Skip to content

PG-1419 Validate key provider on creation #224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Apr 23, 2025
Merged

PG-1419 Validate key provider on creation #224

merged 6 commits into from
Apr 23, 2025

Conversation

AndersAstrand
Copy link
Collaborator

@AndersAstrand AndersAstrand commented Apr 16, 2025
edited
Loading

The validation done is very rudimentary for now. The main part of this PR is some refactoring of tde_keyring.c. I'm not fully happy with where it's at, but I think I like it better than what was there at least.

I did leave a TODO in there for any reviewers to comment on! The comment will ofc not be merged, I'll either remove the comment or change the behaviour.

@AndersAstrand
Copy link
Collaborator Author

AndersAstrand commented Apr 16, 2025
edited
Loading

I don't know why the "Test PSP with TDE" job fails. Will look into that.

I forgot about pg_regress variant expected files 🙄

@AndersAstrand AndersAstrand force-pushed the tde/validate-on-new-provider branch from 60d7f1a to d1d5851 Compare April 16, 2025 15:47
@codecov-commenter
Copy link

codecov-commenter commented Apr 16, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 78.70370% with 23 lines in your changes missing coverage. Please review.

Project coverage is 75.53%. Comparing base (86a43fc) to head (7057f00).

❌ Your project status has failed because the head coverage (75.53%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files 
@@                  Coverage Diff                  @@
##           TDE_REL_17_STABLE     #224      +/-   ##
=====================================================
+ Coverage              75.45%   75.53%   +0.08%     
=====================================================
  Files                     22       22              
  Lines                   2465     2514      +49     
  Branches                 388      394       +6     
=====================================================
+ Hits                    1860     1899      +39     
- Misses                   532      538       +6     
- Partials                  73       77       +4
Components Coverage Δ
access 72.44% <0.00%> (ø)
catalog 83.38% <78.04%> (-0.90%) ⬇️
common 92.50% <ø> (ø)
encryption 71.90% <ø> (ø)
keyring 72.07% <87.50%> (+2.20%) ⬆️
src 52.80% <ø> (ø)
smgr 96.93% <ø> (ø)
transam ∅ <ø> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@AndersAstrand AndersAstrand force-pushed the tde/validate-on-new-provider branch 3 times, most recently from caea669 to 0341bc4 Compare April 16, 2025 16:31
dutow
dutow reviewed Apr 17, 2025
View reviewed changes
@AndersAstrand AndersAstrand force-pushed the tde/validate-on-new-provider branch from 0341bc4 to f15d3c7 Compare April 17, 2025 18:55
@AndersAstrand AndersAstrand force-pushed the tde/validate-on-new-provider branch 2 times, most recently from 08cc7d1 to 82bd1b8 Compare April 22, 2025 13:40
@AndersAstrand AndersAstrand force-pushed the tde/validate-on-new-provider branch from f30bf62 to 7aa2928 Compare April 22, 2025 16:25
@AndersAstrand
Change some keyring function to return void
5370ea0 
No callers cared about the return value of these functions anyway.
@AndersAstrand
Remove non-test
c0dedc3 
This regression file didn't really test anything. The tests it was
supposed to do was removed here percona/pg_tde@e270322
So now it doesn't test anything that key_provider.sql doesn't already do
for us.
@AndersAstrand
Fix error message in keyring_file.c
60b7716 
The colon was on the wrong side of the space.
@AndersAstrand
Rename KeyringProviderXLRecord
7d2b74f 
The new name, KeyringProviderRecordInFile, describes what it is rather
than what it's used for. But the real reason is that I want to use it
for other things than the WAL in future commits.
@AndersAstrand
Refactor some lower level functions in tde_keyring
935d62c 
Previously write_key_provider_info() was a bit of a "do everything"
function that had very different behavior depending on what parameters
was passed to it. This commit reworks it to a "dumb" function that just
writes the data without asking questions and have the callers take
responsibility for data validity.

This is to make it easier to validate the data in different ways
depending on the caller's needs without further complicating
write_key_provider_info().
@AndersAstrand
PG-1419 Validate key provider access
7057f00 
This adds some validation to make sure we can access the key provider
when it's created to make the user experience a little nicer. The actual
access validation is very rudimentary for now but can easily be
expanded.
@AndersAstrand AndersAstrand force-pushed the tde/validate-on-new-provider branch from 7aa2928 to 7057f00 Compare April 22, 2025 19:50
jeltz
jeltz approved these changes Apr 23, 2025
View reviewed changes
Copy link
Collaborator

@jeltz jeltz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@AndersAstrand AndersAstrand merged commit 157230d into percona:TDE_REL_17_STABLE Apr 23, 2025
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dutow dutow dutow left review comments

@jeltz jeltz jeltz approved these changes

@dAdAbird dAdAbird Awaiting requested review from dAdAbird dAdAbird is a code owner

@nastena1606 nastena1606 Awaiting requested review from nastena1606 nastena1606 is a code owner

@Andriciuc Andriciuc Awaiting requested review from Andriciuc Andriciuc is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AndersAstrand @codecov-commenter @jeltz @dutow