Thanks to visit codestin.com
Credit goes to github.com

Skip to content

PG-1663 Make sure indexes on paritioned tables are encrypted #435

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 17, 2025
Merged

PG-1663 Make sure indexes on paritioned tables are encrypted #435

merged 1 commit into from
Jun 17, 2025

Conversation

jeltz
Copy link
Collaborator

@jeltz jeltz commented Jun 16, 2025

Since we only looked at the parent table and not on the whole tree when setting the status of the encrypted indexes we could easily accidentally create a plain text index on an encrypted table.

This patch also makes sure to disallow adding indexes to an inheritance tree where the tables are a mix of encrypted and unecrypted tables.

@jeltz jeltz requested review from dutow and dAdAbird as code owners June 16, 2025 16:03
@codecov-commenter
Copy link

codecov-commenter commented Jun 16, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 84.67%. Comparing base (5610639) to head (6ed8cc7).

❌ Your project status has failed because the head coverage (84.67%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files 
@@               Coverage Diff               @@
##           release-17.5.2     #435   +/-   ##
===============================================
  Coverage           84.66%   84.67%           
===============================================
  Files                  21       21           
  Lines                2589     2590    +1     
  Branches              402      401    -1     
===============================================
+ Hits                 2192     2193    +1     
  Misses                316      316           
  Partials               81       81
Components Coverage Δ
access 81.11% <ø> (ø)
catalog 88.22% <ø> (ø)
common 77.77% <ø> (ø)
encryption 73.45% <ø> (ø)
keyring 72.88% <ø> (ø)
src 91.48% <100.00%> (+0.03%) ⬆️
smgr 94.85% <ø> (-0.03%) ⬇️
transam ∅ <ø> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jeltz jeltz force-pushed the tde/partitioned-create-index branch from ea19845 to e14d41c Compare June 16, 2025 17:33
dutow
dutow reviewed Jun 16, 2025
View reviewed changes
contrib/pg_tde/expected/partition_table.out
CREATE INDEX ON partition_parent (a);
ERROR: Recursive CREATE INDEX on a mix of encrypted and unencrypted relations is not supported
DROP TABLE partition_parent;
-- Index should also be encrypted for new partitionins
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if it ends up with mixed encrypted/non encrypted with the additional partition?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Things will just work since when adding a parition the index's status will be based on the added parition's status, that is not recurisve DDL.

@dutow
Copy link
Collaborator

dutow commented Jun 17, 2025

Just realized, please change the target branch to the release branch

@jeltz jeltz changed the base branch from TDE_REL_17_STABLE to release-17.5.2 June 17, 2025 13:34
@jeltz jeltz force-pushed the tde/partitioned-create-index branch from e14d41c to 97abf7f Compare June 17, 2025 13:45
@jeltz
PG-1663 Make sure indexes on paritioned tables are encrypted
6ed8cc7 
Since we only looked at the parent table and not on the whole tree when
setting the status of the encrypted indexes we could easily accidentally
create a plain text index on an encrypted table.

This patch also makes sure to disallow adding indexes to an inheritance
tree where the tables are a mix of encrypted and unecrypted tables.
@jeltz jeltz force-pushed the tde/partitioned-create-index branch from 97abf7f to 6ed8cc7 Compare June 17, 2025 13:59
@jeltz jeltz merged commit f631496 into percona:release-17.5.2 Jun 17, 2025
30 of 41 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dutow dutow dutow approved these changes

@dAdAbird dAdAbird Awaiting requested review from dAdAbird dAdAbird is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jeltz @codecov-commenter @dutow