211 lines
8.4 KiB
Plaintext
211 lines
8.4 KiB
Plaintext
|
|
#############################################################
|
|
# TEST 1 : NORMAL ALTER ENCRYPT mysql TABLESPACE.
|
|
#############################################################
|
|
|
|
#########################################################################
|
|
# RESTART 1 : WITH KEYRING PLUGIN
|
|
#########################################################################
|
|
SET debug='+d,skip_dd_table_access_check';
|
|
# Initially, mysql should be unencrypted by default
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql N
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=N;
|
|
ALTER TABLESPACE mysql ENCRYPTION='Y';
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql Y
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=Y;
|
|
ALTER TABLESPACE mysql ENCRYPTION='N';
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql N
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=N;
|
|
|
|
#############################################################
|
|
# TEST 2 : CRASH DURING ALTER ENCRYPT mysql TABLESPACE.
|
|
#############################################################
|
|
|
|
############################################################
|
|
# ALTER TABLESPACE 1 : Unencrypted => Encrypted #
|
|
# (crash at page 10) #
|
|
############################################################
|
|
# Set Encryption process to crash at page 10
|
|
SET SESSION debug= '+d,alter_encrypt_tablespace_page_10';
|
|
# Encrypt the tablespace. It will cause crash.
|
|
ALTER TABLESPACE mysql ENCRYPTION='Y';
|
|
# Restart after crash
|
|
SET debug='+d,skip_dd_table_access_check';
|
|
# Wait for Encryption processing to finish in background thread
|
|
set global innodb_buf_flush_list_now = 1;
|
|
# After restart/recovery, check that Encryption was roll-forward
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql Y
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=Y;
|
|
ALTER TABLESPACE mysql ENCRYPTION='Y';
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql Y
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=Y;
|
|
#########################################################################
|
|
# RESTART 2 : WITH KEYRING PLUGIN
|
|
#########################################################################
|
|
SET debug='+d,skip_dd_table_access_check';
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql Y
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=Y;
|
|
############################################################
|
|
# ALTER TABLESPACE 2 : Encrypted => Unencrypted #
|
|
# (crash at page 10) #
|
|
############################################################
|
|
# Set Unencryption process to crash at page 10
|
|
SET SESSION debug= '+d,alter_encrypt_tablespace_page_10';
|
|
# Unencrypt the tablespace. It will cause crash.
|
|
ALTER TABLESPACE mysql ENCRYPTION='N';
|
|
# Restart after crash
|
|
SET debug='+d,skip_dd_table_access_check';
|
|
# Wait for Unencryption processing to finish in background thread
|
|
set global innodb_buf_flush_list_now = 1;
|
|
# After restart/recovery, check that Unencryption was roll-forward
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql N
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=N;
|
|
ALTER TABLESPACE mysql ENCRYPTION='N';
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql N
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=N;
|
|
#########################################################################
|
|
# RESTART 3 : WITHOUT KEYRING PLUGIN
|
|
#########################################################################
|
|
SET debug='+d,skip_dd_table_access_check';
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql N
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=N;
|
|
#############################################################
|
|
# TEST 3 : CRASH BEFORE/AFTER ENCRYPTION PROCESSING.
|
|
#############################################################
|
|
|
|
#########################################################################
|
|
# RESTART 4 : WITH KEYRING PLUGIN
|
|
#########################################################################
|
|
SET debug='+d,skip_dd_table_access_check';
|
|
ALTER TABLESPACE mysql ENCRYPTION='Y';
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=Y;
|
|
# Set server to crash just before encryption processing starts
|
|
SET SESSION debug="+d,alter_encrypt_tablespace_crash_before_processing";
|
|
# Unencrypt the tablespace. It will cause crash.
|
|
ALTER TABLESPACE mysql ENCRYPTION='N';
|
|
# Restart after crash
|
|
SET debug='+d,skip_dd_table_access_check';
|
|
# Wait for Unencryption processing to finish in background thread
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql Y
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=Y;
|
|
# Set server to crash just after encryption processing finishes
|
|
SET SESSION debug="-d,alter_encrypt_tablespace_crash_before_processing";
|
|
SET SESSION debug="+d,alter_encrypt_tablespace_crash_after_processing";
|
|
# Unencrypt the tablespace. It will cause crash.
|
|
ALTER TABLESPACE mysql ENCRYPTION='N';
|
|
# Restart after crash
|
|
SET debug='+d,skip_dd_table_access_check';
|
|
# Wait for Unencryption processing to finish in background thread
|
|
SELECT NAME, ENCRYPTION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES WHERE NAME='mysql';
|
|
NAME ENCRYPTION
|
|
mysql N
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=N;
|
|
#############################################################
|
|
# TEST 4 : CRASH DURING KEY ROTATION.
|
|
#############################################################
|
|
|
|
#########################################################################
|
|
# RESTART 5 : WITH KEYRING PLUGIN
|
|
#########################################################################
|
|
SET debug='+d,skip_dd_table_access_check';
|
|
ALTER TABLESPACE mysql ENCRYPTION='Y';
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=Y;
|
|
# Set server to crash while rotating encryption
|
|
SET SESSION debug="+d,ib_crash_during_rotation_for_encryption";
|
|
ALTER INSTANCE ROTATE INNODB MASTER KEY;
|
|
# Restart after crash
|
|
SET debug='+d,skip_dd_table_access_check';
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=Y;
|
|
SET SESSION debug="-d,ib_crash_during_rotation_for_encryption";
|
|
ALTER INSTANCE ROTATE INNODB MASTER KEY;
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=Y;
|
|
#############################################################
|
|
# TEST 5 : PRIVILEGE CHECK.
|
|
#############################################################
|
|
|
|
CREATE DATABASE priv_test;
|
|
CREATE USER myuser@'localhost';
|
|
GRANT ALL ON priv_test.* TO myuser@'localhost';
|
|
#connection con1
|
|
ALTER TABLESPACE mysql ENCRYPTION='Y';
|
|
ERROR 42000: Access denied; you need (at least one of) the CREATE TABLESPACE privilege(s) for this operation
|
|
#connection default
|
|
GRANT CREATE TABLESPACE ON mysql.* TO myuser@'localhost';
|
|
ERROR HY000: Incorrect usage of DB GRANT and GLOBAL PRIVILEGES
|
|
GRANT CREATE TABLESPACE ON *.* TO myuser@'localhost';
|
|
#connection con1
|
|
ALTER TABLESPACE mysql ENCRYPTION='N';
|
|
#connection default
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=N;
|
|
#connection con1
|
|
ALTER TABLESPACE mysql ENCRYPTION='Y';
|
|
#connection default
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=Y;
|
|
DROP DATABASE priv_test;
|
|
DROP USER myuser@localhost;
|
|
###########
|
|
# Cleanup #
|
|
###########
|
|
ALTER TABLESPACE mysql ENCRYPTION='N';
|
|
SELECT NAME,OPTIONS FROM mysql.tablespaces WHERE NAME='mysql';
|
|
NAME OPTIONS
|
|
mysql encryption=N;
|
|
#########################################################################
|
|
# RESTART 6 : WITHOUT KEYRING PLUGIN
|
|
#########################################################################
|
|
# restart:
|