diff options
Diffstat (limited to 'mysql-test/suite/encryption')
26 files changed, 355 insertions, 363 deletions
diff --git a/mysql-test/suite/encryption/r/debug_key_management.result b/mysql-test/suite/encryption/r/debug_key_management.result index 8793e6ba363..02e05b4d221 100644 --- a/mysql-test/suite/encryption/r/debug_key_management.result +++ b/mysql-test/suite/encryption/r/debug_key_management.result @@ -6,16 +6,12 @@ innodb_encrypt_tables ON innodb_encryption_rotate_key_age 2 innodb_encryption_rotation_iops 100 innodb_encryption_threads 4 -select space,name,current_key_version from information_schema.innodb_tablespaces_encryption order by space; -space name current_key_version -0 NULL 1 -1 mysql/innodb_table_stats 1 -2 mysql/innodb_index_stats 1 +select count(*) from information_schema.innodb_tablespaces_encryption where current_key_version <> 1; +count(*) +0 set global debug_key_management_version=10; -select space,name,current_key_version from information_schema.innodb_tablespaces_encryption order by space; -space name current_key_version -0 NULL 10 -1 mysql/innodb_table_stats 10 -2 mysql/innodb_index_stats 10 +select count(*) from information_schema.innodb_tablespaces_encryption where current_key_version <> 10; +count(*) +0 set global innodb_encrypt_tables=OFF; set global debug_key_management_version=1; diff --git a/mysql-test/suite/encryption/r/encrypt_and_grep.result b/mysql-test/suite/encryption/r/encrypt_and_grep.result index f95e70bf19e..bd20b79aafe 100644 --- a/mysql-test/suite/encryption/r/encrypt_and_grep.result +++ b/mysql-test/suite/encryption/r/encrypt_and_grep.result @@ -6,6 +6,16 @@ insert t1 values (repeat('foobar', 42)); insert t2 values (repeat('temp', 42)); insert t3 values (repeat('dummy', 42)); # Wait max 10 min for key encryption threads to encrypt all spaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +NAME +test/t3 +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +NAME +mysql/innodb_table_stats +mysql/innodb_index_stats +test/t1 +test/t2 +innodb_system # t1 yes on expecting NOT FOUND NOT FOUND /foobar/ in t1.ibd # t2 ... on expecting NOT FOUND @@ -15,13 +25,23 @@ FOUND /dummy/ in t3.ibd # ibdata1 expecting NOT FOUND NOT FOUND /foobar/ in ibdata1 # Now turn off encryption and wait for threads to decrypt everything -SET GLOBAL innodb_encryption_threads = 4; +SET GLOBAL innodb_encryption_threads = 1; SET GLOBAL innodb_encrypt_tables = off; # Wait max 10 min for key encryption threads to decrypt all spaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +NAME +mysql/innodb_table_stats +mysql/innodb_index_stats +test/t2 +test/t3 +innodb_system +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +NAME +test/t1 # t1 yes on expecting NOT FOUND NOT FOUND /foobar/ in t1.ibd # t2 ... on expecting FOUND -FOUND /temp/ in t2.ibd +NOT FOUND /temp/ in t2.ibd # t3 no on expecting FOUND FOUND /dummy/ in t3.ibd # ibdata1 expecting NOT FOUND @@ -30,6 +50,16 @@ NOT FOUND /foobar/ in ibdata1 SET GLOBAL innodb_encryption_threads = 4; SET GLOBAL innodb_encrypt_tables = on; # Wait max 10 min for key encryption threads to encrypt all spaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +NAME +test/t3 +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +NAME +mysql/innodb_table_stats +mysql/innodb_index_stats +test/t1 +test/t2 +innodb_system # t1 yes on expecting NOT FOUND NOT FOUND /foobar/ in t1.ibd # t2 ... on expecting NOT FOUND @@ -38,5 +68,4 @@ NOT FOUND /temp/ in t2.ibd FOUND /dummy/ in t3.ibd # ibdata1 expecting NOT FOUND NOT FOUND /foobar/ in ibdata1 -# TODO: add shutdown + grep tests drop table t1, t2, t3; diff --git a/mysql-test/suite/encryption/r/innodb-bad-key-change.result b/mysql-test/suite/encryption/r/innodb-bad-key-change.result index dc5be714f66..798057e3fb5 100644 --- a/mysql-test/suite/encryption/r/innodb-bad-key-change.result +++ b/mysql-test/suite/encryption/r/innodb-bad-key-change.result @@ -1,14 +1,7 @@ call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); -call mtr.add_suppression("InnoDB: Database page corruption on disk or a failed.*"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id .* is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -call mtr.add_suppression("mysqld: File .*"); -call mtr.add_suppression("InnoDB: Tablespace id .* is encrypted but encryption service or used key_id .* is not available. Can't continue opening tablespace."); -call mtr.add_suppression("InnoDB: InnoDB: Page may be an index page where index id is .*"); +call mtr.add_suppression("InnoDB: The page .* in file test/.* cannot be decrypted"); +call mtr.add_suppression("mysqld: File .* not found"); # Start server with keys2.txt CREATE TABLE t1 (c VARCHAR(8)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=2; diff --git a/mysql-test/suite/encryption/r/innodb-bad-key-change2.result b/mysql-test/suite/encryption/r/innodb-bad-key-change2.result index ea760e7a213..adf984b9708 100644 --- a/mysql-test/suite/encryption/r/innodb-bad-key-change2.result +++ b/mysql-test/suite/encryption/r/innodb-bad-key-change2.result @@ -1,9 +1,5 @@ -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); CREATE TABLE t1 (pk INT PRIMARY KEY, f VARCHAR(8)) ENGINE=InnoDB ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1,'foo'),(2,'bar'); select * from t1; @@ -24,3 +20,4 @@ show warnings; Level Code Message Warning 192 Table test/t1 is encrypted but encryption service or used key_id is not available. Can't continue reading table. Error 1296 Got error 192 'Table encrypted but decryption failed. This could be because correct encryption management plugin is not loaded, used encryption key is not available or encryption method does not match.' from InnoDB +DROP TABLE t1; diff --git a/mysql-test/suite/encryption/r/innodb-bad-key-change4.result b/mysql-test/suite/encryption/r/innodb-bad-key-change4.result index d6c2706e8bf..69f11d8745b 100644 --- a/mysql-test/suite/encryption/r/innodb-bad-key-change4.result +++ b/mysql-test/suite/encryption/r/innodb-bad-key-change4.result @@ -1,9 +1,5 @@ -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); CREATE TABLE t1 (pk INT PRIMARY KEY, f VARCHAR(8)) ENGINE=InnoDB ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1,'foo'),(2,'bar'); CHECK TABLE t1; diff --git a/mysql-test/suite/encryption/r/innodb-bad-key-change5.result b/mysql-test/suite/encryption/r/innodb-bad-key-change5.result index 75a0587d35d..13b74f3b23d 100644 --- a/mysql-test/suite/encryption/r/innodb-bad-key-change5.result +++ b/mysql-test/suite/encryption/r/innodb-bad-key-change5.result @@ -1,9 +1,5 @@ -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); CREATE TABLE t1 (pk INT PRIMARY KEY, f VARCHAR(8)) ENGINE=InnoDB ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1,'foo'),(2,'bar'); OPTIMIZE TABLE t1; diff --git a/mysql-test/suite/encryption/r/innodb-bad-key-shutdown.result b/mysql-test/suite/encryption/r/innodb-bad-key-shutdown.result index 630fba146bf..447329a74da 100644 --- a/mysql-test/suite/encryption/r/innodb-bad-key-shutdown.result +++ b/mysql-test/suite/encryption/r/innodb-bad-key-shutdown.result @@ -1,17 +1,13 @@ -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id .* is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); -# +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); +# # Restart the server with key 4 in the key file -# +# CREATE TABLE t1 (i INT, KEY(i)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1); -# +# # Restart the server with a different value for key 4 in the key file -# +# SELECT * FROM t1; ERROR HY000: Got error 192 'Table encrypted but decryption failed. This could be because correct encryption management plugin is not loaded, used encryption key is not available or encryption method does not match.' from InnoDB SELECT * FROM t1; diff --git a/mysql-test/suite/encryption/r/innodb-encryption-disable.result b/mysql-test/suite/encryption/r/innodb-encryption-disable.result index 63ad0cf13fb..d19124ab602 100644 --- a/mysql-test/suite/encryption/r/innodb-encryption-disable.result +++ b/mysql-test/suite/encryption/r/innodb-encryption-disable.result @@ -1,10 +1,5 @@ -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); -call mtr.add_suppression("InnoDB: Tablespace id.* is encrypted but encryption service or used key_id .* is not available. Can't continue opening tablespace."); +call mtr.add_suppression("InnoDB: The page .* in file test/t[15] cannot be decrypted"); +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); create table t5 ( `intcol1` int(32) DEFAULT NULL, `intcol2` int(32) DEFAULT NULL, diff --git a/mysql-test/suite/encryption/r/innodb-key-rotation-disable.result b/mysql-test/suite/encryption/r/innodb-key-rotation-disable.result new file mode 100644 index 00000000000..07f6f98b88a --- /dev/null +++ b/mysql-test/suite/encryption/r/innodb-key-rotation-disable.result @@ -0,0 +1,66 @@ +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +NAME +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +NAME +mysql/innodb_table_stats +mysql/innodb_index_stats +innodb_system +create database enctests; +use enctests; +create table t1(a int not null primary key, b char(200)) engine=innodb; +create table t2(a int not null primary key, b char(200)) engine=innodb row_format=compressed; +create table t3(a int not null primary key, b char(200)) engine=innodb page_compressed=yes; +create table t4(a int not null primary key, b char(200)) engine=innodb encrypted=yes; +create table t5(a int not null primary key, b char(200)) engine=innodb encrypted=yes row_format=compressed; +create table t6(a int not null primary key, b char(200)) engine=innodb encrypted=yes page_compressed=yes; +create table t7(a int not null primary key, b char(200)) engine=innodb encrypted=no; +create table t8(a int not null primary key, b char(200)) engine=innodb encrypted=no row_format=compressed; +create table t9(a int not null primary key, b char(200)) engine=innodb encrypted=no page_compressed=yes; +insert into t1 values (1, 'secredmessage'); +insert into t2 values (1, 'secredmessage'); +insert into t3 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); +insert into t4 values (1, 'secredmessage'); +insert into t5 values (1, 'secredmessage'); +insert into t6 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); +insert into t7 values (1, 'publicmessage'); +insert into t8 values (1, 'publicmessage'); +insert into t9 values (1, 'pugliccompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); +# should list tables t1-t6 +SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'enctests%'; +NAME ENCRYPTION_SCHEME CURRENT_KEY_ID +enctests/t1 1 1 +enctests/t2 1 1 +enctests/t3 1 1 +enctests/t4 1 1 +enctests/t5 1 1 +enctests/t6 1 1 +# should list tables t7-t9 +SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 and NAME LIKE 'enctests%'; +NAME ENCRYPTION_SCHEME CURRENT_KEY_ID +enctests/t7 0 1 +enctests/t8 0 1 +enctests/t9 0 1 +SET GLOBAL innodb_encrypt_tables=OFF; +ERROR 42000: Variable 'innodb_encrypt_tables' can't be set to the value of 'OFF' +SET GLOBAL innodb_encrypt_tables=ON; +ERROR 42000: Variable 'innodb_encrypt_tables' can't be set to the value of 'ON' +# t1 default on expecting NOT FOUND +NOT FOUND /secred/ in t1.ibd +# t2 default on expecting NOT FOUND +NOT FOUND /secred/ in t2.ibd +# t3 default on expecting NOT FOUND +NOT FOUND /secred/ in t3.ibd +# t4 on expecting NOT FOUND +NOT FOUND /secred/ in t4.ibd +# t5 on expecting NOT FOUND +NOT FOUND /secred/ in t5.ibd +# t6 on expecting NOT FOUND +NOT FOUND /secred/ in t6.ibd +# t7 off expecting FOUND +FOUND /public/ in t7.ibd +# t8 row compressed expecting NOT FOUND +FOUND /public/ in t8.ibd +# t9 page compressed expecting NOT FOUND +NOT FOUND /public/ in t9.ibd +use test; +drop database enctests; diff --git a/mysql-test/suite/encryption/r/innodb-missing-key.result b/mysql-test/suite/encryption/r/innodb-missing-key.result index b59ec158273..2d2bc91c321 100644 --- a/mysql-test/suite/encryption/r/innodb-missing-key.result +++ b/mysql-test/suite/encryption/r/innodb-missing-key.result @@ -1,6 +1,4 @@ -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id .* is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); +call mtr.add_suppression("InnoDB: The page .* in file test/t. cannot be decrypted"); # Start server with keys2.txt CREATE TABLE t1(a int not null primary key auto_increment, b varchar(128)) engine=innodb ENCRYPTED=YES ENCRYPTION_KEY_ID=19; diff --git a/mysql-test/suite/encryption/r/innodb-spatial-index.result b/mysql-test/suite/encryption/r/innodb-spatial-index.result index 7ad0af72bcd..852be0b9a73 100644 --- a/mysql-test/suite/encryption/r/innodb-spatial-index.result +++ b/mysql-test/suite/encryption/r/innodb-spatial-index.result @@ -36,7 +36,7 @@ mysql/innodb_table_stats mysql/innodb_index_stats test/t1 test/t2 -NULL +innodb_system SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; NAME DROP TABLE t1, t2; diff --git a/mysql-test/suite/encryption/r/innodb_encryption.result b/mysql-test/suite/encryption/r/innodb_encryption.result index 9b762bbba11..26c77499d25 100644 --- a/mysql-test/suite/encryption/r/innodb_encryption.result +++ b/mysql-test/suite/encryption/r/innodb_encryption.result @@ -17,6 +17,7 @@ CURRENT_KEY_VERSION int(11) unsigned NO 0 KEY_ROTATION_PAGE_NUMBER bigint(21) unsigned YES NULL KEY_ROTATION_MAX_PAGE_NUMBER bigint(21) unsigned YES NULL CURRENT_KEY_ID int(11) unsigned NO 0 +ROTATING_OR_FLUSHING int(1) unsigned NO 0 # Wait max 5 min for key encryption threads to encrypt one space # Success! # Wait max 10 min for key encryption threads to encrypt all space diff --git a/mysql-test/suite/encryption/r/innodb_onlinealter_encryption.result b/mysql-test/suite/encryption/r/innodb_onlinealter_encryption.result index d04525b0d5a..26765229a2e 100644 --- a/mysql-test/suite/encryption/r/innodb_onlinealter_encryption.result +++ b/mysql-test/suite/encryption/r/innodb_onlinealter_encryption.result @@ -22,7 +22,7 @@ end while; end// commit; set autocommit=0; -call innodb_insert_proc(15000); +call innodb_insert_proc(1500); commit; set autocommit=1; # Wait max 10 min for key encryption threads to encrypt all spaces @@ -40,6 +40,8 @@ NOT FOUND /author/ in t5.ibd NOT FOUND /mangled/ in t6.ibd # t7 ... on expecting NOT FOUND NOT FOUND /mysql/ in t7.ibd +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; ALTER TABLE t1 ADD COLUMN b int default 2; ALTER TABLE t2 ADD COLUMN b int default 2; ALTER TABLE t7 ADD COLUMN b int default 2; @@ -133,42 +135,5 @@ NOT FOUND /author/ in t5.ibd NOT FOUND /mangled/ in t6.ibd # t7 ... on expecting NOT FOUND NOT FOUND /mysql/ in t7.ibd -# Restarting server -# Done restarting server -select count(1) from t1; -count(1) -15000 -select count(1) from t2; -count(1) -15000 -select count(1) from t3; -count(1) -15000 -select count(1) from t4; -count(1) -15000 -select count(1) from t5; -count(1) -15000 -select count(1) from t6; -count(1) -15000 -select count(1) from t7; -count(1) -15000 -# t1 yes on expecting NOT FOUND -NOT FOUND /foobar/ in t1.ibd -# t2 ... on expecting NOT FOUND -NOT FOUND /temp/ in t2.ibd -# t3 ... on expecting NOT FOUND -NOT FOUND /barfoo/ in t3.ibd -# t4 ... on expecting NOT FOUND -NOT FOUND /repeat/ in t4.ibd -# t5 ... on expecting NOT FOUND -NOT FOUND /author/ in t5.ibd -# t6 ... on expecting NOT FOUND -NOT FOUND /mangled/ in t6.ibd -# t7 ... on expecting NOT FOUND -NOT FOUND /mysql/ in t7.ibd DROP PROCEDURE innodb_insert_proc; DROP TABLE t1, t2, t3, t4, t5, t6, t7; diff --git a/mysql-test/suite/encryption/t/debug_key_management.test b/mysql-test/suite/encryption/t/debug_key_management.test index b4dc8c41916..5001ac6a516 100644 --- a/mysql-test/suite/encryption/t/debug_key_management.test +++ b/mysql-test/suite/encryption/t/debug_key_management.test @@ -11,14 +11,15 @@ show variables like 'innodb_encrypt%'; let $wait_condition= select count(*) = 3 from information_schema.innodb_tablespaces_encryption where current_key_version=1; --source include/wait_condition.inc -select space,name,current_key_version from information_schema.innodb_tablespaces_encryption order by space; +select count(*) from information_schema.innodb_tablespaces_encryption where current_key_version <> 1; set global debug_key_management_version=10; let $wait_condition= select count(*) = 3 from information_schema.innodb_tablespaces_encryption where current_key_version=10; --source include/wait_condition.inc -select space,name,current_key_version from information_schema.innodb_tablespaces_encryption order by space; +select count(*) from information_schema.innodb_tablespaces_encryption where current_key_version <> 10; # Note that we expect that key_version is increasing so disable encryption before reset + set global innodb_encrypt_tables=OFF; set global debug_key_management_version=1; diff --git a/mysql-test/suite/encryption/t/encrypt_and_grep.opt b/mysql-test/suite/encryption/t/encrypt_and_grep.opt index bcff011eb82..5c9aaf65b06 100644 --- a/mysql-test/suite/encryption/t/encrypt_and_grep.opt +++ b/mysql-test/suite/encryption/t/encrypt_and_grep.opt @@ -1,8 +1,7 @@ --innodb-encrypt-tables=ON --innodb-encrypt-log=ON --innodb-encryption-rotate-key-age=15 ---innodb-encryption-threads=4 +--innodb-encryption-threads=1 --innodb-tablespaces-encryption ---innodb-max-dirty-pages-pct=0.001 diff --git a/mysql-test/suite/encryption/t/encrypt_and_grep.test b/mysql-test/suite/encryption/t/encrypt_and_grep.test index 2a5fcbcebf8..fd54fc74f0a 100644 --- a/mysql-test/suite/encryption/t/encrypt_and_grep.test +++ b/mysql-test/suite/encryption/t/encrypt_and_grep.test @@ -1,5 +1,5 @@ -- source include/have_innodb.inc --- source include/have_example_key_management_plugin.inc +-- source include/have_file_key_management_plugin.inc # embedded does not support restart -- source include/not_embedded.inc @@ -30,7 +30,10 @@ insert t3 values (repeat('dummy', 42)); --let $wait_condition=SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 --source include/wait_condition.inc ---sleep 5 +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; + +--source include/shutdown_mysqld.inc --let SEARCH_PATTERN=foobar --echo # t1 yes on expecting NOT FOUND @@ -49,15 +52,21 @@ insert t3 values (repeat('dummy', 42)); -- let SEARCH_FILE=$ib1_IBD -- source include/search_pattern_in_file.inc +-- source include/start_mysqld.inc + --echo # Now turn off encryption and wait for threads to decrypt everything -SET GLOBAL innodb_encryption_threads = 4; +SET GLOBAL innodb_encryption_threads = 1; SET GLOBAL innodb_encrypt_tables = off; --echo # Wait max 10 min for key encryption threads to decrypt all spaces --let $wait_timeout= 600 ---let $wait_condition=SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +--let $wait_condition=SELECT COUNT(*) = 5 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND KEY_ROTATION_PAGE_NUMBER IS NULL; --source include/wait_condition.inc ---sleep 5 + +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; + +--source include/shutdown_mysqld.inc --let SEARCH_PATTERN=foobar --echo # t1 yes on expecting NOT FOUND @@ -76,6 +85,8 @@ SET GLOBAL innodb_encrypt_tables = off; -- let SEARCH_FILE=$ib1_IBD -- source include/search_pattern_in_file.inc +-- source include/start_mysqld.inc + --echo # Now turn on encryption and wait for threads to encrypt all spaces SET GLOBAL innodb_encryption_threads = 4; SET GLOBAL innodb_encrypt_tables = on; @@ -84,7 +95,11 @@ SET GLOBAL innodb_encrypt_tables = on; --let $wait_timeout= 600 --let $wait_condition=SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; --source include/wait_condition.inc ---sleep 5 + +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; + +--source include/shutdown_mysqld.inc --let SEARCH_PATTERN=foobar --echo # t1 yes on expecting NOT FOUND @@ -103,6 +118,6 @@ SET GLOBAL innodb_encrypt_tables = on; -- let SEARCH_FILE=$ib1_IBD -- source include/search_pattern_in_file.inc ---echo # TODO: add shutdown + grep tests +-- source include/start_mysqld.inc drop table t1, t2, t3; diff --git a/mysql-test/suite/encryption/t/innodb-bad-key-change.test b/mysql-test/suite/encryption/t/innodb-bad-key-change.test index cc5e6b36ac3..e8b5de99d80 100644 --- a/mysql-test/suite/encryption/t/innodb-bad-key-change.test +++ b/mysql-test/suite/encryption/t/innodb-bad-key-change.test @@ -13,16 +13,9 @@ # call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); -call mtr.add_suppression("InnoDB: Database page corruption on disk or a failed.*"); call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id .* is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -call mtr.add_suppression("mysqld: File .*"); -call mtr.add_suppression("InnoDB: Tablespace id .* is encrypted but encryption service or used key_id .* is not available. Can't continue opening tablespace."); -call mtr.add_suppression("InnoDB: InnoDB: Page may be an index page where index id is .*"); +call mtr.add_suppression("InnoDB: The page .* in file test/.* cannot be decrypted"); +call mtr.add_suppression("mysqld: File .* not found"); --echo --echo # Start server with keys2.txt diff --git a/mysql-test/suite/encryption/t/innodb-bad-key-change2.test b/mysql-test/suite/encryption/t/innodb-bad-key-change2.test index 7c61c34ec59..c7c9e66dcf8 100644 --- a/mysql-test/suite/encryption/t/innodb-bad-key-change2.test +++ b/mysql-test/suite/encryption/t/innodb-bad-key-change2.test @@ -8,42 +8,28 @@ # # MDEV-8750: Server crashes in page_cur_is_after_last on altering table using a wrong encryption key # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); # Suppression for builds where file_key_management plugin is linked statically -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); --write_file $MYSQLTEST_VARDIR/keys1.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530143 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc CREATE TABLE t1 (pk INT PRIMARY KEY, f VARCHAR(8)) ENGINE=InnoDB ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1,'foo'),(2,'bar'); ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - --write_file $MYSQLTEST_VARDIR/keys2.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530144 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt +--source include/restart_mysqld.inc --error ER_GET_ERRMSG select * from t1; @@ -55,5 +41,9 @@ show warnings; alter table t1 engine=InnoDB; show warnings; +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc + +DROP TABLE t1; --remove_file $MYSQLTEST_VARDIR/keys1.txt --remove_file $MYSQLTEST_VARDIR/keys2.txt diff --git a/mysql-test/suite/encryption/t/innodb-bad-key-change4.test b/mysql-test/suite/encryption/t/innodb-bad-key-change4.test index 0b1db40b866..0459c433ece 100644 --- a/mysql-test/suite/encryption/t/innodb-bad-key-change4.test +++ b/mysql-test/suite/encryption/t/innodb-bad-key-change4.test @@ -8,66 +8,36 @@ # # MDEV-8768: Server crash at file btr0btr.ic line 122 when checking encrypted table using incorrect keys # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); # Suppression for builds where file_key_management plugin is linked statically -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); --write_file $MYSQLTEST_VARDIR/keys1.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530143 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc - ---let $MYSQLD_TMPDIR = `SELECT @@tmpdir` ---let $MYSQLD_DATADIR = `SELECT @@datadir` +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc CREATE TABLE t1 (pk INT PRIMARY KEY, f VARCHAR(8)) ENGINE=InnoDB ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1,'foo'),(2,'bar'); ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - --write_file $MYSQLTEST_VARDIR/keys2.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530144 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt +--source include/restart_mysqld.inc --replace_regex /tablespace [0-9]*/tablespace #/ CHECK TABLE t1; SHOW WARNINGS; ---remove_file $MYSQLTEST_VARDIR/keys1.txt ---remove_file $MYSQLTEST_VARDIR/keys2.txt - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---write_file $MYSQLTEST_VARDIR/keys1.txt -1;770A8A65DA156D24EE2A093277530142 -4;770A8A65DA156D24EE2A093277530143 -EOF - ---exec echo "restart:--innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc DROP TABLE t1; - --remove_file $MYSQLTEST_VARDIR/keys1.txt +--remove_file $MYSQLTEST_VARDIR/keys2.txt diff --git a/mysql-test/suite/encryption/t/innodb-bad-key-change5.test b/mysql-test/suite/encryption/t/innodb-bad-key-change5.test index 5f63eebe034..b205d203374 100644 --- a/mysql-test/suite/encryption/t/innodb-bad-key-change5.test +++ b/mysql-test/suite/encryption/t/innodb-bad-key-change5.test @@ -8,64 +8,35 @@ # # MDEV-8769: Server crash at file btr0btr.ic line 122 when defragmenting encrypted table using incorrect keys # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); # Suppression for builds where file_key_management plugin is linked statically -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); --write_file $MYSQLTEST_VARDIR/keys1.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530143 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc - ---let $MYSQLD_TMPDIR = `SELECT @@tmpdir` ---let $MYSQLD_DATADIR = `SELECT @@datadir` +--let $restart_parameters= --innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc CREATE TABLE t1 (pk INT PRIMARY KEY, f VARCHAR(8)) ENGINE=InnoDB ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1,'foo'),(2,'bar'); ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - --write_file $MYSQLTEST_VARDIR/keys2.txt 1;770A8A65DA156D24EE2A093277530142 4;770A8A65DA156D24EE2A093277530144 EOF ---exec echo "restart:--innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt +--source include/restart_mysqld.inc OPTIMIZE TABLE t1; SHOW WARNINGS; ---remove_file $MYSQLTEST_VARDIR/keys1.txt ---remove_file $MYSQLTEST_VARDIR/keys2.txt - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---write_file $MYSQLTEST_VARDIR/keys1.txt -1;770A8A65DA156D24EE2A093277530142 -4;770A8A65DA156D24EE2A093277530143 -EOF - ---exec echo "restart:--innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --innodb-defragment=1 --innodb-stats-persistent --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc DROP TABLE t1; --remove_file $MYSQLTEST_VARDIR/keys1.txt +--remove_file $MYSQLTEST_VARDIR/keys2.txt diff --git a/mysql-test/suite/encryption/t/innodb-bad-key-shutdown.test b/mysql-test/suite/encryption/t/innodb-bad-key-shutdown.test index d27402edaa8..d1b009fad93 100644 --- a/mysql-test/suite/encryption/t/innodb-bad-key-shutdown.test +++ b/mysql-test/suite/encryption/t/innodb-bad-key-shutdown.test @@ -2,67 +2,51 @@ # MDEV-8727: Server/InnoDB hangs on shutdown after trying to read an encrypted table with a wrong key # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id .* is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -# Suppression for builds where file_key_management plugin is linked statically -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); - ---echo # ---echo # Restart the server with key 4 in the key file ---echo # - --source include/have_innodb.inc --source include/not_embedded.inc ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc +call mtr.add_suppression("InnoDB: The page .* in file test/t1 cannot be decrypted"); +# Suppression for builds where file_key_management plugin is linked statically +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); + +--echo # +--echo # Restart the server with key 4 in the key file +--echo # --write_file $MYSQLTEST_VARDIR/keys1.txt 1;770A8A65DA156D24EE2A093277530142 4;18420B5CBA31CCDFFE9716E91EB61374D05914F3ADE23E03 EOF ---exec echo "restart:--plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc CREATE TABLE t1 (i INT, KEY(i)) ENGINE=InnoDB ENCRYPTED=YES ENCRYPTION_KEY_ID=4; INSERT INTO t1 VALUES (1); ---echo # +--echo # --echo # Restart the server with a different value for key 4 in the key file ---echo # - ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc +--echo # --write_file $MYSQLTEST_VARDIR/keys2.txt 1;770A8A65DA156D24EE2A093277530142 4;22222222222222222222222222222222 EOF ---exec echo "restart:--plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys2.txt +--source include/restart_mysqld.inc ---error 1296 +--error ER_GET_ERRMSG SELECT * FROM t1; ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---exec echo "restart:--plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc SELECT * FROM t1; DROP TABLE t1; +--let $restart_parameters= +--source include/restart_mysqld.inc + --remove_file $MYSQLTEST_VARDIR/keys2.txt --remove_file $MYSQLTEST_VARDIR/keys1.txt diff --git a/mysql-test/suite/encryption/t/innodb-encryption-disable.test b/mysql-test/suite/encryption/t/innodb-encryption-disable.test index 8a8b451f5b1..fed9878ffbc 100644 --- a/mysql-test/suite/encryption/t/innodb-encryption-disable.test +++ b/mysql-test/suite/encryption/t/innodb-encryption-disable.test @@ -9,29 +9,15 @@ # # MDEV-9559: Server without encryption configs crashes if selecting from an implicitly encrypted table # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id 1 is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); -call mtr.add_suppression(".*InnoDB: Cannot open table test/.* from the internal data dictionary of InnoDB though the .frm file for the table exists. See .* for how you can resolve the problem."); -call mtr.add_suppression("InnoDB: .ibd file is missing for table test/.*"); -# Suppression for builds where file_key_management plugin is linked statically -call mtr.add_suppression("Couldn't load plugins from 'file_key_management*"); -call mtr.add_suppression("InnoDB: Tablespace id.* is encrypted but encryption service or used key_id .* is not available. Can't continue opening tablespace."); +call mtr.add_suppression("InnoDB: The page .* in file test/t[15] cannot be decrypted"); +call mtr.add_suppression("Couldn't load plugins from 'file_key_management"); ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---error 0,1,2 ---remove_file $MYSQLTEST_VARDIR/encryption-disable-keys1.txt ---write_file $MYSQLTEST_VARDIR/encryption-disable-keys1.txt +--write_file $MYSQLTEST_VARDIR/keys1.txt 1;770A8A65DA156D24EE2A093277530142 -4;770A8A65DA156D24EE2A093277530143 EOF ---exec echo "restart:--innodb-encrypt-tables --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/encryption-disable-keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc create table t5 ( `intcol1` int(32) DEFAULT NULL, @@ -61,28 +47,18 @@ alter table t1 encrypted='yes' `encryption_key_id`=1; select * from t1; select * from t5; ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---exec echo "restart:--innodb-encrypt-tables=OFF" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables=OFF +--source include/restart_mysqld.inc ---error 1296 +--error ER_GET_ERRMSG select * from t1; ---error 1296 +--error ER_GET_ERRMSG select * from t5; ---exec echo "wait" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---shutdown_server ---source include/wait_until_disconnected.inc - ---exec echo "restart:--innodb-encrypt-tables --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/encryption-disable-keys1.txt" > $MYSQLTEST_VARDIR/tmp/mysqld.1.expect ---enable_reconnect ---source include/wait_until_connected_again.inc +--let $restart_parameters= --innodb-encrypt-tables --plugin-load-add=file_key_management.so --file-key-management --file-key-management-filename=$MYSQLTEST_VARDIR/keys1.txt +--source include/restart_mysqld.inc drop table t1; drop table t5; ---remove_file $MYSQLTEST_VARDIR/encryption-disable-keys1.txt +--remove_file $MYSQLTEST_VARDIR/keys1.txt diff --git a/mysql-test/suite/encryption/t/innodb-key-rotation-disable.opt b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.opt new file mode 100644 index 00000000000..03a0028d371 --- /dev/null +++ b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.opt @@ -0,0 +1,5 @@ +--innodb-encrypt-tables +--innodb-encrypt-log +--innodb-encryption-rotate-key-age=0 +--innodb-encryption-threads=4 +--innodb-tablespaces-encryption diff --git a/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test new file mode 100644 index 00000000000..fdbd6c8da7c --- /dev/null +++ b/mysql-test/suite/encryption/t/innodb-key-rotation-disable.test @@ -0,0 +1,102 @@ +-- source include/have_innodb.inc +-- source include/have_file_key_management_plugin.inc +# not embedded because of restarts +-- source include/not_embedded.inc + +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0; + +--disable_query_log +--disable_warnings +let $innodb_compression_algorithm_orig=`SELECT @@innodb_compression_algorithm`; +let $innodb_file_format_orig = `SELECT @@innodb_file_format`; +let $innodb_file_per_table_orig = `SELECT @@innodb_file_per_table`; +let $encryption = `SELECT @@innodb_encrypt_tables`; +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; +# zlib +set global innodb_compression_algorithm = 1; +--enable_warnings +--enable_query_log + +create database enctests; +use enctests; +create table t1(a int not null primary key, b char(200)) engine=innodb; +create table t2(a int not null primary key, b char(200)) engine=innodb row_format=compressed; +create table t3(a int not null primary key, b char(200)) engine=innodb page_compressed=yes; +create table t4(a int not null primary key, b char(200)) engine=innodb encrypted=yes; +create table t5(a int not null primary key, b char(200)) engine=innodb encrypted=yes row_format=compressed; +create table t6(a int not null primary key, b char(200)) engine=innodb encrypted=yes page_compressed=yes; +create table t7(a int not null primary key, b char(200)) engine=innodb encrypted=no; +create table t8(a int not null primary key, b char(200)) engine=innodb encrypted=no row_format=compressed; +create table t9(a int not null primary key, b char(200)) engine=innodb encrypted=no page_compressed=yes; + +insert into t1 values (1, 'secredmessage'); +insert into t2 values (1, 'secredmessage'); +insert into t3 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); +insert into t4 values (1, 'secredmessage'); +insert into t5 values (1, 'secredmessage'); +insert into t6 values (1, 'secredmessagecompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); +insert into t7 values (1, 'publicmessage'); +insert into t8 values (1, 'publicmessage'); +insert into t9 values (1, 'pugliccompressedaaaaaaaaabbbbbbbbbbbbbbccccccccccccccc'); + +--echo # should list tables t1-t6 +SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE 'enctests%'; +--echo # should list tables t7-t9 +SELECT NAME,ENCRYPTION_SCHEME,CURRENT_KEY_ID FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 and NAME LIKE 'enctests%'; + +--error ER_WRONG_VALUE_FOR_VAR +SET GLOBAL innodb_encrypt_tables=OFF; +--error ER_WRONG_VALUE_FOR_VAR +SET GLOBAL innodb_encrypt_tables=ON; + +--let $MYSQLD_DATADIR=`select @@datadir` + +-- source include/shutdown_mysqld.inc + +--let SEARCH_RANGE = 10000000 +--let SEARCH_PATTERN=secred +--echo # t1 default on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t1.ibd +-- source include/search_pattern_in_file.inc +--echo # t2 default on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t2.ibd +-- source include/search_pattern_in_file.inc +--echo # t3 default on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t3.ibd +-- source include/search_pattern_in_file.inc +--echo # t4 on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t4.ibd +-- source include/search_pattern_in_file.inc +--echo # t5 on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t5.ibd +-- source include/search_pattern_in_file.inc +--echo # t6 on expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t6.ibd +-- source include/search_pattern_in_file.inc +--let SEARCH_PATTERN=public +--echo # t7 off expecting FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t7.ibd +-- source include/search_pattern_in_file.inc +--echo # t8 row compressed expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t8.ibd +-- source include/search_pattern_in_file.inc +--echo # t9 page compressed expecting NOT FOUND +-- let SEARCH_FILE=$MYSQLD_DATADIR/enctests/t9.ibd +-- source include/search_pattern_in_file.inc + +-- source include/start_mysqld.inc + +use test; +drop database enctests; +# reset system + +--disable_query_log +--disable_warnings +EVAL SET GLOBAL innodb_compression_algorithm = $innodb_compression_algorithm_orig; +EVAL SET GLOBAL innodb_file_per_table = $innodb_file_per_table_orig; +EVAL SET GLOBAL innodb_file_format = $innodb_file_format_orig; +set global innodb_compression_algorithm = DEFAULT; +--enable_warnings +--enable_query_log diff --git a/mysql-test/suite/encryption/t/innodb-missing-key.test b/mysql-test/suite/encryption/t/innodb-missing-key.test index 8fcfb766117..84ca92010e9 100644 --- a/mysql-test/suite/encryption/t/innodb-missing-key.test +++ b/mysql-test/suite/encryption/t/innodb-missing-key.test @@ -2,16 +2,11 @@ -- source include/have_file_key_management_plugin.inc # embedded does not support restart -- source include/not_embedded.inc --- source include/not_valgrind.inc -# Avoid CrashReporter popup on Mac --- source include/not_crashrep.inc # # MDEV-11004: Unable to start (Segfault or os error 2) when encryption key missing # -call mtr.add_suppression("InnoDB: Block in space_id .* in file test/.* encrypted"); -call mtr.add_suppression("InnoDB: However key management plugin or used key_id .* is not found or used encryption algorithm or method does not match."); -call mtr.add_suppression("InnoDB: Marking tablespace as missing. You may drop this table or install correct key management plugin and key file."); +call mtr.add_suppression("InnoDB: The page .* in file test/t. cannot be decrypted"); --echo --echo # Start server with keys2.txt diff --git a/mysql-test/suite/encryption/t/innodb_onlinealter_encryption.test b/mysql-test/suite/encryption/t/innodb_onlinealter_encryption.test index eb90c446a81..e7e8405e839 100644 --- a/mysql-test/suite/encryption/t/innodb_onlinealter_encryption.test +++ b/mysql-test/suite/encryption/t/innodb_onlinealter_encryption.test @@ -1,18 +1,7 @@ -- source include/have_innodb.inc --- source include/have_example_key_management_plugin.inc --- source include/not_valgrind.inc +-- source include/have_file_key_management_plugin.inc +# test uses restart -- source include/not_embedded.inc --- source include/not_windows.inc - ---let $MYSQLD_DATADIR=`select @@datadir` ---let SEARCH_RANGE = 10000000 ---let t1_IBD = $MYSQLD_DATADIR/test/t1.ibd ---let t2_IBD = $MYSQLD_DATADIR/test/t2.ibd ---let t3_IBD = $MYSQLD_DATADIR/test/t3.ibd ---let t4_IBD = $MYSQLD_DATADIR/test/t4.ibd ---let t5_IBD = $MYSQLD_DATADIR/test/t5.ibd ---let t6_IBD = $MYSQLD_DATADIR/test/t6.ibd ---let t7_IBD = $MYSQLD_DATADIR/test/t7.ibd CREATE TABLE t1 (id INT NOT NULL PRIMARY KEY, a VARCHAR(255)) ENGINE=InnoDB encrypted=yes; CREATE TABLE t2 (id INT NOT NULL PRIMARY KEY, a VARCHAR(255)) ENGINE=InnoDB; @@ -42,7 +31,7 @@ delimiter ;// commit; set autocommit=0; -call innodb_insert_proc(15000); +call innodb_insert_proc(1500); commit; set autocommit=1; @@ -50,37 +39,48 @@ set autocommit=1; --let $wait_timeout= 600 --let $wait_condition=SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 --source include/wait_condition.inc +--let $MYSQLD_DATADIR=`select @@datadir` ---sleep 10 +--source include/shutdown_mysqld.inc +--source include/wait_until_disconnected.inc + +--let SEARCH_RANGE = 10000000 --let SEARCH_PATTERN=foobar --echo # t1 yes on expecting NOT FOUND --- let SEARCH_FILE=$t1_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t1.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=temp --echo # t2 ... on expecting NOT FOUND --- let SEARCH_FILE=$t2_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t2.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=barfoo --echo # t3 ... on expecting NOT FOUND --- let SEARCH_FILE=$t3_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t3.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=repeat --echo # t4 ... on expecting NOT FOUND --- let SEARCH_FILE=$t4_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t4.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=author --echo # t5 ... on expecting NOT FOUND --- let SEARCH_FILE=$t5_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t5.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=mangled --echo # t6 ... on expecting NOT FOUND --- let SEARCH_FILE=$t6_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t6.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=mysql --echo # t7 ... on expecting NOT FOUND --- let SEARCH_FILE=$t7_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t7.ibd -- source include/search_pattern_in_file.inc +-- source include/start_mysqld.inc + +--disable_warnings +SET GLOBAL innodb_file_format = `Barracuda`; +SET GLOBAL innodb_file_per_table = ON; +--enable_warnings + ALTER TABLE t1 ADD COLUMN b int default 2; ALTER TABLE t2 ADD COLUMN b int default 2; ALTER TABLE t7 ADD COLUMN b int default 2; @@ -102,76 +102,39 @@ SHOW CREATE TABLE t5; SHOW CREATE TABLE t6; SHOW CREATE TABLE t7; ---sleep 10 ---let SEARCH_PATTERN=foobar ---echo # t1 yes on expecting NOT FOUND --- let SEARCH_FILE=$t1_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=temp ---echo # t2 ... on expecting NOT FOUND --- let SEARCH_FILE=$t2_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=barfoo ---echo # t3 ... on expecting NOT FOUND --- let SEARCH_FILE=$t3_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=repeat ---echo # t4 ... on expecting NOT FOUND --- let SEARCH_FILE=$t4_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=author ---echo # t5 ... on expecting NOT FOUND --- let SEARCH_FILE=$t5_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=mangled ---echo # t6 ... on expecting NOT FOUND --- let SEARCH_FILE=$t6_IBD --- source include/search_pattern_in_file.inc ---let SEARCH_PATTERN=mysql ---echo # t7 ... on expecting NOT FOUND --- let SEARCH_FILE=$t7_IBD --- source include/search_pattern_in_file.inc - ---echo # Restarting server --- source include/restart_mysqld.inc ---echo # Done restarting server - -select count(1) from t1; -select count(1) from t2; -select count(1) from t3; -select count(1) from t4; -select count(1) from t5; -select count(1) from t6; -select count(1) from t7; +--source include/shutdown_mysqld.inc +--source include/wait_until_disconnected.inc --let SEARCH_PATTERN=foobar --echo # t1 yes on expecting NOT FOUND --- let SEARCH_FILE=$t1_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t1.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=temp --echo # t2 ... on expecting NOT FOUND --- let SEARCH_FILE=$t2_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t2.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=barfoo --echo # t3 ... on expecting NOT FOUND --- let SEARCH_FILE=$t3_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t3.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=repeat --echo # t4 ... on expecting NOT FOUND --- let SEARCH_FILE=$t4_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t4.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=author --echo # t5 ... on expecting NOT FOUND --- let SEARCH_FILE=$t5_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t5.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=mangled --echo # t6 ... on expecting NOT FOUND --- let SEARCH_FILE=$t6_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t6.ibd -- source include/search_pattern_in_file.inc --let SEARCH_PATTERN=mysql --echo # t7 ... on expecting NOT FOUND --- let SEARCH_FILE=$t7_IBD +-- let SEARCH_FILE=$MYSQLD_DATADIR/test/t7.ibd -- source include/search_pattern_in_file.inc +-- source include/start_mysqld.inc + DROP PROCEDURE innodb_insert_proc; DROP TABLE t1, t2, t3, t4, t5, t6, t7; |