Skip to content

Commit

Permalink
Move pg_tde files to one dir inside PGDATA
Browse files Browse the repository at this point in the history
  • Loading branch information
dAdAbird committed Nov 20, 2024
1 parent 0e19bd0 commit da2b24e
Show file tree
Hide file tree
Showing 13 changed files with 104 additions and 160 deletions.
2 changes: 1 addition & 1 deletion meson.build
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ if get_variable('percona_ext', false)
'trigger_on_view',
'change_access_method',
'insert_update_delete',
# 'tablespace',
'tablespace',
'vault_v2_test',
'alter_index',
'merge_join',
Expand Down
79 changes: 15 additions & 64 deletions src/access/pg_tde_tdemap.c
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,6 @@
}
#endif

#define PG_TDE_MAP_FILENAME "pg_tde.map"
#define PG_TDE_KEYDATA_FILENAME "pg_tde.dat"

#define PG_TDE_FILEMAGIC 0x01454454 /* version ID value = TDE 01 */


Expand Down Expand Up @@ -259,13 +256,13 @@ tde_encrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *rel_key_data, co
* Returns true if both map and key data files are created.
*/
void
pg_tde_delete_tde_files(Oid dbOid, Oid spcOid)
pg_tde_delete_tde_files(Oid dbOid)
{
char db_map_path[MAXPGPATH] = {0};
char db_keydata_path[MAXPGPATH] = {0};

/* Set the file paths */
pg_tde_set_db_file_paths(dbOid, spcOid, db_map_path, db_keydata_path);
pg_tde_set_db_file_paths(dbOid, db_map_path, db_keydata_path);

/* Remove these files without emitting any error */
PathNameDeleteTemporaryFile(db_map_path, false);
Expand Down Expand Up @@ -294,7 +291,6 @@ pg_tde_save_principal_key(TDEPrincipalKeyInfo *principal_key_info)

/* Set the file paths */
pg_tde_set_db_file_paths(principal_key_info->databaseId,
principal_key_info->tablespaceId,
db_map_path, db_keydata_path);

ereport(LOG, (errmsg("pg_tde_save_principal_key")));
Expand Down Expand Up @@ -434,7 +430,7 @@ pg_tde_write_one_map_entry(int fd, const RelFileLocator *rlocator, uint32 flags,
{
char db_map_path[MAXPGPATH] = {0};

pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, NULL);
pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, NULL);
ereport(FATAL,
(errcode_for_file_access(),
errmsg("could not write tde map file \"%s\": %m",
Expand All @@ -444,7 +440,7 @@ pg_tde_write_one_map_entry(int fd, const RelFileLocator *rlocator, uint32 flags,
{
char db_map_path[MAXPGPATH] = {0};

pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, NULL);
pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, NULL);
ereport(data_sync_elevel(ERROR),
(errcode_for_file_access(),
errmsg("could not fsync file \"%s\": %m", db_map_path)));
Expand Down Expand Up @@ -525,7 +521,7 @@ pg_tde_write_key_map_entry(const RelFileLocator *rlocator, RelKeyData *enc_rel_k
Assert(rlocator);

/* Set the file paths */
pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, db_keydata_path);
pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, db_keydata_path);

/* Create the map entry and then add the encrypted key to the data file */
key_index = pg_tde_write_map_entry(rlocator, enc_rel_key_data->internal_key.rel_type, db_map_path, principal_key_info);
Expand All @@ -550,7 +546,7 @@ pg_tde_delete_key_map_entry(const RelFileLocator *rlocator, uint32 key_type)
Assert(rlocator);

/* Get the file paths */
pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, db_keydata_path);
pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, db_keydata_path);

errno = 0;
/* Remove the map entry if found */
Expand Down Expand Up @@ -596,7 +592,7 @@ pg_tde_free_key_map_entry(const RelFileLocator *rlocator, uint32 key_type, off_t
Assert(rlocator);

/* Get the file paths */
pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, NULL);
pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, NULL);

/* Remove the map entry if found */
key_index = pg_tde_process_map_entry(rlocator, key_type, db_map_path, &offset, true);
Expand All @@ -610,17 +606,6 @@ pg_tde_free_key_map_entry(const RelFileLocator *rlocator, uint32 key_type, off_t
db_map_path)));

}
/*
* Remove TDE files it was the last TDE relation in a custom tablespace.
* DROP TABLESPACE needs an empty dir.
*/
if (rlocator->spcOid != GLOBALTABLESPACE_OID &&
rlocator->spcOid != DEFAULTTABLESPACE_OID &&
pg_tde_process_map_entry(NULL, key_type, db_map_path, &start, false) == -1)
{
pg_tde_delete_tde_files(rlocator->dbOid, rlocator->spcOid);
cleanup_key_provider_info(rlocator->dbOid, rlocator->spcOid);
}
}

/*
Expand Down Expand Up @@ -689,7 +674,6 @@ pg_tde_perform_rotate_key(TDEPrincipalKey *principal_key, TDEPrincipalKey *new_p

/* Set the file paths */
pg_tde_set_db_file_paths(principal_key->keyInfo.databaseId,
principal_key->keyInfo.tablespaceId,
db_map_path, db_keydata_path);

/*
Expand Down Expand Up @@ -814,7 +798,6 @@ pg_tde_write_map_keydata_files(off_t map_size, char *m_file_data, off_t keydata_

/* Set the file paths */
pg_tde_set_db_file_paths(fheader->principal_key_info.databaseId,
fheader->principal_key_info.tablespaceId,
db_map_path, db_keydata_path);

/* Initialize the new files and set the names */
Expand Down Expand Up @@ -870,10 +853,8 @@ pg_tde_write_map_keydata_files(off_t map_size, char *m_file_data, off_t keydata_
}

/*
* Move relation's key to the new physical location and cache it with the new
* relfilenode. It recreates *.map and *.dat files with the old principal key
* and re-encrypted with the new relfilenode internal key. And copies the
* old keyring to the new location.
* Move relation's key - re-encrypts and saves the relation key with the new
* relfilenode.
* Needed by ALTER TABLE SET TABLESPACE for example.
*/
bool
Expand All @@ -890,31 +871,13 @@ pg_tde_move_rel_key(const RelFileLocator *newrlocator, const RelFileLocator *old
off_t offset = 0;
int32 key_index = 0;

pg_tde_set_db_file_paths(oldrlocator->dbOid, oldrlocator->spcOid, db_map_path, db_keydata_path);
pg_tde_set_db_file_paths(oldrlocator->dbOid, db_map_path, db_keydata_path);

LWLockAcquire(tde_lwlock_enc_keys(), LW_EXCLUSIVE);

principal_key = GetPrincipalKey(oldrlocator->dbOid, oldrlocator->spcOid, LW_EXCLUSIVE);
Assert(principal_key);

/*
* Copy kering provider info.
*
* TODO: we can potentially avoid moving keyring and key tde files keeping
* these files always in dbOid+MyDatabaseTableSpace path. But the
* background writer isn't aware of MyDatabaseTableSpace hence it won't
* work with SMGR -> tde_heap. Revisit this after chages in SMGR (mdcreate)
* interface.
*/
keyring = GetKeyProviderByID(principal_key->keyInfo.keyringId, oldrlocator->dbOid, oldrlocator->spcOid);
Assert(keyring);
memcpy(provider_rec.provider_name, keyring->provider_name, sizeof(keyring->provider_name));
provider_rec.provider_type = keyring->type;
memcpy(provider_rec.options, keyring->options, sizeof(keyring->options));
copy_key_provider_info(&provider_rec, newrlocator->dbOid, newrlocator->spcOid, true);

principal_key->keyInfo.keyringId = provider_rec.provider_id;

key_index = pg_tde_process_map_entry(oldrlocator, MAP_ENTRY_VALID, db_map_path, &offset, false);
Assert(key_index != -1);
/*
Expand Down Expand Up @@ -992,7 +955,7 @@ pg_tde_get_key_from_file(const RelFileLocator *rlocator, uint32 key_type, bool n
}

/* Get the file paths */
pg_tde_set_db_file_paths(rlocator->dbOid, rlocator->spcOid, db_map_path, db_keydata_path);
pg_tde_set_db_file_paths(rlocator->dbOid, db_map_path, db_keydata_path);

if (no_map_ok && access(db_map_path, F_OK) == -1)
{
Expand All @@ -1016,18 +979,6 @@ pg_tde_get_key_from_file(const RelFileLocator *rlocator, uint32 key_type, bool n
return rel_key_data;
}

inline void
pg_tde_set_db_file_paths(Oid dbOid, Oid spcOid, char *map_path, char *keydata_path)
{
char *db_path = pg_tde_get_tde_file_dir(dbOid, spcOid);

if (map_path)
join_path_components(map_path, db_path, PG_TDE_MAP_FILENAME);
if (keydata_path)
join_path_components(keydata_path, db_path, PG_TDE_KEYDATA_FILENAME);
pfree(db_path);
}

/*
* Returns the index of the read map if we find a valid match; i.e.
* - flags is set to MAP_ENTRY_VALID and the relNumber matches the one
Expand Down Expand Up @@ -1321,7 +1272,7 @@ pg_tde_read_one_keydata(int keydata_fd, int32 key_index, TDEPrincipalKey *princi
{
char db_keydata_path[MAXPGPATH] = {0};

pg_tde_set_db_file_paths(principal_key->keyInfo.databaseId, principal_key->keyInfo.tablespaceId, NULL, db_keydata_path);
pg_tde_set_db_file_paths(principal_key->keyInfo.databaseId, NULL, db_keydata_path);
ereport(FATAL,
(errcode(ERRCODE_NO_DATA_FOUND),
errmsg("could not find the required key at index %d in tde data file \"%s\": %m",
Expand All @@ -1335,7 +1286,7 @@ pg_tde_read_one_keydata(int keydata_fd, int32 key_index, TDEPrincipalKey *princi
{
char db_keydata_path[MAXPGPATH] = {0};

pg_tde_set_db_file_paths(principal_key->keyInfo.databaseId, principal_key->keyInfo.tablespaceId, NULL, db_keydata_path);
pg_tde_set_db_file_paths(principal_key->keyInfo.databaseId, NULL, db_keydata_path);
ereport(FATAL,
(errcode_for_file_access(),
errmsg("could not read key at index %d in tde key data file \"%s\": %m",
Expand All @@ -1352,7 +1303,7 @@ pg_tde_read_one_keydata(int keydata_fd, int32 key_index, TDEPrincipalKey *princi
* a LW_SHARED or higher lock on files before calling this function.
*/
TDEPrincipalKeyInfo *
pg_tde_get_principal_key_info(Oid dbOid, Oid spcOid)
pg_tde_get_principal_key_info(Oid dbOid)
{
int fd = -1;
TDEFileHeader fheader;
Expand All @@ -1362,7 +1313,7 @@ pg_tde_get_principal_key_info(Oid dbOid, Oid spcOid)
char db_map_path[MAXPGPATH] = {0};

/* Set the file paths */
pg_tde_set_db_file_paths(dbOid, spcOid, db_map_path, NULL);
pg_tde_set_db_file_paths(dbOid, db_map_path, NULL);

/*
* Ensuring that we always open the file in binary mode. The caller must
Expand Down
10 changes: 6 additions & 4 deletions src/catalog/tde_global_space.c
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
#define KEYRING_DEFAULT_FILE_NAME "pg_tde_default_keyring_CHANGE_AND_REMOVE_IT"

#define DefaultKeyProvider GetKeyProviderByName(KEYRING_DEFAULT_NAME, \
GLOBAL_DATA_TDE_OID, GLOBALTABLESPACE_OID)
GLOBAL_DATA_TDE_OID)

#ifndef FRONTEND
static void init_keys(void);
Expand All @@ -53,7 +53,7 @@ TDEInitGlobalKeys(const char *dir)
#ifndef FRONTEND
char db_map_path[MAXPGPATH] = {0};

pg_tde_set_db_file_paths(GLOBAL_DATA_TDE_OID, GLOBALTABLESPACE_OID, db_map_path, NULL);
pg_tde_set_db_file_paths(GLOBAL_DATA_TDE_OID, db_map_path, NULL);
if (access(db_map_path, F_OK) == -1)
{
init_default_keyring();
Expand Down Expand Up @@ -87,7 +87,7 @@ TDEInitGlobalKeys(const char *dir)
static void
init_default_keyring(void)
{
if (GetAllKeyringProviders(GLOBAL_DATA_TDE_OID, GLOBALTABLESPACE_OID) == NIL)
if (GetAllKeyringProviders(GLOBAL_DATA_TDE_OID) == NIL)
{
char path[MAXPGPATH] = {0};
static KeyringProvideRecord provider =
Expand All @@ -100,7 +100,7 @@ init_default_keyring(void)
elog(WARNING, "unable to get current working dir");

/* TODO: not sure about the location. Currently it's in $PGDATA */
join_path_components(path, path, KEYRING_DEFAULT_FILE_NAME);
join_path_components(path, PG_TDE_DATA_DIR, KEYRING_DEFAULT_FILE_NAME);

snprintf(provider.options, MAX_KEYRING_OPTION_LEN,
"{"
Expand All @@ -109,6 +109,8 @@ init_default_keyring(void)
"}", path
);

pg_tde_init_data_dir();

/*
* TODO: should we remove it automaticaly on
* pg_tde_rotate_principal_key() ?
Expand Down
Loading

0 comments on commit da2b24e

Please sign in to comment.