github.com/cockroachdb/cockroach@v20.2.0-alpha.1+incompatible/pkg/ccl/storageccl/engineccl/testdata/data_key_manager (about) 1 # Test that starts with no keys and tests data keys being generated when store key is set, 2 # and periodic key rotation. 3 init 4 dir1 5 5 6 ---- 7 8 load 9 ---- 10 11 get-active-data-key 12 ---- 13 none 14 15 get-active-store-key 16 ---- 17 none 18 19 set-active-store-key id=foo 20 ---- 21 22 get-active-data-key 23 ---- 24 encryption_type:AES128_CTR source:"data key manager" parent_key_id:"foo" 25 26 record-active-data-key 27 ---- 28 29 wait 30 2 31 ---- 32 33 compare-active-data-key 34 ---- 35 same 36 37 wait 38 4 39 ---- 40 41 compare-active-data-key 42 ---- 43 different 44 45 get-active-data-key 46 ---- 47 encryption_type:AES128_CTR creation_time:6 source:"data key manager" parent_key_id:"foo" 48 49 record-active-data-key 50 ---- 51 52 check-all-recorded-data-keys 53 ---- 54 55 # Test that starts with one active data and store key. Checks that data key is not rotated 56 # until SetActiveStoreKeyInfo is called. Also tests key rotation and holding multiple store 57 # and data keys. 58 init 59 dir2 60 5 61 active-store-key foo 62 active-data-key data1 63 ---- 64 65 load 66 ---- 67 68 get-active-data-key 69 ---- 70 encryption_type:AES192_CTR 71 72 get-active-store-key 73 ---- 74 foo 75 76 record-active-data-key 77 ---- 78 79 wait 80 10 81 ---- 82 83 compare-active-data-key 84 ---- 85 same 86 87 set-active-store-key id=bar 88 ---- 89 90 get-store-key id=foo 91 ---- 92 encryption_type:AES128_CTR key_id:"foo" 93 94 get-store-key id=bar 95 ---- 96 encryption_type:AES128_CTR key_id:"bar" 97 98 get-store-key id=baz 99 ---- 100 none 101 102 get-active-store-key 103 ---- 104 bar 105 106 compare-active-data-key 107 ---- 108 different 109 110 get-active-data-key 111 ---- 112 encryption_type:AES128_CTR creation_time:16 source:"data key manager" parent_key_id:"bar" 113 114 check-exposed val=false 115 ---- 116 117 check-exposed val=true 118 ---- 119 WasExposed: actual: false, expected: true 120 121 record-active-data-key 122 ---- 123 124 check-all-recorded-data-keys 125 ---- 126 127 # This call is not changing the active store key, so the data key will not be rotated. 128 set-active-store-key id=bar 129 ---- 130 131 compare-active-data-key 132 ---- 133 same 134 135 set-active-store-key id=baz 136 ---- 137 138 get-active-store-key 139 ---- 140 baz 141 142 compare-active-data-key 143 ---- 144 different 145 146 get-active-data-key 147 ---- 148 encryption_type:AES128_CTR creation_time:16 source:"data key manager" parent_key_id:"baz" 149 150 record-active-data-key 151 ---- 152 153 check-all-recorded-data-keys 154 ---- 155 156 check-exposed val=false 157 ---- 158 159 # Test that keys transition to exposed. 160 init 161 dir3 162 5 163 active-store-key foo 164 active-data-key data1 165 ---- 166 167 load 168 ---- 169 170 check-exposed val=false 171 ---- 172 173 get-active-data-key 174 ---- 175 encryption_type:AES192_CTR 176 177 set-active-store-key-plain id=bar 178 ---- 179 180 check-exposed val=true 181 ---- 182 183 get-active-data-key 184 ---- 185 creation_time:16 source:"data key manager" was_exposed:true parent_key_id:"bar" 186