PROTOTYPE: tablespace based encryption#576
Draft
dutow wants to merge 1 commit into
Draft
Conversation
THIS IS A DRAFT/PROTOTYPE Adds basic tablespace support on top of existing code. tde_heap is not marked as deprecated (yet) Different related relations (e.g. table data and indexes) can have different encryption status, some can be on encrypted tablespace while others are plaintext. Adds a helper function that list such objects, also used in the test suite. Encryption marker for tablespaces is a single file in the pg_tde directory. A production implementation would need a bit more logic, this is kept simple as that wasn't the point of the prototype. Most of the code is trivial additions, the tricky part is the crash safety/ordering of the tablespace marking functions. Most of the commit is the test suite, code changes are relatively small. We'll definitely have to simplify that part if we want to go in this direction, for now it should be fine - let's focus on reviewing the code part :)
Codecov Report❌ Patch coverage is ❌ Your project status has failed because the head coverage (76.56%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage. Additional details and impacted files@@ Coverage Diff @@
## main #576 +/- ##
==========================================
+ Coverage 57.67% 58.29% +0.62%
==========================================
Files 68 69 +1
Lines 10749 11048 +299
Branches 2647 2733 +86
==========================================
+ Hits 6199 6440 +241
- Misses 3280 3311 +31
- Partials 1270 1297 +27
🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
THIS IS A DRAFT/PROTOTYPE
Adds basic tablespace support on top of existing code. tde_heap is not marked as deprecated (yet)
Different related relations (e.g. table data and indexes) can have different encryption status, some can be on encrypted tablespace while others are plaintext.
Adds a helper function that list such objects, also used in the test suite.
Encryption marker for tablespaces is a single file in the pg_tde directory. A production implementation would need a bit more logic, this is kept simple as that wasn't the point of the prototype.
Most of the code is trivial additions, the tricky part is the crash safety/ordering of the tablespace marking functions.
Most of the commit is the test suite, code changes are relatively small. We'll definitely have to simplify that part if we want to go in this direction, for now it should be fine - let's focus on reviewing the code part :)