percona · codeforall · Jul 5, 2024 · Jul 3, 2024 · Jul 3, 2024 · Jul 5, 2024
@@ -23,11 +23,4 @@ SELECT pg_tde_set_principal_key('test-db-principal-key','mk-file');
  t
 (1 row)
 
--- Try dropping the in-use key provider
-DELETE FROM percona_tde.pg_tde_key_provider WHERE provider_name = 'mk-file'; -- Should fail
-ERROR:  Key provider "mk-file" cannot be deleted
-DETAIL:  The principal key for the database depends on this key provider.
--- Now delete the un-used  key provider
-DELETE FROM percona_tde.pg_tde_key_provider WHERE provider_name = 'free-file'; -- Should pass
-DELETE FROM percona_tde.pg_tde_key_provider WHERE provider_name = 'V2-vault'; -- Should pass
 DROP EXTENSION pg_tde;
@@ -3,37 +3,16 @@
 -- complain if script is sourced in psql, rather than via CREATE EXTENSION
 \echo Use "CREATE EXTENSION pg_tde" to load this file. \quit
 
--- pg_tde catalog tables
-CREATE SCHEMA percona_tde;
--- Note: The table is created using heap storage becasue we do not want this table
--- to be encrypted by pg_tde. This table is used to store key provider information
--- and we do not want to encrypt this table using pg_tde.
-CREATE TABLE percona_tde.pg_tde_key_provider(provider_id SERIAL,
-        keyring_type VARCHAR(10) CHECK (keyring_type IN ('file', 'vault-v2')),
-        provider_name VARCHAR(255) UNIQUE NOT NULL, options JSON, PRIMARY KEY(provider_id)) using heap;
-
--- If you want to add new provider types, you need to make appropriate changes
--- in include/catalog/tde_keyring.h and src/catalog/tde_keyring.c files.
-
-SELECT pg_catalog.pg_extension_config_dump('percona_tde.pg_tde_key_provider', '');
-
--- Trigger function to check principal key dependency on key provider row
-CREATE FUNCTION keyring_delete_dependency_check_trigger()
-RETURNS TRIGGER
+-- Key Provider Management
+CREATE FUNCTION pg_tde_add_key_provider_internal(provider_type VARCHAR(10), provider_name VARCHAR(128), options JSON)
+RETURNS INT
 AS 'MODULE_PATHNAME'
 LANGUAGE C;
 
-CREATE TRIGGER pg_tde_key_provider_delete_dependency_check_trigger
-BEFORE DELETE ON percona_tde.pg_tde_key_provider
-FOR EACH ROW
-EXECUTE FUNCTION keyring_delete_dependency_check_trigger();
-
--- Key Provider Management
-
 CREATE OR REPLACE FUNCTION pg_tde_add_key_provider(provider_type VARCHAR(10), provider_name VARCHAR(128), options JSON)
 RETURNS INT
 AS $$
-    INSERT INTO percona_tde.pg_tde_key_provider (keyring_type, provider_name, options) VALUES (provider_type, provider_name, options) RETURNING provider_id;
+    SELECT pg_tde_add_key_provider_internal(provider_type, provider_name, options);
 $$
 LANGUAGE SQL;
 
@@ -77,10 +56,6 @@ AS $$
 $$
 LANGUAGE SQL;
 
-CREATE FUNCTION pg_tde_get_keyprovider(provider_name text)
-RETURNS VOID
-AS 'MODULE_PATHNAME'
-LANGUAGE C;
 -- Table access method
 CREATE FUNCTION pg_tdeam_handler(internal)
 RETURNS table_am_handler

@@ -6,10 +6,4 @@ SELECT pg_tde_add_key_provider_vault_v2('V2-vault','vault-token','percona.com/va
 
 SELECT pg_tde_set_principal_key('test-db-principal-key','mk-file');
 
--- Try dropping the in-use key provider
-DELETE FROM percona_tde.pg_tde_key_provider WHERE provider_name = 'mk-file'; -- Should fail
--- Now delete the un-used  key provider
-DELETE FROM percona_tde.pg_tde_key_provider WHERE provider_name = 'free-file'; -- Should pass
-DELETE FROM percona_tde.pg_tde_key_provider WHERE provider_name = 'V2-vault'; -- Should pass
-
 DROP EXTENSION pg_tde;
@@ -12,7 +12,6 @@
 
 #include "postgres.h"
 #include "access/pg_tde_tdemap.h"
-#include "catalog/pg_tablespace_d.h"
 #include "transam/pg_tde_xact_handler.h"
 #include "storage/fd.h"
 #include "utils/wait_event.h"
@@ -29,6 +28,7 @@
 #include "encryption/enc_aes.h"
 #include "encryption/enc_tde.h"
 #include "keyring/keyring_api.h"
+#include "common/pg_tde_utils.h"
 
 #include <openssl/rand.h>
 #include <openssl/err.h>
@@ -273,21 +273,13 @@ tde_decrypt_rel_key(TDEPrincipalKey *principal_key, RelKeyData *enc_rel_key_data
 inline void
 pg_tde_set_db_file_paths(const RelFileLocator *rlocator, char *map_path, char *keydata_path)
 {
-	char *db_path;
-
-	/* If this is a global space, than the call might be in a critial section
-	 * (during XLog write) so we can't do GetDatabasePath as it calls palloc()
-	 */
-	if (rlocator->spcOid == GLOBALTABLESPACE_OID)
-		db_path = "global";
-	else
-		db_path = GetDatabasePath(rlocator->dbOid, rlocator->spcOid);
-
+	char *db_path = pg_tde_get_tde_file_dir(rlocator->dbOid, rlocator->spcOid);
 
 	if (map_path)
 		join_path_components(map_path, db_path, PG_TDE_MAP_FILENAME);
 	if (keydata_path)
 		join_path_components(keydata_path, db_path, PG_TDE_KEYDATA_FILENAME);
+	pfree(db_path);
 }
 
 /*