172 lines
6.2 KiB
Plaintext
172 lines
6.2 KiB
Plaintext
# InnoDB transparent tablespace data encryption
|
|
# This test case will test basic encryption support features.
|
|
|
|
|
|
--source include/no_valgrind_without_big.inc
|
|
|
|
call mtr.add_suppression("\\[Error\\] .*MY-\\d+.* Can't generate new master key for tablespace encryption, please check the keyring plugin is loaded.");
|
|
call mtr.add_suppression("\\[Error\\] .*MY-\\d+.* Encryption can't find master key, please check the keyring plugin is loaded.");
|
|
call mtr.add_suppression("\\[ERROR\\] .*MY-\\d+.* Function 'keyring_file' already exists");
|
|
call mtr.add_suppression("\\[ERROR\\] .*MY-\\d+.* Couldn't load plugin named 'keyring_file' with soname 'keyring_file.*'.");
|
|
call mtr.add_suppression("Plugin keyring_file reported");
|
|
|
|
--replace_result $MYSQL_TMP_DIR MYSQL_TMP_DIR
|
|
eval SET @@global.keyring_file_data="$MYSQL_TMP_DIR/keyring";
|
|
|
|
CREATE TABLE t1(c1 int) ENGINE=InnoDB ENCRYPTION="Y";
|
|
|
|
DROP TABLE t1;
|
|
|
|
# Restart the server with keyring loaded
|
|
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
-- send_shutdown
|
|
-- source include/wait_until_disconnected.inc
|
|
--exec echo "restart:--early-plugin-load="keyring_file=$KEYRING_PLUGIN" --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring2 $KEYRING_PLUGIN_OPT" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
--enable_reconnect
|
|
--source include/wait_until_connected_again.inc
|
|
--disable_reconnect
|
|
|
|
--disable_warnings
|
|
DROP TABLE IF EXISTS t1;
|
|
--enable_warnings
|
|
|
|
let $innodb_file_per_table = `SELECT @@innodb_file_per_table`;
|
|
|
|
SET GLOBAL innodb_file_per_table = 1;
|
|
SELECT @@innodb_file_per_table;
|
|
|
|
# Create a table with encryption
|
|
CREATE TABLE t1(c1 INT, c2 char(20)) ENCRYPTION="Y" ENGINE = InnoDB;
|
|
|
|
SHOW CREATE TABLE t1;
|
|
INSERT INTO t1 VALUES(0, "aaaaa");
|
|
INSERT INTO t1 VALUES(1, "bbbbb");
|
|
INSERT INTO t1 VALUES(2, "ccccc");
|
|
INSERT INTO t1 VALUES(3, "ddddd");
|
|
INSERT INTO t1 VALUES(4, "eeeee");
|
|
INSERT INTO t1 VALUES(5, "fffff");
|
|
INSERT INTO t1 VALUES(6, "ggggg");
|
|
INSERT INTO t1 VALUES(7, "hhhhh");
|
|
INSERT INTO t1 VALUES(8, "iiiii");
|
|
INSERT INTO t1 VALUES(9, "jjjjj");
|
|
INSERT INTO t1 select * from t1;
|
|
INSERT INTO t1 select * from t1;
|
|
INSERT INTO t1 select * from t1;
|
|
INSERT INTO t1 select * from t1;
|
|
INSERT INTO t1 select * from t1;
|
|
INSERT INTO t1 select * from t1;
|
|
|
|
SELECT * FROM t1 LIMIT 10;
|
|
|
|
# Restart to confirm the encryption info can be retrieved properly.
|
|
--exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
-- send_shutdown
|
|
-- source include/wait_until_disconnected.inc
|
|
--exec echo "restart:--early-plugin-load="keyring_file=$KEYRING_PLUGIN" --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring2 $KEYRING_PLUGIN_OPT" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
--enable_reconnect
|
|
--source include/wait_until_connected_again.inc
|
|
--disable_reconnect
|
|
|
|
SELECT * FROM t1 LIMIT 10;
|
|
|
|
# Key rotation.
|
|
ALTER INSTANCE ROTATE INNODB MASTER KEY;
|
|
|
|
DROP TABLE t1;
|
|
|
|
# Crash/recovery test.
|
|
CREATE TABLE t1(c1 INT, c2 char(20)) ENCRYPTION="Y" ENGINE = InnoDB;
|
|
|
|
INSERT INTO t1 VALUES(0, "aaaaa");
|
|
INSERT INTO t1 VALUES(1, "bbbbb");
|
|
INSERT INTO t1 VALUES(2, "ccccc");
|
|
INSERT INTO t1 VALUES(3, "ddddd");
|
|
INSERT INTO t1 VALUES(4, "eeeee");
|
|
INSERT INTO t1 VALUES(5, "fffff");
|
|
INSERT INTO t1 VALUES(6, "ggggg");
|
|
INSERT INTO t1 VALUES(7, "hhhhh");
|
|
INSERT INTO t1 VALUES(8, "iiiii");
|
|
INSERT INTO t1 VALUES(9, "jjjjj");
|
|
|
|
# Restart to confirm the encryption info can be retrieved properly.
|
|
--source include/kill_mysqld.inc
|
|
--exec echo "restart:--early-plugin-load="keyring_file=$KEYRING_PLUGIN" --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring2 $KEYRING_PLUGIN_OPT" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect
|
|
--enable_reconnect
|
|
--source include/wait_until_connected_again.inc
|
|
--disable_reconnect
|
|
|
|
SELECT * FROM t1 LIMIT 10;
|
|
DROP TABLE t1;
|
|
|
|
|
|
|
|
let $restart_parameters = restart: --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring2 --general-log --log-output=FILE --general_log_file=$MYSQL_TMP_DIR/keyring_query_log $KEYRING_PLUGIN_OPT ;
|
|
--replace_result $MYSQL_TMP_DIR MYSQL_TMP_DIR $KEYRING_PLUGIN_OPT --plugin-dir=KEYRING_PLUGIN_PATH
|
|
--replace_regex /\.dll/.so/
|
|
--source include/restart_mysqld.inc
|
|
#
|
|
# Check no effect of block_encryption_mode = 'aes-256-cbc' variable on table encryption
|
|
SET block_encryption_mode = 'aes-256-cbc';
|
|
# Test encryption .
|
|
--disable_warnings
|
|
DROP DATABASE IF EXISTS tde_db;
|
|
CREATE DATABASE tde_db;
|
|
CREATE TABLE tde_db.t1(c1 INT PRIMARY KEY, c2 char(50)) ENCRYPTION = 'Y' ENGINE = InnoDB;
|
|
--enable_warnings
|
|
#
|
|
INSERT INTO tde_db.t1 VALUES(0, 'abc');
|
|
INSERT INTO tde_db.t1 VALUES(1, 'xyz');
|
|
INSERT INTO tde_db.t1 VALUES(2, null);
|
|
INSERT INTO tde_db.t1 VALUES(3, null);
|
|
SELECT * FROM tde_db.t1 LIMIT 10;
|
|
ALTER INSTANCE ROTATE INNODB MASTER KEY;
|
|
SELECT * FROM tde_db.t1 LIMIT 10;
|
|
--echo # Mysqldump output
|
|
--exec $MYSQL_DUMP --compact --skip-comments --databases tde_db
|
|
--echo # Redirecting mysqlpump output to MYSQL_TMP_DIR/mysqlpump_encrypt.sql
|
|
--exec $MYSQL_PUMP --default-parallelism=1 --databases tde_db > $MYSQL_TMP_DIR/mysqlpump_encrypt.sql
|
|
DROP DATABASE tde_db;
|
|
|
|
--let SEARCH_FILE=$MYSQL_TMP_DIR/keyring_query_log
|
|
let SEARCH_PATTERN= ALTER INSTANCE ROTATE INNODB MASTER KEY;
|
|
--source include/search_pattern.inc
|
|
|
|
--echo # Loading tables from mysqlpump_encrypt.sql
|
|
--exec $MYSQL --skip-comments < $MYSQL_TMP_DIR/mysqlpump_encrypt.sql
|
|
SELECT * FROM tde_db.t1 LIMIT 10;
|
|
INSERT INTO tde_db.t1 VALUES(4, null);
|
|
SELECT * FROM tde_db.t1 LIMIT 10;
|
|
DROP DATABASE tde_db;
|
|
#
|
|
|
|
|
|
--echo #
|
|
--echo # Bug #26634507 CREATE_OPTIONS FLD IN INFORMATION_SCHEMA.TABLES NOT
|
|
--echo # FILLING PROPERLY.
|
|
--echo # The CREATE_OPTIONS field from I_S.TABLES should show the option
|
|
--echo # 'ENCRYPTION='.
|
|
--echo #
|
|
|
|
CREATE TABLE not_encrypted1 (col1 INT) ENCRYPTION='n';
|
|
CREATE TABLE not_encrypted2 (col1 INT) ENCRYPTION='N';
|
|
CREATE TABLE encrypted1 (col1 INT) ENCRYPTION='y';
|
|
CREATE TABLE encrypted2 (col1 INT) ENCRYPTION='Y';
|
|
|
|
SELECT TABLE_SCHEMA, TABLE_NAME, CREATE_OPTIONS
|
|
FROM INFORMATION_SCHEMA.TABLES
|
|
WHERE TABLE_NAME like '%encrypted%'
|
|
ORDER BY TABLE_NAME;
|
|
|
|
DROP TABLE encrypted1;
|
|
DROP TABLE not_encrypted1;
|
|
DROP TABLE encrypted2;
|
|
DROP TABLE not_encrypted2;
|
|
|
|
|
|
# Cleanup
|
|
--remove_file $MYSQL_TMP_DIR/mydummy_key
|
|
--remove_file $MYSQL_TMP_DIR/keyring_query_log
|
|
--remove_file $MYSQL_TMP_DIR/mysecret_keyring2
|
|
--remove_file $MYSQL_TMP_DIR/mysqlpump_encrypt.sql
|
|
eval SET GLOBAL innodb_file_per_table=$innodb_file_per_table;
|