Skip to content

Commit a18b586

Browse files
jeltzjeltz
committed
PG-1437 Add a test for changing the keyring provider type
Longterm we may want to allow this to prevent users from breaking stuff but for now we add a test to make it clear that changing the provider is currently allowed.
1 parent 725c34d commit a18b586

File tree

3 files changed

+31
-3
lines changed

3 files changed

+31
-3
lines changed

contrib/pg_tde/expected/key_provider.out

+14-1
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,20 @@ SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
101101
-2 | file-keyring2
102102
(2 rows)
103103

104-
-- TODO: verify that we can also can change the type of it
104+
\getenv root_token ROOT_TOKEN
105+
SELECT pg_tde_change_database_key_provider_vault_v2('file-provider', :'root_token', 'http://127.0.0.1:8200', 'secret', NULL);
106+
pg_tde_change_database_key_provider_vault_v2
107+
----------------------------------------------
108+
1
109+
(1 row)
110+
111+
SELECT id, provider_name, provider_type FROM pg_tde_list_all_database_key_providers();
112+
id | provider_name | provider_type
113+
----+----------------+---------------
114+
1 | file-provider | vault-v2
115+
2 | file-provider2 | file
116+
(2 rows)
117+
105118
-- fails
106119
SELECT pg_tde_delete_database_key_provider('file-provider');
107120
ERROR: Can't delete a provider which is currently in use

contrib/pg_tde/expected/key_provider_1.out

+14-1
Original file line numberDiff line numberDiff line change
@@ -102,7 +102,20 @@ SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
102102
-3 | file-keyring2
103103
(3 rows)
104104

105-
-- TODO: verify that we can also can change the type of it
105+
\getenv root_token ROOT_TOKEN
106+
SELECT pg_tde_change_database_key_provider_vault_v2('file-provider', :'root_token', 'http://127.0.0.1:8200', 'secret', NULL);
107+
pg_tde_change_database_key_provider_vault_v2
108+
----------------------------------------------
109+
1
110+
(1 row)
111+
112+
SELECT id, provider_name, provider_type FROM pg_tde_list_all_database_key_providers();
113+
id | provider_name | provider_type
114+
----+----------------+---------------
115+
1 | file-provider | vault-v2
116+
2 | file-provider2 | file
117+
(2 rows)
118+
106119
-- fails
107120
SELECT pg_tde_delete_database_key_provider('file-provider');
108121
ERROR: Can't delete a provider which is currently in use

contrib/pg_tde/sql/key_provider.sql

+3-1
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,9 @@ SELECT pg_tde_add_global_key_provider_file('file-keyring2','/tmp/pg_tde_test_key
3232

3333
SELECT id, provider_name FROM pg_tde_list_all_global_key_providers();
3434

35-
-- TODO: verify that we can also can change the type of it
35+
\getenv root_token ROOT_TOKEN
36+
SELECT pg_tde_change_database_key_provider_vault_v2('file-provider', :'root_token', 'http://127.0.0.1:8200', 'secret', NULL);
37+
SELECT id, provider_name, provider_type FROM pg_tde_list_all_database_key_providers();
3638

3739
-- fails
3840
SELECT pg_tde_delete_database_key_provider('file-provider');

0 commit comments

Comments
 (0)