Skip to content

Tap tests #396

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
May 13, 2025
Merged

Tap tests #396

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d1ac7b4
Update test case to remove redundant code
shahidullah79 May 13, 2025
f975136
Add default global key rotation
shahidullah79 May 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 0 additions & 19 deletions postgresql/t/065_default_key.pl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,18 +10,6 @@

PGTDE::setup_files_dir(basename($0));

my $DB_NAME= "postgres";
my $KMIP_URL = "kmip1";
my $KMIP_PORT = 5696;
my $KMIP_SERVER_CA = "/tmp/certs/server_certificate.pem";
my $KMIP_SERVER_CLIENT_KEY = "/tmp/certs/client_key_jane_doe.pem";
my $VAULT_URL = "172.18.0.2";
my $VAULT_PORT = 8200;
my $VAULT_SERVER_URL = "http://$VAULT_URL:$VAULT_PORT";
my $VAULT_TOKEN = 'root';
my $VAULT_SECRET_MOUNT_POINT = 'secret';


# Initialize primary node
my $node_primary = PostgreSQL::Test::Cluster->new('primary');
$node_primary->init;
Expand All @@ -36,13 +24,6 @@
ensure_database_exists_and_accessible($node_primary, $DB_NAME);
$node_primary->safe_psql($DB_NAME, "CREATE EXTENSION pg_tde;");

# "Creating databases test1, test2
#ensure_database_exists_and_accessible($node_primary, 'test1');
#ensure_database_exists_and_accessible($node_primary, 'test2');

# "Creating pg_tde extension in test1, test2"
#$node_primary->safe_psql('test1', "CREATE EXTENSION pg_tde;");
#$node_primary->safe_psql('test2', "CREATE EXTENSION pg_tde;");
$node_primary->safe_psql($DB_NAME,
"SELECT pg_tde_add_global_key_provider_file('global-prov-file', '/tmp/global-file-keyring.per');"
);
Expand Down
2 changes: 0 additions & 2 deletions postgresql/t/070_change_global_provider_data_integraty.pl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,6 @@
ensure_database_exists_and_accessible($node_primary, $dbname);
$node_primary->safe_psql($dbname, "CREATE EXTENSION pg_tde;");

#diag("Creating global file provider");

# Global FILE provider
my $setup_sql_file = sprintf(
"SELECT pg_tde_add_global_key_provider_file('%s', '/tmp/keyring.file');",
Expand Down
141 changes: 141 additions & 0 deletions postgresql/t/071_default_key_rotation_global.pl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
use strict;
use warnings FATAL => 'all';
use File::Basename;
use PostgreSQL::Test::Cluster;
use PostgreSQL::Test::Utils;
use Test::More;
use lib 't';
use pgtde;
use tde_helper;

PGTDE::setup_files_dir(basename($0));

# Initialize primary node
my $node_primary = PostgreSQL::Test::Cluster->new('primary');
$node_primary->init;

enable_pg_tde_in_conf($node_primary);
set_default_table_am_tde_heap($node_primary);

$node_primary->append_conf('postgresql.conf', "listen_addresses = '*'");
$node_primary->start;

# Create a new database if not exists
ensure_database_exists_and_accessible($node_primary, $DB_NAME);
$node_primary->safe_psql($DB_NAME, "CREATE EXTENSION pg_tde;");

# Common variables
my $dbname = 'test_db';
my $KMIP_PRO = 'kmip_keyring7';
my $VAULT_PRO = 'vault_keyring7';
my $FILE_PRO = 'file_keyring7';
my $KMIP_KEY = 'kmip_key7';
my $VAULT_KEY = 'vault_key7';
my $FILE_KEY = 'file_key7';


ensure_database_exists_and_accessible($node_primary, $dbname);
$node_primary->safe_psql($dbname, "CREATE EXTENSION pg_tde;");

# Global Vault_v2 provider
my $setup_sql_vault = sprintf(
"SELECT pg_tde_add_global_key_provider_vault_v2('%s', '%s', '%s', '%s', NULL);",
$VAULT_PRO, $VAULT_TOKEN, $VAULT_SERVER_URL, $VAULT_SECRET_MOUNT_POINT
);

my $vault_result = invoke_add_key_provider_function($node_primary, $dbname, $VAULT_PRO, $setup_sql_vault);
ok($vault_result, "$VAULT_PRO global key provider created successfully");

# Add a default global key using the vault provider
my $key_result = invoke_add_key_function($node_primary, $dbname, 'pg_tde_set_default_key_using_global_key_provider', $VAULT_KEY, $VAULT_PRO);
ok($key_result, "$VAULT_KEY default global Key was set successfully using provider $VAULT_PRO");

# Create a table using the global Vault provider
eval {
$node_primary->safe_psql($dbname,
"CREATE TABLE t1(a INT PRIMARY KEY, b VARCHAR) USING tde_heap;");
$node_primary->safe_psql($dbname,
"INSERT INTO t1 VALUES (101, 'James Bond');");
1;
} or do {
fail("Table operations failed: $@");
return;
};

# Verify the table data
my $result = $node_primary->safe_psql($dbname, "SELECT * FROM t1;");
chomp($result);
is($result, "101|James Bond", "Table contents are as expected: $result");

# Verify the default key info
my $default_key_info = $node_primary->safe_psql($dbname, "SELECT key_name, key_provider_name FROM pg_tde_default_key_info();");
like($default_key_info, qr/^$VAULT_KEY\|$VAULT_PRO$/, "Default key and provider are correct");

# Rotate the Global Default Principal Key
$key_result = invoke_add_key_function($node_primary, $dbname, 'pg_tde_set_default_key_using_global_key_provider', 'default_global_vault_key2', $VAULT_PRO);
ok($key_result, "default_global_vault_key2 default global Key was set successfully using provider $VAULT_PRO");

# Verify the table data after key rotation
$result = $node_primary->safe_psql($dbname, "SELECT * FROM t1;");
chomp($result);
is($result, "101|James Bond", "Table contents after key rotation are as expected: $result");

# Verify the default key info
$default_key_info = $node_primary->safe_psql($dbname, "SELECT key_name, key_provider_name FROM pg_tde_default_key_info();");
like($default_key_info, qr/^default_global_vault_key2\|$VAULT_PRO$/, "Default key and provider are correct");

# Change Global Key Provider to kmip
my $setup_sql_kmip = sprintf(
"SELECT pg_tde_add_global_key_provider_kmip('%s', '%s', %d, '%s', '%s');",
$KMIP_PRO, $KMIP_URL, $KMIP_PORT, $KMIP_SERVER_CA, $KMIP_SERVER_CLIENT_KEY
);
$vault_result = invoke_add_key_provider_function($node_primary, $dbname, $KMIP_PRO, $setup_sql_kmip);
ok($vault_result, "$KMIP_PRO global key provider created successfully");

# Rotate the Global Default Principal Key
$key_result = invoke_add_key_function($node_primary, $dbname, 'pg_tde_set_default_key_using_global_key_provider', 'default_global_kmip_key2', $KMIP_PRO);
ok($key_result, "default_global_kmip_key2 default global Key was set successfully using provider $KMIP_PRO");

# Verify the table data after key rotation
$result = $node_primary->safe_psql($dbname, "SELECT * FROM t1;");
chomp($result);
is($result, "101|James Bond", "Table data is correct after change key provider and key rotation, are as expected: $result");

# Verify the default key info
$default_key_info = $node_primary->safe_psql($dbname, "SELECT key_name, key_provider_name FROM pg_tde_default_key_info();");
like($default_key_info, qr/^default_global_kmip_key2\|$KMIP_PRO$/, "Default key and provider are correct");

# Change Global Key Provider to file
my $setup_sql_file = sprintf(
"SELECT pg_tde_add_global_key_provider_file('%s', '/tmp/keyring.file');",
$FILE_PRO
);
$vault_result = invoke_add_key_provider_function($node_primary, $dbname, $FILE_PRO, $setup_sql_file);
ok($vault_result, "$FILE_PRO global key provider created successfully");

# Rotate the Global Default Principal Key
$key_result = invoke_add_key_function($node_primary, $dbname, 'pg_tde_set_default_key_using_global_key_provider', 'default_global_file_key2', $FILE_PRO);
ok($key_result, "default_global_file_key2 default global Key was set successfully using provider $FILE_PRO");

# Verify the table data after key rotation
$result = $node_primary->safe_psql($dbname, "SELECT * FROM t1;");
chomp($result);
is($result, "101|James Bond", "Table data is correct after change key provider are as expected: $result");

# Verify the default key info
$default_key_info = $node_primary->safe_psql($dbname, "SELECT key_name, key_provider_name FROM pg_tde_default_key_info();");
like($default_key_info, qr/^default_global_file_key2\|$FILE_PRO$/, "Default key and provider are correct");

# Restart the server
$node_primary->restart;

# Verify the table data after server restart
$result = $node_primary->safe_psql($dbname, "SELECT * FROM t1;");
chomp($result);
is($result, "101|James Bond", "Table data is correct after server restart are as expected: $result");

# Verify the default key info
$default_key_info = $node_primary->safe_psql($dbname, "SELECT key_name, key_provider_name FROM pg_tde_default_key_info();");
like($default_key_info, qr/^default_global_file_key2\|file_keyring7$/, "Default key and provider are correct");

done_testing();