158 lines
6.8 KiB
Plaintext
158 lines
6.8 KiB
Plaintext
#------------------------------------------------------------------------------
|
|
# InnoDB transparent encryption on redo log and undo log using xplugin
|
|
#------------------------------------------------------------------------------
|
|
|
|
--source include/no_valgrind_without_big.inc
|
|
--source include/have_innodb_max_16k.inc
|
|
--source include/have_mysqlx_plugin.inc
|
|
|
|
--let plugins= KEYRING_PLUGIN
|
|
--source include/check_plugin_dir.inc
|
|
|
|
# Create a table with encryption, should fail since keyring is not
|
|
# loaded
|
|
|
|
let $old_innodb_file_per_table = `SELECT @@innodb_file_per_table`;
|
|
let $old_innodb_redo_log_encrypt = `SELECT @@innodb_redo_log_encrypt`;
|
|
let $old_innodb_undo_log_encrypt = `SELECT @@innodb_undo_log_encrypt`;
|
|
|
|
let $MYSQLD_BASEDIR= `select @@basedir`;
|
|
|
|
--echo # Stop the MTR default DB server
|
|
--source include/shutdown_mysqld.inc
|
|
|
|
# Create path for ibdata* & undo* files both DBs
|
|
--mkdir $MYSQL_TMP_DIR/innodb_undo_data_dir
|
|
--mkdir $MYSQL_TMP_DIR/innodb_data_home_dir
|
|
--mkdir $MYSQL_TMP_DIR/datadir
|
|
# Set path for --datadir
|
|
let $MYSQLD_DATADIR_1 = $MYSQL_TMP_DIR/datadir/data;
|
|
# Set path for undo* files.
|
|
let $MYSQLD_UNDO_DATADIR = $MYSQL_TMP_DIR/innodb_undo_data_dir;
|
|
# Set path for ibdata* files.
|
|
let $MYSQLD_HOME_DATA_DIR = $MYSQL_TMP_DIR/innodb_data_home_dir;
|
|
let BOOTSTRAP_SQL=$MYSQL_TMP_DIR/boot.sql;
|
|
--echo # create bootstrap file
|
|
write_file $BOOTSTRAP_SQL;
|
|
CREATE DATABASE test;
|
|
EOF
|
|
|
|
--echo # Prepare new datadir
|
|
let NEW_CMD = $MYSQLD --no-defaults --initialize-insecure --innodb_data_home_dir=$MYSQLD_HOME_DATA_DIR --innodb_undo_directory=$MYSQLD_UNDO_DATADIR --innodb_dedicated_server=OFF --basedir=$MYSQLD_BASEDIR --datadir=$MYSQLD_DATADIR_1 --init-file=$BOOTSTRAP_SQL --secure-file-priv="" --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring $KEYRING_PLUGIN_OPT --cluster-id=1 --cluster-start-index=1 --cluster-info='127.0.0.1:29952@1' </dev/null>>$MYSQLTEST_VARDIR/tmp/bootstrap2.log 2>&1;
|
|
|
|
--echo # Run the bootstrap command with keyring
|
|
--exec $NEW_CMD
|
|
|
|
--echo # Starting server with keyring plugin
|
|
--replace_result $MYSQLD_HOME_DATA_DIR MYSQLD_HOME_DATA_DIR $MYSQLD_UNDO_DATADIR MYSQLD_UNDO_DATADIR $MYSQLD_DATADIR_1 MYSQLD_DATADIR
|
|
--let $restart_parameters=restart: --innodb_data_home_dir=$MYSQLD_HOME_DATA_DIR --innodb_undo_directory=$MYSQLD_UNDO_DATADIR --datadir=$MYSQLD_DATADIR_1 --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring $KEYRING_PLUGIN_OPT
|
|
--source include/start_mysqld_no_echo.inc
|
|
|
|
SELECT @@global.innodb_redo_log_encrypt;
|
|
SELECT @@global.innodb_undo_log_encrypt;
|
|
|
|
--let $dont_reset_global_status_variables= 1
|
|
--source include/xplugin_reset_and_wait.inc
|
|
|
|
--write_file $MYSQL_TMP_DIR/log_encrypt_xplugin_test.tmp
|
|
-->sql
|
|
SELECT @@global.innodb_redo_log_encrypt;
|
|
SET GLOBAL innodb_redo_log_encrypt = 1;
|
|
SELECT @@global.innodb_redo_log_encrypt;
|
|
SET GLOBAL innodb_undo_log_encrypt = 1;
|
|
SELECT @@global.innodb_undo_log_encrypt;
|
|
DROP DATABASE IF EXISTS tde_db;
|
|
CREATE DATABASE tde_db;
|
|
USE tde_db;
|
|
CREATE TABLE tde_db.t_encrypt(c2 INT NOT NULL,c3 LONGBLOB) ENCRYPTION="Y" ENGINE = InnoDB;
|
|
CREATE TABLE tde_db.t_non_encrypt(c2 INT NOT NULL,c3 LONGBLOB ) ENGINE = InnoDB;
|
|
START TRANSACTION;
|
|
INSERT INTO tde_db.t_encrypt(c2,c3) VALUES (1,CONCAT(REPEAT("a",6*512*512)));
|
|
INSERT INTO tde_db.t_encrypt SELECT c2,c3 FROM tde_db.t_encrypt;
|
|
INSERT INTO tde_db.t_encrypt SELECT c2,c3 FROM tde_db.t_encrypt;
|
|
|
|
INSERT INTO tde_db.t_non_encrypt(c2,c3) VALUES (1,CONCAT(REPEAT("a",6*512*512)));
|
|
INSERT INTO tde_db.t_non_encrypt SELECT c2,c3 FROM tde_db.t_non_encrypt;
|
|
INSERT INTO tde_db.t_non_encrypt SELECT c2,c3 FROM tde_db.t_non_encrypt;
|
|
COMMIT;
|
|
SELECT c2,SUBSTRING(c3,1,10) FROM tde_db.t_encrypt;
|
|
SELECT c2,SUBSTRING(c3,1,10) FROM tde_db.t_non_encrypt;
|
|
|
|
START TRANSACTION;
|
|
INSERT INTO tde_db.t_encrypt(c2,c3) VALUES (1,CONCAT(REPEAT("a",6*512*512)));
|
|
INSERT INTO tde_db.t_encrypt SELECT c2,c3 FROM tde_db.t_encrypt;
|
|
INSERT INTO tde_db.t_encrypt SELECT c2,c3 FROM tde_db.t_encrypt;
|
|
|
|
INSERT INTO tde_db.t_non_encrypt(c2,c3) VALUES (1,CONCAT(REPEAT("a",6*512*512)));
|
|
INSERT INTO tde_db.t_non_encrypt SELECT c2,c3 FROM tde_db.t_non_encrypt;
|
|
INSERT INTO tde_db.t_non_encrypt SELECT c2,c3 FROM tde_db.t_non_encrypt;
|
|
ROLLBACK;
|
|
SELECT c2,SUBSTRING(c3,1,10) FROM tde_db.t_encrypt;
|
|
SELECT c2,SUBSTRING(c3,1,10) FROM tde_db.t_non_encrypt;
|
|
|
|
SET GLOBAL innodb_redo_log_encrypt = 0;
|
|
SELECT @@global.innodb_redo_log_encrypt;
|
|
SET GLOBAL innodb_undo_log_encrypt = 0;
|
|
SELECT @@global.innodb_undo_log_encrypt;
|
|
START TRANSACTION;
|
|
INSERT INTO tde_db.t_encrypt(c2,c3) VALUES (1,CONCAT(REPEAT("a",6*512*512)));
|
|
INSERT INTO tde_db.t_non_encrypt(c2,c3) VALUES (1,CONCAT(REPEAT("a",6*512*512)));
|
|
COMMIT;
|
|
START TRANSACTION;
|
|
INSERT INTO tde_db.t_encrypt(c2,c3) VALUES (1,CONCAT(REPEAT("a",6*512*512)));
|
|
INSERT INTO tde_db.t_non_encrypt(c2,c3) VALUES (1,CONCAT(REPEAT("a",6*512*512)));
|
|
ROLLBACK;
|
|
SELECT c2,SUBSTRING(c3,1,10) FROM tde_db.t_encrypt;
|
|
SELECT c2,SUBSTRING(c3,1,10) FROM tde_db.t_non_encrypt;
|
|
|
|
|
|
SELECT @@global.innodb_redo_log_encrypt;
|
|
SET GLOBAL innodb_redo_log_encrypt = 1;
|
|
SELECT @@global.innodb_undo_log_encrypt;
|
|
SET GLOBAL innodb_undo_log_encrypt = 1;
|
|
|
|
SELECT c2,SUBSTRING(c3,1,10) FROM tde_db.t_encrypt;
|
|
SELECT c2,SUBSTRING(c3,1,10) FROM tde_db.t_non_encrypt;
|
|
-->endsql
|
|
EOF
|
|
|
|
CREATE USER 'x_root'@'localhost' IDENTIFIED WITH 'mysql_native_password';
|
|
GRANT ALL ON *.* TO 'x_root'@'localhost' WITH GRANT OPTION;
|
|
|
|
--sleep 3
|
|
# Run from xplugin
|
|
--exec $MYSQLXTEST -ux_root --password='' --file=$MYSQL_TMP_DIR/log_encrypt_xplugin_test.tmp 2>&1
|
|
--remove_file $MYSQL_TMP_DIR/log_encrypt_xplugin_test.tmp
|
|
|
|
DROP USER 'x_root'@'localhost';
|
|
|
|
SELECT @@global.innodb_redo_log_encrypt;
|
|
SELECT @@global.innodb_undo_log_encrypt;
|
|
|
|
|
|
--echo # Restarting server with keyring plugin
|
|
--replace_result $MYSQLD_HOME_DATA_DIR MYSQLD_HOME_DATA_DIR $MYSQLD_UNDO_DATADIR MYSQLD_UNDO_DATADIR $MYSQLD_DATADIR_1 MYSQLD_DATADIR
|
|
--let $restart_parameters=restart: --innodb_data_home_dir=$MYSQLD_HOME_DATA_DIR --innodb_undo_directory=$MYSQLD_UNDO_DATADIR --datadir=$MYSQLD_DATADIR_1 --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring $KEYRING_PLUGIN_OPT
|
|
--source include/start_mysqld_no_echo.inc
|
|
SELECT c2,SUBSTRING(c3,1,10) FROM tde_db.t_encrypt;
|
|
SELECT c2,SUBSTRING(c3,1,10) FROM tde_db.t_non_encrypt;
|
|
DROP DATABASE tde_db;
|
|
|
|
# restart the server with MTR default
|
|
--let $restart_parameters=
|
|
--source include/restart_mysqld.inc
|
|
|
|
## Cleanup
|
|
--remove_file $MYSQLTEST_VARDIR/tmp/bootstrap2.log
|
|
--remove_file $MYSQL_TMP_DIR/mysecret_keyring
|
|
--remove_file $BOOTSTRAP_SQL
|
|
--force-rmdir $MYSQL_TMP_DIR/datadir
|
|
--force-rmdir $MYSQL_TMP_DIR/innodb_data_home_dir
|
|
--force-rmdir $MYSQL_TMP_DIR/innodb_undo_data_dir
|
|
|
|
--disable_query_log
|
|
eval SET GLOBAL innodb_file_per_table=$old_innodb_file_per_table;
|
|
eval SET GLOBAL innodb_redo_log_encrypt=$old_innodb_redo_log_encrypt;
|
|
eval SET GLOBAL innodb_undo_log_encrypt=$old_innodb_undo_log_encrypt;
|
|
--enable_query_log
|