Repository encryption support.

Contributed by Cynthia Shang.
2025-09-16 09:06:18 +02:00 · 2017-11-06 12:51:12 -05:00
parent f07d2a3d0d
commit b03c26968a
83 changed files with 3754 additions and 1868 deletions
--- a/test/lib/pgBackRestTest/Module/Real/RealAllTest.pm
+++ b/test/lib/pgBackRestTest/Module/Real/RealAllTest.pm
@@ -56,10 +56,12 @@ sub run
        $bS3 || $bHostBackup ? (HOST_BACKUP) : $bHostStandby ? (HOST_DB_MASTER, HOST_DB_STANDBY) : (HOST_DB_MASTER))
    {
        my $bCompress = $bHostBackup && !$bHostStandby;
+        my $bRepoEncrypt = ($bCompress && !$bS3) ? true : false;

        # Increment the run, log, and decide whether this unit test should be run
        next if (!$self->begin(
-            "bkp ${bHostBackup}, sby ${bHostStandby}, dst ${strBackupDestination}, cmp ${bCompress}, s3 ${bS3}",
+            "bkp ${bHostBackup}, sby ${bHostStandby}, dst ${strBackupDestination}, cmp ${bCompress}, s3 ${bS3}, " .
+                "enc ${bRepoEncrypt}",
            $self->pgVersion() eq PG_VERSION_96));

        # Skip when s3 and host backup tests when there is more than one version of pg being tested and this is not the last one
@@ -91,10 +93,7 @@ sub run
        my ($oHostDbMaster, $oHostDbStandby, $oHostBackup, $oHostS3) = $self->setup(
            false, $self->expect(),
            {bHostBackup => $bHostBackup, bStandby => $bHostStandby, strBackupDestination => $strBackupDestination,
-             bCompress => $bCompress, bArchiveAsync => false, bS3 => $bS3});
-
-        # Create a manifest with the pg version to get version-specific paths
-        my $oManifest = new pgBackRest::Manifest(BOGUS, {bLoad => false, strDbVersion => $self->pgVersion()});
+             bCompress => $bCompress, bArchiveAsync => false, bS3 => $bS3, bRepoEncrypt => $bRepoEncrypt});

        # Only perform extra tests on certain runs to save time
        my $bTestLocal = $self->runCurrent() == 1;
@@ -114,6 +113,14 @@ sub run
        # Create the stanza
        $oHostBackup->stanzaCreate('main create stanza info files');

+        # Get passphrase to access the Manifest file from backup.info - returns undefined if repo not encrypted
+        my $strCipherPass =
+            (new pgBackRest::Backup::Info(storageRepo()->pathGet(STORAGE_REPO_BACKUP)))->cipherPassSub();
+
+        # Create a manifest with the pg version to get version-specific paths
+        my $oManifest = new pgBackRest::Manifest(BOGUS, {bLoad => false, strDbVersion => $self->pgVersion(),
+            strCipherPass => $strCipherPass, strCipherPassSub => $bRepoEncrypt ? ENCRYPTION_KEY_BACKUPSET : undef});
+
        # Static backup parameters
        my $fTestDelay = 1;

@@ -295,12 +302,15 @@ sub run
                    {iExpectedExitStatus => ERROR_PATH_NOT_EMPTY});
            }

-            # Force the backup.info file to be recreated
-            $oHostBackup->stanzaCreate('verify success with force', {strOptionalParam => ' --' . cfgOptionName(CFGOPT_FORCE)});
+            if (!$bRepoEncrypt)
+            {
+                # Force the backup.info file to be recreated
+                $oHostBackup->stanzaCreate('verify success with force', {strOptionalParam => ' --' . cfgOptionName(CFGOPT_FORCE)});

-            # Remove the backup info file
-            forceStorageRemove(storageRepo(), STORAGE_REPO_BACKUP . qw{/} . FILE_BACKUP_INFO);
-            forceStorageRemove(storageRepo(), STORAGE_REPO_BACKUP . qw{/} . FILE_BACKUP_INFO . INI_COPY_EXT);
+                # Remove the backup info file
+                forceStorageRemove(storageRepo(), STORAGE_REPO_BACKUP . qw{/} . FILE_BACKUP_INFO);
+                forceStorageRemove(storageRepo(), STORAGE_REPO_BACKUP . qw{/} . FILE_BACKUP_INFO . INI_COPY_EXT);
+            }

            # Change the database version by copying a new pg_control file to a new db-path to use for db mismatch test
            storageDb()->pathCreate(
@@ -319,10 +329,19 @@ sub run
                    $oHostDbMaster->dbPath() . '/testbase/' . DB_FILE_PGCONTROL);
            }

-            # Run stanza-create online to confirm proper handling of configValidation error against new db-path
-            $oHostBackup->stanzaCreate('fail on database mismatch with directory',
-                {strOptionalParam => ' --' . $oHostBackup->optionIndexName(CFGOPT_DB_PATH, 1) . '=' . $oHostDbMaster->dbPath() .
-                '/testbase/', iExpectedExitStatus => ERROR_DB_MISMATCH});
+            if (!$bRepoEncrypt)
+            {
+                # Run stanza-create online to confirm proper handling of configValidation error against new db-path
+                $oHostBackup->stanzaCreate('fail on database mismatch with directory',
+                    {strOptionalParam => ' --' . $oHostBackup->optionIndexName(CFGOPT_DB_PATH, 1) . '=' . $oHostDbMaster->dbPath() .
+                    '/testbase/', iExpectedExitStatus => ERROR_DB_MISMATCH});
+            }
+            # If encrypted, need to clean out repo and recreate
+            else
+            {
+                forceStorageRemove(storageRepo(), STORAGE_REPO_BACKUP, {bRecurse => true});
+                forceStorageRemove(storageRepo(), STORAGE_REPO_ARCHIVE, {bRecurse => true});
+            }

            # Stanza Upgrade - tests configValidate code - all other tests in synthetic integration tests
            #-----------------------------------------------------------------------------------------------------------------------