PG-1447 Test and fix support for template databases

[jeltz]

Using a database with encrypted relations as template works with the WAL_LOG strategy as long as you have configured a default principal key. It is a bit hackish but works and since encrypted objects in a template database is likely to be an uncommon use case this is fine for now.

The test file is put last in the test run order since there is still no good way to clean up default principal keys.

Additionally we assert there are no encrypted relations when using FILE_COPY.

The FILE_COPY strategy of CREATE DATABASE does not use the SMGR so it cannot properly copy and re-encrypt encrypted relations. So we check for such relations and error out if any are found.

We look for encrypted relations simply by counting the number of keys in the key map file of the database. This simple approach is fine even with the risk of a left-over key from a crash or a bug due to the FILE_COPY strategy being rare and that we therefore want to keep this code minimal.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 84.00000% with 12 lines in your changes missing coverage. Please review.

Project coverage is 79.03%. Comparing base (fd43ead) to head (9a8e257).

❌ Your project status has failed because the head coverage (79.03%) is below the target coverage (90.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@                  Coverage Diff                  @@
##           TDE_REL_17_STABLE     #270      +/-   ##
=====================================================
+ Coverage              78.93%   79.03%   +0.10%     
=====================================================
  Files                     22       22              
  Lines                   2464     2533      +69     
  Branches                 385      397      +12     
=====================================================
+ Hits                    1945     2002      +57     
- Misses                   444      452       +8     
- Partials                  75       79       +4     

Components	Coverage Δ
access	81.57% <86.95%> (+0.02%)	⬆️
catalog	86.32% <ø> (ø)
common	92.50% <ø> (ø)
encryption	71.90% <ø> (ø)
keyring	72.07% <ø> (ø)
src	59.56% <82.69%> (+3.83%)	⬆️
smgr	98.01% <ø> (ø)
transam	∅ <ø> (∅)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[dutow]

Something seems to be wrong in this testcase - this database already exists.

The description also said it only works if we have a default key, but we didn't have one during the previous create db.

[jeltz]

This seems possibly like a bug unrelated to the PR. And since it only happens when when TDE is enabled for the whole test suite it will not directly be an issue now that that has been changed but I think we should take a look and try to figure out if I accidentally found a bug here.

[jeltz]

No, the bug was in my test script. Doh. The issue is that we cannot delete the current default principal key. These tests used to run before the default key provider tests.

[jeltz]

Fixed by adding a comment and commenting out the code.

[AndersAstrand]

The comment in Makefile and meson.build should probably be clearer.

[AndersAstrand]

This sentence makes no sense to me, but looking at the code it seems like you want to say that default_principal_key needs to run after key_provider, and create_database needs to run after default_principal_key?

[jeltz]

Yes, I was lazy when writing it. Should fix it.

[jeltz]

The issue is that there is currently no way to delete default principal keys so these tests becom order dependent.

[jeltz]

Fixed.