diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index 9120d6a1..c9eedb1b 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -170,4 +170,5 @@ jobs: postgres/src/test/*/regression.out postgres/src/test/*/results postgres/src/test/*/tmp_check + /tmp/pg_tde_basebackup.out retention-days: 3 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index ffb8d45d..67abbe00 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -1,87 +1,87 @@ -name: Code coverage -on: - pull_request: - paths-ignore: - - documentation/** - push: - branches: - - main - paths-ignore: - - documentation/** +# name: Code coverage +# on: +# pull_request: +# paths-ignore: +# - documentation/** +# push: +# branches: +# - main +# paths-ignore: +# - documentation/** -env: - pg_version: 18 - # Avoid failures on slow recovery - PGCTLTIMEOUT: 120 - PG_TEST_TIMEOUT_DEFAULT: 300 +# env: +# pg_version: 18 +# # Avoid failures on slow recovery +# PGCTLTIMEOUT: 120 +# PG_TEST_TIMEOUT_DEFAULT: 300 -jobs: - collect: - name: Collect and upload - runs-on: ubuntu-24.04 - timeout-minutes: 10 - steps: - - name: Clone repository - uses: actions/checkout@v6 - with: - path: src - submodules: recursive +# jobs: +# collect: +# name: Collect and upload +# runs-on: ubuntu-24.04 +# timeout-minutes: 10 +# steps: +# - name: Clone repository +# uses: actions/checkout@v6 +# with: +# path: src +# submodules: recursive - - name: Clone postgres repository - uses: actions/checkout@v6 - with: - path: postgres - repository: percona/postgres.git - ref: PSP_REL_${{ env.pg_version }}_STABLE +# - name: Clone postgres repository +# uses: actions/checkout@v6 +# with: +# path: postgres +# repository: percona/postgres.git +# ref: PSP_REL_${{ env.pg_version }}_STABLE - # KMIP server don't support Python 3.12 for now: https://github.com/OpenKMIP/PyKMIP/pull/707 - - name: Downgrade python to 3.11 - uses: actions/setup-python@v6 - with: - python-version: 3.11 +# # KMIP server don't support Python 3.12 for now: https://github.com/OpenKMIP/PyKMIP/pull/707 +# - name: Downgrade python to 3.11 +# uses: actions/setup-python@v6 +# with: +# python-version: 3.11 - - name: Install dependencies - run: src/ci_scripts/ubuntu-deps.sh +# - name: Install dependencies +# run: src/ci_scripts/ubuntu-deps.sh - - name: Build postgres - run: src/ci_scripts/build-and-install-psp.sh coverage +# - name: Build postgres +# run: src/ci_scripts/build-and-install-psp.sh coverage - - name: Build pg_tde - run: src/ci_scripts/build.sh debug +# - name: Build pg_tde +# run: src/ci_scripts/build.sh debug - - name: Setup kmip and vault - run: src/ci_scripts/setup-keyring-servers.sh +# - name: Setup kmip and vault +# run: src/ci_scripts/setup-keyring-servers.sh - - name: Run pg_tde tests - run: src/ci_scripts/test.sh +# - name: Run pg_tde tests +# run: src/ci_scripts/test.sh - - name: Process coverage - run: | - geninfo -o coverage.info --no-external --rc lcov_branch_coverage=1 -i . - geninfo -o coverage.info --no-external --rc lcov_branch_coverage=1 . - working-directory: src +# - name: Process coverage +# run: | +# geninfo -o coverage.info --no-external --rc lcov_branch_coverage=1 -i . +# geninfo -o coverage.info --no-external --rc lcov_branch_coverage=1 . +# working-directory: src - - name: Upload coverage data to codecov.io - uses: codecov/codecov-action@v5 - with: - verbose: true - fail_ci_if_error: true - token: ${{ secrets.CODECOV_TOKEN }} - disable_search: true - files: coverage.info - working-directory: src +# - name: Upload coverage data to codecov.io +# uses: codecov/codecov-action@v5 +# with: +# verbose: true +# fail_ci_if_error: true +# token: ${{ secrets.CODECOV_TOKEN }} +# disable_search: true +# files: coverage.info +# working-directory: src - - name: Report on test fail - uses: actions/upload-artifact@v7 - if: ${{ failure() }} - with: - name: coverage-testlog - path: | - src/regress_install - src/regress_install.log - src/regression.diffs - src/regression.out - src/results - src/t/results - src/tmp_check - retention-days: 3 +# - name: Report on test fail +# uses: actions/upload-artifact@v7 +# if: ${{ failure() }} +# with: +# name: coverage-testlog +# path: | +# src/regress_install +# src/regress_install.log +# src/regression.diffs +# src/regression.out +# src/results +# src/t/results +# src/tmp_check +# retention-days: 3 diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index 885d5348..16fe9169 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -11,22 +11,22 @@ on: - documentation/** jobs: - main: - name: Main matrix - strategy: - fail-fast: false - matrix: - pg_version: [17, 18] - os: [ubuntu-24.04] - compiler: [gcc, clang] - build_type: [debugoptimized] - uses: ./.github/workflows/build-and-test.yml - with: - pg_version: ${{ matrix.pg_version }} - os: ${{ matrix.os }} - compiler: ${{ matrix.compiler }} - build_type: ${{ matrix.build_type }} - secrets: inherit + # main: + # name: Main matrix + # strategy: + # fail-fast: false + # matrix: + # pg_version: [17, 18] + # os: [ubuntu-24.04] + # compiler: [gcc, clang] + # build_type: [debugoptimized] + # uses: ./.github/workflows/build-and-test.yml + # with: + # pg_version: ${{ matrix.pg_version }} + # os: ${{ matrix.os }} + # compiler: ${{ matrix.compiler }} + # build_type: ${{ matrix.build_type }} + # secrets: inherit macos: name: MacOS matrix @@ -45,42 +45,42 @@ jobs: build_type: ${{ matrix.build_type }} secrets: inherit - arm: - name: ARM matrix - if: github.event_name != 'pull_request' - strategy: - fail-fast: false - matrix: - pg_version: [17, 18] - os: [ubuntu-24.04-arm] - compiler: [gcc, clang] - build_type: [debugoptimized] - uses: ./.github/workflows/build-and-test.yml - with: - pg_version: ${{ matrix.pg_version }} - os: ${{ matrix.os }} - compiler: ${{ matrix.compiler }} - build_type: ${{ matrix.build_type }} - secrets: inherit + # arm: + # name: ARM matrix + # if: github.event_name != 'pull_request' + # strategy: + # fail-fast: false + # matrix: + # pg_version: [17, 18] + # os: [ubuntu-24.04-arm] + # compiler: [gcc, clang] + # build_type: [debugoptimized] + # uses: ./.github/workflows/build-and-test.yml + # with: + # pg_version: ${{ matrix.pg_version }} + # os: ${{ matrix.os }} + # compiler: ${{ matrix.compiler }} + # build_type: ${{ matrix.build_type }} + # secrets: inherit - slack-notification: - if: failure() && github.event_name == 'push' - needs: [main, arm] - name: Slack Notification - runs-on: ubuntu-24.04 - timeout-minutes: 5 - steps: - - name: Notify - uses: slackapi/slack-github-action@v2.1.1 - with: - webhook: ${{ secrets.SLACK_WEBHOOK_URL }} - webhook-type: incoming-webhook - payload: | - blocks: - - type: "section" - text: - type: "mrkdwn" - text: "Workflow *${{ github.workflow }}* failed on branch *${{ github.ref_name }}*\n - Commit: <${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}|${{ github.sha }}>\n - \n - <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View logs>" + # slack-notification: + # if: failure() && github.event_name == 'push' + # needs: [main, arm] + # name: Slack Notification + # runs-on: ubuntu-24.04 + # timeout-minutes: 5 + # steps: + # - name: Notify + # uses: slackapi/slack-github-action@v2.1.1 + # with: + # webhook: ${{ secrets.SLACK_WEBHOOK_URL }} + # webhook-type: incoming-webhook + # payload: | + # blocks: + # - type: "section" + # text: + # type: "mrkdwn" + # text: "Workflow *${{ github.workflow }}* failed on branch *${{ github.ref_name }}*\n + # Commit: <${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}|${{ github.sha }}>\n + # \n + # <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View logs>" diff --git a/.github/workflows/pgindent.yml b/.github/workflows/pgindent.yml index d890d893..e8d39779 100644 --- a/.github/workflows/pgindent.yml +++ b/.github/workflows/pgindent.yml @@ -1,45 +1,45 @@ -name: Format -on: - pull_request: - paths-ignore: - - documentation/** - -env: - pg_version: 18 - -jobs: - check: - name: Check - runs-on: ubuntu-24.04 - timeout-minutes: 5 - steps: - - name: Clone repository - uses: actions/checkout@v6 - with: - path: src - submodules: recursive - - - name: Clone postgres repository - uses: actions/checkout@v6 - with: - path: postgres - repository: percona/postgres.git - ref: PSP_REL_${{ env.pg_version }}_STABLE - - - name: Install dependencies - run: src/ci_scripts/ubuntu-deps.sh - - - name: Build postgres - run: src/ci_scripts/build-and-install-psp.sh debug - - - name: Build pg_tde - run: src/ci_scripts/build.sh debug - - - name: Update typedefs - run: src/ci_scripts/dump-typedefs.sh - - - name: Run pgindent - run: src/ci_scripts/run-pgindent.sh --check --diff - - - name: Run pgperltidy - run: src/ci_scripts/run-pgperltidy.sh --assert-tidy --standard-error-output +# name: Format +# on: +# pull_request: +# paths-ignore: +# - documentation/** + +# env: +# pg_version: 18 + +# jobs: +# check: +# name: Check +# runs-on: ubuntu-24.04 +# timeout-minutes: 5 +# steps: +# - name: Clone repository +# uses: actions/checkout@v6 +# with: +# path: src +# submodules: recursive + +# - name: Clone postgres repository +# uses: actions/checkout@v6 +# with: +# path: postgres +# repository: percona/postgres.git +# ref: PSP_REL_${{ env.pg_version }}_STABLE + +# - name: Install dependencies +# run: src/ci_scripts/ubuntu-deps.sh + +# - name: Build postgres +# run: src/ci_scripts/build-and-install-psp.sh debug + +# - name: Build pg_tde +# run: src/ci_scripts/build.sh debug + +# - name: Update typedefs +# run: src/ci_scripts/dump-typedefs.sh + +# - name: Run pgindent +# run: src/ci_scripts/run-pgindent.sh --check --diff + +# - name: Run pgperltidy +# run: src/ci_scripts/run-pgperltidy.sh --assert-tidy --standard-error-output diff --git a/.github/workflows/sanitizers.yml b/.github/workflows/sanitizers.yml index 5d663543..0a5b4048 100644 --- a/.github/workflows/sanitizers.yml +++ b/.github/workflows/sanitizers.yml @@ -1,76 +1,76 @@ -name: Sanitizers -on: - pull_request: - paths-ignore: - - documentation/** - push: - branches: - - main - paths-ignore: - - documentation/** +# name: Sanitizers +# on: +# pull_request: +# paths-ignore: +# - documentation/** +# push: +# branches: +# - main +# paths-ignore: +# - documentation/** -env: - pg_version: 18 - CC: clang - LD: clang - UBSAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 print_stacktrace=1 print_summary=1 halt_on_error=1 - ASAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 abort_on_error=1 - LSAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 suppressions=${{ github.workspace }}/src/ci_scripts/suppressions/lsan.supp - ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-14 - # Avoid failures on slow recovery - PGCTLTIMEOUT: 120 - PG_TEST_TIMEOUT_DEFAULT: 300 +# env: +# pg_version: 18 +# CC: clang +# LD: clang +# UBSAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 print_stacktrace=1 print_summary=1 halt_on_error=1 +# ASAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 abort_on_error=1 +# LSAN_OPTIONS: log_path=${{ github.workspace }}/sanitize.log print_suppressions=0 suppressions=${{ github.workspace }}/src/ci_scripts/suppressions/lsan.supp +# ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-14 +# # Avoid failures on slow recovery +# PGCTLTIMEOUT: 120 +# PG_TEST_TIMEOUT_DEFAULT: 300 -jobs: - run: - name: Run - runs-on: ubuntu-22.04 - timeout-minutes: 15 - steps: - - name: Clone repository - uses: actions/checkout@v6 - with: - path: src - submodules: recursive +# jobs: +# run: +# name: Run +# runs-on: ubuntu-22.04 +# timeout-minutes: 15 +# steps: +# - name: Clone repository +# uses: actions/checkout@v6 +# with: +# path: src +# submodules: recursive - - name: Clone postgres repository - uses: actions/checkout@v6 - with: - path: postgres - repository: percona/postgres.git - ref: PSP_REL_${{ env.pg_version }}_STABLE +# - name: Clone postgres repository +# uses: actions/checkout@v6 +# with: +# path: postgres +# repository: percona/postgres.git +# ref: PSP_REL_${{ env.pg_version }}_STABLE - - name: Install dependencies - run: src/ci_scripts/ubuntu-deps.sh +# - name: Install dependencies +# run: src/ci_scripts/ubuntu-deps.sh - - name: Build postgres - run: src/ci_scripts/build-and-install-psp.sh sanitize +# - name: Build postgres +# run: src/ci_scripts/build-and-install-psp.sh sanitize - - name: Build pg_tde - run: src/ci_scripts/build.sh sanitize +# - name: Build pg_tde +# run: src/ci_scripts/build.sh sanitize - - name: Setup kmip and vault - run: src/ci_scripts/setup-keyring-servers.sh +# - name: Setup kmip and vault +# run: src/ci_scripts/setup-keyring-servers.sh - - name: Run pg_tde tests - run: src/ci_scripts/test.sh sanitize +# - name: Run pg_tde tests +# run: src/ci_scripts/test.sh sanitize - - name: Print sanitize logs - if: ${{ !cancelled() }} - run: cat sanitize.log.* +# - name: Print sanitize logs +# if: ${{ !cancelled() }} +# run: cat sanitize.log.* - - name: Report on test fail - uses: actions/upload-artifact@v7 - if: ${{ failure() }} - with: - name: sanitizers-testlog - path: | - sanitize.log.* - src/regress_install - src/regress_install.log - src/regression.diffs - src/regression.out - src/results - src/t/results - src/tmp_check - retention-days: 3 +# - name: Report on test fail +# uses: actions/upload-artifact@v7 +# if: ${{ failure() }} +# with: +# name: sanitizers-testlog +# path: | +# sanitize.log.* +# src/regress_install +# src/regress_install.log +# src/regression.diffs +# src/regression.out +# src/results +# src/t/results +# src/tmp_check +# retention-days: 3 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 317abee0..ba7119c3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -1,38 +1,38 @@ -name: Scorecard -on: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: "24 3 * * 1" - push: - branches: - - main +# name: Scorecard +# on: +# # To guarantee Maintained check is occasionally updated. See +# # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained +# schedule: +# - cron: "24 3 * * 1" +# push: +# branches: +# - main -permissions: read-all +# permissions: read-all -jobs: - analysis: - name: Analysis - runs-on: ubuntu-latest - timeout-minutes: 5 - permissions: - security-events: write - id-token: write +# jobs: +# analysis: +# name: Analysis +# runs-on: ubuntu-latest +# timeout-minutes: 5 +# permissions: +# security-events: write +# id-token: write - steps: - - name: Checkout code - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 - with: - persist-credentials: false +# steps: +# - name: Checkout code +# uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 +# with: +# persist-credentials: false - - name: Run analysis - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 - with: - results_file: results.sarif - results_format: sarif - publish_results: true +# - name: Run analysis +# uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 +# with: +# results_file: results.sarif +# results_format: sarif +# publish_results: true - - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 - with: - sarif_file: results.sarif +# - name: Upload to code-scanning +# uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 +# with: +# sarif_file: results.sarif diff --git a/Makefile b/Makefile index 799b316d..03b8e481 100644 --- a/Makefile +++ b/Makefile @@ -3,24 +3,7 @@ MODULE_big = pg_tde EXTENSION = pg_tde DATA = pg_tde--2.0--2.1.sql pg_tde--1.0--2.0.sql pg_tde--1.0.sql -REGRESS = \ - access_control \ - alter_index \ - change_access_method \ - create_database \ - default_principal_key \ - delete_principal_key \ - insert_update_delete \ - key_provider \ - kmip_test \ - partition_table \ - pg_tde_is_encrypted \ - recreate_storage \ - relocate \ - tablespace \ - toast_decrypt \ - vault_v2_test \ - version +REGRESS = TAP_TESTS = 1 FETOOLS = fetools/pg$(MAJORVERSION) diff --git a/ci_scripts/test.sh b/ci_scripts/test.sh index 0f1dac93..fb222791 100755 --- a/ci_scripts/test.sh +++ b/ci_scripts/test.sh @@ -12,10 +12,7 @@ if [ "$1" = sanitize ]; then OPTS+=' --set max_stack_depth=8MB' fi -../pginst/bin/pg_ctl -D regress_install -l regress_install.log init -o "$OPTS" +for i in {1..10}; do + make PG_CONFIG=../pginst/bin/pg_config installcheck PROVE_TESTS=t/pg_rewind_basic.pl +done -../pginst/bin/pg_ctl -D regress_install -l regress_install.log start - -make PG_CONFIG=../pginst/bin/pg_config installcheck - -../pginst/bin/pg_ctl -D regress_install stop diff --git a/src/catalog/tde_keyring.c b/src/catalog/tde_keyring.c index 6ed8b5c6..84606c1a 100644 --- a/src/catalog/tde_keyring.c +++ b/src/catalog/tde_keyring.c @@ -707,11 +707,33 @@ GetKeyProviderByID(int provider_id, Oid dbOid) Oid realOid = provider_id < 0 ? GLOBAL_DATA_TDE_OID : dbOid; GenericKeyring *keyring = NULL; SimplePtrList *providers = scan_key_provider_file(PROVIDER_SCAN_BY_ID, &provider_id, realOid); + if (providers != NULL) { keyring = (GenericKeyring *) providers->head->ptr; + ereport(LOG, errmsg("FOUND KEYRING")); + ereport(LOG, errmsg("keyring id=%d", keyring->keyring_id)); + ereport(LOG, errmsg("keyring name=%s", keyring->provider_name)); + + SimplePtrListCell *cell; + for (cell = providers->head; cell; cell = cell->next) + { + GenericKeyring *keyring = (GenericKeyring *) cell->ptr; + ereport(LOG, errmsg("keyring id=%d", keyring->keyring_id)); + ereport(LOG, errmsg("keyring name=%s", keyring->provider_name)); + } + simple_list_free(providers); + } else{ + ereport(LOG, + errmsg("I was not there")); + } + + if (keyring == NULL) + { + ereport(LOG, + errmsg("no keyring found 1")); } return keyring; @@ -766,7 +788,7 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) if (fd < 0) { LWLockRelease(tde_provider_info_lock()); - ereport(DEBUG2, + ereport(LOG, errcode_for_file_access(), errmsg("could not open tde file \"%s\": %m", kp_info_path)); return providers_list; @@ -781,8 +803,8 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) continue; } - ereport(DEBUG2, - errmsg("read key provider ID=%d %s", provider.provider_id, provider.provider_name)); + ereport(LOG, + errmsg("read key provider ID=%d name=%s file=%s", provider.provider_id, provider.provider_name, kp_info_path)); if (scanType == PROVIDER_SCAN_BY_NAME) { @@ -808,9 +830,14 @@ scan_key_provider_file(ProviderScanType scanType, void *scanKey, Oid dbOid) #else if (providers_list == NULL) providers_list = palloc0_object(SimplePtrList); + ereport(LOG, + errmsg("adding keyring provider to list type=%d name=%s id=%d", provider.provider_type, provider.provider_name, provider.provider_id)); simple_ptr_list_append(providers_list, keyring); #endif } + } else { + ereport(LOG, + errmsg("no match for keyring provider")); } } CloseTransientFile(fd); @@ -822,11 +849,14 @@ static GenericKeyring * load_keyring_provider_from_record(KeyringProviderRecord *provider) { GenericKeyring *keyring; - + ereport(LOG, + errmsg("load keyring provider from record type=%d name=%s id=%d", provider->provider_type, provider->provider_name, provider->provider_id)); keyring = load_keyring_provider_options(provider->provider_type, provider->options); if (keyring) { + ereport(LOG, + errmsg("loaded keyring provider type=%d name=%s id=%d", provider->provider_type, provider->provider_name, provider->provider_id)); keyring->keyring_id = provider->provider_id; memcpy(keyring->provider_name, provider->provider_name, sizeof(keyring->provider_name)); keyring->type = provider->provider_type; @@ -840,6 +870,8 @@ load_keyring_provider_from_record(KeyringProviderRecord *provider) static GenericKeyring * load_keyring_provider_options(ProviderType provider_type, char *keyring_options) { + ereport(LOG, + errmsg("load keyring provider options type=%d options=%s", provider_type, keyring_options)); switch (provider_type) { case FILE_KEY_PROVIDER: @@ -973,30 +1005,30 @@ get_file_value(const char *path, const char *field_name) static void debug_print_kerying(GenericKeyring *keyring) { - elog(DEBUG2, "Keyring type: %d", keyring->type); - elog(DEBUG2, "Keyring name: %s", keyring->provider_name); - elog(DEBUG2, "Keyring id: %d", keyring->keyring_id); + elog(LOG, "Keyring type: %d", keyring->type); + elog(LOG, "Keyring name: %s", keyring->provider_name); + elog(LOG, "Keyring id: %d", keyring->keyring_id); switch (keyring->type) { case FILE_KEY_PROVIDER: - elog(DEBUG2, "File Keyring Path: %s", ((FileKeyring *) keyring)->file_name); + elog(LOG, "File Keyring Path: %s", ((FileKeyring *) keyring)->file_name); break; case VAULT_V2_KEY_PROVIDER: - elog(DEBUG2, "Vault Keyring Token Path: %s", ((VaultV2Keyring *) keyring)->vault_token_path); - elog(DEBUG2, "Vault Keyring URL: %s", ((VaultV2Keyring *) keyring)->vault_url); - elog(DEBUG2, "Vault Keyring Mount Path: %s", ((VaultV2Keyring *) keyring)->vault_mount_path); - elog(DEBUG2, "Vault Keyring CA Path: %s", ((VaultV2Keyring *) keyring)->vault_ca_path); + elog(LOG, "Vault Keyring Token Path: %s", ((VaultV2Keyring *) keyring)->vault_token_path); + elog(LOG, "Vault Keyring URL: %s", ((VaultV2Keyring *) keyring)->vault_url); + elog(LOG, "Vault Keyring Mount Path: %s", ((VaultV2Keyring *) keyring)->vault_mount_path); + elog(LOG, "Vault Keyring CA Path: %s", ((VaultV2Keyring *) keyring)->vault_ca_path); if (((VaultV2Keyring *) keyring)->vault_namespace != NULL) { - elog(DEBUG2, "Vault Keyring Namespace: %s", ((VaultV2Keyring *) keyring)->vault_namespace); + elog(LOG, "Vault Keyring Namespace: %s", ((VaultV2Keyring *) keyring)->vault_namespace); } break; case KMIP_KEY_PROVIDER: - elog(DEBUG2, "KMIP Keyring Host: %s", ((KmipKeyring *) keyring)->kmip_host); - elog(DEBUG2, "KMIP Keyring Port: %s", ((KmipKeyring *) keyring)->kmip_port); - elog(DEBUG2, "KMIP Keyring CA Path: %s", ((KmipKeyring *) keyring)->kmip_ca_path); - elog(DEBUG2, "KMIP Keyring Cert Path: %s", ((KmipKeyring *) keyring)->kmip_cert_path); - elog(DEBUG2, "KMIP Keyring Key Path: %s", ((KmipKeyring *) keyring)->kmip_key_path); + elog(LOG, "KMIP Keyring Host: %s", ((KmipKeyring *) keyring)->kmip_host); + elog(LOG, "KMIP Keyring Port: %s", ((KmipKeyring *) keyring)->kmip_port); + elog(LOG, "KMIP Keyring CA Path: %s", ((KmipKeyring *) keyring)->kmip_ca_path); + elog(LOG, "KMIP Keyring Cert Path: %s", ((KmipKeyring *) keyring)->kmip_cert_path); + elog(LOG, "KMIP Keyring Key Path: %s", ((KmipKeyring *) keyring)->kmip_key_path); break; case UNKNOWN_KEY_PROVIDER: break; diff --git a/src/catalog/tde_principal_key.c b/src/catalog/tde_principal_key.c index 2b67d821..46f836e5 100644 --- a/src/catalog/tde_principal_key.c +++ b/src/catalog/tde_principal_key.c @@ -957,6 +957,12 @@ get_principal_key_from_keyring(Oid dbOid) return NULL; keyring = GetKeyProviderByID(principalKeyInfo->data.keyringId, dbOid); + if (keyring == NULL) + { + ereport(LOG, + errmsg("no keyring found 2")); + } + if (keyring == NULL) ereport(ERROR, errcode(ERRCODE_DATA_CORRUPTED), diff --git a/t/pgtde.pm b/t/pgtde.pm index d31713d3..d781030f 100644 --- a/t/pgtde.pm +++ b/t/pgtde.pm @@ -5,6 +5,7 @@ use PostgreSQL::Test::Utils; use File::Basename; use File::Compare; +use IPC::Run; use Test::More; use Time::HiRes qw(usleep); @@ -127,14 +128,29 @@ sub backup $backup_dir . '/pg_tde'); print "# Taking pg_basebackup $backup_name from node \"$name\"\n"; - PostgreSQL::Test::Utils::system_or_bail( + my $tmp_output_file = "/tmp/pg_tde_basebackup.out"; + my @cmd = ( 'pg_tde_basebackup', '-D', $backup_dir, '-h', $node->host, '-p', $node->port, '--checkpoint', 'fast', '--no-sync', - '-E', @{ $params{backup_options} }); - print "# Backup finished\n"; + '-E', @{ $params{backup_options} } + ); + my $stdout; + my $result = IPC::Run::run(\@cmd, '>', \$stdout, '2>&1'); + + open(my $fh, '>', $tmp_output_file) + or die "Cannot open $tmp_output_file: $!"; + print $fh $stdout; + close($fh); + + print $stdout; + + if (!$result) { + BAIL_OUT("pg_tde_basebackup failed, output in $tmp_output_file"); + } + print "# Backup finished, output stored in $tmp_output_file\n"; return; }