BUG##30787535 : FULLTEXT INDEX TABLES CREATED IN ENCRYPTED SCHEMA ARE NOT

                ENCRYPTED

Issue:
  When in an encrypted table, an FTS index is created, there are some aux
  tables (thus tablespaces with ibd files) are created for FTS. If the table
  is encrypted, then the FTS tablespaces are supposed to be encrypted too,
  which were not.

Cause:
  When FTS aux tables are created, for those tables, flags are borrowed from
  main table. While copying those flags, encryption flag was not copied, thus
  aux tables were always created as not encrypted.

Fix:
  Made sure that when the table flags are being copied for aux tables for FTS,
  encryption flag is also copied.

RB          : 23906
Reviewed-by : Rahul Agarkar <[email protected]>

Author: mayprasa

mysql-test/suite/innodb/r/table_encrypt_fts.result

@@ -0,0 +1,45 @@
+#
+# Bug#30787535 : FULLTEXT INDEX TABLES CREATED IN ENCRYPTED SCHEMA ARE NOT ENCRYPTED
+#
+#########
+# SETUP #
+#########
+
+#########################################################################
+# RESTART 1 : WITH KEYRING PLUGIN
+#########################################################################
+# Create a new 'unencrypted' table
+CREATE TABLE t1 (id INT UNSIGNED AUTO_INCREMENT NOT NULL PRIMARY KEY,
+C1 TEXT(500),
+C2 VARCHAR(200),
+C3 VARCHAR(200)) ENCRYPTION='N' ENGINE=InnoDB;
+set global innodb_buf_flush_list_now = 1;
+# ---------------------------------------------------------------
+# Test 1 : t1 un-encrypted, FTS tables should also be unencrypted
+# ---------------------------------------------------------------
+# Check that tablespace file is not encrypted
+# Print result
+table space is Unencrypted.
+CREATE FULLTEXT INDEX idx ON t1(C1);
+Warnings:
+Warning	124	InnoDB rebuilding table to add column FTS_DOC_ID
+set global innodb_buf_flush_list_now = 1;
+# Check that FTS tablespaces file is not encrypted
+# Print result
+table space is Unencrypted.
+# ---------------------------------------------------------------
+# Test 1 : t1 encrypted, FTS tables should also be unencrypted
+# ---------------------------------------------------------------
+ALTER TABLE t1 ENCRYPTION='Y';
+# Check that tablespace file is encrypted now
+# Print result
+table space is Encrypted.
+# Check that FTS tablespace file is encrypted now
+# Print result
+table space is Encrypted.
+###########
+# CLEANUP #
+###########
+DROP TABLE test.t1;
+# Restarting server without keyring to restore server state
+# restart: 

mysql-test/suite/innodb/t/table_encrypt_fts.test

@@ -0,0 +1,80 @@
+--echo #
+--echo # Bug#30787535 : FULLTEXT INDEX TABLES CREATED IN ENCRYPTED SCHEMA ARE NOT ENCRYPTED
+--echo #
+
+################################################################################
+# For an encrypted table, this test case checks physical ibd file for :
+#	- table
+#	- fts table created for an FTS index on table
+#	- Other aux tables created for FTS index
+#  to see if they are encrypted.
+################################################################################
+# Disable in valgrind because of timeout, cf. Bug#22760145
+--source include/not_valgrind.inc
+# Waiting time when (re)starting the server
+--let $explicit_default_wait_counter=10000;
+
+--echo #########
+--echo # SETUP #
+--echo #########
+--echo
+let datadir=`SELECT @@datadir`;
+let search_pattern=supremum;
+
+--echo #########################################################################
+--echo # RESTART 1 : WITH KEYRING PLUGIN
+--echo #########################################################################
+let $restart_parameters = restart: --early-plugin-load=keyring_file=$KEYRING_PLUGIN --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring $KEYRING_PLUGIN_OPT;
+--source include/restart_mysqld_no_echo.inc
+
+--echo # Create a new 'unencrypted' table
+CREATE TABLE t1 (id INT UNSIGNED AUTO_INCREMENT NOT NULL PRIMARY KEY,
+                 C1 TEXT(500),
+                 C2 VARCHAR(200),
+                 C3 VARCHAR(200)) ENCRYPTION='N' ENGINE=InnoDB;
+
+# Make sure all pages are flushed
+set global innodb_buf_flush_list_now = 1;
+
+--echo # ---------------------------------------------------------------
+--echo # Test 1 : t1 un-encrypted, FTS tables should also be unencrypted
+--echo # ---------------------------------------------------------------
+--echo # Check that tablespace file is not encrypted
+--let ts_name=test/t1.ibd
+--source include/if_encrypted.inc
+
+CREATE FULLTEXT INDEX idx ON t1(C1);
+
+# Make sure all pages are flushed
+set global innodb_buf_flush_list_now = 1;
+
+--let ts_name = `select NAME from information_schema.innodb_tables where name like "%index_1%";`
+--let ts_name = $ts_name.ibd
+--echo # Check that FTS tablespaces file is not encrypted
+--source include/if_encrypted.inc
+
+--echo # ---------------------------------------------------------------
+--echo # Test 1 : t1 encrypted, FTS tables should also be unencrypted
+--echo # ---------------------------------------------------------------
+# Now, change the encryption property of table
+ALTER TABLE t1 ENCRYPTION='Y';
+
+--echo # Check that tablespace file is encrypted now
+--let ts_name=test/t1.ibd
+--source include/if_encrypted.inc
+
+--let ts_name = `select NAME from information_schema.innodb_tables where name like "%index_1%";`
+--let ts_name = $ts_name.ibd
+--echo # Check that FTS tablespace file is encrypted now
+--source include/if_encrypted.inc
+
+--echo ###########
+--echo # CLEANUP #
+--echo ###########
+DROP TABLE test.t1;
+remove_file $MYSQLTEST_VARDIR/tmpfile.txt;
+remove_file $MYSQL_TMP_DIR/mysecret_keyring;
+
+--echo # Restarting server without keyring to restore server state
+let $restart_parameters = restart: ;
+--source include/restart_mysqld.inc

storage/innobase/fts/fts0fts.cc

@@ -1758,9 +1758,10 @@ tables.
 @param[in]	flags2	Table flags2
 @return extracted flags2 for FTS aux tables */
 static inline uint32_t fts_get_table_flags2_for_aux_tables(uint32_t flags2) {
-  /* Extract the file_per_table flag & temporary file flag
+  /* Extract the file_per_table flag, temporary file flag and encryption flag
   from the main FTS table flags2 */
   return ((flags2 & DICT_TF2_USE_FILE_PER_TABLE) |
+          (flags2 & DICT_TF2_ENCRYPTION_FILE_PER_TABLE) |
           (flags2 & DICT_TF2_TEMPORARY) | DICT_TF2_AUX);
 }