Clean up errors from set key functions

Also move a couple of checks to the calling function.
3 months ago · d052631c55
parent 3bc2a13ce5
commit d052631c55
3 changed files with 22 additions and 19 deletions
--- a/contrib/pg_tde/expected/key_provider.out
+++ b/contrib/pg_tde/expected/key_provider.out
@ -315,12 +315,16 @@ WARNING:  The WAL encryption feature is currently in beta and may be unstable. D
 ERROR:  key name "" is too short
 -- Setting principal key fails if the key name is too long
 SELECT pg_tde_set_default_key_using_global_key_provider(repeat('K', 256), 'file-keyring');
-ERROR:  too long principal key name, maximum length is 255 bytes
+ERROR:  key name "KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK" is too long
 HINT:  Maximum length is 255 bytes.
 SELECT pg_tde_set_key_using_database_key_provider(repeat('K', 256), 'file-provider');
-ERROR:  too long principal key name, maximum length is 255 bytes
+ERROR:  key name "KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK" is too long
 HINT:  Maximum length is 255 bytes.
 SELECT pg_tde_set_key_using_global_key_provider(repeat('K', 256), 'file-keyring');
-ERROR:  too long principal key name, maximum length is 255 bytes
+ERROR:  key name "KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK" is too long
 HINT:  Maximum length is 255 bytes.
 SELECT pg_tde_set_server_key_using_global_key_provider(repeat('K', 256), 'file-keyring');
 WARNING:  The WAL encryption feature is currently in beta and may be unstable. Do not use it in production environments!
-ERROR:  too long principal key name, maximum length is 255 bytes
+ERROR:  key name "KKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK" is too long
 HINT:  Maximum length is 255 bytes.
 DROP EXTENSION pg_tde;
--- a/contrib/pg_tde/src/catalog/tde_principal_key.c
+++ b/contrib/pg_tde/src/catalog/tde_principal_key.c
@ -227,12 +227,6 @@ set_principal_key_with_keyring(const char *key_name, const char *provider_name,
 	GenericKeyring *new_keyring;
 	const KeyInfo *keyInfo = NULL;
 	if (AllowInheritGlobalProviders == false && providerOid != dbOid)
 	{
 		ereport(ERROR,
 				errmsg("Usage of global key providers is disabled. Enable it with pg_tde.inherit_global_providers = ON"));
 	}
 	/*
 	 * Try to get principal key from cache.
 	 */
@ -251,21 +245,16 @@ set_principal_key_with_keyring(const char *key_name, const char *provider_name,
 		if (kr_ret != KEYRING_CODE_SUCCESS)
 		{
 			ereport(ERROR,
-					errmsg("failed to retrieve principal key from keyring provider :\"%s\"", new_keyring->provider_name),
+					errmsg("could not successfully query key provider \"%s\"", new_keyring->provider_name));
 					errdetail("Error code: %d", kr_ret));
 		}
 	}
 	if (keyInfo != NULL && ensure_new_key)
 	{
 		ereport(ERROR,
 				errmsg("failed to create principal key: already exists"));
 	}
 	if (strlen(key_name) >= sizeof(keyInfo->name))
 		ereport(ERROR,
 				errcode(ERRCODE_INVALID_PARAMETER_VALUE),
-				errmsg("too long principal key name, maximum length is %ld bytes", sizeof(keyInfo->name) - 1));
+				errmsg("cannot to create key \"%s\" because it already exists", key_name));
 	}
 	if (keyInfo == NULL)
 		keyInfo = KeyringGenerateNewKeyAndStore(new_keyring, key_name, PRINCIPAL_KEY_LEN);
@ -517,6 +506,10 @@ pg_tde_set_principal_key_internal(Oid providerOid, Oid dbOid, const char *key_na
 		ereport(ERROR,
 				errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 				errmsg("must be superuser to access global key providers"));
 	if (providerOid == GLOBAL_DATA_TDE_OID && !AllowInheritGlobalProviders)
 		ereport(ERROR,
 				errmsg("usage of global key providers is disabled"),
 				errhint("Set \"pg_tde.inherit_global_providers = on\" in postgresql.conf."));
 	if (key_name == NULL)
 		ereport(ERROR,
@ -526,6 +519,11 @@ pg_tde_set_principal_key_internal(Oid providerOid, Oid dbOid, const char *key_na
 		ereport(ERROR,
 				errcode(ERRCODE_INVALID_PARAMETER_VALUE),
 				errmsg("key name \"\" is too short"));
 	if (strlen(key_name) >= PRINCIPAL_KEY_NAME_LEN)
 		ereport(ERROR,
 				errcode(ERRCODE_INVALID_PARAMETER_VALUE),
 				errmsg("key name \"%s\" is too long", key_name),
 				errhint("Maximum length is %d bytes.", PRINCIPAL_KEY_NAME_LEN - 1));
 	if (provider_name == NULL)
 		ereport(ERROR,
 				errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
--- a/contrib/pg_tde/t/expected/rotate_key.out
+++ b/contrib/pg_tde/t/expected/rotate_key.out
@ -180,7 +180,8 @@ SELECT * FROM test_enc ORDER BY id;
 ALTER SYSTEM SET pg_tde.inherit_global_providers = off;
 -- server restart
 SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX2', 'file-2', false);
-psql:<stdin>:1: ERROR:  Usage of global key providers is disabled. Enable it with pg_tde.inherit_global_providers = ON
+psql:<stdin>:1: ERROR:  usage of global key providers is disabled
 HINT:  Set "pg_tde.inherit_global_providers = on" in postgresql.conf.
 SELECT provider_id, provider_name, key_name FROM pg_tde_key_info();
 provider_id | provider_name |   key_name   
 -------------+---------------+--------------