2021-09-13 08:25:36 +00:00
|
|
|
import pytest
|
|
|
|
from helpers.cluster import ClickHouseCluster
|
|
|
|
from helpers.client import QueryRuntimeException
|
|
|
|
from helpers.test_tools import assert_eq_with_retry
|
|
|
|
|
|
|
|
cluster = ClickHouseCluster(__file__)
|
|
|
|
|
|
|
|
node = cluster.add_instance("node")
|
2022-03-22 16:39:58 +00:00
|
|
|
|
2021-09-13 08:25:36 +00:00
|
|
|
|
|
|
|
@pytest.fixture(scope="module")
|
|
|
|
def start_cluster():
|
|
|
|
try:
|
|
|
|
cluster.start()
|
|
|
|
yield cluster
|
|
|
|
|
|
|
|
finally:
|
|
|
|
cluster.shutdown()
|
|
|
|
|
2022-03-22 16:39:58 +00:00
|
|
|
|
2021-09-13 08:25:36 +00:00
|
|
|
def make_storage_with_key(id):
|
|
|
|
node.exec_in_container(
|
2022-03-22 16:39:58 +00:00
|
|
|
[
|
2021-09-13 08:25:36 +00:00
|
|
|
"bash",
|
|
|
|
"-c",
|
|
|
|
"""cat > /etc/clickhouse-server/config.d/storage_keys_config.xml << EOF
|
2021-09-25 04:08:34 +00:00
|
|
|
<clickhouse>
|
2021-09-13 08:25:36 +00:00
|
|
|
<encryption_codecs>
|
|
|
|
<aes_128_gcm_siv>
|
|
|
|
<key_hex id="0">83e84e9a4eb11535c0670dc62d808ee0</key_hex>
|
|
|
|
<key id="1">abcdefghijklmnop</key>
|
|
|
|
<current_key_id>{cur_id}</current_key_id>
|
|
|
|
</aes_128_gcm_siv>
|
|
|
|
<aes_256_gcm_siv>
|
|
|
|
<key_hex id="0">83e84e9a4eb11535c0670dc62d808ee083e84e9a4eb11535c0670dc62d808ee0</key_hex>
|
|
|
|
<key id="1">abcdefghijklmnopabcdefghijklmnop</key>
|
|
|
|
<current_key_id>{cur_id}</current_key_id>
|
|
|
|
</aes_256_gcm_siv>
|
|
|
|
</encryption_codecs>
|
2021-09-25 04:08:34 +00:00
|
|
|
</clickhouse>
|
2021-09-13 08:25:36 +00:00
|
|
|
EOF""".format(
|
|
|
|
cur_id=id
|
2022-03-22 16:39:58 +00:00
|
|
|
),
|
|
|
|
]
|
2021-09-13 08:25:36 +00:00
|
|
|
)
|
|
|
|
node.query("SYSTEM RELOAD CONFIG")
|
2022-03-22 16:39:58 +00:00
|
|
|
|
2021-09-13 08:25:36 +00:00
|
|
|
|
|
|
|
def test_different_keys(start_cluster):
|
|
|
|
make_storage_with_key(0)
|
|
|
|
node.query(
|
|
|
|
"""
|
|
|
|
CREATE TABLE encrypted_test_128 (
|
|
|
|
id Int64,
|
|
|
|
data String Codec(AES_128_GCM_SIV)
|
|
|
|
) ENGINE=MergeTree()
|
|
|
|
ORDER BY id
|
|
|
|
"""
|
|
|
|
)
|
|
|
|
|
|
|
|
node.query(
|
|
|
|
"""
|
|
|
|
CREATE TABLE encrypted_test_256 (
|
|
|
|
id Int64,
|
|
|
|
data String Codec(AES_256_GCM_SIV)
|
|
|
|
) ENGINE=MergeTree()
|
|
|
|
ORDER BY id
|
|
|
|
"""
|
|
|
|
)
|
2022-03-22 16:39:58 +00:00
|
|
|
|
2021-09-13 08:25:36 +00:00
|
|
|
node.query("INSERT INTO encrypted_test_128 VALUES (0,'data'),(1,'data')")
|
|
|
|
select_query = "SELECT * FROM encrypted_test_128 ORDER BY id FORMAT Values"
|
|
|
|
assert node.query(select_query) == "(0,'data'),(1,'data')"
|
|
|
|
|
|
|
|
make_storage_with_key(1)
|
|
|
|
node.query("INSERT INTO encrypted_test_128 VALUES (3,'text'),(4,'text')")
|
|
|
|
select_query = "SELECT * FROM encrypted_test_128 ORDER BY id FORMAT Values"
|
|
|
|
assert node.query(select_query) == "(0,'data'),(1,'data'),(3,'text'),(4,'text')"
|
|
|
|
|
|
|
|
node.query("INSERT INTO encrypted_test_256 VALUES (0,'data'),(1,'data')")
|
|
|
|
select_query = "SELECT * FROM encrypted_test_256 ORDER BY id FORMAT Values"
|
|
|
|
assert node.query(select_query) == "(0,'data'),(1,'data')"
|
|
|
|
|
|
|
|
make_storage_with_key(1)
|
|
|
|
node.query("INSERT INTO encrypted_test_256 VALUES (3,'text'),(4,'text')")
|
|
|
|
select_query = "SELECT * FROM encrypted_test_256 ORDER BY id FORMAT Values"
|
|
|
|
assert node.query(select_query) == "(0,'data'),(1,'data'),(3,'text'),(4,'text')"
|