PG-1870 Enable table encryption by default in TAP

This enables table encryption by default in TAP tests when TDE_MODE=1.
Use TDE_MODE_SMGR=0 to turn off table encryption when running with
pg_tde loaded.

The setup for running regress with tde turned on has been slightly
modified to match what is done for TAP tests to let tests that run the
regress suite under TAP work.

Author: AndersAstrand

ci_scripts/tde_setup.sql

@@ -1,6 +1,6 @@
-CREATE SCHEMA IF NOT EXISTS tde;
-CREATE EXTENSION IF NOT EXISTS pg_tde SCHEMA tde;
+CREATE SCHEMA IF NOT EXISTS _pg_tde;
+CREATE EXTENSION IF NOT EXISTS pg_tde SCHEMA _pg_tde;
 \! rm -f '/tmp/pg_tde_test_keyring.per'
-SELECT tde.pg_tde_add_database_key_provider_file('reg_file-vault', '/tmp/pg_tde_test_keyring.per');
-SELECT tde.pg_tde_create_key_using_database_key_provider('test-db-key', 'reg_file-vault');
-SELECT tde.pg_tde_set_key_using_database_key_provider('test-db-key', 'reg_file-vault');
+SELECT _pg_tde.pg_tde_add_database_key_provider_file('reg_file-vault', '/tmp/pg_tde_test_keyring.per');
+SELECT _pg_tde.pg_tde_create_key_using_database_key_provider('test-db-key', 'reg_file-vault');
+SELECT _pg_tde.pg_tde_set_key_using_database_key_provider('test-db-key', 'reg_file-vault');

ci_scripts/tde_setup_global.sql

@@ -1,11 +1,10 @@
-CREATE SCHEMA tde;
-CREATE EXTENSION IF NOT EXISTS pg_tde SCHEMA tde;
+CREATE SCHEMA IF NOT EXISTS _pg_tde;
+CREATE EXTENSION IF NOT EXISTS pg_tde SCHEMA _pg_tde;
 
 \! rm -f '/tmp/pg_tde_test_keyring.per'
-SELECT tde.pg_tde_add_global_key_provider_file('reg_file-global', '/tmp/pg_tde_test_keyring.per');
-SELECT tde.pg_tde_create_key_using_global_key_provider('server-key', 'reg_file-global');
-SELECT tde.pg_tde_set_server_key_using_global_key_provider('server-key', 'reg_file-global');
+SELECT _pg_tde.pg_tde_add_global_key_provider_file('reg_file-global', '/tmp/pg_tde_test_keyring.per');
+SELECT _pg_tde.pg_tde_create_key_using_global_key_provider('server-key', 'reg_file-global');
+SELECT _pg_tde.pg_tde_set_server_key_using_global_key_provider('server-key', 'reg_file-global');
 ALTER SYSTEM SET pg_tde.wal_encrypt = on;
 ALTER SYSTEM SET default_table_access_method = 'tde_heap';
-ALTER SYSTEM SET search_path = "$user",public,tde;
 -- restart required

contrib/amcheck/t/001_verify_heapam.pl

@@ -9,6 +9,11 @@
 
 use Test::More;
 
+if ($ENV{TDE_MODE_SMGR} and not $ENV{TDE_MODE_NOSKIP})
+{
+	plan skip_all => "hacks relation files directly for scaffolding";
+}
+
 my ($node, $result);
 
 #

src/bin/pg_amcheck/t/003_check.pl

@@ -9,6 +9,11 @@
 
 use Test::More;
 
+if ($ENV{TDE_MODE_SMGR} and not $ENV{TDE_MODE_NOSKIP})
+{
+	plan skip_all => "hacks relation files directly for scaffolding";
+}
+
 my ($node, $port, %corrupt_page, %remove_relation);
 
 # Returns the filesystem path for the named relation.

src/bin/pg_amcheck/t/005_opclass_damage.pl

@@ -10,6 +10,11 @@
 use PostgreSQL::Test::Utils;
 use Test::More;
 
+if ($ENV{TDE_MODE_SMGR} and not $ENV{TDE_MODE_NOSKIP})
+{
+	plan skip_all => 'investigate why this fails';
+}
+
 my $node = PostgreSQL::Test::Cluster->new('test');
 $node->init;
 $node->start;

src/bin/pg_basebackup/t/010_pg_basebackup.pl

@@ -16,6 +16,12 @@
 	  "pg_basebackup without -E from server with encrypted WAL produces broken backups";
 }
 
+if ($ENV{TDE_MODE_SMGR} and not $ENV{TDE_MODE_NOSKIP})
+{
+	plan skip_all =>
+	  'uses corrupt_page_checksum to directly hack relation files';
+}
+
 program_help_ok('pg_basebackup');
 program_version_ok('pg_basebackup');
 program_options_handling_ok('pg_basebackup');

src/bin/pg_checksums/t/002_actions.pl

@@ -12,6 +12,11 @@
 
 use Test::More;
 
+if ($ENV{TDE_MODE_SMGR} and not $ENV{TDE_MODE_NOSKIP})
+{
+	plan skip_all =>
+	  'uses corrupt_page_checksum to directly hack relation files';
+}
 
 # Utility routine to create and check a table with corrupted checksums
 # on a wanted tablespace.  Note that this stops and starts the node

src/bin/pg_dump/t/004_pg_dump_parallel.pl

@@ -8,6 +8,12 @@
 use PostgreSQL::Test::Utils;
 use Test::More;
 
+if ($ENV{TDE_MODE_SMGR} and not $ENV{TDE_MODE_NOSKIP})
+{
+	plan skip_all =>
+	  'pg_restore fail to restore _pg_tde schema on cluster which already has it';
+}
+
 my $dbname1 = 'regression_src';
 my $dbname2 = 'regression_dest1';
 my $dbname3 = 'regression_dest2';

src/bin/pg_dump/t/010_dump_connstr.pl

@@ -8,6 +8,12 @@
 use PostgreSQL::Test::Utils;
 use Test::More;
 
+if ($ENV{TDE_MODE_SMGR} and not $ENV{TDE_MODE_NOSKIP})
+{
+	plan skip_all =>
+	  'pg_restore fail to restore _pg_tde schema on cluster which already has it';
+}
+
 if ($PostgreSQL::Test::Utils::is_msys2)
 {
 	plan skip_all => 'High bit name tests fail on Msys2';

src/bin/pg_upgrade/t/002_pg_upgrade.pl

@@ -15,6 +15,12 @@
 use PostgreSQL::Test::AdjustUpgrade;
 use Test::More;
 
+if ($ENV{TDE_MODE_SMGR} and not $ENV{TDE_MODE_NOSKIP})
+{
+	plan skip_all =>
+	  'pg_restore fail to restore _pg_tde schema on cluster which already has it';
+}
+
 # Can be changed to test the other modes.
 my $mode = $ENV{PG_TEST_PG_UPGRADE_MODE} || '--copy';