diff --git a/contrib/pg_tde/t/001_basic.pl b/contrib/pg_tde/t/001_basic.pl index 97a5623cd2c..0bd3468b387 100644 --- a/contrib/pg_tde/t/001_basic.pl +++ b/contrib/pg_tde/t/001_basic.pl @@ -19,41 +19,33 @@ close $conf; my $rt_value = $node->start; ok($rt_value == 1, "Start Server"); -my ($cmdret, $stdout, $stderr) = $node->psql('postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "CREATE PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;'); -my ($cmdret, $stdout, $stderr) = $node->psql('postgres', 'SELECT extname, extversion FROM pg_extension WHERE extname = \'pg_tde\';', extra_params => ['-a']); -ok($cmdret == 0, "SELECT PGTDE VERSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT extname, extversion FROM pg_extension WHERE extname = \'pg_tde\';'); -$rt_value = $node->psql('postgres', 'CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -ok($rt_value == 3, "Failing query"); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$rt_value = $node->psql('postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');", extra_params => ['-a']); -$rt_value = $node->psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault');", extra_params => ['-a']); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');"); -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault');"); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc (k) VALUES (\'foobar\'),(\'barfoo\');', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap;'); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc (k) VALUES (\'foobar\'),(\'barfoo\');'); + +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); # Verify that we can't see the data in the file my $tablefile = $node->safe_psql('postgres', 'SHOW data_directory;'); @@ -68,12 +60,9 @@ $strings = 'CONTAINS FOO (should be empty): '; $strings .= `strings $tablefile | grep foo`; PGTDE::append_to_file($strings); -$stdout = $node->safe_psql('postgres', 'DROP TABLE test_enc;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc;'); -$stdout = $node->safe_psql('postgres', 'DROP EXTENSION pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "DROP PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP EXTENSION pg_tde;'); $node->stop(); diff --git a/contrib/pg_tde/t/002_rotate_key.pl b/contrib/pg_tde/t/002_rotate_key.pl index 436892ba2f1..d0ddf6c2992 100644 --- a/contrib/pg_tde/t/002_rotate_key.pl +++ b/contrib/pg_tde/t/002_rotate_key.pl @@ -19,123 +19,86 @@ close $conf; my $rt_value = $node->start; ok($rt_value == 1, "Start Server"); -my ($cmdret, $stdout, $stderr) = $node->psql('postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "CREATE PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;'); -$rt_value = $node->psql('postgres', 'CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -ok($rt_value == 3, "Failing query"); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_database_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_global_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2g.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_global_key_provider_file('file-3','/tmp/pg_tde_test_keyring_3.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_database_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2.per');"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_global_key_provider_file('file-2','/tmp/pg_tde_test_keyring_2g.per');"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_global_key_provider_file('file-3','/tmp/pg_tde_test_keyring_3.per');"); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_list_all_database_key_providers();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_list_all_database_key_providers();"); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault');"); -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc (k) VALUES (5),(6);', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc (k) VALUES (5),(6);'); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); # Rotate key -$stdout = $node->psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('rotated-key1');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('rotated-key1');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();"); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); # Again rotate key -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('rotated-key2','file-2');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('rotated-key2','file-2');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();"); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); # Again rotate key -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_key_using_global_key_provider('rotated-key', 'file-3', false);", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_global_key_provider('rotated-key', 'file-3', false);"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();"); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); # TODO: add method to query current info # And maybe debug tools to show what's in a file keyring? # Again rotate key -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX', 'file-2', false);", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX', 'file-2', false);"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();"); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id ASC;'); -$stdout = $node->safe_psql('postgres', 'ALTER SYSTEM SET pg_tde.inherit_global_providers = OFF;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'ALTER SYSTEM SET pg_tde.inherit_global_providers = OFF;'); # Things still work after a restart PGTDE::append_to_file("-- server restart"); @@ -144,36 +107,24 @@ $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); # But now can't be changed to another global provider -($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX2', 'file-2', false);", extra_params => ['-a']); -PGTDE::append_to_file($stderr); -$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); - -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('rotated-key2','file-2');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -($cmdret, $stdout, $stderr) = $node->psql('postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); - -$stdout = $node->safe_psql('postgres', 'DROP TABLE test_enc;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', 'ALTER SYSTEM RESET pg_tde.inherit_global_providers;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX2', 'file-2', false);"); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();"); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();"); + +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('rotated-key2','file-2');"); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();"); +PGTDE::psql($node, 'postgres', "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();"); + +PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc;'); + +PGTDE::psql($node, 'postgres', 'ALTER SYSTEM RESET pg_tde.inherit_global_providers;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -($cmdret, $stdout, $stderr) = $node->psql('postgres', 'DROP EXTENSION pg_tde CASCADE;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); +PGTDE::psql($node, 'postgres', 'DROP EXTENSION pg_tde CASCADE;'); $node->stop(); diff --git a/contrib/pg_tde/t/003_remote_config.pl b/contrib/pg_tde/t/003_remote_config.pl index 1adfa99b58c..d8636044432 100644 --- a/contrib/pg_tde/t/003_remote_config.pl +++ b/contrib/pg_tde/t/003_remote_config.pl @@ -59,36 +59,27 @@ close $conf; my $rt_value = $node->start(); ok($rt_value == 1, "Start Server"); -my ($cmdret, $stdout, $stderr) = $node->psql('postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "CREATE PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;'); -$rt_value = $node->psql('postgres', "SELECT pg_tde_add_database_key_provider_file('file-provider', json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8888/hello' ));", extra_params => ['-a']); -$rt_value = $node->psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider');", extra_params => ['-a']); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_database_key_provider_file('file-provider', json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8888/hello' ));"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider');"); -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc2(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc2(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc2 (k) VALUES (5),(6);', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc2 (k) VALUES (5),(6);'); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc2 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc2 ORDER BY id ASC;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc2 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc2 ORDER BY id ASC;'); -$stdout = $node->safe_psql('postgres', 'DROP TABLE test_enc2;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc2;'); -$stdout = $node->safe_psql('postgres', 'DROP EXTENSION pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "DROP PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP EXTENSION pg_tde;'); $node->stop(); diff --git a/contrib/pg_tde/t/004_file_config.pl b/contrib/pg_tde/t/004_file_config.pl index cbafeb4557e..9b924874edb 100644 --- a/contrib/pg_tde/t/004_file_config.pl +++ b/contrib/pg_tde/t/004_file_config.pl @@ -23,36 +23,27 @@ close $conf2; my $rt_value = $node->start(); ok($rt_value == 1, "Start Server"); -my ($cmdret, $stdout, $stderr) = $node->psql('postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "CREATE PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;'); -$rt_value = $node->psql('postgres', "SELECT pg_tde_add_database_key_provider_file('file-provider', json_object( 'type' VALUE 'file', 'path' VALUE '/tmp/datafile-location' ));", extra_params => ['-a']); -$rt_value = $node->psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider');", extra_params => ['-a']); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_database_key_provider_file('file-provider', json_object( 'type' VALUE 'file', 'path' VALUE '/tmp/datafile-location' ));"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider');"); -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc1(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc1(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc1 (k) VALUES (5),(6);', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc1 (k) VALUES (5),(6);'); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc1 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc1 ORDER BY id ASC;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc1 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc1 ORDER BY id ASC;'); -$stdout = $node->safe_psql('postgres', 'DROP TABLE test_enc1;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc1;'); -$stdout = $node->safe_psql('postgres', 'DROP EXTENSION pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "DROP PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP EXTENSION pg_tde;'); $node->stop(); diff --git a/contrib/pg_tde/t/005_multiple_extensions.pl b/contrib/pg_tde/t/005_multiple_extensions.pl index 776ed3be7e5..df393fff90d 100644 --- a/contrib/pg_tde/t/005_multiple_extensions.pl +++ b/contrib/pg_tde/t/005_multiple_extensions.pl @@ -19,7 +19,6 @@ if (index(lc($PG_VERSION_STRING), lc("Percona Distribution")) == -1) my $node = PGTDE->pgtde_init_pg(); my $pgdata = $node->data_dir; -# UPDATE postgresql.conf to include/load pg_stat_monitor library open my $conf, '>>', "$pgdata/postgresql.conf"; print $conf "shared_preload_libraries = 'pg_tde, pg_stat_monitor, pgaudit, set_user, pg_repack'\n"; print $conf "pg_stat_monitor.pgsm_bucket_time = 360000\n"; diff --git a/contrib/pg_tde/t/006_remote_vault_config.pl b/contrib/pg_tde/t/006_remote_vault_config.pl index 776635c1382..01c2f412469 100644 --- a/contrib/pg_tde/t/006_remote_vault_config.pl +++ b/contrib/pg_tde/t/006_remote_vault_config.pl @@ -67,36 +67,27 @@ close $conf; my $rt_value = $node->start(); ok($rt_value == 1, "Start Server"); -my ($cmdret, $stdout, $stderr) = $node->psql('postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "CREATE PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;'); -$rt_value = $node->psql('postgres', "SELECT pg_tde_add_database_key_provider_vault_v2('vault-provider', json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8889/token' ), json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8889/url' ), to_json('secret'::text), NULL);", extra_params => ['-a']); -$rt_value = $node->psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','vault-provider');", extra_params => ['-a']); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_database_key_provider_vault_v2('vault-provider', json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8889/token' ), json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8889/url' ), to_json('secret'::text), NULL);"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','vault-provider');"); -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc2(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc2(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc2 (k) VALUES (5),(6);', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc2 (k) VALUES (5),(6);'); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc2 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc2 ORDER BY id ASC;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc2 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc2 ORDER BY id ASC;'); -$stdout = $node->safe_psql('postgres', 'DROP TABLE test_enc2;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc2;'); -$stdout = $node->safe_psql('postgres', 'DROP EXTENSION pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "DROP PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP EXTENSION pg_tde;'); $node->stop(); diff --git a/contrib/pg_tde/t/007_tde_heap.pl b/contrib/pg_tde/t/007_tde_heap.pl index 6b960af8259..d84a4591214 100644 --- a/contrib/pg_tde/t/007_tde_heap.pl +++ b/contrib/pg_tde/t/007_tde_heap.pl @@ -26,87 +26,67 @@ close $conf; my $rt_value = $node->start; ok($rt_value == 1, "Start Server"); -my ($cmdret, $stdout, $stderr) = $node->psql('postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "CREATE PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;'); -$rt_value = $node->psql('postgres', 'CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -ok($rt_value == 3, "Failing query"); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap;'); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$rt_value = $node->psql('postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');", extra_params => ['-a']); -$rt_value = $node->psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault');", extra_params => ['-a']); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault');"); ######################### test_enc1 (simple create table w tde_heap) -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc1(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc1(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap;'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc1 (k) VALUES (\'foobar\'),(\'barfoo\');', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc1 (k) VALUES (\'foobar\'),(\'barfoo\');'); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc1 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc1 ORDER BY id ASC;'); ######################### test_enc2 (create heap + alter to tde_heap) -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc2(id SERIAL,k VARCHAR(32),PRIMARY KEY (id));', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc2(id SERIAL,k VARCHAR(32),PRIMARY KEY (id));'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc2 (k) VALUES (\'foobar\'),(\'barfoo\');', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc2 (k) VALUES (\'foobar\'),(\'barfoo\');'); -$stdout = $node->safe_psql('postgres', 'ALTER TABLE test_enc2 SET ACCESS METHOD tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'ALTER TABLE test_enc2 SET ACCESS METHOD tde_heap;'); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc2 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc2 ORDER BY id ASC;'); ######################### test_enc3 (default_table_access_method) -$stdout = $node->safe_psql('postgres', 'SET default_table_access_method = "tde_heap"; CREATE TABLE test_enc3(id SERIAL,k VARCHAR(32),PRIMARY KEY (id));', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SET default_table_access_method = "tde_heap"; CREATE TABLE test_enc3(id SERIAL,k VARCHAR(32),PRIMARY KEY (id));'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc3 (k) VALUES (\'foobar\'),(\'barfoo\');', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc3 (k) VALUES (\'foobar\'),(\'barfoo\');'); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc3 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc3 ORDER BY id ASC;'); ######################### test_enc4 (create heap + alter default) -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc4(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING heap;', extra_params => ['-a']); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc4(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING heap;'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc4 (k) VALUES (\'foobar\'),(\'barfoo\');', extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SET default_table_access_method = "tde_heap"; ALTER TABLE test_enc4 SET ACCESS METHOD DEFAULT;', extra_params => ['-a']); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc4 (k) VALUES (\'foobar\'),(\'barfoo\');'); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc4 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SET default_table_access_method = "tde_heap"; ALTER TABLE test_enc4 SET ACCESS METHOD DEFAULT;'); + +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc4 ORDER BY id ASC;'); ######################### test_enc5 (create tde_heap + truncate) -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc5(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc5(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap;'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc5 (k) VALUES (\'foobar\'),(\'barfoo\');', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc5 (k) VALUES (\'foobar\'),(\'barfoo\');'); -$stdout = $node->safe_psql('postgres', 'CHECKPOINT;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CHECKPOINT;'); -$stdout = $node->safe_psql('postgres', 'TRUNCATE test_enc5;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'TRUNCATE test_enc5;'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc5 (k) VALUES (\'foobar\'),(\'barfoo\');', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc5 (k) VALUES (\'foobar\'),(\'barfoo\');'); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc5 ORDER BY id ASC;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc5 ORDER BY id ASC;'); PGTDE::append_to_file("-- server restart"); $node->stop(); @@ -123,8 +103,7 @@ sub verify_table $tablefile .= '/'; $tablefile .= $node->safe_psql('postgres', 'SELECT pg_relation_filepath(\''.$table.'\');'); - $stdout = $node->safe_psql('postgres', 'SELECT * FROM ' . $table . ' ORDER BY id ASC;', extra_params => ['-a']); - PGTDE::append_to_file($stdout); + PGTDE::psql($node, 'postgres', 'SELECT * FROM ' . $table . ' ORDER BY id ASC;'); my $strings = 'TABLEFILE FOR ' . $table . ' FOUND: '; $strings .= `(ls $tablefile >/dev/null && echo -n yes) || echo -n no`; @@ -180,24 +159,13 @@ $strings = 'CONTAINS FOO (should be empty): '; $strings .= `strings $tablefile4 | grep foo`; PGTDE::append_to_file($strings); -$stdout = $node->safe_psql('postgres', 'DROP TABLE test_enc1;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', 'DROP TABLE test_enc2;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', 'DROP TABLE test_enc3;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', 'DROP TABLE test_enc4;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', 'DROP TABLE test_enc5;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc1;'); +PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc2;'); +PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc3;'); +PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc4;'); +PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc5;'); -$stdout = $node->safe_psql('postgres', 'DROP EXTENSION pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "DROP PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP EXTENSION pg_tde;'); $node->stop(); diff --git a/contrib/pg_tde/t/008_key_rotate_tablespace.pl b/contrib/pg_tde/t/008_key_rotate_tablespace.pl index 7e563b31def..fb73d2b26a3 100644 --- a/contrib/pg_tde/t/008_key_rotate_tablespace.pl +++ b/contrib/pg_tde/t/008_key_rotate_tablespace.pl @@ -9,8 +9,6 @@ use pgtde; PGTDE::setup_files_dir(basename($0)); -my ($cmdret, $stdout); - my $node = PGTDE->pgtde_init_pg(); my $pgdata = $node->data_dir; @@ -21,57 +19,43 @@ close $conf; my $rt_value = $node->start; ok($rt_value == 1, "Start Server"); -$node->safe_psql('postgres', - q{ -SET allow_in_place_tablespaces = true; -CREATE TABLESPACE test_tblspace LOCATION ''; -CREATE DATABASE tbc TABLESPACE = test_tblspace; -}); +PGTDE::psql($node, 'postgres', "SET allow_in_place_tablespaces = true; CREATE TABLESPACE test_tblspace LOCATION '';"); +PGTDE::psql($node, 'postgres', 'CREATE DATABASE tbc TABLESPACE = test_tblspace;'); -$stdout = $node->safe_psql('tbc', - q{ -CREATE EXTENSION IF NOT EXISTS pg_tde; -SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per'); -SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault'); +PGTDE::psql($node, 'tbc', 'CREATE EXTENSION IF NOT EXISTS pg_tde;'); +PGTDE::psql($node, 'tbc', "SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per');"); +PGTDE::psql($node, 'tbc', "SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault');"); +PGTDE::psql($node, 'tbc', " CREATE TABLE country_table ( country_id serial primary key, country_name text unique not null, continent text not null ) USING tde_heap; +"); +PGTDE::psql($node, 'tbc', " INSERT INTO country_table (country_name, continent) VALUES ('Japan', 'Asia'), ('UK', 'Europe'), ('USA', 'North America'); +"); -SELECT * FROM country_table; - -}, extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'tbc', 'SELECT * FROM country_table;'); -$cmdret = $node->psql('tbc', "SELECT pg_tde_set_key_using_database_key_provider('new-k', 'file-vault');", extra_params => ['-a']); -ok($cmdret == 0, "ROTATE KEY"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'tbc', "SELECT pg_tde_set_key_using_database_key_provider('new-k', 'file-vault');"); PGTDE::append_to_file("-- server restart"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('tbc', 'SELECT * FROM country_table;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'tbc', 'SELECT * FROM country_table;'); -$stdout = $node->safe_psql('tbc', 'DROP EXTENSION pg_tde CASCADE;', extra_params => ['-a']); -ok($cmdret == 0, "DROP PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'tbc', 'DROP EXTENSION pg_tde CASCADE;'); -$stdout = $node->safe_psql('postgres', q{ -DROP DATABASE tbc; -DROP TABLESPACE test_tblspace; -}, extra_params => ['-a']); -ok($cmdret == 0, "DROP DATABSE"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP DATABASE tbc;'); +PGTDE::psql($node, 'postgres', 'DROP TABLESPACE test_tblspace;'); $node->stop(); diff --git a/contrib/pg_tde/t/009_wal_encrypt.pl b/contrib/pg_tde/t/009_wal_encrypt.pl index 39b9fa4d069..233594c1674 100644 --- a/contrib/pg_tde/t/009_wal_encrypt.pl +++ b/contrib/pg_tde/t/009_wal_encrypt.pl @@ -22,82 +22,63 @@ close $conf; my $rt_value = $node->start; ok($rt_value == 1, "Start Server"); -my $stdout = $node->safe_psql('postgres', "CREATE EXTENSION IF NOT EXISTS pg_tde;", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "CREATE EXTENSION IF NOT EXISTS pg_tde;"); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_global_key_provider_file('file-keyring-010','/tmp/pg_tde_test_keyring010.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_global_key_provider_file('file-keyring-010','/tmp/pg_tde_test_keyring010.per');"); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_server_key_using_global_key_provider('server-key', 'file-keyring-010');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_server_key_using_global_key_provider('server-key', 'file-keyring-010');"); -$stdout = $node->safe_psql('postgres', 'ALTER SYSTEM SET pg_tde.wal_encrypt = on;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'ALTER SYSTEM SET pg_tde.wal_encrypt = on;'); PGTDE::append_to_file("-- server restart with wal encryption"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', "SHOW pg_tde.wal_encrypt;", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SHOW pg_tde.wal_encrypt;"); -$stdout = $node->safe_psql('postgres', "SELECT slot_name FROM pg_create_logical_replication_slot('tde_slot', 'test_decoding');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT slot_name FROM pg_create_logical_replication_slot('tde_slot', 'test_decoding');"); -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_wal (id SERIAL, k INTEGER, PRIMARY KEY (id));', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_wal (id SERIAL, k INTEGER, PRIMARY KEY (id));'); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_wal (k) VALUES (1), (2);', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_wal (k) VALUES (1), (2);'); -$stdout = $node->safe_psql('postgres', 'ALTER SYSTEM SET pg_tde.wal_encrypt = off;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'ALTER SYSTEM SET pg_tde.wal_encrypt = off;'); PGTDE::append_to_file("-- server restart without wal encryption"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', "SHOW pg_tde.wal_encrypt;", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SHOW pg_tde.wal_encrypt;"); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_wal (k) VALUES (3), (4);', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_wal (k) VALUES (3), (4);'); -$stdout = $node->safe_psql('postgres', 'ALTER SYSTEM SET pg_tde.wal_encrypt = on;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'ALTER SYSTEM SET pg_tde.wal_encrypt = on;'); PGTDE::append_to_file("-- server restart with wal encryption"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', "SHOW pg_tde.wal_encrypt;", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SHOW pg_tde.wal_encrypt;"); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_wal (k) VALUES (5), (6);', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_wal (k) VALUES (5), (6);'); PGTDE::append_to_file("-- server restart with still wal encryption"); $node->stop(); $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); -$stdout = $node->safe_psql('postgres', "SHOW pg_tde.wal_encrypt;", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SHOW pg_tde.wal_encrypt;"); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_wal (k) VALUES (7), (8);', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_wal (k) VALUES (7), (8);'); -$stdout = $node->safe_psql('postgres', "SELECT data FROM pg_logical_slot_get_changes('tde_slot', NULL, NULL);", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT data FROM pg_logical_slot_get_changes('tde_slot', NULL, NULL);"); -$stdout = $node->safe_psql('postgres', "SELECT pg_drop_replication_slot('tde_slot');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_drop_replication_slot('tde_slot');"); -$stdout = $node->safe_psql('postgres', 'DROP EXTENSION pg_tde;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'DROP EXTENSION pg_tde;'); $node->stop(); diff --git a/contrib/pg_tde/t/010_change_key_provider.pl b/contrib/pg_tde/t/010_change_key_provider.pl index 6a88bd8e466..101c67c6b77 100644 --- a/contrib/pg_tde/t/010_change_key_provider.pl +++ b/contrib/pg_tde/t/010_change_key_provider.pl @@ -25,43 +25,28 @@ unlink('/tmp/change_key_provider_4.per'); my $rt_value = $node->start; ok($rt_value == 1, "Start Server"); -my ($cmdret, $stdout, $stderr) = $node->psql('postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "CREATE PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/change_key_provider_1.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_list_all_database_key_providers();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc (id serial, k integer, PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc (k) VALUES (5), (6);', extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_verify_key();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_is_encrypted('test_enc');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;'); + +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/change_key_provider_1.per');"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_list_all_database_key_providers();"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault');"); + +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc (id serial, k integer, PRIMARY KEY (id)) USING tde_heap;'); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc (k) VALUES (5), (6);'); + +PGTDE::psql($node, 'postgres', "SELECT pg_tde_verify_key();"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_is_encrypted('test_enc');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); # Change provider and move file PGTDE::append_to_file("-- mv /tmp/change_key_provider_1.per /tmp/change_key_provider_2.per"); move('/tmp/change_key_provider_1.per', '/tmp/change_key_provider_2.per'); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_2.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_list_all_database_key_providers();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_verify_key();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_is_encrypted('test_enc');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_2.per');"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_list_all_database_key_providers();"); + +PGTDE::psql($node, 'postgres', "SELECT pg_tde_verify_key();"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_is_encrypted('test_enc');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); PGTDE::append_to_file("-- server restart"); $node->stop(); @@ -69,26 +54,17 @@ $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); # Verify -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_verify_key();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_is_encrypted('test_enc');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_verify_key();"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_is_encrypted('test_enc');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); # Change provider and do not move file -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_3.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_list_all_database_key_providers();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -(undef, $stdout, $stderr) = $node->psql('postgres', "SELECT pg_tde_verify_key();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_is_encrypted('test_enc');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_3.per');"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_list_all_database_key_providers();"); + +PGTDE::psql($node, 'postgres', "SELECT pg_tde_verify_key();"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_is_encrypted('test_enc');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); PGTDE::append_to_file("-- server restart"); $node->stop(); @@ -96,15 +72,9 @@ $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); # Verify -(undef, $stdout, $stderr) = $node->psql('postgres', "SELECT pg_tde_verify_key();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); -(undef, $stdout, $stderr) = $node->psql('postgres', "SELECT pg_tde_is_encrypted('test_enc');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); -(undef, $stdout, $stderr) = $node->psql('postgres', 'SELECT * FROM test_enc ORDER BY id;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_verify_key();"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_is_encrypted('test_enc');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); PGTDE::append_to_file("-- mv /tmp/change_key_provider_2.per /tmp/change_key_provider_3.per"); move('/tmp/change_key_provider_2.per', '/tmp/change_key_provider_3.per'); @@ -115,41 +85,26 @@ $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); # Verify -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_verify_key();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_is_encrypted('test_enc');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_verify_key();"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_is_encrypted('test_enc');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); -(undef, $stdout, $stderr) = $node->psql('postgres', 'DROP EXTENSION pg_tde CASCADE;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); +PGTDE::psql($node, 'postgres', 'DROP EXTENSION pg_tde CASCADE;'); -($cmdret, $stdout, $stderr) = $node->psql('postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "CREATE PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;'); # Change provider and generate a new principal key -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/change_key_provider_4.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', 'CREATE TABLE test_enc (id serial, k integer, PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'INSERT INTO test_enc (k) VALUES (5), (6);', extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_verify_key();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_is_encrypted('test_enc');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_3.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/change_key_provider_4.per');"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault');"); + +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc (id serial, k integer, PRIMARY KEY (id)) USING tde_heap;'); +PGTDE::psql($node, 'postgres', 'INSERT INTO test_enc (k) VALUES (5), (6);'); + +PGTDE::psql($node, 'postgres', "SELECT pg_tde_verify_key();"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_is_encrypted('test_enc');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); + +PGTDE::psql($node, 'postgres', "SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_3.per');"); PGTDE::append_to_file("-- server restart"); $node->stop(); @@ -157,33 +112,19 @@ $rt_value = $node->start(); ok($rt_value == 1, "Restart Server"); # Verify -(undef, $stdout, $stderr) = $node->psql('postgres', "SELECT pg_tde_verify_key();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); -(undef, $stdout, $stderr) = $node->psql('postgres', "SELECT pg_tde_is_encrypted('test_enc');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); -(undef, $stdout, $stderr) = $node->psql('postgres', 'SELECT * FROM test_enc ORDER BY id;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); -(undef, $stdout, $stderr) = $node->psql('postgres', 'CREATE TABLE test_enc2 (id serial, k integer, PRIMARY KEY (id)) USING tde_heap;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); - -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_4.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_verify_key();"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_is_encrypted('test_enc');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); +PGTDE::psql($node, 'postgres', 'CREATE TABLE test_enc2 (id serial, k integer, PRIMARY KEY (id)) USING tde_heap;'); + +PGTDE::psql($node, 'postgres', "SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_provider_4.per');"); # Verify -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_verify_key();", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_is_encrypted('test_enc');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', 'SELECT * FROM test_enc ORDER BY id;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); - -(undef, $stdout, $stderr) = $node->psql('postgres', 'DROP EXTENSION pg_tde CASCADE;', extra_params => ['-a']); -PGTDE::append_to_file($stdout); -PGTDE::append_to_file($stderr); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_verify_key();"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_is_encrypted('test_enc');"); +PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); + +PGTDE::psql($node, 'postgres', 'DROP EXTENSION pg_tde CASCADE;'); $node->stop(); diff --git a/contrib/pg_tde/t/011_unlogged_tables.pl b/contrib/pg_tde/t/011_unlogged_tables.pl index 5c81b922334..b267ff22706 100644 --- a/contrib/pg_tde/t/011_unlogged_tables.pl +++ b/contrib/pg_tde/t/011_unlogged_tables.pl @@ -19,22 +19,15 @@ close $conf; my $rt_value = $node->start; ok($rt_value == 1, "Start Server"); -my ($cmdret, $stdout, $stderr) = $node->psql('postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;', extra_params => ['-a']); -ok($cmdret == 0, "CREATE PGTDE EXTENSION"); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/unlogged_tables.per');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); -$stdout = $node->safe_psql('postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault');", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', 'CREATE EXTENSION IF NOT EXISTS pg_tde;'); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/unlogged_tables.per');"); +PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault');"); -$stdout = $node->safe_psql('postgres', "CREATE UNLOGGED TABLE t (x int PRIMARY KEY) USING tde_heap;", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "CREATE UNLOGGED TABLE t (x int PRIMARY KEY) USING tde_heap;"); -$stdout = $node->safe_psql('postgres', "INSERT INTO t SELECT generate_series(1, 4);", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "INSERT INTO t SELECT generate_series(1, 4);"); -$stdout = $node->safe_psql('postgres', "CHECKPOINT;", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "CHECKPOINT;"); PGTDE::append_to_file("-- kill -9"); $node->kill9(); @@ -43,11 +36,9 @@ PGTDE::append_to_file("-- server start"); $rt_value = $node->start; ok($rt_value == 1, "Start Server"); -$stdout = $node->safe_psql('postgres', "TABLE t;", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "TABLE t;"); -$stdout = $node->safe_psql('postgres', "INSERT INTO t SELECT generate_series(1, 4);", extra_params => ['-a']); -PGTDE::append_to_file($stdout); +PGTDE::psql($node, 'postgres', "INSERT INTO t SELECT generate_series(1, 4);"); $node->stop(); diff --git a/contrib/pg_tde/t/expected/001_basic.out b/contrib/pg_tde/t/expected/001_basic.out index 0ea866e83eb..21e08d26830 100644 --- a/contrib/pg_tde/t/expected/001_basic.out +++ b/contrib/pg_tde/t/expected/001_basic.out @@ -1,7 +1,14 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT extname, extversion FROM pg_extension WHERE extname = 'pg_tde'; pg_tde|1.0-rc +CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; +psql::1: ERROR: principal key not configured +HINT: create one using pg_tde_set_key before using encrypted tables -- server restart +SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per'); +1 +SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault'); + CREATE TABLE test_enc(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc (k) VALUES ('foobar'),('barfoo'); SELECT * FROM test_enc ORDER BY id ASC; diff --git a/contrib/pg_tde/t/expected/002_rotate_key.out b/contrib/pg_tde/t/expected/002_rotate_key.out index ee47bcb3c80..8e178cd72b2 100644 --- a/contrib/pg_tde/t/expected/002_rotate_key.out +++ b/contrib/pg_tde/t/expected/002_rotate_key.out @@ -1,4 +1,7 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; +CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; +psql::1: ERROR: principal key not configured +HINT: create one using pg_tde_set_key before using encrypted tables -- server restart SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per'); 1 @@ -18,7 +21,8 @@ INSERT INTO test_enc (k) VALUES (5),(6); SELECT * FROM test_enc ORDER BY id ASC; 1|5 2|6 -0 +SELECT pg_tde_set_key_using_database_key_provider('rotated-key1'); + SELECT * FROM test_enc ORDER BY id ASC; 1|5 2|6 @@ -75,6 +79,7 @@ SELECT * FROM test_enc ORDER BY id ASC; 2|6 ALTER SYSTEM SET pg_tde.inherit_global_providers = OFF; -- server restart +SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX2', 'file-2', false); psql::1: ERROR: Usage of global key providers is disabled. Enable it with pg_tde.inherit_global_providers = ON SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); -1|file-2|rotated-keyX diff --git a/contrib/pg_tde/t/expected/003_remote_config.out b/contrib/pg_tde/t/expected/003_remote_config.out index 35bcd3f4965..b4c5cc63fc5 100644 --- a/contrib/pg_tde/t/expected/003_remote_config.out +++ b/contrib/pg_tde/t/expected/003_remote_config.out @@ -1,4 +1,8 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; +SELECT pg_tde_add_database_key_provider_file('file-provider', json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8888/hello' )); +1 +SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider'); + CREATE TABLE test_enc2(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc2 (k) VALUES (5),(6); SELECT * FROM test_enc2 ORDER BY id ASC; diff --git a/contrib/pg_tde/t/expected/004_file_config.out b/contrib/pg_tde/t/expected/004_file_config.out index e5f705d3137..c9e6a895245 100644 --- a/contrib/pg_tde/t/expected/004_file_config.out +++ b/contrib/pg_tde/t/expected/004_file_config.out @@ -1,4 +1,8 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; +SELECT pg_tde_add_database_key_provider_file('file-provider', json_object( 'type' VALUE 'file', 'path' VALUE '/tmp/datafile-location' )); +1 +SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-provider'); + CREATE TABLE test_enc1(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc1 (k) VALUES (5),(6); SELECT * FROM test_enc1 ORDER BY id ASC; diff --git a/contrib/pg_tde/t/expected/006_remote_vault_config.out b/contrib/pg_tde/t/expected/006_remote_vault_config.out index 35bcd3f4965..4110b74664e 100644 --- a/contrib/pg_tde/t/expected/006_remote_vault_config.out +++ b/contrib/pg_tde/t/expected/006_remote_vault_config.out @@ -1,4 +1,8 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; +SELECT pg_tde_add_database_key_provider_vault_v2('vault-provider', json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8889/token' ), json_object( 'type' VALUE 'remote', 'url' VALUE 'http://localhost:8889/url' ), to_json('secret'::text), NULL); +1 +SELECT pg_tde_set_key_using_database_key_provider('test-db-key','vault-provider'); + CREATE TABLE test_enc2(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc2 (k) VALUES (5),(6); SELECT * FROM test_enc2 ORDER BY id ASC; diff --git a/contrib/pg_tde/t/expected/007_tde_heap.out b/contrib/pg_tde/t/expected/007_tde_heap.out index 867f714c9fb..3d596657d0b 100644 --- a/contrib/pg_tde/t/expected/007_tde_heap.out +++ b/contrib/pg_tde/t/expected/007_tde_heap.out @@ -1,5 +1,12 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; +CREATE TABLE test_enc(id SERIAL,k INTEGER,PRIMARY KEY (id)) USING tde_heap; +psql::1: ERROR: principal key not configured +HINT: create one using pg_tde_set_key before using encrypted tables -- server restart +SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per'); +1 +SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault'); + CREATE TABLE test_enc1(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc1 (k) VALUES ('foobar'),('barfoo'); SELECT * FROM test_enc1 ORDER BY id ASC; @@ -16,7 +23,9 @@ INSERT INTO test_enc3 (k) VALUES ('foobar'),('barfoo'); SELECT * FROM test_enc3 ORDER BY id ASC; 1|foobar 2|barfoo +CREATE TABLE test_enc4(id SERIAL,k VARCHAR(32),PRIMARY KEY (id)) USING heap; INSERT INTO test_enc4 (k) VALUES ('foobar'),('barfoo'); +SET default_table_access_method = "tde_heap"; ALTER TABLE test_enc4 SET ACCESS METHOD DEFAULT; SELECT * FROM test_enc4 ORDER BY id ASC; 1|foobar 2|barfoo diff --git a/contrib/pg_tde/t/expected/008_key_rotate_tablespace.out b/contrib/pg_tde/t/expected/008_key_rotate_tablespace.out index 58600feeeb3..222742b1d84 100644 --- a/contrib/pg_tde/t/expected/008_key_rotate_tablespace.out +++ b/contrib/pg_tde/t/expected/008_key_rotate_tablespace.out @@ -1,3 +1,5 @@ +SET allow_in_place_tablespaces = true; CREATE TABLESPACE test_tblspace LOCATION ''; +CREATE DATABASE tbc TABLESPACE = test_tblspace; CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per'); 1 @@ -16,29 +18,14 @@ SELECT * FROM country_table; 1|Japan|Asia 2|UK|Europe 3|USA|North America -CREATE EXTENSION IF NOT EXISTS pg_tde; -SELECT pg_tde_add_database_key_provider_file('file-vault','/tmp/pg_tde_test_keyring.per'); -1 -SELECT pg_tde_set_key_using_database_key_provider('test-db-key','file-vault'); +SELECT pg_tde_set_key_using_database_key_provider('new-k', 'file-vault'); -CREATE TABLE country_table ( - country_id serial primary key, - country_name text unique not null, - continent text not null -) USING tde_heap; -INSERT INTO country_table (country_name, continent) - VALUES ('Japan', 'Asia'), - ('UK', 'Europe'), - ('USA', 'North America'); -SELECT * FROM country_table; -1|Japan|Asia -2|UK|Europe -3|USA|North America -- server restart SELECT * FROM country_table; 1|Japan|Asia 2|UK|Europe 3|USA|North America DROP EXTENSION pg_tde CASCADE; +psql::1: NOTICE: drop cascades to table country_table DROP DATABASE tbc; DROP TABLESPACE test_tblspace; diff --git a/contrib/pg_tde/t/expected/010_change_key_provider.out b/contrib/pg_tde/t/expected/010_change_key_provider.out index d7cfbd2a394..0849ff96822 100644 --- a/contrib/pg_tde/t/expected/010_change_key_provider.out +++ b/contrib/pg_tde/t/expected/010_change_key_provider.out @@ -66,7 +66,8 @@ psql::1: NOTICE: drop cascades to table test_enc CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/change_key_provider_4.per'); 1 -0 +SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault'); + CREATE TABLE test_enc (id serial, k integer, PRIMARY KEY (id)) USING tde_heap; INSERT INTO test_enc (k) VALUES (5), (6); SELECT pg_tde_verify_key(); diff --git a/contrib/pg_tde/t/pgtde.pm b/contrib/pg_tde/t/pgtde.pm index 0d052ae6ee8..21aa93864ec 100644 --- a/contrib/pg_tde/t/pgtde.pm +++ b/contrib/pg_tde/t/pgtde.pm @@ -51,6 +51,21 @@ sub pgtde_init_pg return $node; } +sub psql +{ + my ($node, $dbname, $sql) = @_; + + my (undef, $stdout, $stderr) = $node->psql($dbname, $sql, extra_params => ['-a']); + + if ($stdout ne '') { + append_to_file($stdout); + } + + if ($stderr ne '') { + append_to_file($stderr); + } +} + sub append_to_file { my ($str) = @_;