Re: Key management with tests

On Tue, Jan 12, 2021 at 12:04:09PM -0500, Bruce Momjian wrote:
> On Sun, Jan 10, 2021 at 09:51:16AM -0500, Bruce Momjian wrote:
> > OK, here they are with numeric prefixes.  It was actually tricky to
> > figure out how to create a squashed format-patch based on another branch.
> 
> Here is an updated version built on top of Michael Paquier's patch
> posted here:
> 
>     https://www.postgresql.org/message-id/X/0IChOPHd+aYC1w@paquier.xyz
> 
> and included as my first attachment.  This will give Michael's patch
> cfbot testing too since the second attachment calls many of the first
> attachment's functions.

Now that Michael's hex encoding patch is committed, I am reposting my
key management patch without Michael's patch.  It is improved since the
mid-December version:

*  TAP tests for encrypt/decryption, wrapped key creation and decryption,
   and KEK rotation
*  built on top of new hex encoding functions in /common
*  passes cfbot testing
*  handles disabled OpenSSL library properly
*  handles Windows builds properly

I also learned a lot about format-patch, cfbot testing, and TAP tests.
:-)

It still can't test everything, like prompting from /dev/tty.  Also, if
we don't get data encryption into PG 14, we are going to need to hide
the user interface for some of this until it is useful.  Prompting from
/dev/tty for the TLS private key passphrase already works and will be a
useful PG 14 feature, so that part of the API will be visible in PG 14.

I am planning to apply this next week.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EnterpriseDB                             https://enterprisedb.com

  The usefulness of a cup is in its emptiness, Bruce Lee