diff options
| author | Monty <monty@mariadb.org> | 2019-08-14 00:18:58 +0300 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2019-08-23 22:02:39 +0200 |
| commit | 1b5e5bdef31c5909fe98adc6a29a0bdc767da9aa (patch) | |
| tree | 2d9be76b9a165c0b47d8c1212ef8de946903fcd2 | |
| parent | bb6d674df91c6e7f6ea8bb68c916593d02b16ab6 (diff) | |
| download | mariadb-git-1b5e5bdef31c5909fe98adc6a29a0bdc767da9aa.tar.gz | |
MDEV-20306 Assert when converting encrypted Aria table to S3
Changes:
- maria_create() now uses a bit in the parameter flags to check if table
should be encrypted instead of using maria_encrypted_tables.
- Don't encrypt tables that are to be converted to S3
- Added encrypted flag to ARIA_TABLE_CAPABILITIES
- maria_chk --description now prints if table is encrypted. Other
operations is not allowed on encrypted tables.
| -rw-r--r-- | include/aria_backup.h | 1 | ||||
| -rw-r--r-- | include/my_base.h | 1 | ||||
| -rw-r--r-- | mysql-test/suite/s3/encryption.opt | 4 | ||||
| -rw-r--r-- | mysql-test/suite/s3/encryption.result | 23 | ||||
| -rw-r--r-- | mysql-test/suite/s3/encryption.test | 36 | ||||
| -rw-r--r-- | storage/maria/ha_maria.cc | 2 | ||||
| -rw-r--r-- | storage/maria/ma_backup.c | 2 | ||||
| -rw-r--r-- | storage/maria/ma_create.c | 3 | ||||
| -rw-r--r-- | storage/maria/maria_chk.c | 11 | ||||
| -rw-r--r-- | storage/maria/s3_func.c | 3 |
10 files changed, 84 insertions, 2 deletions
diff --git a/include/aria_backup.h b/include/aria_backup.h index 5cc5f43d9b6..30c139c4234 100644 --- a/include/aria_backup.h +++ b/include/aria_backup.h @@ -26,6 +26,7 @@ typedef struct st_aria_table_capabilities enum data_file_type data_file_type; my_bool checksum; my_bool transactional; + my_bool encrypted; /* This is true if the table can be copied without any locks */ my_bool online_backup_safe; /* s3 capabilities */ diff --git a/include/my_base.h b/include/my_base.h index e73844d0937..c7cccaebf3a 100644 --- a/include/my_base.h +++ b/include/my_base.h @@ -368,6 +368,7 @@ enum ha_base_keytype { #define HA_CREATE_INTERNAL_TABLE 256U #define HA_PRESERVE_INSERT_ORDER 512U #define HA_CREATE_NO_ROLLBACK 1024U +#define HA_CREATE_ENCRYPTED 2048U /* Flags used by start_bulk_insert */ diff --git a/mysql-test/suite/s3/encryption.opt b/mysql-test/suite/s3/encryption.opt new file mode 100644 index 00000000000..8f13b08c5c4 --- /dev/null +++ b/mysql-test/suite/s3/encryption.opt @@ -0,0 +1,4 @@ +--plugin-load-add=$FILE_KEY_MANAGEMENT_SO +--aria-encrypt-tables=1 +--loose-file-key-management +--loose-file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys.txt diff --git a/mysql-test/suite/s3/encryption.result b/mysql-test/suite/s3/encryption.result new file mode 100644 index 00000000000..c60490d342a --- /dev/null +++ b/mysql-test/suite/s3/encryption.result @@ -0,0 +1,23 @@ +# +# MDEV-20306 +# Assertion `!(end_of_data > info->scan.dir_end)' failed in +# _ma_scan_block_record upon converting table from S3 to Aria +# with encryption enabled +# +drop table if exists t1; +CREATE TABLE t1 (a INT) ENGINE=Aria; +INSERT INTO t1 VALUES (1); +ALTER TABLE t1 ENGINE=S3; +select * from t1; +a +1 +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `a` int(11) DEFAULT NULL +) ENGINE=S3 DEFAULT CHARSET=latin1 PAGE_CHECKSUM=1 +ALTER TABLE t1 ENGINE=Aria; +select * from t1; +a +1 +DROP TABLE t1; diff --git a/mysql-test/suite/s3/encryption.test b/mysql-test/suite/s3/encryption.test new file mode 100644 index 00000000000..82434627309 --- /dev/null +++ b/mysql-test/suite/s3/encryption.test @@ -0,0 +1,36 @@ +--source include/have_s3.inc + +if (`SELECT COUNT(*)=0 FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME = 'file_key_management' AND PLUGIN_STATUS='ACTIVE'`) +{ + --skip Test requires file_key_management plugin +} + +# +# Create unique database for running the tests +# +--source create_database.inc + +--echo # +--echo # MDEV-20306 +--echo # Assertion `!(end_of_data > info->scan.dir_end)' failed in +--echo # _ma_scan_block_record upon converting table from S3 to Aria +--echo # with encryption enabled +--echo # + +--disable_warnings +drop table if exists t1; +--enable_warnings + +CREATE TABLE t1 (a INT) ENGINE=Aria; +INSERT INTO t1 VALUES (1); +ALTER TABLE t1 ENGINE=S3; +select * from t1; +show create table t1; +ALTER TABLE t1 ENGINE=Aria; +select * from t1; +DROP TABLE t1; + +# +# clean up +# +--source drop_database.inc diff --git a/storage/maria/ha_maria.cc b/storage/maria/ha_maria.cc index a9a2b73a2e6..f169698ce1a 100644 --- a/storage/maria/ha_maria.cc +++ b/storage/maria/ha_maria.cc @@ -3165,6 +3165,8 @@ int ha_maria::create(const char *name, TABLE *table_arg, (void) translog_log_debug_info(0, LOGREC_DEBUG_INFO_QUERY, (uchar*) thd->query(), thd->query_length()); + if (maria_encrypt_tables && ht == maria_hton) + create_flags|= HA_CREATE_ENCRYPTED; /* TODO: Check that the following fn_format is really needed */ error= maria_create(fn_format(buff, name, "", "", diff --git a/storage/maria/ma_backup.c b/storage/maria/ma_backup.c index ca9cbdc95ba..79270425b38 100644 --- a/storage/maria/ma_backup.c +++ b/storage/maria/ma_backup.c @@ -80,6 +80,8 @@ int aria_get_capabilities(File kfile, ARIA_TABLE_CAPABILITIES *cap) cap->data_file_type= share.state.header.data_file_type; cap->s3_block_size= share.base.s3_block_size; cap->compression= share.base.compression_algorithm; + cap->encrypted= MY_TEST(share.base.extra_options & + MA_EXTRA_OPTIONS_ENCRYPTED); if (share.state.header.data_file_type == BLOCK_RECORD) { diff --git a/storage/maria/ma_create.c b/storage/maria/ma_create.c index f683c64f346..01e54c300d0 100644 --- a/storage/maria/ma_create.c +++ b/storage/maria/ma_create.c @@ -95,7 +95,8 @@ int maria_create(const char *name, enum data_file_type datafile_type, my_bool forced_packed; myf sync_dir= 0; uchar *log_data= NULL; - my_bool encrypted= maria_encrypt_tables && datafile_type == BLOCK_RECORD; + my_bool encrypted= ((flags & HA_CREATE_ENCRYPTED) && + datafile_type == BLOCK_RECORD); my_bool insert_order= MY_TEST(flags & HA_PRESERVE_INSERT_ORDER); uint crypt_page_header_space= 0; DBUG_ENTER("maria_create"); diff --git a/storage/maria/maria_chk.c b/storage/maria/maria_chk.c index c85b35570cb..6878c18aa49 100644 --- a/storage/maria/maria_chk.c +++ b/storage/maria/maria_chk.c @@ -1097,6 +1097,15 @@ static int maria_chk(HA_CHECK *param, char *filename) param->testflag|= T_REP_BY_SORT; } } + if ((share->base.extra_options & MA_EXTRA_OPTIONS_ENCRYPTED) && + !(param->testflag & T_DESCRIPT)) + { + _ma_check_print_warning(param, + "Table %s is encrypted. Only --description (-d) " + "option is supported", filename); + param->warning_printed= 0; + goto end2; + } /* Skip the checking of the file if: @@ -1549,6 +1558,8 @@ static void descript(HA_CHECK *param, register MARIA_HA *info, char *name) if (param->testflag & T_VERBOSE) { + if (share->base.extra_options & MA_EXTRA_OPTIONS_ENCRYPTED) + printf("Encrypted: yes\n"); printf("File-version: %d\n", (int) share->state.header.file_version[3]); if (share->state.create_time) diff --git a/storage/maria/s3_func.c b/storage/maria/s3_func.c index 25f13d92741..b0d23c8b6ac 100644 --- a/storage/maria/s3_func.c +++ b/storage/maria/s3_func.c @@ -356,7 +356,8 @@ int aria_copy_to_s3(ms3_st *s3_client, const char *aws_bucket, error, path); goto err; } - if (cap.transactional || cap.data_file_type != BLOCK_RECORD) + if (cap.transactional || cap.data_file_type != BLOCK_RECORD || + cap.encrypted) { fprintf(stderr, "Aria table %s doesn't match criteria to be copied to S3.\n" |