4493d40a-92aa-4162-9dfc-bfc4ec0996e6
/
polardbxengine
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
polardbxengine/mysql-test/suite/encryption/t/database.test

272 lines
9.2 KiB
Plaintext
Raw Permalink Blame History

--echo #
--echo # WL#12261 Control (enforce and disable) table encryption
--echo #
--source include/have_debug.inc
--echo # Pre-define user u1, which is used in different tests below.
CREATE USER u1@localhost;
GRANT ALL ON db1.* TO u1@localhost;
GRANT CREATE TABLESPACE, PROCESS, SYSTEM_VARIABLES_ADMIN ON *.* TO u1@localhost;
SET GLOBAL debug= '+d,skip_table_encryption_admin_check_for_set';
connect (con1, localhost, u1);
--echo # This test run CREATE/ALTER DATABASE in different configurations,
--echo #
--echo # - Setting table_encryption_privilege_check to true/false.
--echo # - Setting default_table_encryption to true/false.
--echo # - With and without ENCRYPTION clause.
--echo # - With and without user holding TABLE_ENCRYPTION_ADMIN privilege.
--echo # - Test SHOW CREATE DATABASE
--echo # - Test INFORMATION_SCHEMA.SCHEMATA
--echo # - Check for warnings generated.
--echo #
# Initialization
--let caseno=0
--let expected_error=0
--let has_grant=false
--let with_default=true
--echo `````````````````````````````````````````````````````````
--echo # CREATE DATABASE without DEFAULT ENCRYPTION clause
--echo # and with different values for system variable
--echo # 'table_encryption_privilege_check' and 'default_table_encryption'
--let explicit_encryption_clause=false
--let privilege_check=false
--let global_database_encryption_default=false;
--source ./create_database.inc
--let global_database_encryption_default=true;
--source ./create_database.inc
--let privilege_check=true
--let global_database_encryption_default=false;
--source ./create_database.inc
--let global_database_encryption_default=true;
--source ./create_database.inc
--let has_grant=true
--let global_database_encryption_default=false;
--source ./create_database.inc
--let global_database_encryption_default=true;
--source ./create_database.inc
--let has_grant=false
--echo `````````````````````````````````````````````````````````
--echo # CREATE DATABASE with DEFAULT ENCRYPTION clause 'y/n'
--echo # and with different values for system variable
--echo # 'table_encryption_privilege_check' and 'default_table_encryption'.
--let explicit_encryption_clause=true
--let privilege_check=false
--let global_database_encryption_default=false;
--let database_encryption='y'
--source ./create_database.inc
--let database_encryption='n'
--source ./create_database.inc
--let global_database_encryption_default=true;
--let database_encryption='y'
--source ./create_database.inc
--let database_encryption='n'
--source ./create_database.inc
--echo `````````````````````````````````````````````````````````
--echo # Without the keyword DEFAULT.
--let with_default=false
--let global_database_encryption_default=false;
--let database_encryption='y'
--source ./create_database.inc
--let database_encryption='n'
--source ./create_database.inc
--let global_database_encryption_default=true;
--let database_encryption='y'
--source ./create_database.inc
--let database_encryption='n'
--source ./create_database.inc
--let with_default=true
--let privilege_check=true
--let global_database_encryption_default=false;
--echo `````````````````````````````````````````````````````````
--echo # We expect failure because the encryption request is different from
--echo # global 'default_table_encryption' setting.
--let database_encryption='y'
--let expected_error=ER_CANNOT_SET_DATABASE_ENCRYPTION
--source ./create_database.inc
--let expected_error=0
--let database_encryption='n'
--source ./create_database.inc
--let global_database_encryption_default=true;
--let database_encryption='y'
--source ./create_database.inc
--echo `````````````````````````````````````````````````````````
--echo # We expect failure because the encryption request is different from
--echo # global 'default_table_encryption' setting.
--let database_encryption='n'
--let expected_error=ER_CANNOT_SET_DATABASE_ENCRYPTION
--source ./create_database.inc
--let has_grant=true
--let global_database_encryption_default=false;
--let expected_error=0
--let database_encryption='y'
--source ./create_database.inc
--let expected_error=0
--let database_encryption='n'
--source ./create_database.inc
--let global_database_encryption_default=true;
--let database_encryption='y'
--source ./create_database.inc
--let expected_error=0
--let database_encryption='n'
--source ./create_database.inc
--let has_grant=false
--let privilege_check=false
--let global_database_encryption_default=false;
--echo `````````````````````````````````````````````````````````
--echo # With invalid value for DEFAULT ENCRYPTION
--let expected_error=ER_WRONG_VALUE
--let database_encryption='k'
--source ./create_database.inc
--echo `````````````````````````````````````````````````````````
--echo # Check with legacy syntax.
CREATE DATABASE `db1` /*!80016 DEFAULT ENCRYPTION='Y' */;
SHOW CREATE DATABASE db1;
DROP DATABASE db1;
--echo `````````````````````````````````````````````````````````
--echo # See that we ignore the clause with invalid mysql version.
CREATE DATABASE `db1` /*!99999 DEFAULT ENCRYPTION='Y' */;
SHOW CREATE DATABASE db1;
DROP DATABASE db1;
--echo `````````````````````````````````````````````````````````
--echo # ALTER DATABASE withDEFAULT ENCRYPTION clause 'y/n'
--echo # and with different values for system variable
--echo # 'table_encryption_privilege_check' and 'default_table_encryption'
--let expected_error=0
--let caseno=0
--echo `````````````````````````````````````````````````````````
--echo # Following cases are with database DEFAULT ENCRYPTION 'y'
--let database_encryption='n'
--let privilege_check=false
--let global_database_encryption_default=false;
--let alter_encryption='n'
--source ./alter_database.inc
--let alter_encryption='y'
--source ./alter_database.inc
--let global_database_encryption_default=true;
--let alter_encryption='n'
--source ./alter_database.inc
--let alter_encryption='y'
--source ./alter_database.inc
--let privilege_check=true
--let global_database_encryption_default=false;
--let alter_encryption='n'
--source ./alter_database.inc
--echo `````````````````````````````````````````````````````````
--echo # We expect failure because the encryption request is different from
--echo # global 'default_table_encryption' setting.
--let alter_encryption='y'
--let expected_error=ER_CANNOT_SET_DATABASE_ENCRYPTION
--source ./alter_database.inc
--let global_database_encryption_default=true;
--echo `````````````````````````````````````````````````````````
--echo # We expect failure because the encryption request is different from
--echo # global 'default_table_encryption' setting.
--let alter_encryption='n'
--let expected_error=ER_CANNOT_SET_DATABASE_ENCRYPTION
--source ./alter_database.inc
--let expected_error=0
--let alter_encryption='y'
--source ./alter_database.inc
--let has_grant=true
--let global_database_encryption_default=false;
--let alter_encryption='n'
--source ./alter_database.inc
--let alter_encryption='y'
--let expected_error=0
--source ./alter_database.inc
--let global_database_encryption_default=true;
--let expected_error=0
--let alter_encryption='n'
--source ./alter_database.inc
--let expected_error=0
--let alter_encryption='y'
--source ./alter_database.inc
--let has_grant=false
--echo `````````````````````````````````````````````````````````
--echo # Following cases are with database DEFAULT ENCRYPTION 'y'
--let database_encryption='y'
--let privilege_check=false
--let global_database_encryption_default=false;
--let alter_encryption='n'
--source ./alter_database.inc
--let alter_encryption='y'
--source ./alter_database.inc
--let global_database_encryption_default=true;
--let alter_encryption='n'
--source ./alter_database.inc
--let alter_encryption='y'
--source ./alter_database.inc
--let privilege_check=true
--let global_database_encryption_default=false;
--let alter_encryption='n'
--source ./alter_database.inc
--echo `````````````````````````````````````````````````````````
--echo # We expect failure because the encryption request is different from
--echo # global 'default_table_encryption' setting.
--let alter_encryption='y'
--let expected_error=ER_CANNOT_SET_DATABASE_ENCRYPTION
--source ./alter_database.inc
--echo `````````````````````````````````````````````````````````
--echo # We expect failure because the encryption request is different from
--echo # global 'default_table_encryption' setting.
--let global_database_encryption_default=true;
--let alter_encryption='n'
--let expected_error=ER_CANNOT_SET_DATABASE_ENCRYPTION
--source ./alter_database.inc
--let expected_error=0
--let alter_encryption='y'
--source ./alter_database.inc
--let has_grant=true
--let global_database_encryption_default=false;
--let alter_encryption='n'
--source ./alter_database.inc
--let expected_error=0
--let alter_encryption='y'
--source ./alter_database.inc
--let global_database_encryption_default=true;
--let expected_error=0
--let alter_encryption='n'
--source ./alter_database.inc
--let expected_error=0
--let alter_encryption='y'
--source ./alter_database.inc
--let has_grant=false
--echo `````````````````````````````````````````````````````````
--echo # Invalid encryption option.
--let privilege_check=false
--let global_database_encryption_default=false;
--let expected_error=ER_WRONG_VALUE
--let alter_encryption='k'
--source ./alter_database.inc
--echo # Cleanup
disconnect con1;
connection default;
DROP USER u1@localhost;
SET GLOBAL debug= '-d,skip_table_encryption_admin_check_for_set';
Reference in New Issue View Git Blame Copy Permalink