diff options
Diffstat (limited to 'plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result')
-rw-r--r-- | plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result b/plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result new file mode 100644 index 00000000000..6e06e0f1d30 --- /dev/null +++ b/plugin/hashicorp_key_management/mysql-test/vault/r/hashicorp_key_rotation_age.result @@ -0,0 +1,97 @@ +SHOW GLOBAL variables LIKE "hashicorp%"; +Variable_name Value +hashicorp_key_management_cache_timeout 60000 +hashicorp_key_management_cache_version_timeout 0 +hashicorp_key_management_caching_enabled ON +hashicorp_key_management_check_kv_version OFF +hashicorp_key_management_max_retries 3 +hashicorp_key_management_timeout 60 +hashicorp_key_management_use_cache_on_timeout OFF +hashicorp_key_management_vault_ca +hashicorp_key_management_vault_url VAULT_ADDR/v1/mariadbtest/ +# Restart the server with encryption +# restart: with restart_parameters +CREATE TABLE t1 (f1 INT, f2 VARCHAR(256))engine=innodb; +INSERT INTO t1 VALUES(1, 'MariaDB'), (2, 'Robot'), (3, 'Science'); +INSERT INTO t1 SELECT * FROM t1; +CREATE TABLE t2(f1 INT, f2 VARCHAR(256))engine=innodb; +INSERT INTO t2 SELECT * FROM t1; +CREATE TABLE t3(f1 INT, f2 VARCHAR(256))engine=innodb encrypted=yes; +INSERT INTO t3 SELECT * FROM t1; +CREATE TABLE t33(f1 INT, f2 VARCHAR(256)) engine=innodb encrypted=yes encryption_key_id=2; +INSERT INTO t33 VALUES (12345, '1234567890'); +# Restart the server with encryption and rotate key age +# restart: with restart_parameters +# Wait until encryption threads have encrypted all tablespaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%"; +NAME +SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%"; +NAME CURRENT_KEY_VERSION +test/t1 1 +test/t2 1 +test/t3 1 +test/t33 1 +# Restart the server with innodb_encryption_rotate_key_age= 0 +# restart: with restart_parameters +create table t4 (f1 int not null)engine=innodb encrypted=NO; +alter table t33 encryption_key_id=111; +ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID' +# Update key value to version 2 +alter table t33 encryption_key_id=222; +ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID' +# Wait until encryption threads have encrypted all tablespaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%"; +NAME +test/t4 +SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%"; +NAME CURRENT_KEY_VERSION +test/t1 2 +test/t2 2 +test/t3 2 +test/t33 1 +# Disable encryption when innodb_encryption_rotate_key_age is 0 +set global innodb_encrypt_tables = OFF; +# Wait until encryption threads to decrypt all encrypted tablespaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%"; +NAME +test/t1 +test/t2 +test/t4 +# Display only encrypted create tables (t3) +SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%"; +NAME CURRENT_KEY_VERSION +test/t3 2 +test/t33 1 +alter table t33 encryption_key_id=333; +ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID' +# Update key value to version 3 +alter table t33 encryption_key_id=444; +ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID' +# Enable encryption when innodb_encryption_rotate_key_age is 0 +set global innodb_encrypt_tables = ON; +# Wait until encryption threads to encrypt all unencrypted tablespaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%"; +NAME +test/t4 +# Display only unencrypted create tables (t4) +SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%"; +NAME CURRENT_KEY_VERSION +test/t1 3 +test/t2 3 +test/t3 3 +test/t33 1 +# restart: with restart_parameters +alter table t33 encryption_key_id=555; +ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'ENCRYPTION_KEY_ID' +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0 AND NAME LIKE "test/%"; +NAME +test/t4 +SELECT NAME, CURRENT_KEY_VERSION FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0 AND NAME LIKE "test/%"; +NAME CURRENT_KEY_VERSION +test/t1 3 +test/t2 3 +test/t3 3 +test/t33 1 +DROP TABLE t4, t3, t2, t1; +DROP TABLE t33; +# restart |