From ab09583a9dda330e0430deadd19afefd696d20bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85strand?= Date: Wed, 11 Jun 2025 11:46:39 +0200 Subject: [PATCH 1/2] Remove provider_ prefix from parameter names There was no reason for name and type to be prefixed in the add/change key provider functions while options was not. The output from the list_providers functions had them for name and type, but not id nor options. So remove the prefixes there aswell. In other functions the prefixes serve to show what parameters is about the provider and which are about something else. --- .../pg_tde/expected/default_principal_key.out | 4 +- contrib/pg_tde/expected/key_provider.out | 50 +++++++++---------- contrib/pg_tde/pg_tde--1.0-rc.sql | 16 +++--- contrib/pg_tde/sql/default_principal_key.sql | 2 +- contrib/pg_tde/sql/key_provider.sql | 12 ++--- .../pg_tde/t/expected/change_key_provider.out | 18 +++---- .../pg_tde/t/pg_tde_change_key_provider.pl | 20 ++++---- 7 files changed, 61 insertions(+), 61 deletions(-) diff --git a/contrib/pg_tde/expected/default_principal_key.out b/contrib/pg_tde/expected/default_principal_key.out index ad5870cc198e0..1de794060aa8c 100644 --- a/contrib/pg_tde/expected/default_principal_key.out +++ b/contrib/pg_tde/expected/default_principal_key.out @@ -39,8 +39,8 @@ SELECT key_provider_id, key_provider_name, key_name -- fails SELECT pg_tde_delete_global_key_provider('file-provider'); ERROR: Can't delete a provider which is currently in use -SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); - id | provider_name +SELECT id, name FROM pg_tde_list_all_global_key_providers(); + id | name ----+--------------- -2 | file-provider (1 row) diff --git a/contrib/pg_tde/expected/key_provider.out b/contrib/pg_tde/expected/key_provider.out index c77c2653657d1..b7a3105fa2823 100644 --- a/contrib/pg_tde/expected/key_provider.out +++ b/contrib/pg_tde/expected/key_provider.out @@ -22,10 +22,10 @@ SELECT pg_tde_add_database_key_provider_file('file-provider2','/tmp/pg_tde_test_ SELECT pg_tde_add_database_key_provider_file('file-provider','/tmp/pg_tde_test_keyring_dup.per'); ERROR: Key provider "file-provider" already exists. SELECT * FROM pg_tde_list_all_database_key_providers(); - id | provider_name | provider_type | options -----+----------------+---------------+-------------------------------------------- - 1 | file-provider | file | {"path" : "/tmp/pg_tde_test_keyring.per"} - 2 | file-provider2 | file | {"path" : "/tmp/pg_tde_test_keyring2.per"} + id | name | type | options +----+----------------+------+-------------------------------------------- + 1 | file-provider | file | {"path" : "/tmp/pg_tde_test_keyring.per"} + 2 | file-provider2 | file | {"path" : "/tmp/pg_tde_test_keyring2.per"} (2 rows) SELECT pg_tde_verify_key(); @@ -45,19 +45,19 @@ SELECT pg_tde_verify_key(); SELECT pg_tde_change_database_key_provider_file('not-existent-provider','/tmp/pg_tde_test_keyring.per'); ERROR: key provider "not-existent-provider" does not exists SELECT * FROM pg_tde_list_all_database_key_providers(); - id | provider_name | provider_type | options -----+----------------+---------------+-------------------------------------------- - 1 | file-provider | file | {"path" : "/tmp/pg_tde_test_keyring.per"} - 2 | file-provider2 | file | {"path" : "/tmp/pg_tde_test_keyring2.per"} + id | name | type | options +----+----------------+------+-------------------------------------------- + 1 | file-provider | file | {"path" : "/tmp/pg_tde_test_keyring.per"} + 2 | file-provider2 | file | {"path" : "/tmp/pg_tde_test_keyring2.per"} (2 rows) SELECT pg_tde_change_database_key_provider('file', 'file-provider', '{"path": {"foo": "/tmp/pg_tde_test_keyring.per"}}'); ERROR: key provider value cannot be an object SELECT * FROM pg_tde_list_all_database_key_providers(); - id | provider_name | provider_type | options -----+----------------+---------------+-------------------------------------------- - 1 | file-provider | file | {"path" : "/tmp/pg_tde_test_keyring.per"} - 2 | file-provider2 | file | {"path" : "/tmp/pg_tde_test_keyring2.per"} + id | name | type | options +----+----------------+------+-------------------------------------------- + 1 | file-provider | file | {"path" : "/tmp/pg_tde_test_keyring.per"} + 2 | file-provider2 | file | {"path" : "/tmp/pg_tde_test_keyring2.per"} (2 rows) SELECT pg_tde_add_global_key_provider_file('file-keyring','/tmp/pg_tde_test_keyring.per'); @@ -72,8 +72,8 @@ SELECT pg_tde_add_global_key_provider_file('file-keyring2','/tmp/pg_tde_test_key (1 row) -SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); - id | provider_name +SELECT id, name FROM pg_tde_list_all_global_key_providers(); + id | name ----+--------------- -4 | file-keyring -5 | file-keyring2 @@ -82,8 +82,8 @@ SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); -- fails SELECT pg_tde_delete_database_key_provider('file-provider'); ERROR: Can't delete a provider which is currently in use -SELECT id, provider_name FROM pg_tde_list_all_database_key_providers(); - id | provider_name +SELECT id, name FROM pg_tde_list_all_database_key_providers(); + id | name ----+---------------- 1 | file-provider 2 | file-provider2 @@ -96,14 +96,14 @@ SELECT pg_tde_delete_database_key_provider('file-provider2'); (1 row) -SELECT id, provider_name FROM pg_tde_list_all_database_key_providers(); - id | provider_name +SELECT id, name FROM pg_tde_list_all_database_key_providers(); + id | name ----+--------------- 1 | file-provider (1 row) -SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); - id | provider_name +SELECT id, name FROM pg_tde_list_all_global_key_providers(); + id | name ----+--------------- -4 | file-keyring -5 | file-keyring2 @@ -118,8 +118,8 @@ SELECT pg_tde_set_key_using_global_key_provider('test-db-key', 'file-keyring', f -- fails SELECT pg_tde_delete_global_key_provider('file-keyring'); ERROR: Can't delete a provider which is currently in use -SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); - id | provider_name +SELECT id, name FROM pg_tde_list_all_global_key_providers(); + id | name ----+--------------- -4 | file-keyring -5 | file-keyring2 @@ -132,9 +132,9 @@ SELECT pg_tde_delete_global_key_provider('file-keyring2'); (1 row) -SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); - id | provider_name -----+--------------- +SELECT id, name FROM pg_tde_list_all_global_key_providers(); + id | name +----+-------------- -4 | file-keyring (1 row) diff --git a/contrib/pg_tde/pg_tde--1.0-rc.sql b/contrib/pg_tde/pg_tde--1.0-rc.sql index 897e1664bbbbb..716fa003e1158 100644 --- a/contrib/pg_tde/pg_tde--1.0-rc.sql +++ b/contrib/pg_tde/pg_tde--1.0-rc.sql @@ -2,7 +2,7 @@ \echo Use "CREATE EXTENSION pg_tde" to load this file. \quit -- Key Provider Management -CREATE FUNCTION pg_tde_add_database_key_provider(provider_type TEXT, provider_name TEXT, options JSON) +CREATE FUNCTION pg_tde_add_database_key_provider(type TEXT, name TEXT, options JSON) RETURNS VOID LANGUAGE C AS 'MODULE_PATHNAME'; @@ -50,8 +50,8 @@ END; CREATE FUNCTION pg_tde_list_all_database_key_providers (OUT id INT, - OUT provider_name TEXT, - OUT provider_type TEXT, + OUT name TEXT, + OUT type TEXT, OUT options JSON) RETURNS SETOF RECORD LANGUAGE C @@ -60,8 +60,8 @@ REVOKE ALL ON FUNCTION pg_tde_list_all_database_key_providers() FROM PUBLIC; CREATE FUNCTION pg_tde_list_all_global_key_providers (OUT id INT, - OUT provider_name TEXT, - OUT provider_type TEXT, + OUT name TEXT, + OUT type TEXT, OUT options JSON) RETURNS SETOF RECORD LANGUAGE C @@ -69,7 +69,7 @@ AS 'MODULE_PATHNAME'; REVOKE ALL ON FUNCTION pg_tde_list_all_global_key_providers() FROM PUBLIC; -- Global Tablespace Key Provider Management -CREATE FUNCTION pg_tde_add_global_key_provider(provider_type TEXT, provider_name TEXT, options JSON) +CREATE FUNCTION pg_tde_add_global_key_provider(type TEXT, name TEXT, options JSON) RETURNS VOID LANGUAGE C AS 'MODULE_PATHNAME'; @@ -116,7 +116,7 @@ BEGIN ATOMIC END; -- Key Provider Management -CREATE FUNCTION pg_tde_change_database_key_provider(provider_type TEXT, provider_name TEXT, options JSON) +CREATE FUNCTION pg_tde_change_database_key_provider(type TEXT, name TEXT, options JSON) RETURNS VOID LANGUAGE C AS 'MODULE_PATHNAME'; @@ -163,7 +163,7 @@ BEGIN ATOMIC END; -- Global Tablespace Key Provider Management -CREATE FUNCTION pg_tde_change_global_key_provider(provider_type TEXT, provider_name TEXT, options JSON) +CREATE FUNCTION pg_tde_change_global_key_provider(type TEXT, name TEXT, options JSON) RETURNS VOID LANGUAGE C AS 'MODULE_PATHNAME'; diff --git a/contrib/pg_tde/sql/default_principal_key.sql b/contrib/pg_tde/sql/default_principal_key.sql index b91744390daa5..ec24ccd4d4c4e 100644 --- a/contrib/pg_tde/sql/default_principal_key.sql +++ b/contrib/pg_tde/sql/default_principal_key.sql @@ -18,7 +18,7 @@ SELECT key_provider_id, key_provider_name, key_name -- fails SELECT pg_tde_delete_global_key_provider('file-provider'); -SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); +SELECT id, name FROM pg_tde_list_all_global_key_providers(); -- Should fail: no principal key for the database yet SELECT key_provider_id, key_provider_name, key_name diff --git a/contrib/pg_tde/sql/key_provider.sql b/contrib/pg_tde/sql/key_provider.sql index 008858d8944a0..9cfb21ee2f5e6 100644 --- a/contrib/pg_tde/sql/key_provider.sql +++ b/contrib/pg_tde/sql/key_provider.sql @@ -22,27 +22,27 @@ SELECT pg_tde_add_global_key_provider_file('file-keyring','/tmp/pg_tde_test_keyr SELECT pg_tde_add_global_key_provider_file('file-keyring2','/tmp/pg_tde_test_keyring2.per'); -SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); +SELECT id, name FROM pg_tde_list_all_global_key_providers(); -- fails SELECT pg_tde_delete_database_key_provider('file-provider'); -SELECT id, provider_name FROM pg_tde_list_all_database_key_providers(); +SELECT id, name FROM pg_tde_list_all_database_key_providers(); -- works SELECT pg_tde_delete_database_key_provider('file-provider2'); -SELECT id, provider_name FROM pg_tde_list_all_database_key_providers(); +SELECT id, name FROM pg_tde_list_all_database_key_providers(); -SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); +SELECT id, name FROM pg_tde_list_all_global_key_providers(); SELECT pg_tde_set_key_using_global_key_provider('test-db-key', 'file-keyring', false); -- fails SELECT pg_tde_delete_global_key_provider('file-keyring'); -SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); +SELECT id, name FROM pg_tde_list_all_global_key_providers(); -- works SELECT pg_tde_delete_global_key_provider('file-keyring2'); -SELECT id, provider_name FROM pg_tde_list_all_global_key_providers(); +SELECT id, name FROM pg_tde_list_all_global_key_providers(); -- Creating a file key provider fails if we can't open or create the file SELECT pg_tde_add_database_key_provider_file('will-not-work','/cant-create-file-in-root.per'); diff --git a/contrib/pg_tde/t/expected/change_key_provider.out b/contrib/pg_tde/t/expected/change_key_provider.out index 4d912c77936d6..fc7858c7f684e 100644 --- a/contrib/pg_tde/t/expected/change_key_provider.out +++ b/contrib/pg_tde/t/expected/change_key_provider.out @@ -6,9 +6,9 @@ SELECT pg_tde_add_database_key_provider_file('file-vault', '/tmp/change_key_prov (1 row) SELECT * FROM pg_tde_list_all_database_key_providers(); - id | provider_name | provider_type | options -----+---------------+---------------+--------------------------------------------- - 1 | file-vault | file | {"path" : "/tmp/change_key_provider_1.per"} + id | name | type | options +----+------------+------+--------------------------------------------- + 1 | file-vault | file | {"path" : "/tmp/change_key_provider_1.per"} (1 row) SELECT pg_tde_set_key_using_database_key_provider('test-key', 'file-vault'); @@ -46,9 +46,9 @@ SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_p (1 row) SELECT * FROM pg_tde_list_all_database_key_providers(); - id | provider_name | provider_type | options -----+---------------+---------------+--------------------------------------------- - 1 | file-vault | file | {"path" : "/tmp/change_key_provider_2.per"} + id | name | type | options +----+------------+------+--------------------------------------------- + 1 | file-vault | file | {"path" : "/tmp/change_key_provider_2.per"} (1 row) SELECT pg_tde_verify_key(); @@ -109,9 +109,9 @@ SELECT pg_tde_change_database_key_provider_file('file-vault', '/tmp/change_key_p (1 row) SELECT * FROM pg_tde_list_all_database_key_providers(); - id | provider_name | provider_type | options -----+---------------+---------------+--------------------------------------------- - 1 | file-vault | file | {"path" : "/tmp/change_key_provider_1.per"} + id | name | type | options +----+------------+------+--------------------------------------------- + 1 | file-vault | file | {"path" : "/tmp/change_key_provider_1.per"} (1 row) SELECT pg_tde_verify_key(); diff --git a/contrib/pg_tde/t/pg_tde_change_key_provider.pl b/contrib/pg_tde/t/pg_tde_change_key_provider.pl index 47380a940bebd..fbcae2e77b9c2 100644 --- a/contrib/pg_tde/t/pg_tde_change_key_provider.pl +++ b/contrib/pg_tde/t/pg_tde_change_key_provider.pl @@ -43,7 +43,7 @@ is( $node->safe_psql( 'postgres', - q{SELECT provider_type FROM pg_tde_list_all_database_key_providers() WHERE provider_name = 'database-provider'} + q{SELECT type FROM pg_tde_list_all_database_key_providers() WHERE name = 'database-provider'} ), 'file', 'provider type is set to file'); @@ -51,7 +51,7 @@ $options = decode_json( $node->safe_psql( 'postgres', - q{SELECT options FROM pg_tde_list_all_database_key_providers() WHERE provider_name = 'database-provider'} + q{SELECT options FROM pg_tde_list_all_database_key_providers() WHERE name = 'database-provider'} )); is( $options->{path}, '/tmp/pg_tde_change_key_provider-database-2', @@ -78,7 +78,7 @@ is( $node->safe_psql( 'postgres', - q{SELECT provider_type FROM pg_tde_list_all_database_key_providers() WHERE provider_name = 'database-provider'} + q{SELECT type FROM pg_tde_list_all_database_key_providers() WHERE name = 'database-provider'} ), 'vault-v2', 'provider type is set to vault-v2'); @@ -86,7 +86,7 @@ $options = decode_json( $node->safe_psql( 'postgres', - q{SELECT options FROM pg_tde_list_all_database_key_providers() WHERE provider_name = 'database-provider'} + q{SELECT options FROM pg_tde_list_all_database_key_providers() WHERE name = 'database-provider'} )); is( $options->{url}, 'https://vault-server.example:8200/', @@ -118,7 +118,7 @@ is( $node->safe_psql( 'postgres', - q{SELECT provider_type FROM pg_tde_list_all_database_key_providers() WHERE provider_name = 'database-provider'} + q{SELECT type FROM pg_tde_list_all_database_key_providers() WHERE name = 'database-provider'} ), 'vault-v2', 'provider type is set to vault-v2'); @@ -126,7 +126,7 @@ $options = decode_json( $node->safe_psql( 'postgres', - q{SELECT options FROM pg_tde_list_all_database_key_providers() WHERE provider_name = 'database-provider'} + q{SELECT options FROM pg_tde_list_all_database_key_providers() WHERE name = 'database-provider'} )); is( $options->{url}, 'http://vault-server.example:8200/', @@ -159,7 +159,7 @@ is( $node->safe_psql( 'postgres', - q{SELECT provider_type FROM pg_tde_list_all_database_key_providers() WHERE provider_name = 'database-provider'} + q{SELECT type FROM pg_tde_list_all_database_key_providers() WHERE name = 'database-provider'} ), 'kmip', 'provider type is set to kmip'); @@ -167,7 +167,7 @@ $options = decode_json( $node->safe_psql( 'postgres', - q{SELECT options FROM pg_tde_list_all_database_key_providers() WHERE provider_name = 'database-provider'} + q{SELECT options FROM pg_tde_list_all_database_key_providers() WHERE name = 'database-provider'} )); is($options->{host}, 'kmip-server.example', 'host is set correctly for kmip provider'); @@ -200,7 +200,7 @@ is( $node->safe_psql( 'postgres', - q{SELECT provider_type FROM pg_tde_list_all_global_key_providers() WHERE provider_name = 'global-provider'} + q{SELECT type FROM pg_tde_list_all_global_key_providers() WHERE name = 'global-provider'} ), 'vault-v2', 'provider type is set to vault-v2 for global provider'); @@ -208,7 +208,7 @@ $options = decode_json( $node->safe_psql( 'postgres', - q{SELECT options FROM pg_tde_list_all_global_key_providers() WHERE provider_name = 'global-provider'} + q{SELECT options FROM pg_tde_list_all_global_key_providers() WHERE name = 'global-provider'} )); is( $options->{url}, 'http://vault-server.example:8200/', From 324ac4c090b844f74271e229f718b5a95a6c2e9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85strand?= Date: Wed, 11 Jun 2025 11:48:16 +0200 Subject: [PATCH 2/2] Remove double prefix from provider name and id In the output from the key info functions the key_ prefix for the provider name and id columns doesn't add any value so let's harmonize them with how we name arguments to the key creation functions. --- .../pg_tde/expected/default_principal_key.out | 64 ++++++------- .../pg_tde/expected/delete_principal_key.out | 16 ++-- contrib/pg_tde/expected/key_provider.out | 6 +- .../pg_tde/expected/pg_tde_is_encrypted.out | 8 +- contrib/pg_tde/pg_tde--1.0-rc.sql | 12 +-- contrib/pg_tde/sql/default_principal_key.sql | 16 ++-- contrib/pg_tde/sql/delete_principal_key.sql | 4 +- contrib/pg_tde/sql/pg_tde_is_encrypted.sql | 2 +- contrib/pg_tde/t/expected/rotate_key.out | 96 +++++++++---------- contrib/pg_tde/t/expected/wal_encrypt.out | 16 ++-- contrib/pg_tde/t/rotate_key.pl | 30 +++--- contrib/pg_tde/t/wal_encrypt.pl | 4 +- 12 files changed, 134 insertions(+), 140 deletions(-) diff --git a/contrib/pg_tde/expected/default_principal_key.out b/contrib/pg_tde/expected/default_principal_key.out index 1de794060aa8c..6c5c92509a66e 100644 --- a/contrib/pg_tde/expected/default_principal_key.out +++ b/contrib/pg_tde/expected/default_principal_key.out @@ -10,11 +10,11 @@ SELECT pg_tde_add_global_key_provider_file('file-provider','/tmp/pg_tde_regressi SELECT pg_tde_verify_default_key(); ERROR: principal key not configured for current database -- Should fail: no default principal key for the server yet -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_default_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+---------- - | | + provider_id | provider_name | key_name +-------------+---------------+---------- + | | (1 row) SELECT pg_tde_set_default_key_using_global_key_provider('default-key', 'file-provider', false); @@ -29,11 +29,11 @@ SELECT pg_tde_verify_default_key(); (1 row) -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_default_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+------------- - -2 | file-provider | default-key + provider_id | provider_name | key_name +-------------+---------------+------------- + -2 | file-provider | default-key (1 row) -- fails @@ -46,11 +46,11 @@ SELECT id, name FROM pg_tde_list_all_global_key_providers(); (1 row) -- Should fail: no principal key for the database yet -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+---------- - | | + provider_id | provider_name | key_name +-------------+---------------+---------- + | | (1 row) -- Should succeed: "localizes" the default principal key for the database @@ -61,11 +61,11 @@ CREATE TABLE test_enc( ) USING tde_heap; INSERT INTO test_enc (k) VALUES (1), (2), (3); -- Should succeed: create table localized the principal key -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+------------- - -2 | file-provider | default-key + provider_id | provider_name | key_name +-------------+---------------+------------- + -2 | file-provider | default-key (1 row) SELECT current_database() AS regress_database @@ -75,11 +75,11 @@ CREATE DATABASE regress_pg_tde_other; CREATE EXTENSION pg_tde; CREATE EXTENSION pg_buffercache; -- Should fail: no principal key for the database yet -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+---------- - | | + provider_id | provider_name | key_name +-------------+---------------+---------- + | | (1 row) -- Should succeed: "localizes" the default principal key for the database @@ -90,11 +90,11 @@ CREATE TABLE test_enc( ) USING tde_heap; INSERT INTO test_enc (k) VALUES (1), (2), (3); -- Should succeed: create table localized the principal key -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+------------- - -2 | file-provider | default-key + provider_id | provider_name | key_name +-------------+---------------+------------- + -2 | file-provider | default-key (1 row) \c :regress_database @@ -105,19 +105,19 @@ SELECT pg_tde_set_default_key_using_global_key_provider('new-default-key', 'file (1 row) -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+----------------- - -2 | file-provider | new-default-key + provider_id | provider_name | key_name +-------------+---------------+----------------- + -2 | file-provider | new-default-key (1 row) \c regress_pg_tde_other -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+----------------- - -2 | file-provider | new-default-key + provider_id | provider_name | key_name +-------------+---------------+----------------- + -2 | file-provider | new-default-key (1 row) SELECT pg_buffercache_evict(bufferid) FROM pg_buffercache WHERE relfilenode = (SELECT relfilenode FROM pg_class WHERE oid = 'test_enc'::regclass); diff --git a/contrib/pg_tde/expected/delete_principal_key.out b/contrib/pg_tde/expected/delete_principal_key.out index 480297556dd07..3c6319e7b3ebf 100644 --- a/contrib/pg_tde/expected/delete_principal_key.out +++ b/contrib/pg_tde/expected/delete_principal_key.out @@ -13,10 +13,10 @@ SELECT pg_tde_set_key_using_global_key_provider('test-db-key','file-provider'); (1 row) -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+------------- - -3 | file-provider | test-db-key +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); + provider_id | provider_name | key_name +-------------+---------------+------------- + -3 | file-provider | test-db-key (1 row) SELECT pg_tde_delete_key(); @@ -84,10 +84,10 @@ SELECT pg_tde_delete_key(); (1 row) -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+------------- - -3 | file-provider | defalut-key +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); + provider_id | provider_name | key_name +-------------+---------------+------------- + -3 | file-provider | defalut-key (1 row) -- Try to delete key when default key is used diff --git a/contrib/pg_tde/expected/key_provider.out b/contrib/pg_tde/expected/key_provider.out index b7a3105fa2823..2570357c4ffce 100644 --- a/contrib/pg_tde/expected/key_provider.out +++ b/contrib/pg_tde/expected/key_provider.out @@ -1,8 +1,8 @@ CREATE EXTENSION IF NOT EXISTS pg_tde; SELECT * FROM pg_tde_key_info(); - key_name | key_provider_name | key_provider_id | key_creation_time -----------+-------------------+-----------------+------------------- - | | | + key_name | provider_name | provider_id | key_creation_time +----------+---------------+-------------+------------------- + | | | (1 row) SELECT pg_tde_add_database_key_provider('file', 'incorrect-file-provider', '{"path": {"foo": "/tmp/pg_tde_test_keyring.per"}}'); diff --git a/contrib/pg_tde/expected/pg_tde_is_encrypted.out b/contrib/pg_tde/expected/pg_tde_is_encrypted.out index fc85af7de597a..f3916e4734adb 100644 --- a/contrib/pg_tde/expected/pg_tde_is_encrypted.out +++ b/contrib/pg_tde/expected/pg_tde_is_encrypted.out @@ -77,11 +77,11 @@ SELECT pg_tde_is_encrypted(NULL); (1 row) -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+------------- - 1 | file-vault | test-db-key + provider_id | provider_name | key_name +-------------+---------------+------------- + 1 | file-vault | test-db-key (1 row) DROP TABLE test_temp_norm; diff --git a/contrib/pg_tde/pg_tde--1.0-rc.sql b/contrib/pg_tde/pg_tde--1.0-rc.sql index 716fa003e1158..242482dbc30c0 100644 --- a/contrib/pg_tde/pg_tde--1.0-rc.sql +++ b/contrib/pg_tde/pg_tde--1.0-rc.sql @@ -271,8 +271,8 @@ REVOKE ALL ON FUNCTION pg_tde_delete_default_key() FROM PUBLIC; CREATE FUNCTION pg_tde_key_info() RETURNS TABLE ( key_name TEXT, - key_provider_name TEXT, - key_provider_id INT, + provider_name TEXT, + provider_id INT, key_creation_time TIMESTAMP WITH TIME ZONE) LANGUAGE C AS 'MODULE_PATHNAME'; @@ -280,8 +280,8 @@ REVOKE ALL ON FUNCTION pg_tde_key_info() FROM PUBLIC; CREATE FUNCTION pg_tde_server_key_info() RETURNS TABLE ( key_name TEXT, - key_provider_name TEXT, - key_provider_id INT, + provider_name TEXT, + provider_id INT, key_creation_time TIMESTAMP WITH TIME ZONE) LANGUAGE C AS 'MODULE_PATHNAME'; @@ -289,8 +289,8 @@ REVOKE ALL ON FUNCTION pg_tde_server_key_info() FROM PUBLIC; CREATE FUNCTION pg_tde_default_key_info() RETURNS TABLE ( key_name TEXT, - key_provider_name TEXT, - key_provider_id INT, + provider_name TEXT, + provider_id INT, key_creation_time TIMESTAMP WITH TIME ZONE) LANGUAGE C AS 'MODULE_PATHNAME'; diff --git a/contrib/pg_tde/sql/default_principal_key.sql b/contrib/pg_tde/sql/default_principal_key.sql index ec24ccd4d4c4e..3a39fa87fc0c2 100644 --- a/contrib/pg_tde/sql/default_principal_key.sql +++ b/contrib/pg_tde/sql/default_principal_key.sql @@ -7,13 +7,13 @@ SELECT pg_tde_add_global_key_provider_file('file-provider','/tmp/pg_tde_regressi SELECT pg_tde_verify_default_key(); -- Should fail: no default principal key for the server yet -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_default_key_info(); SELECT pg_tde_set_default_key_using_global_key_provider('default-key', 'file-provider', false); SELECT pg_tde_verify_default_key(); -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_default_key_info(); -- fails @@ -21,7 +21,7 @@ SELECT pg_tde_delete_global_key_provider('file-provider'); SELECT id, name FROM pg_tde_list_all_global_key_providers(); -- Should fail: no principal key for the database yet -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); -- Should succeed: "localizes" the default principal key for the database @@ -34,7 +34,7 @@ CREATE TABLE test_enc( INSERT INTO test_enc (k) VALUES (1), (2), (3); -- Should succeed: create table localized the principal key -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); SELECT current_database() AS regress_database @@ -48,7 +48,7 @@ CREATE EXTENSION pg_tde; CREATE EXTENSION pg_buffercache; -- Should fail: no principal key for the database yet -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); -- Should succeed: "localizes" the default principal key for the database @@ -61,7 +61,7 @@ CREATE TABLE test_enc( INSERT INTO test_enc (k) VALUES (1), (2), (3); -- Should succeed: create table localized the principal key -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); \c :regress_database @@ -70,12 +70,12 @@ CHECKPOINT; SELECT pg_tde_set_default_key_using_global_key_provider('new-default-key', 'file-provider', false); -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); \c regress_pg_tde_other -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); SELECT pg_buffercache_evict(bufferid) FROM pg_buffercache WHERE relfilenode = (SELECT relfilenode FROM pg_class WHERE oid = 'test_enc'::regclass); diff --git a/contrib/pg_tde/sql/delete_principal_key.sql b/contrib/pg_tde/sql/delete_principal_key.sql index 6f313277ab297..f058a7f506064 100644 --- a/contrib/pg_tde/sql/delete_principal_key.sql +++ b/contrib/pg_tde/sql/delete_principal_key.sql @@ -5,7 +5,7 @@ SELECT pg_tde_add_global_key_provider_file('file-provider','/tmp/pg_tde_test_key -- Set the local key and delete it without any encrypted tables -- Should succeed: nothing used the key SELECT pg_tde_set_key_using_global_key_provider('test-db-key','file-provider'); -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); SELECT pg_tde_delete_key(); -- Set local key, encrypt a table, and delete the key @@ -32,7 +32,7 @@ SELECT pg_tde_set_default_key_using_global_key_provider('defalut-key','file-prov SELECT pg_tde_set_key_using_global_key_provider('test-db-key','file-provider'); CREATE TABLE test_table (id int, data text) USING tde_heap; SELECT pg_tde_delete_key(); -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); -- Try to delete key when default key is used -- Should fail: table already uses the default key, so there is no key to fallback to diff --git a/contrib/pg_tde/sql/pg_tde_is_encrypted.sql b/contrib/pg_tde/sql/pg_tde_is_encrypted.sql index f1fdede1c93bd..19e57b1689b93 100644 --- a/contrib/pg_tde/sql/pg_tde_is_encrypted.sql +++ b/contrib/pg_tde/sql/pg_tde_is_encrypted.sql @@ -38,7 +38,7 @@ SELECT relname, pg_tde_is_encrypted(relname) FROM (VALUES ('test_enc_pkey'), ('t SELECT pg_tde_is_encrypted(NULL); -SELECT key_provider_id, key_provider_name, key_name +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); DROP TABLE test_temp_norm; diff --git a/contrib/pg_tde/t/expected/rotate_key.out b/contrib/pg_tde/t/expected/rotate_key.out index 288d9d7a3993e..956708ed5981e 100644 --- a/contrib/pg_tde/t/expected/rotate_key.out +++ b/contrib/pg_tde/t/expected/rotate_key.out @@ -59,16 +59,16 @@ SELECT * FROM test_enc ORDER BY id; (2 rows) -- server restart -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+-------------- - 1 | file-vault | rotated-key1 +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); + provider_id | provider_name | key_name +-------------+---------------+-------------- + 1 | file-vault | rotated-key1 (1 row) -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+---------- - | | +SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info(); + provider_id | provider_name | key_name +-------------+---------------+---------- + | | (1 row) SELECT * FROM test_enc ORDER BY id; @@ -92,16 +92,16 @@ SELECT * FROM test_enc ORDER BY id; (2 rows) -- server restart -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+-------------- - 2 | file-2 | rotated-key2 +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); + provider_id | provider_name | key_name +-------------+---------------+-------------- + 2 | file-2 | rotated-key2 (1 row) -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+---------- - | | +SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info(); + provider_id | provider_name | key_name +-------------+---------------+---------- + | | (1 row) SELECT * FROM test_enc ORDER BY id; @@ -125,16 +125,16 @@ SELECT * FROM test_enc ORDER BY id; (2 rows) -- server restart -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+------------- - -2 | file-3 | rotated-key +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); + provider_id | provider_name | key_name +-------------+---------------+------------- + -2 | file-3 | rotated-key (1 row) -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+---------- - | | +SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info(); + provider_id | provider_name | key_name +-------------+---------------+---------- + | | (1 row) SELECT * FROM test_enc ORDER BY id; @@ -158,16 +158,16 @@ SELECT * FROM test_enc ORDER BY id; (2 rows) -- server restart -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+-------------- - -1 | file-2 | rotated-keyX +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); + provider_id | provider_name | key_name +-------------+---------------+-------------- + -1 | file-2 | rotated-keyX (1 row) -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+---------- - | | +SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info(); + provider_id | provider_name | key_name +-------------+---------------+---------- + | | (1 row) SELECT * FROM test_enc ORDER BY id; @@ -181,16 +181,16 @@ ALTER SYSTEM SET pg_tde.inherit_global_providers = off; -- server restart SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX2', 'file-2', false); psql::1: ERROR: Usage of global key providers is disabled. Enable it with pg_tde.inherit_global_providers = ON -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+-------------- - -1 | file-2 | rotated-keyX +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); + provider_id | provider_name | key_name +-------------+---------------+-------------- + -1 | file-2 | rotated-keyX (1 row) -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+---------- - | | +SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info(); + provider_id | provider_name | key_name +-------------+---------------+---------- + | | (1 row) SELECT pg_tde_set_key_using_database_key_provider('rotated-key2', 'file-2'); @@ -199,16 +199,16 @@ SELECT pg_tde_set_key_using_database_key_provider('rotated-key2', 'file-2'); (1 row) -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+-------------- - 2 | file-2 | rotated-key2 +SELECT provider_id, provider_name, key_name FROM pg_tde_key_info(); + provider_id | provider_name | key_name +-------------+---------------+-------------- + 2 | file-2 | rotated-key2 (1 row) -SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info(); - key_provider_id | key_provider_name | key_name ------------------+-------------------+---------- - | | +SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info(); + provider_id | provider_name | key_name +-------------+---------------+---------- + | | (1 row) DROP TABLE test_enc; diff --git a/contrib/pg_tde/t/expected/wal_encrypt.out b/contrib/pg_tde/t/expected/wal_encrypt.out index 15f878e0d24a8..3f89acc31a745 100644 --- a/contrib/pg_tde/t/expected/wal_encrypt.out +++ b/contrib/pg_tde/t/expected/wal_encrypt.out @@ -7,10 +7,10 @@ SELECT pg_tde_add_global_key_provider_file('file-keyring-010', '/tmp/pg_tde_test SELECT pg_tde_verify_server_key(); psql::1: ERROR: principal key not configured for current database -SELECT key_name, key_provider_name, key_provider_id FROM pg_tde_server_key_info(); - key_name | key_provider_name | key_provider_id -----------+-------------------+----------------- - | | +SELECT key_name, provider_name, provider_id FROM pg_tde_server_key_info(); + key_name | provider_name | provider_id +----------+---------------+------------- + | | (1 row) SELECT pg_tde_set_server_key_using_global_key_provider('server-key', 'file-keyring-010'); @@ -25,10 +25,10 @@ SELECT pg_tde_verify_server_key(); (1 row) -SELECT key_name, key_provider_name, key_provider_id FROM pg_tde_server_key_info(); - key_name | key_provider_name | key_provider_id -------------+-------------------+----------------- - server-key | file-keyring-010 | -1 +SELECT key_name, provider_name, provider_id FROM pg_tde_server_key_info(); + key_name | provider_name | provider_id +------------+------------------+------------- + server-key | file-keyring-010 | -1 (1 row) ALTER SYSTEM SET pg_tde.wal_encrypt = on; diff --git a/contrib/pg_tde/t/rotate_key.pl b/contrib/pg_tde/t/rotate_key.pl index 02da31aca98b8..c203513635cd9 100644 --- a/contrib/pg_tde/t/rotate_key.pl +++ b/contrib/pg_tde/t/rotate_key.pl @@ -54,10 +54,9 @@ $node->restart; PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();" -); + "SELECT provider_id, provider_name, key_name FROM pg_tde_key_info();"); PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();" + "SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info();" ); PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); @@ -71,10 +70,9 @@ $node->restart; PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();" -); + "SELECT provider_id, provider_name, key_name FROM pg_tde_key_info();"); PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();" + "SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info();" ); PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); @@ -88,10 +86,9 @@ $node->restart; PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();" -); + "SELECT provider_id, provider_name, key_name FROM pg_tde_key_info();"); PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();" + "SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info();" ); PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); @@ -108,10 +105,9 @@ $node->restart; PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();" -); + "SELECT provider_id, provider_name, key_name FROM pg_tde_key_info();"); PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();" + "SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info();" ); PGTDE::psql($node, 'postgres', 'SELECT * FROM test_enc ORDER BY id;'); @@ -127,20 +123,18 @@ "SELECT pg_tde_set_key_using_global_key_provider('rotated-keyX2', 'file-2', false);" ); PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();" -); + "SELECT provider_id, provider_name, key_name FROM pg_tde_key_info();"); PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();" + "SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info();" ); PGTDE::psql($node, 'postgres', "SELECT pg_tde_set_key_using_database_key_provider('rotated-key2', 'file-2');" ); PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_key_info();" -); + "SELECT provider_id, provider_name, key_name FROM pg_tde_key_info();"); PGTDE::psql($node, 'postgres', - "SELECT key_provider_id, key_provider_name, key_name FROM pg_tde_server_key_info();" + "SELECT provider_id, provider_name, key_name FROM pg_tde_server_key_info();" ); PGTDE::psql($node, 'postgres', 'DROP TABLE test_enc;'); diff --git a/contrib/pg_tde/t/wal_encrypt.pl b/contrib/pg_tde/t/wal_encrypt.pl index 2799b3b6d238b..61ac3c8e46129 100644 --- a/contrib/pg_tde/t/wal_encrypt.pl +++ b/contrib/pg_tde/t/wal_encrypt.pl @@ -26,7 +26,7 @@ PGTDE::psql($node, 'postgres', 'SELECT pg_tde_verify_server_key();'); PGTDE::psql($node, 'postgres', - 'SELECT key_name, key_provider_name, key_provider_id FROM pg_tde_server_key_info();' + 'SELECT key_name, provider_name, provider_id FROM pg_tde_server_key_info();' ); PGTDE::psql($node, 'postgres', @@ -36,7 +36,7 @@ PGTDE::psql($node, 'postgres', 'SELECT pg_tde_verify_server_key();'); PGTDE::psql($node, 'postgres', - 'SELECT key_name, key_provider_name, key_provider_id FROM pg_tde_server_key_info();' + 'SELECT key_name, provider_name, provider_id FROM pg_tde_server_key_info();' ); PGTDE::psql($node, 'postgres', 'ALTER SYSTEM SET pg_tde.wal_encrypt = on;');