370 lines
14 KiB
Plaintext
370 lines
14 KiB
Plaintext
# InnoDB transparent encryption on redo log and undo log
|
|
# This test case will test basic encryption support with
|
|
# concuurent execution and
|
|
|
|
--source include/no_valgrind_without_big.inc
|
|
--source include/have_innodb_max_16k.inc
|
|
|
|
--disable_query_log
|
|
call mtr.add_suppression('Error in Log_event::read_log_event()');
|
|
--enable_query_log
|
|
|
|
# Create a table with encryption, should fail since keyring is not
|
|
# loaded
|
|
|
|
let $old_innodb_file_per_table = `SELECT @@innodb_file_per_table`;
|
|
let $old_innodb_redo_log_encrypt = `SELECT @@innodb_redo_log_encrypt`;
|
|
let $START_PAGE_SIZE= `select @@innodb_page_size`;
|
|
let $LOG_FILE_SIZE= `select @@innodb_log_file_size`;
|
|
let $MYSQLD_BASEDIR= `select @@basedir`;
|
|
|
|
let SEARCH_FILE= $MYSQL_TMP_DIR/encrypt_log_output.err;
|
|
|
|
# Test that the output appears.
|
|
let $restart_parameters = restart: --no-console --log-error=$SEARCH_FILE ;
|
|
--replace_result $SEARCH_FILE ERROR_LOG_FILE
|
|
--source include/restart_mysqld.inc
|
|
|
|
SELECT @@global.innodb_redo_log_encrypt ;
|
|
SET GLOBAL innodb_redo_log_encrypt = 1;
|
|
SET GLOBAL innodb_undo_log_encrypt = 1;
|
|
|
|
--let $wait_condition=SELECT @@global.innodb_redo_log_encrypt = 0
|
|
--source include/wait_condition.inc
|
|
|
|
--error ER_SP_DOES_NOT_EXIST
|
|
UNINSTALL PLUGIN keyring_file;
|
|
|
|
# Create Non encrypt table with innodb_redo_log_encrypt=ON
|
|
CREATE TABLE tne_1(c1 INT, c2 varchar(2000)) ENGINE = InnoDB;
|
|
INSERT INTO tne_1 VALUES (1,REPEAT('a',1990)),(2,REPEAT('b',1990)),(100,REPEAT('c',1990));
|
|
SELECT c1,LEFT(c2,10) FROM tne_1;
|
|
DROP TABLE tne_1;
|
|
--echo # Stop the MTR default DB server
|
|
--source include/shutdown_mysqld.inc
|
|
|
|
# Grep for message in server error log
|
|
let SEARCH_PATTERN=Can\'t set redo log tablespace to be encrypted;
|
|
--source include/search_pattern.inc
|
|
|
|
# Create path for ibdata* & undo* files both DBs
|
|
--mkdir $MYSQL_TMP_DIR/innodb_undo_data_dir
|
|
--mkdir $MYSQL_TMP_DIR/datadir
|
|
# Set path for --datadir
|
|
let $MYSQLD_DATADIR_1 = $MYSQL_TMP_DIR/datadir/data;
|
|
# Set path for undo* files.
|
|
let $MYSQLD_UNDO_DATADIR = $MYSQL_TMP_DIR/innodb_undo_data_dir;
|
|
let BOOTSTRAP_SQL=$MYSQL_TMP_DIR/boot.sql;
|
|
--echo # create bootstrap file
|
|
write_file $BOOTSTRAP_SQL;
|
|
CREATE DATABASE test;
|
|
EOF
|
|
|
|
--echo # Prepare new datadir
|
|
let NEW_CMD = $MYSQLD --no-defaults --innodb_dedicated_server=OFF --initialize-insecure --innodb_log_file_size=$LOG_FILE_SIZE --innodb_page_size=$START_PAGE_SIZE --innodb_undo_directory=$MYSQLD_UNDO_DATADIR --basedir=$MYSQLD_BASEDIR --datadir=$MYSQLD_DATADIR_1 --init-file=$BOOTSTRAP_SQL --secure-file-priv="" --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring $KEYRING_PLUGIN_OPT --cluster-id=1 --cluster-start-index=1 --cluster-info='127.0.0.1:29222@1' </dev/null>>$MYSQLTEST_VARDIR/tmp/bootstrap2.log 2>&1;
|
|
|
|
--echo # Run the bootstrap command with keyring
|
|
--exec $NEW_CMD
|
|
|
|
--echo # Starting server with keyring plugin
|
|
--let $restart_parameters=restart: --innodb_log_file_size=$LOG_FILE_SIZE --innodb_page_size=$START_PAGE_SIZE --innodb_undo_directory=$MYSQLD_UNDO_DATADIR --datadir=$MYSQLD_DATADIR_1 --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring $KEYRING_PLUGIN_OPT
|
|
--replace_regex /\.dll/.so/
|
|
--source include/start_mysqld_no_echo.inc
|
|
|
|
|
|
|
|
SELECT @@global.innodb_redo_log_encrypt;
|
|
SET GLOBAL innodb_redo_log_encrypt = 1;
|
|
SELECT @@global.innodb_undo_log_encrypt;
|
|
SET GLOBAL innodb_undo_log_encrypt = 1;
|
|
SELECT @@global.innodb_undo_log_encrypt;
|
|
--replace_regex /\.dll/.so/
|
|
--error ER_UDF_EXISTS
|
|
eval INSTALL PLUGIN keyring_file SONAME '$KEYRING_PLUGIN';
|
|
|
|
SET GLOBAL innodb_redo_log_encrypt = 0;
|
|
SELECT @@global.innodb_redo_log_encrypt;
|
|
SET GLOBAL innodb_undo_log_encrypt = 0;
|
|
SELECT @@global.innodb_undo_log_encrypt;
|
|
--replace_regex /\.dll/.so/
|
|
--error ER_UDF_EXISTS
|
|
eval INSTALL PLUGIN keyring_file SONAME '$KEYRING_PLUGIN';
|
|
|
|
--disable_warnings
|
|
DROP TABLE IF EXISTS t1;
|
|
DROP DATABASE IF EXISTS tde_db;
|
|
CREATE DATABASE tde_db;
|
|
USE tde_db;
|
|
--enable_warnings
|
|
|
|
let $innodb_file_per_table = `SELECT @@innodb_file_per_table`;
|
|
|
|
# Create a table with encryption
|
|
CREATE TABLE tde_db.t_encrypt(c2 INT NOT NULL PRIMARY KEY,
|
|
c3 LONGBLOB
|
|
) ENCRYPTION="Y" ENGINE = InnoDB;
|
|
|
|
CREATE TABLE tde_db.t_non_encrypt(c2 INT NOT NULL PRIMARY KEY,
|
|
c3 LONGBLOB
|
|
) ENGINE = InnoDB;
|
|
|
|
|
|
DELIMITER |;
|
|
CREATE PROCEDURE tde_db.populate_table_set_redo_encrypt(IN table_name VARCHAR(50))
|
|
begin
|
|
declare i int default 1;
|
|
declare has_error int default 0;
|
|
DECLARE CONTINUE HANDLER FOR 1062 SET has_error = 1;
|
|
while (i <= 2000) DO
|
|
|
|
SET @sql_text = CONCAT('INSERT INTO ',table_name, '(c2,c3) VALUES (' , i,',' ,'CONCAT(REPEAT("a",6*512*512)))');
|
|
PREPARE stmt FROM @sql_text;
|
|
EXECUTE stmt;
|
|
set i = i + 1;
|
|
IF i%10 = 0 THEN SET GLOBAL innodb_redo_log_encrypt = 1;
|
|
END IF;
|
|
IF i%20 = 0 THEN SET GLOBAL innodb_redo_log_encrypt = 0;
|
|
END IF;
|
|
IF i%15 = 0 THEN SET GLOBAL innodb_undo_log_encrypt = 1;
|
|
END IF;
|
|
IF i%30 = 0 THEN SET GLOBAL innodb_undo_log_encrypt = 0;
|
|
END IF;
|
|
|
|
end while;
|
|
end|
|
|
CREATE PROCEDURE tde_db.update_table(IN table_name VARCHAR(50))
|
|
begin
|
|
declare i int default 1;
|
|
declare has_error int default 0;
|
|
DECLARE CONTINUE HANDLER FOR 1062 SET has_error = 1;
|
|
while (i <= 2000) DO
|
|
SET @sql_text = CONCAT('UPDATE ',table_name, ' SET c2 = c2 * -1 ORDER BY RAND() LIMIT 2');
|
|
PREPARE stmt FROM @sql_text;
|
|
EXECUTE stmt;
|
|
set i = i + 1;
|
|
end while;
|
|
end|
|
|
CREATE PROCEDURE tde_db.delete_table(IN table_name VARCHAR(50))
|
|
begin
|
|
declare i int default 1;
|
|
declare has_error int default 0;
|
|
DECLARE CONTINUE HANDLER FOR 1062 SET has_error = 1;
|
|
while (i <= 2000) DO
|
|
SET @sql_text = CONCAT('DELETE FROM ',table_name, ' ORDER BY RAND() LIMIT 2');
|
|
PREPARE stmt FROM @sql_text;
|
|
EXECUTE stmt;
|
|
set i = i + 1;
|
|
end while;
|
|
end|
|
|
CREATE PROCEDURE tde_db.transaction_table(IN table_name VARCHAR(50))
|
|
begin
|
|
declare i int default 1;
|
|
declare iflag int default -1;
|
|
declare has_error int default 0;
|
|
DECLARE CONTINUE HANDLER FOR 1062 SET has_error = 1;
|
|
SET i = 3000;
|
|
START TRANSACTION;
|
|
while (i <= 9000) DO
|
|
SET @sql_text = CONCAT('INSERT INTO ',table_name, '(c2,c3) VALUES (' , i,',' ,'CONCAT(REPEAT("a",6*512*512)))');
|
|
PREPARE stmt FROM @sql_text;
|
|
EXECUTE stmt;
|
|
SET @sql_text = CONCAT('UPDATE ',table_name, ' SET c2 = c2 * -1 ORDER BY RAND() LIMIT 2');
|
|
PREPARE stmt FROM @sql_text;
|
|
EXECUTE stmt;
|
|
set i = i + 1;
|
|
IF i%10 = 0 THEN SET GLOBAL innodb_redo_log_encrypt = 1;
|
|
END IF;
|
|
IF i%20 = 0 THEN SET GLOBAL innodb_redo_log_encrypt = 0;
|
|
END IF;
|
|
IF i%15 = 0 THEN SET GLOBAL innodb_undo_log_encrypt = 1;
|
|
END IF;
|
|
IF i%30 = 0 THEN SET GLOBAL innodb_undo_log_encrypt = 0;
|
|
END IF;
|
|
|
|
IF i%10 = 0 THEN
|
|
SET @sql_text = CONCAT('DELETE FROM ',table_name, ' ORDER BY RAND() LIMIT 2');
|
|
PREPARE stmt FROM @sql_text;
|
|
EXECUTE stmt;
|
|
START TRANSACTION;
|
|
SET iflag = -1 * iflag;
|
|
END IF;
|
|
IF i%9 = 0 THEN
|
|
IF iflag < 0 THEN
|
|
COMMIT;
|
|
ELSE
|
|
ROLLBACK;
|
|
END IF;
|
|
END IF;
|
|
end while;
|
|
end|
|
|
CREATE PROCEDURE tde_db.create_table_rotate_key()
|
|
begin
|
|
declare i int default 1;
|
|
declare has_error int default 0;
|
|
DECLARE CONTINUE HANDLER FOR 1062 SET has_error = 1;
|
|
while (i <= 2000) DO
|
|
|
|
IF i%10 = 0 THEN
|
|
SET @sql_text = CONCAT('CREATE TABLE ',CONCAT('tde_db.t_non_encrypt_',encrypt,'_',i),' (c1 INT) ' ,' ENGINE=InnoDB');
|
|
ELSE
|
|
SET @sql_text = CONCAT('CREATE TABLE ',CONCAT('tde_db.t_encrypt_',encrypt,'_',i),' (c1 INT) ENCRYPTION="Y"' ,' ENGINE=InnoDB');
|
|
END IF;
|
|
PREPARE stmt FROM @sql_text;
|
|
EXECUTE stmt;
|
|
DEALLOCATE PREPARE stmt;
|
|
ALTER INSTANCE ROTATE INNODB MASTER KEY;
|
|
set i = i + 1;
|
|
end while;
|
|
end|
|
|
CREATE PROCEDURE tde_db.query_table(IN table_name VARCHAR(50))
|
|
begin
|
|
declare i int default 1;
|
|
declare has_error int default 0;
|
|
DECLARE CONTINUE HANDLER FOR 1062 SET has_error = 1;
|
|
while (i <= 2000) DO
|
|
SET @sql_text = CONCAT('SELECT * FROM ',table_name, ' ORDER BY RAND() LIMIT 2');
|
|
PREPARE stmt FROM @sql_text;
|
|
EXECUTE stmt;
|
|
set i = i + 1;
|
|
end while;
|
|
end|
|
|
DELIMITER ;|
|
|
|
|
--echo # In connection con1 - Running insert with redo_log_encrypt variable
|
|
connect (con1,localhost,root,,);
|
|
send call tde_db.populate_table_set_redo_encrypt('tde_db.t_encrypt');
|
|
|
|
--echo # In connection con2 - Running insert on non encrypt table
|
|
connect (con2,localhost,root,,);
|
|
send call tde_db.populate_table_set_redo_encrypt('tde_db.t_non_encrypt');
|
|
|
|
|
|
--connection default
|
|
--sleep 3
|
|
--echo # Starting server with keyring plugin
|
|
let $restart_parameters = restart: --innodb_log_file_size=$LOG_FILE_SIZE --innodb_page_size=$START_PAGE_SIZE --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring $KEYRING_PLUGIN_OPT --innodb_undo_directory=$MYSQLD_UNDO_DATADIR --datadir=$MYSQLD_DATADIR_1;
|
|
--sleep 3
|
|
--let $_server_id= `SELECT @@server_id`
|
|
--let $_expect_file_name= $MYSQLTEST_VARDIR/tmp/mysqld.$_server_id.expect
|
|
--exec echo "$restart_parameters" > $_expect_file_name
|
|
--shutdown_server 0
|
|
--source include/wait_until_disconnected.inc
|
|
--enable_reconnect
|
|
--source include/wait_until_connected_again.inc
|
|
--disable_reconnect
|
|
|
|
|
|
--disconnect con1
|
|
--disconnect con2
|
|
--connection default
|
|
|
|
--replace_column 1 #
|
|
SELECT COUNT(*)>0 FROM tde_db.t_encrypt;
|
|
--replace_column 1 #
|
|
SELECT COUNT(*)>0 FROM tde_db.t_non_encrypt;
|
|
|
|
DELETE FROM tde_db.t_encrypt;
|
|
DELETE FROM tde_db.t_non_encrypt;
|
|
|
|
--echo # In connection con1 - Running insert with redo_log_encrypt variable
|
|
connect (con1,localhost,root,,);
|
|
send call tde_db.populate_table_set_redo_encrypt('tde_db.t_encrypt');
|
|
|
|
--echo # In connection con2 - Running insert on non encrypt table
|
|
connect (con2,localhost,root,,);
|
|
send call tde_db.populate_table_set_redo_encrypt('tde_db.t_non_encrypt');
|
|
|
|
--echo # In connection con3 - Running update on encrypt
|
|
connect (con3,localhost,root,,);
|
|
send call tde_db.table_update('tde_db.t_encrypt');
|
|
--echo # In connection con4 - Running update non encrypt
|
|
connect (con4,localhost,root,,);
|
|
send call tde_db.table_update('tde_db.t_non_encrypt');
|
|
--echo # In connection con5 - Running delete on encrypt
|
|
connect (con5,localhost,root,,);
|
|
send call tde_db.table_delete('tde_db.t_encrypt');
|
|
--echo # In connection con6 - Running delete on non encrypt
|
|
connect (con6,localhost,root,,);
|
|
send call tde_db.table_delete('tde_db.t_non_encrypt');
|
|
--echo # In connection con7 - Running transaction on encrypt
|
|
connect (con7,localhost,root,,);
|
|
send call tde_db.transaction_table('tde_db.t_encrypt');
|
|
--echo # In connection con8 - Running transaction on non encrypt
|
|
connect (con8,localhost,root,,);
|
|
send call tde_db.transaction_table('tde_db.t_non_encrypt');
|
|
--echo # In connection con9 - Running create encrypt and non encrypt table with rotate key
|
|
connect (con9,localhost,root,,);
|
|
send call tde_db.create_table_rotate_key();
|
|
--echo # In connection con10 - Running query on encrypt table
|
|
connect (con10,localhost,root,,);
|
|
send call tde_db.query_table('tde_db.t_encrypt');
|
|
--echo # In connection con11 - Running query on non encrypt table
|
|
connect (con11,localhost,root,,);
|
|
send call tde_db.query_table('tde_db.t_non_encrypt');
|
|
|
|
--connection default
|
|
--sleep 20
|
|
--echo # Starting server with keyring plugin
|
|
let $restart_parameters = restart: --innodb_log_file_size=$LOG_FILE_SIZE --innodb_page_size=$START_PAGE_SIZE --early-plugin-load="keyring_file=$KEYRING_PLUGIN" --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring $KEYRING_PLUGIN_OPT --innodb_undo_directory=$MYSQLD_UNDO_DATADIR --datadir=$MYSQLD_DATADIR_1;
|
|
--let $_server_id= `SELECT @@server_id`
|
|
--let $_expect_file_name= $MYSQLTEST_VARDIR/tmp/mysqld.$_server_id.expect
|
|
--exec echo "$restart_parameters" > $_expect_file_name
|
|
--shutdown_server 0
|
|
--source include/wait_until_disconnected.inc
|
|
--enable_reconnect
|
|
--source include/wait_until_connected_again.inc
|
|
--disable_reconnect
|
|
|
|
--disconnect con1
|
|
--disconnect con2
|
|
--disconnect con3
|
|
--disconnect con4
|
|
--disconnect con5
|
|
--disconnect con6
|
|
--disconnect con7
|
|
--disconnect con8
|
|
--disconnect con9
|
|
--disconnect con10
|
|
--disconnect con11
|
|
|
|
--connection default
|
|
--replace_column 1 #
|
|
SELECT COUNT(*) > 1 FROM tde_db.t_encrypt;
|
|
--replace_column 1 #
|
|
SELECT COUNT(*) > 1 FROM tde_db.t_non_encrypt;
|
|
|
|
# Run some load insert retart
|
|
--echo # In connection con1 - Running insert with redo_log_encrypt variable
|
|
connect (con1,localhost,root,,);
|
|
send call tde_db.populate_table_set_redo_encrypt('tde_db.t_encrypt');
|
|
|
|
--echo # In connection con2 - Running insert on non encrypt table
|
|
connect (con2,localhost,root,,);
|
|
send call tde_db.populate_table_set_redo_encrypt('tde_db.t_non_encrypt');
|
|
|
|
--sleep 2
|
|
--disconnect con1
|
|
--disconnect con2
|
|
--connection default
|
|
DROP DATABASE tde_db;
|
|
|
|
# restart the server with MTR default
|
|
--let $restart_parameters=
|
|
--source include/restart_mysqld.inc
|
|
|
|
--echo #
|
|
--echo # Cleanup
|
|
--echo #
|
|
--remove_file $MYSQLTEST_VARDIR/tmp/bootstrap2.log
|
|
--remove_file $MYSQL_TMP_DIR/mysecret_keyring
|
|
--remove_file $BOOTSTRAP_SQL
|
|
--remove_file $SEARCH_FILE
|
|
--force-rmdir $MYSQL_TMP_DIR/datadir
|
|
--force-rmdir $MYSQL_TMP_DIR/innodb_undo_data_dir
|
|
|
|
--disable_query_log
|
|
eval SET GLOBAL innodb_file_per_table=$old_innodb_file_per_table;
|
|
eval SET GLOBAL innodb_redo_log_encrypt=$old_innodb_redo_log_encrypt;
|
|
--enable_query_log
|
|
|