8)) ENGINE=InnoDB ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1,'foo'),(2,'bar'); ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - --write_file $MYSQLTEST_VARDIR/keys2.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530144 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt +--source include/restart_mysqld.inc --replace_regex /tablespace [0-9]*/tablespace #/ CHECK TABLE t1; SHOW WARNINGS; ---remove_file $MYSQLTEST_VARDIR/keys1.txt ---remove_file $MYSQLTEST_VARDIR/keys2.txt - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---write_file $MYSQLTEST_VARDIR/keys1.txt -1;770A8A65DA156D24EE2A093277530142 -4;770A8A65DA156D24EE2A093277530143 -EOF - ---exec echo "restart:--innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc DROP TABLE t1; - --remove_file $MYSQLTEST_VARDIR/keys1.txt +--remove_file $MYSQLTEST_VARDIR/keys2.txt diff --git a/mysql-test/suite/encryption/t/innodb-bad-key-change5.test b/mysql-test/suite/encryption/t/innodb-bad-key-change5.test index 5f63eebe034..b205d203374 100644 --- a/mysql-test/suite/encryption/t/innodb-bad-key-change5.test +++ b/mysql-test/suite/encryption/t/innodb-bad-key-change5.test @@ -8,64 +8,35 @@ # # MDEV-8769: Server crash at file btr0btr.ic line 122 when defragmenting encrypted table using incorrect keys # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); # Suppression for builds where file_key_management plugin is linked statically -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); --write_file $MYSQLTEST_VARDIR/keys1.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530143 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc - ---let $MYSQLD_TMPDIR = `SELECT @@tmpdir` ---let $MYSQLD_DATADIR = `SELECT @@datadir` +--let $restart_parameters= --innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc CREATE TABLE t1 (pk INT PRIMARY KEY, f VARCHAR(8)) ENGINE=InnoDB ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1,'foo'),(2,'bar'); ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - --write_file $MYSQLTEST_VARDIR/keys2.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530144 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt +--source include/restart_mysqld.inc OPTIMIZE TABLE t1; SHOW WARNINGS; ---remove_file $MYSQLTEST_VARDIR/keys1.txt ---remove_file $MYSQLTEST_VARDIR/keys2.txt - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---write_file $MYSQLTEST_VARDIR/keys1.txt -1;770A8A65DA156D24EE2A093277530142 -4;770A8A65DA156D24EE2A093277530143 -EOF - ---exec echo "restart:--innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc DROP TABLE t1; --remove_file $MYSQLTEST_VARDIR/keys1.txt +--remove_file $MYSQLTEST_VARDIR/keys2.txt diff --git a/mysql-test/suite/encryption/t/innodb-bad-key-shutdown.test b/mysql-test/suite/encryption/t/innodb-bad-key-shutdown.test index d27402edaa8..d1b009fad93 100644 --- a/mysql-test/suite/encryption/t/innodb-bad-key-shutdown.test +++ b/mysql-test/suite/encryption/t/innodb-bad-key-shutdown.test @@ -2,67 +2,51 @@ # MDEV-8727: Server/InnoDB hangs on shutdown after trying to read an encrypted table with a wrong key # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id .* is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -# Suppression for builds where file_key_management plugin is linked statically -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); - ---echo # ---echo # Restart the server with key 4 in the key file ---echo # - --source include/have_innodb.inc --source include/not_embedded.inc ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); +# Suppression for builds where file_key_management plugin is linked statically +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); + +--echo # +--echo # Restart the server with key 4 in the key file +--echo # --write_file $MYSQLTEST_VARDIR/keys1.txt 1;770A8A65DA156D24EE2A093277530142 4;18420B5CBA31CCDFFE9716E91EB61374D05914F3ADE23E03 EOF ---exec echo "restart:--plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc CREATE TABLE t1 (i INT, KEY(i)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1); ---echo # +--echo # --echo # Restart the server with a different value for key 4 in the key file ---echo # - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc +--echo # --write_file $MYSQLTEST_VARDIR/keys2.txt 1;770A8A65DA156D24EE2A093277530142 4;22222222222222222222222222222222 EOF ---exec echo "restart:--plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt +--source include/restart_mysqld.inc ---error 1296 +--error ER_GET_ERRMSG SELECT * FROM t1; ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---exec echo "restart:--plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc SELECT * FROM t1; DROP TABLE t1; +--let $restart_parameters= +--source include/restart_mysqld.inc + --remove_file $MYSQLTEST_VARDIR/keys2.txt --remove_file $MYSQLTEST_VARDIR/keys1.txt diff --git a/mysql-test/suite/encryption/t/innodb-encryption-disable.test b/mysql-test/suite/encryption/t/innodb-encryption-disable.test index 8a8b451f5b1..fed9878ffbc 100644 --- a/mysql-test/suite/encryption/t/innodb-encryption-disable.test +++ b/mysql-test/suite/encryption/t/innodb-encryption-disable.test @@ -9,29 +9,15 @@ # # MDEV-9559: Server without encryption configs crashes if selecting from an implicitly encrypted table # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -# Suppression for builds where file_key_management plugin is linked statically -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); -call mtr.add_suppression("InnoDB: Tablespace id.* is encrypted but encryption service or used key_id .* is not available. Can't continue opening tablespace."); +call mtr.add_suppression("InnoDB: The page .* in file test/t[15] cannot be decrypted"); +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---error 0,1,2 ---remove_file $MYSQLTEST_VARDIR/encryption-disable-keys1.txt ---write_file $MYSQLTEST_VARDIR/encryption-disable-keys1.txt +--write_file $MYSQLTEST_VARDIR/keys1.txt 1;770A8A65DA156D24EE2A093277530142 -4;770A8A65DA156D24EE2A093277530143 EOF ---exec echo "restart:--innodb-encrypt-tables --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/encryption-disable-keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc create table t5 ( `intcol1` int(32) DEFAULT NULL, @@ -61,28 +47,18 @@ alter table t1 encrypted='yes' `encryption_key_id`=1; select * from t1; select * from t5; ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---exec echo "restart:--innodb-encrypt-tables=OFF" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables=OFF +--source include/restart_mysqld.inc ---error 1296 +--error ER_GET_ERRMSG select * from t1; ---error 1296 +--error ER_GET_ERRMSG select * from t5; ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---exec echo "restart:--innodb-encrypt-tables --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/encryption-disable-keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc drop table t1; drop table t5; ---remove_file $MYSQLTEST_VARDIR/encryption-disable-keys1.txt +--remove_file $MYSQLTEST_VARDIR/keys1.txt diff --git a/mysql-test/suite/encryption/t/innodb-key-rotation-disable.opt b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.opt new file mode 100644 index 00000000000..03a0028d371 --- /dev/null +++ b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.opt @@ -0,0 +1,5 @@ +--innodb-encrypt-tables +--innodb-encrypt-log +--innodb-encryption-rotate-key-age=0 +--innodb-encryption-threads=4 +--innodb-tablespaces-encryption diff --git a/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test new file mode 100644 index 00000000000..fdbd6c8da7c --- /dev/null +++ b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test @@ -0,0 +1,102 @@ +-- source include/have_innodb.inc +-- source include/have_file_key_management_plugin.inc +# not embedded because of restarts +-- source include/not_embedded.inc + +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; + +--disable_query_log +--disable_warnings +let $innodb_compression_algorithm_orig=`SELECT @@innodb_compression_algorithm`; +let $innodb_file_format_orig = `SELECT @@innodb_file_format`; +let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`; +let $encryption = `SELECT @@innodb_encrypt_tables`; +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; +# zlib +set global innodb_compression_algorithm = 1; +--enable_warnings +--enable_query_log + +create database enctests; +use enctests; +create table t1(a int not null primary key, b char(200)) engine=innodb; +create table t2(a int not null primary key, b char(200)) engine=innodb row_format=compressed; +create table t3(a int not null primary key, b char(200)) engine=innodb page_compressed=yes; +create table t4(a int not null primary key, b char(200)) engine=innodb encrypted=yes; +create table t5(a int not null primary key, b char(200)) engine=innodb encrypted=yes row_format=compressed; +create table t6(a int not null primary key, b char(200)) engine=innodb encrypted=yes page_compressed=yes; +create table t7(a int not null primary key, b char(200)) engine=innodb encrypted=no; +create table t8(a int not null primary key, b char(200)) engine=innodb encrypted=no row_format=compressed; +create table t9(a int not null primary key, b char(200)) engine=innodb encrypted=no page_compressed=yes; + +insert into t1 values (1, 'secredmessage'); +insert into t2 values (1, 'secredmessage'); +insert into t3 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); +insert into t4 values (1, 'secredmessage'); +insert into t5 values (1, 'secredmessage'); +insert into t6 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); +insert into t7 values (1, 'publicmessage'); +insert into t8 values (1, 'publicmessage'); +insert into t9 values (1, 'pugliccompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); + +--echo # should list tables t1-t6 +SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'enctests%'; +--echo # should list tables t7-t9 +SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 and NAME LIKE 'enctests%'; + +--error ER_WRONG_VALUE_FOR_VAR +SET GLOBAL innodb_encrypt_tables=OFF; +--error ER_WRONG_VALUE_FOR_VAR +SET GLOBAL innodb_encrypt_tables=ON; + +--let $MYSQLD_DATADIR=`select @@datadir` + +-- source include/shutdown_mysqld.inc + +--let SEARCH_RANGE = 10000000 +--let SEARCH_PATTERN=secred +--echo # t1 default on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t1.ibd +-- source include/search_pattern_in_file.inc +--echo # t2 default on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t2.ibd +-- source include/search_pattern_in_file.inc +--echo # t3 default on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t3.ibd +-- source include/search_pattern_in_file.inc +--echo # t4 on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t4.ibd +-- source include/search_pattern_in_file.inc +--echo # t5 on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t5.ibd +-- source include/search_pattern_in_file.inc +--echo # t6 on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t6.ibd +-- source include/search_pattern_in_file.inc +--let SEARCH_PATTERN=public +--echo # t7 off expecting FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t7.ibd +-- source include/search_pattern_in_file.inc +--echo # t8 row compressed expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t8.ibd +-- source include/search_pattern_in_file.inc +--echo # t9 page compressed expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t9.ibd +-- source include/search_pattern_in_file.inc + +-- source include/start_mysqld.inc + +use test; +drop database enctests; +# reset system + +--disable_query_log +--disable_warnings +EVAL SET GLOBAL innodb_compression_algorithm = $innodb_compression_algorithm_orig; +EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig; +EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig; +set global innodb_compression_algorithm = DEFAULT; +--enable_warnings +--enable_query_log diff --git a/mysql-test/suite/encryption/t/innodb-missing-key.test b/mysql-test/suite/encryption/t/innodb-missing-key.test index 8fcfb766117..84ca92010e9 100644 --- a/mysql-test/suite/encryption/t/innodb-missing-key.test +++ b/mysql-test/suite/encryption/t/innodb-missing-key.test @@ -2,16 +2,11 @@ -- source include/have_file_key_management_plugin.inc # embedded does not support restart -- source include/not_embedded.inc --- source include/not_valgrind.inc -# Avoid CrashReporter popup on Mac --- source include/not_crashrep.inc # # MDEV-11004: Unable to start (Segfault or os error 2) when encryption key missing # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id .* is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); +call mtr.add_suppression("InnoDB: The page .* in file test/t. cannot be decrypted"); --echo --echo # Start server with keys2.txt diff --git a/mysql-test/suite/encryption/t/innodb_onlinealter_encryption.test b/mysql-test/suite/encryption/t/innodb_onlinealter_encryption.test index eb90c446a81..e7e8405e839 100644 --- a/mysql-test/suite/encryption/t/innodb_onlinealter_encryption.test +++ b/mysql-test/suite/encryption/t/innodb_onlinealter_encryption.test @@ -1,18 +1,7 @@ -- source include/have_innodb.inc --- source include/have_example_key_management_plugin.inc --- source include/not_valgrind.inc +-- source include/have_file_key_management_plugin.inc +# test uses restart -- source include/not_embedded.inc --- source include/not_windows.inc - ---let $MYSQLD_DATADIR=`select @@datadir` ---let SEARCH_RANGE = 10000000 ---let t1_IBD = $MYSQLD_DATADIR/test/t1.ibd ---let t2_IBD = $MYSQLD_DATADIR/test/t2.ibd ---let t3_IBD = $MYSQLD_DATADIR/test/t3.ibd ---let t4_IBD = $MYSQLD_DATADIR/test/t4.ibd ---let t5_IBD = $MYSQLD_DATADIR/test/t5.ibd ---let t6_IBD = $MYSQLD_DATADIR/test/t6.ibd ---let t7_IBD = $MYSQLD_DATADIR/test/t7.ibd CREATE TABLE t1 (id INT NOT NULL PRIMARY KEY, a VARCHAR(255)) ENGINE=InnoDB encrypted=yes; CREATE TABLE t2 (id INT NOT NULL PRIMARY KEY, a VARCHAR(255)) ENGINE=InnoDB; @@ -42,7 +31,7 @@ delimiter ;// commit; set autocommit=0; -call innodb_insert_proc(15000); +call innodb_insert_proc(1500); commit; set autocommit=1; @@ -50,37 +39,48 @@ set autocommit=1; --let $wait_timeout= 600 --let $wait_condition=SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 --source include/wait_condition.inc +--let $MYSQLD_DATADIR=`select @@datadir` ---sleep 10 +--source include/shutdown_mysqld.inc +--source include/wait_until_disconnected.inc + +--let SEARCH_RANGE = 10000000 --let SEARCH_PATTERN=foobar --echo # t1 yes on expecting NOT FOUND --- let SEARCH_FILE=$t1_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t1.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=temp --echo # t2 ... on expecting NOT FOUND --- let SEARCH_FILE=$t2_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t2.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=barfoo --echo # t3 ... on expecting NOT FOUND --- let SEARCH_FILE=$t3_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t3.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=repeat --echo # t4 ... on expecting NOT FOUND --- let SEARCH_FILE=$t4_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t4.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=author --echo # t5 ... on expecting NOT FOUND --- let SEARCH_FILE=$t5_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t5.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=mangled --echo # t6 ... on expecting NOT FOUND --- let SEARCH_FILE=$t6_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t6.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=mysql --echo # t7 ... on expecting NOT FOUND --- let SEARCH_FILE=$t7_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t7.ibd -- source include/search_pattern_in_file.inc +-- source include/start_mysqld.inc + +--disable_warnings +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; +--enable_warnings + ALTER TABLE t1 ADD COLUMN b int default 2; ALTER TABLE t2 ADD COLUMN b int default 2; ALTER TABLE t7 ADD COLUMN b int default 2; @@ -102,76 +102,39 @@ SHOW CREATE TABLE t5; SHOW CREATE TABLE t6; SHOW CREATE TABLE t7; ---sleep 10 ---let SEARCH_PATTERN=foobar ---echo # t1 yes on expecting NOT FOUND --- let SEARCH_FILE=$t1_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=temp ---echo # t2 ... on expecting NOT FOUND --- let SEARCH_FILE=$t2_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=barfoo ---echo # t3 ... on expecting NOT FOUND --- let SEARCH_FILE=$t3_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=repeat ---echo # t4 ... on expecting NOT FOUND --- let SEARCH_FILE=$t4_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=author ---echo # t5 ... on expecting NOT FOUND --- let SEARCH_FILE=$t5_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=mangled ---echo # t6 ... on expecting NOT FOUND --- let SEARCH_FILE=$t6_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=mysql ---echo # t7 ... on expecting NOT FOUND --- let SEARCH_FILE=$t7_IBD --- source include/search_pattern_in_file.inc - ---echo # Restarting server --- source include/restart_mysqld.inc ---echo # Done restarting server - -select count(1) from t1; -select count(1) from t2; -select count(1) from t3; -select count(1) from t4; -select count(1) from t5; -select count(1) from t6; -select count(1) from t7; +--source include/shutdown_mysqld.inc +--source include/wait_until_disconnected.inc --let SEARCH_PATTERN=foobar --echo # t1 yes on expecting NOT FOUND --- let SEARCH_FILE=$t1_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t1.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=temp --echo # t2 ... on expecting NOT FOUND --- let SEARCH_FILE=$t2_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t2.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=barfoo --echo # t3 ... on expecting NOT FOUND --- let SEARCH_FILE=$t3_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t3.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=repeat --echo # t4 ... on expecting NOT FOUND --- let SEARCH_FILE=$t4_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t4.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=author --echo # t5 ... on expecting NOT FOUND --- let SEARCH_FILE=$t5_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t5.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=mangled --echo # t6 ... on expecting NOT FOUND --- let SEARCH_FILE=$t6_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t6.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=mysql --echo # t7 ... on expecting NOT FOUND --- let SEARCH_FILE=$t7_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t7.ibd -- source include/search_pattern_in_file.inc +-- source include/start_mysqld.inc + DROP PROCEDURE innodb_insert_proc; DROP TABLE t1, t2, t3, t4, t5, t6, t7; |