The returned provider id was not useful for end-users as they cannot do
anything with it. They always use the provider name when interacting
with these settings.
If they really want to see these ids they can easily just use the functions
to list all providers to see them.
The reason for this change is that it might be confusing for users when
the function to create a global provider returns -1 on success without
any indication that it's just the generated id and not an error code.
Added to banner and other chapters notes for the user to **NOT** upgrade
RC to GA (hidden for now, prepared for GA release), do a fresh install for GA, and added more important notes
regarding the fact that this is an RC build that should **NOT** be used
in prod env.
Especially all code realted to the keys of temporary tables did not
belong in the TDE map code and fit better in the SMGR code.
Additionally we speed up pg_tde_is_encrypted() by relying on the SMGR to
cache the relations. This might in some cases lead to blow up of the
SMGR relation cache if you query every relation in the database but
given the small size I am not overly worried.
Since we rely on the SMGR relation cache for fast key lookup when
opening a SMGR relation and that the catalog should be open basically
all the time this optimization adds little value and only complicates
the code.
The code was much harder to understand than necessary due to the type
being encoded as a bitmask where most combinations of bits were invalid.
Using an enum makes the five different states which we encoded much more
obvious.
The WAL_INVALID state is a bit special since it is only ever set on the
key and never on the map entry itself.
This comment made sense when it was written, but the code has since
changed a lot without the comment being maintained. Now it means nothing
relevant to the current code.
Prevent the change if they do not. In the future we might want to add a
"force" parameter, but for now the command line utility can be used
while the cluster is offline if that is necessary.
Updates to # Global Principal Key Configuration parameter of setting
global key
Rewrote and added correct falste/true parameters for ensure_new_key on set_default_key.
---------
Co-authored-by: Anastasia Alexandrova <anastasia.alexandrova@percona.com>
Since the relation keys are cached in the SMGR cache (or arguably the
relation cache) the double layers of caching only complicated the code
and caused an issue with possible key re-use or even data corruption on
oid wraparound.
This will slow down some code paths like pg_tde_is_encrypted() but the
code simplifcation and fixing of the oid wraparound bug makes it worth
it and some of that performance loss can be added back in future
commits.
This loses us the mlock() protection of the relation keys in the cache
but since the keys in the SMGR were not protected anyway this is not
a significant loss.
Since are going to remove the key cache we need to make sure to figure
out another solution for the keys of temporary tables. The new solution
is to store them in a per-backend hash table from which we delete the key
when we drop the relation.
The only reason we stored them in the key cache was in an attempt to
protect them from being swapped but since we do not care about that in
other contexts plus we plan to remove the cache we should just stop
storing them in the cache.
To give the same error messages as any other json parsing issue.
Normally the values we get in here would already be valid postgres json
values however, so finding a parsing error should be rare.
This tool is only meant to be used in dire circumstances and whoever is
using it should be sure what they want to do.
Also remove information about "running postgres processes" from usage
information as the tool will refuse to do anything if the cluster is
running.
The configuration json generated by the pg_tde_change_key_provider CLI
tool was not valid since it contained an unexpected field.
Also include provider id in the record before attempting the
modification as otherwise the modify function throws an error.
literally 1 uppercase changes to files where appropriate to ensured
style throughout docs by doing that, and a small sql fix for a command
NOTE: I will change the capitalization to the titles a bit later as per
the style guide, right now I want to have a clean style across all
titles so it doesn't look too mishmashy.
And also remove the typedef that previously held the name
TDESMgrRelation. This typedef hides the pointer-ness of things and only
serves to make the code harder to read.
Sometimes kill -9 might take a bit longer than what it takes for us to
restart the server. Wait for the process to actually die before
continuing.
This is to fix the CI failures these tests often had.
Dragos Andriciuc