BUG##30787535 : FULLTEXT INDEX TABLES CREATED IN ENCRYPTED SCHEMA ARE NOT

                ENCRYPTED

Issue:
  When in an encrypted table, an FTS index is created, there are some aux
  tables (thus tablespaces with ibd files) are created for FTS. If the table
  is encrypted, then the FTS tablespaces are supposed to be encrypted too,
  which were not.

Cause:
  When FTS aux tables are created, for those tables, flags are borrowed from
  main table. While copying those flags, encryption flag was not copied, thus
  aux tables were always created as not encrypted.

Fix:
  Made sure that when the table flags are being copied for aux tables for FTS,
  encryption flag is also copied.

RB          : 23923
Reviewed-by : Rahul Agarkar <[email protected]>

Author: mayprasa

mysql-test/include/if_encrypted.inc

@@ -0,0 +1,36 @@
+#################### Perl module starts ####################
+perl;
+my $d_dir = $ENV{'datadir'};
+my $s_pattern = $ENV{'search_pattern'};
+my $filename = $ENV{'ts_name'};
+my $ts_filename="$d_dir/$filename";
+open TS_FILE, "<$ts_filename" or die "$!";
+@lines = <TS_FILE>;
+close TS_FILE;
+
+my $vardir = $ENV{'MYSQLTEST_VARDIR'};
+my $filename="$vardir/tmpfile.txt";
+open(OP_FILE, '>', $filename) or die "$!";
+
+my $found = 0;
+foreach $line (@lines) {
+        chomp( $line );
+        print OP_FILE;
+        if($line =~ /$s_pattern/) {
+                $found=1;
+        }
+}
+
+if ($found == 1) {
+        print OP_FILE "table space is Unencrypted.\n";
+} else {
+        print OP_FILE "table space is Encrypted.\n";
+}
+
+close OP_FILE;
+EOF
+#################### Perl module ends ####################
+
+--echo # Print result
+cat_file $MYSQLTEST_VARDIR/tmpfile.txt;
+

mysql-test/suite/innodb/r/table_encrypt_fts.result

@@ -0,0 +1,46 @@
+#
+# Bug#30787535 : FULLTEXT INDEX TABLES CREATED IN ENCRYPTED SCHEMA ARE NOT ENCRYPTED
+#
+#########
+# SETUP #
+#########
+
+#########################################################################
+# RESTART 1 : WITH KEYRING PLUGIN
+#########################################################################
+# restart: --early-plugin-load=keyring_file=keyring_file.so --loose-keyring_file_data=MYSQL_TMP_DIR/mysecret_keyring --plugin-dir=KEYRING_PLUGIN_PATH
+# Create a new 'unencrypted' table
+CREATE TABLE t1 (id INT UNSIGNED AUTO_INCREMENT NOT NULL PRIMARY KEY,
+C1 TEXT(500),
+C2 VARCHAR(200),
+C3 VARCHAR(200)) ENCRYPTION='N' ENGINE=InnoDB;
+set global innodb_buf_flush_list_now = 1;
+# ---------------------------------------------------------------
+# Test 1 : t1 un-encrypted, FTS tables should also be unencrypted
+# ---------------------------------------------------------------
+# Check that tablespace file is not encrypted
+# Print result
+table space is Unencrypted.
+CREATE FULLTEXT INDEX idx ON t1(C1);
+Warnings:
+Warning	124	InnoDB rebuilding table to add column FTS_DOC_ID
+set global innodb_buf_flush_list_now = 1;
+# Check that FTS tablespaces file is not encrypted
+# Print result
+table space is Unencrypted.
+# ---------------------------------------------------------------
+# Test 1 : t1 encrypted, FTS tables should also be unencrypted
+# ---------------------------------------------------------------
+ALTER TABLE t1 ENCRYPTION='Y';
+# Check that tablespace file is encrypted now
+# Print result
+table space is Encrypted.
+# Check that FTS tablespace file is encrypted now
+# Print result
+table space is Encrypted.
+###########
+# CLEANUP #
+###########
+DROP TABLE test.t1;
+# Restarting server without keyring to restore server state
+# restart: 

mysql-test/suite/innodb/t/table_encrypt_fts.test

@@ -0,0 +1,82 @@
+--echo #
+--echo # Bug#30787535 : FULLTEXT INDEX TABLES CREATED IN ENCRYPTED SCHEMA ARE NOT ENCRYPTED
+--echo #
+
+################################################################################
+# For an encrypted table, this test case checks physical ibd file for :
+#	- table
+#	- fts table created for an FTS index on table
+#	- Other aux tables created for FTS index
+#  to see if they are encrypted.
+################################################################################
+# Disable in valgrind because of timeout, cf. Bug#22760145
+--source include/not_valgrind.inc
+# Waiting time when (re)starting the server
+--let $explicit_default_wait_counter=10000;
+
+--echo #########
+--echo # SETUP #
+--echo #########
+--echo
+let datadir=`SELECT @@datadir`;
+let search_pattern=supremum;
+
+--echo #########################################################################
+--echo # RESTART 1 : WITH KEYRING PLUGIN
+--echo #########################################################################
+let $restart_parameters = restart: --early-plugin-load=keyring_file=$KEYRING_PLUGIN --loose-keyring_file_data=$MYSQL_TMP_DIR/mysecret_keyring $KEYRING_PLUGIN_OPT;
+--replace_result $MYSQL_TMP_DIR MYSQL_TMP_DIR $KEYRING_PLUGIN_OPT --plugin-dir=KEYRING_PLUGIN_PATH $KEYRING_PLUGIN keyring_file.so
+--replace_regex /\.dll/.so/
+--source include/restart_mysqld.inc
+
+--echo # Create a new 'unencrypted' table
+CREATE TABLE t1 (id INT UNSIGNED AUTO_INCREMENT NOT NULL PRIMARY KEY,
+                 C1 TEXT(500),
+                 C2 VARCHAR(200),
+                 C3 VARCHAR(200)) ENCRYPTION='N' ENGINE=InnoDB;
+
+# Make sure all pages are flushed
+set global innodb_buf_flush_list_now = 1;
+
+--echo # ---------------------------------------------------------------
+--echo # Test 1 : t1 un-encrypted, FTS tables should also be unencrypted
+--echo # ---------------------------------------------------------------
+--echo # Check that tablespace file is not encrypted
+--let ts_name=test/t1.ibd
+--source include/if_encrypted.inc
+
+CREATE FULLTEXT INDEX idx ON t1(C1);
+
+# Make sure all pages are flushed
+set global innodb_buf_flush_list_now = 1;
+
+--let ts_name = `select NAME from information_schema.innodb_sys_tables where name like "%INDEX_1%";`
+--let ts_name = $ts_name.ibd
+--echo # Check that FTS tablespaces file is not encrypted
+--source include/if_encrypted.inc
+
+--echo # ---------------------------------------------------------------
+--echo # Test 1 : t1 encrypted, FTS tables should also be unencrypted
+--echo # ---------------------------------------------------------------
+# Now, change the encryption property of table
+ALTER TABLE t1 ENCRYPTION='Y';
+
+--echo # Check that tablespace file is encrypted now
+--let ts_name=test/t1.ibd
+--source include/if_encrypted.inc
+
+--let ts_name = `select NAME from information_schema.innodb_sys_tables where name like "%INDEX_1%";`
+--let ts_name = $ts_name.ibd
+--echo # Check that FTS tablespace file is encrypted now
+--source include/if_encrypted.inc
+
+--echo ###########
+--echo # CLEANUP #
+--echo ###########
+DROP TABLE test.t1;
+remove_file $MYSQLTEST_VARDIR/tmpfile.txt;
+remove_file $MYSQL_TMP_DIR/mysecret_keyring;
+
+--echo # Restarting server without keyring to restore server state
+let $restart_parameters = restart: ;
+--source include/restart_mysqld.inc

storage/innobase/fts/fts0fts.cc

@@ -1782,9 +1782,10 @@ ulint
 fts_get_table_flags2_for_aux_tables(
 	ulint	flags2)
 {
-	/* Extract the file_per_table flag & temporary file flag
-	from the main FTS table flags2 */
+	/* Extract the file_per_table flag, temporary file flag and
+	encryption flag from the main FTS table flags2 */
 	return((flags2 & DICT_TF2_USE_FILE_PER_TABLE) |
+               (flags2 & DICT_TF2_ENCRYPTION) |
 	       (flags2 & DICT_TF2_TEMPORARY));
 }