ClickHouse/tests/integration/test_codec_encrypted/test.py

import pytest
from helpers.cluster import ClickHouseCluster
from helpers.client import QueryRuntimeException
from helpers.test_tools import assert_eq_with_retry

cluster = ClickHouseCluster(__file__)

node = cluster.add_instance("node")


@pytest.fixture(scope="module")
def start_cluster():
    try:
        cluster.start()
        yield cluster

    finally:
        cluster.shutdown()


def make_storage_with_key(id):
    node.exec_in_container(
        [
            "bash",
            "-c",
            """cat > /etc/clickhouse-server/config.d/storage_keys_config.xml << EOF
<clickhouse>
    <encryption_codecs>
        <aes_128_gcm_siv>
            <key_hex id="0">83e84e9a4eb11535c0670dc62d808ee0</key_hex>
            <key id="1">abcdefghijklmnop</key>
            <current_key_id>{cur_id}</current_key_id>
        </aes_128_gcm_siv>
        <aes_256_gcm_siv>
            <key_hex id="0">83e84e9a4eb11535c0670dc62d808ee083e84e9a4eb11535c0670dc62d808ee0</key_hex>
            <key id="1">abcdefghijklmnopabcdefghijklmnop</key>
            <current_key_id>{cur_id}</current_key_id>
        </aes_256_gcm_siv>
    </encryption_codecs>
</clickhouse>
EOF""".format(
                cur_id=id
            ),
        ]
    )
    node.query("SYSTEM RELOAD CONFIG")


def test_different_keys(start_cluster):
    make_storage_with_key(0)
    node.query(
        """
        CREATE TABLE encrypted_test_128 (
            id Int64,
            data String Codec(AES_128_GCM_SIV)
        ) ENGINE=MergeTree()
        ORDER BY id
        """
    )

    node.query(
        """
        CREATE TABLE encrypted_test_256 (
            id Int64,
            data String Codec(AES_256_GCM_SIV)
        ) ENGINE=MergeTree()
        ORDER BY id
        """
    )

    node.query("INSERT INTO encrypted_test_128 VALUES (0,'data'),(1,'data')")
    select_query = "SELECT * FROM encrypted_test_128 ORDER BY id FORMAT Values"
    assert node.query(select_query) == "(0,'data'),(1,'data')"

    make_storage_with_key(1)
    node.query("INSERT INTO encrypted_test_128 VALUES (3,'text'),(4,'text')")
    select_query = "SELECT * FROM encrypted_test_128 ORDER BY id FORMAT Values"
    assert node.query(select_query) == "(0,'data'),(1,'data'),(3,'text'),(4,'text')"

    node.query("INSERT INTO encrypted_test_256 VALUES (0,'data'),(1,'data')")
    select_query = "SELECT * FROM encrypted_test_256 ORDER BY id FORMAT Values"
    assert node.query(select_query) == "(0,'data'),(1,'data')"

    make_storage_with_key(1)
    node.query("INSERT INTO encrypted_test_256 VALUES (3,'text'),(4,'text')")
    select_query = "SELECT * FROM encrypted_test_256 ORDER BY id FORMAT Values"
    assert node.query(select_query) == "(0,'data'),(1,'data'),(3,'text'),(4,'text')"
Improve codec for encr 19896 (#27476) * change syntax of encrypted command * commit all encrypted changes * correct encryption * correct config for test * add tests and correct code style and typos * correct test * fix unbundled build * add log warning messages * improve code according to review comments * correct nonce * correct errors found by fuzzing * improve codec AES_128_GCM_SIV. Add AES_256_GCM_SIV. Add sections for last in tests. Improve documentation * Update CompressionCodecEncrypted.h * Update 01683_codec_encrypted.sql * correct compression factory after changes in master * correct behavior with wrong key in data * correct fuzzer * add connection for fuzzer with fix for compression_encrypted * refactor code * add load from config with throwing errors on server start * fix typos and check style * Update Server.cpp * correct loading and reading * refactor code. fix uninitialized value * refactor code * move defines from server to cpp file * correct build * remove repeated code * correct namespace * fix code style 2021-09-13 08:25:36 +00:00			`import pytest`
			`from helpers.cluster import ClickHouseCluster`
			`from helpers.client import QueryRuntimeException`
			`from helpers.test_tools import assert_eq_with_retry`

			`cluster = ClickHouseCluster(__file__)`

Apply black formatter to all *.py files in the repo 2022-03-22 16:39:58 +00:00			`node = cluster.add_instance("node")`

Improve codec for encr 19896 (#27476) * change syntax of encrypted command * commit all encrypted changes * correct encryption * correct config for test * add tests and correct code style and typos * correct test * fix unbundled build * add log warning messages * improve code according to review comments * correct nonce * correct errors found by fuzzing * improve codec AES_128_GCM_SIV. Add AES_256_GCM_SIV. Add sections for last in tests. Improve documentation * Update CompressionCodecEncrypted.h * Update 01683_codec_encrypted.sql * correct compression factory after changes in master * correct behavior with wrong key in data * correct fuzzer * add connection for fuzzer with fix for compression_encrypted * refactor code * add load from config with throwing errors on server start * fix typos and check style * Update Server.cpp * correct loading and reading * refactor code. fix uninitialized value * refactor code * move defines from server to cpp file * correct build * remove repeated code * correct namespace * fix code style 2021-09-13 08:25:36 +00:00
			`@pytest.fixture(scope="module")`
			`def start_cluster():`
			`try:`
			`cluster.start()`
			`yield cluster`

			`finally:`
			`cluster.shutdown()`

Apply black formatter to all *.py files in the repo 2022-03-22 16:39:58 +00:00
Improve codec for encr 19896 (#27476) * change syntax of encrypted command * commit all encrypted changes * correct encryption * correct config for test * add tests and correct code style and typos * correct test * fix unbundled build * add log warning messages * improve code according to review comments * correct nonce * correct errors found by fuzzing * improve codec AES_128_GCM_SIV. Add AES_256_GCM_SIV. Add sections for last in tests. Improve documentation * Update CompressionCodecEncrypted.h * Update 01683_codec_encrypted.sql * correct compression factory after changes in master * correct behavior with wrong key in data * correct fuzzer * add connection for fuzzer with fix for compression_encrypted * refactor code * add load from config with throwing errors on server start * fix typos and check style * Update Server.cpp * correct loading and reading * refactor code. fix uninitialized value * refactor code * move defines from server to cpp file * correct build * remove repeated code * correct namespace * fix code style 2021-09-13 08:25:36 +00:00			`def make_storage_with_key(id):`
Apply black formatter to all *.py files in the repo 2022-03-22 16:39:58 +00:00			`node.exec_in_container(`
			`[`
			`"bash",`
			`"-c",`
			`"""cat > /etc/clickhouse-server/config.d/storage_keys_config.xml << EOF`
Replace yandex to clickhouse in configs 2021-09-25 04:08:34 +00:00			`<clickhouse>`
Improve codec for encr 19896 (#27476) * change syntax of encrypted command * commit all encrypted changes * correct encryption * correct config for test * add tests and correct code style and typos * correct test * fix unbundled build * add log warning messages * improve code according to review comments * correct nonce * correct errors found by fuzzing * improve codec AES_128_GCM_SIV. Add AES_256_GCM_SIV. Add sections for last in tests. Improve documentation * Update CompressionCodecEncrypted.h * Update 01683_codec_encrypted.sql * correct compression factory after changes in master * correct behavior with wrong key in data * correct fuzzer * add connection for fuzzer with fix for compression_encrypted * refactor code * add load from config with throwing errors on server start * fix typos and check style * Update Server.cpp * correct loading and reading * refactor code. fix uninitialized value * refactor code * move defines from server to cpp file * correct build * remove repeated code * correct namespace * fix code style 2021-09-13 08:25:36 +00:00			`<encryption_codecs>`
			`<aes_128_gcm_siv>`
			`<key_hex id="0">83e84e9a4eb11535c0670dc62d808ee0</key_hex>`
			`<key id="1">abcdefghijklmnop</key>`
			`<current_key_id>{cur_id}</current_key_id>`
			`</aes_128_gcm_siv>`
			`<aes_256_gcm_siv>`
			`<key_hex id="0">83e84e9a4eb11535c0670dc62d808ee083e84e9a4eb11535c0670dc62d808ee0</key_hex>`
			`<key id="1">abcdefghijklmnopabcdefghijklmnop</key>`
			`<current_key_id>{cur_id}</current_key_id>`
			`</aes_256_gcm_siv>`
			`</encryption_codecs>`
Replace yandex to clickhouse in configs 2021-09-25 04:08:34 +00:00			`</clickhouse>`
Apply black formatter to all *.py files in the repo 2022-03-22 16:39:58 +00:00			`EOF""".format(`
			`cur_id=id`
			`),`
			`]`
			`)`
			`node.query("SYSTEM RELOAD CONFIG")`

Improve codec for encr 19896 (#27476) * change syntax of encrypted command * commit all encrypted changes * correct encryption * correct config for test * add tests and correct code style and typos * correct test * fix unbundled build * add log warning messages * improve code according to review comments * correct nonce * correct errors found by fuzzing * improve codec AES_128_GCM_SIV. Add AES_256_GCM_SIV. Add sections for last in tests. Improve documentation * Update CompressionCodecEncrypted.h * Update 01683_codec_encrypted.sql * correct compression factory after changes in master * correct behavior with wrong key in data * correct fuzzer * add connection for fuzzer with fix for compression_encrypted * refactor code * add load from config with throwing errors on server start * fix typos and check style * Update Server.cpp * correct loading and reading * refactor code. fix uninitialized value * refactor code * move defines from server to cpp file * correct build * remove repeated code * correct namespace * fix code style 2021-09-13 08:25:36 +00:00
			`def test_different_keys(start_cluster):`
			`make_storage_with_key(0)`
Apply black formatter to all *.py files in the repo 2022-03-22 16:39:58 +00:00			`node.query(`
			`"""`
Improve codec for encr 19896 (#27476) * change syntax of encrypted command * commit all encrypted changes * correct encryption * correct config for test * add tests and correct code style and typos * correct test * fix unbundled build * add log warning messages * improve code according to review comments * correct nonce * correct errors found by fuzzing * improve codec AES_128_GCM_SIV. Add AES_256_GCM_SIV. Add sections for last in tests. Improve documentation * Update CompressionCodecEncrypted.h * Update 01683_codec_encrypted.sql * correct compression factory after changes in master * correct behavior with wrong key in data * correct fuzzer * add connection for fuzzer with fix for compression_encrypted * refactor code * add load from config with throwing errors on server start * fix typos and check style * Update Server.cpp * correct loading and reading * refactor code. fix uninitialized value * refactor code * move defines from server to cpp file * correct build * remove repeated code * correct namespace * fix code style 2021-09-13 08:25:36 +00:00			`CREATE TABLE encrypted_test_128 (`
			`id Int64,`
			`data String Codec(AES_128_GCM_SIV)`
			`) ENGINE=MergeTree()`
			`ORDER BY id`
Apply black formatter to all *.py files in the repo 2022-03-22 16:39:58 +00:00			`"""`
			`)`
Improve codec for encr 19896 (#27476) * change syntax of encrypted command * commit all encrypted changes * correct encryption * correct config for test * add tests and correct code style and typos * correct test * fix unbundled build * add log warning messages * improve code according to review comments * correct nonce * correct errors found by fuzzing * improve codec AES_128_GCM_SIV. Add AES_256_GCM_SIV. Add sections for last in tests. Improve documentation * Update CompressionCodecEncrypted.h * Update 01683_codec_encrypted.sql * correct compression factory after changes in master * correct behavior with wrong key in data * correct fuzzer * add connection for fuzzer with fix for compression_encrypted * refactor code * add load from config with throwing errors on server start * fix typos and check style * Update Server.cpp * correct loading and reading * refactor code. fix uninitialized value * refactor code * move defines from server to cpp file * correct build * remove repeated code * correct namespace * fix code style 2021-09-13 08:25:36 +00:00
Apply black formatter to all *.py files in the repo 2022-03-22 16:39:58 +00:00			`node.query(`
			`"""`
Improve codec for encr 19896 (#27476) * change syntax of encrypted command * commit all encrypted changes * correct encryption * correct config for test * add tests and correct code style and typos * correct test * fix unbundled build * add log warning messages * improve code according to review comments * correct nonce * correct errors found by fuzzing * improve codec AES_128_GCM_SIV. Add AES_256_GCM_SIV. Add sections for last in tests. Improve documentation * Update CompressionCodecEncrypted.h * Update 01683_codec_encrypted.sql * correct compression factory after changes in master * correct behavior with wrong key in data * correct fuzzer * add connection for fuzzer with fix for compression_encrypted * refactor code * add load from config with throwing errors on server start * fix typos and check style * Update Server.cpp * correct loading and reading * refactor code. fix uninitialized value * refactor code * move defines from server to cpp file * correct build * remove repeated code * correct namespace * fix code style 2021-09-13 08:25:36 +00:00			`CREATE TABLE encrypted_test_256 (`
			`id Int64,`
			`data String Codec(AES_256_GCM_SIV)`
			`) ENGINE=MergeTree()`
			`ORDER BY id`
Apply black formatter to all *.py files in the repo 2022-03-22 16:39:58 +00:00			`"""`
			`)`

Improve codec for encr 19896 (#27476) * change syntax of encrypted command * commit all encrypted changes * correct encryption * correct config for test * add tests and correct code style and typos * correct test * fix unbundled build * add log warning messages * improve code according to review comments * correct nonce * correct errors found by fuzzing * improve codec AES_128_GCM_SIV. Add AES_256_GCM_SIV. Add sections for last in tests. Improve documentation * Update CompressionCodecEncrypted.h * Update 01683_codec_encrypted.sql * correct compression factory after changes in master * correct behavior with wrong key in data * correct fuzzer * add connection for fuzzer with fix for compression_encrypted * refactor code * add load from config with throwing errors on server start * fix typos and check style * Update Server.cpp * correct loading and reading * refactor code. fix uninitialized value * refactor code * move defines from server to cpp file * correct build * remove repeated code * correct namespace * fix code style 2021-09-13 08:25:36 +00:00			`node.query("INSERT INTO encrypted_test_128 VALUES (0,'data'),(1,'data')")`
			`select_query = "SELECT * FROM encrypted_test_128 ORDER BY id FORMAT Values"`
			`assert node.query(select_query) == "(0,'data'),(1,'data')"`

			`make_storage_with_key(1)`
			`node.query("INSERT INTO encrypted_test_128 VALUES (3,'text'),(4,'text')")`
			`select_query = "SELECT * FROM encrypted_test_128 ORDER BY id FORMAT Values"`
			`assert node.query(select_query) == "(0,'data'),(1,'data'),(3,'text'),(4,'text')"`

			`node.query("INSERT INTO encrypted_test_256 VALUES (0,'data'),(1,'data')")`
			`select_query = "SELECT * FROM encrypted_test_256 ORDER BY id FORMAT Values"`
			`assert node.query(select_query) == "(0,'data'),(1,'data')"`

			`make_storage_with_key(1)`
			`node.query("INSERT INTO encrypted_test_256 VALUES (3,'text'),(4,'text')")`
			`select_query = "SELECT * FROM encrypted_test_256 ORDER BY id FORMAT Values"`
			`assert node.query(select_query) == "(0,'data'),(1,'data'),(3,'text'),(4,'text')"`