PG-1870 Run postgresql TAP suite with pg_tde enabled #535
Conversation
3aac647 to
0e93481
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. ❌ Your project status has failed because the head coverage (82.22%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## TDE_REL_17_STABLE #535 +/- ##
==================================================
Coverage 82.22% 82.22%
==================================================
Files 25 25
Lines 3246 3246
Branches 512 512
==================================================
Hits 2669 2669
Misses 465 465
Partials 112 112
🚀 New features to boost your workflow:
|
615c60f to
4ccb15e
Compare
b3b7e89 to
415cb8d
Compare
4ccb15e to
cdd6aa1
Compare
cdd6aa1 to
3647e68
Compare
3647e68 to
512a3a1
Compare
512a3a1 to
82e6728
Compare
| my ($self) = @_; | ||
|
|
||
| my $tde_template_dir = $ENV{TDE_TEMPLATE_DIR} | ||
| if defined($ENV{TDE_TEMPLATE_DIR}); |
There was a problem hiding this comment.
Is there a reason we have not implemented it for make? Just lack of time? The reason should either be in the commit message or a comment.
There was a problem hiding this comment.
I just didn't care enough about make to do it. Which is probably not a great reason. I am honestly on the fence if we should do it for meson either. Might not be worth the extra complexity.
There was a problem hiding this comment.
I can't say I care either way but it should be explained in the commit message.
There was a problem hiding this comment.
Have you emasured the speedup?
There was a problem hiding this comment.
I have a hard time doing any type of even preliminary performance testing on my laptop right now because the stupid s1-agent eats so much CPU and it's quite random.
src/bin/pg_rewind/t/001_basic.pl
Outdated
| if ($ENV{TDE_MODE_WAL} and not $ENV{TDE_MODE_NOSKIP}) | ||
| { | ||
| plan skip_all => | ||
| "pg_tde_restore_encrypt gets a WAL segment of invalid size"; |
There was a problem hiding this comment.
No, that is not the issue. The issue is that we use pg_tde_restore_encrypt to restore but a normal copy to archive.
There was a problem hiding this comment.
Updated the message
This makes sure pg_tde is loaded and keys are setup when running postgresql TAP suite. No TDE features are enabled at this point. When running with meson the setup is sped up by creating a template for the key files before the first test is run. In make this setup will currently be done once per test file instead of once for the whole suite.
This enables WAL encryption by default when the TAP tests are run with TDE_MODE=1. Use TDE_MODE_WAL=0 to disable wal encryption while still having pg_tde enabled.
This enables table encryption by default in TAP tests when TDE_MODE=1. Use TDE_MODE_SMGR=0 to turn off table encryption when running with pg_tde loaded. The setup for running regress with tde turned on has been slightly modified to match what is done for TAP tests to let tests that run the regress suite under TAP work.
82e6728 to
8d7f347
Compare
This enables wal encryption and table encryption by default when running postgres TAP suite with
TDE_MODE=1.A few tests had to be skipped for various reasons, and some of these should most likely be looked into as they might be actual bugs or test setup issues we can fix.
Use
TDE_MODE=1to enable pg_tde with both wal and relation encryption. UseTDE_MODE_WAL=0to disable wal encryption andTDE_MODE_SMGR=0to disable relation encryption.For example to run the postgres suite with WAL encryption turned on, but not SMGR:
TDE_MODE=1 TDE_MODE_SMGR=0 meson test --no-suite pg_tdeThere is also
TDE_MODE_NOSKIP=1which will force all tests to run. This is useful when investigating the test failures that made it necessary to skip some tests.