percona
diff --git a/‎contrib/pg_tde/src/access/pg_tde_tdemap.c
Lines changed: 2 additions & 2 deletions b/‎contrib/pg_tde/src/access/pg_tde_tdemap.c
Lines changed: 2 additions & 2 deletions
diff --git a/‎contrib/pg_tde/src/catalog/tde_principal_key.c
Lines changed: 11 additions & 24 deletions b/‎contrib/pg_tde/src/catalog/tde_principal_key.c
Lines changed: 11 additions & 24 deletions
diff --git a/‎contrib/pg_tde/src/include/catalog/tde_global_space.h
Lines changed: 0 additions & 2 deletions b/‎contrib/pg_tde/src/include/catalog/tde_global_space.h
Lines changed: 0 additions & 2 deletions
diff --git a/‎contrib/pg_tde/t/009_wal_encrypt.pl
Lines changed: 4 additions & 0 deletions b/‎contrib/pg_tde/t/009_wal_encrypt.pl
Lines changed: 4 additions & 0 deletions
diff --git a/‎contrib/pg_tde/t/expected/009_wal_encrypt.out
Lines changed: 8 additions & 0 deletions b/‎contrib/pg_tde/t/expected/009_wal_encrypt.out
Lines changed: 8 additions & 0 deletions
@@ -261,9 +261,9 @@ pg_tde_create_wal_key(InternalKey *rel_key_data, const RelFileLocator *newrlocat
 {
 	TDEPrincipalKey *principal_key;
 
-	LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED);
+	LWLockAcquire(tde_lwlock_enc_keys(), LW_EXCLUSIVE);
 
-	principal_key = GetPrincipalKey(newrlocator->dbOid, LW_SHARED);
+	principal_key = GetPrincipalKey(newrlocator->dbOid, LW_EXCLUSIVE);
 	if (principal_key == NULL)
 	{
 		ereport(ERROR,
 
@@ -328,11 +328,8 @@ set_principal_key_with_keyring(const char *key_name, const char *provider_name,
 		/* key rotation */
 		pg_tde_perform_rotate_key(curr_principal_key, new_principal_key, true);
 
-		if (!TDEisInGlobalSpace(curr_principal_key->keyInfo.databaseId))
-		{
-			clear_principal_key_cache(curr_principal_key->keyInfo.databaseId);
-			push_principal_key_to_cache(new_principal_key);
-		}
+		clear_principal_key_cache(curr_principal_key->keyInfo.databaseId);
+		push_principal_key_to_cache(new_principal_key);
 	}
 
 	LWLockRelease(lock_files);
@@ -390,11 +387,8 @@ xl_tde_perform_rotate_key(XLogPrincipalKeyRotate *xlrec)
 
 	pg_tde_perform_rotate_key(curr_principal_key, new_principal_key, false);
 
-	if (!TDEisInGlobalSpace(curr_principal_key->keyInfo.databaseId))
-	{
-		clear_principal_key_cache(curr_principal_key->keyInfo.databaseId);
-		push_principal_key_to_cache(new_principal_key);
-	}
+	clear_principal_key_cache(curr_principal_key->keyInfo.databaseId);
+	push_principal_key_to_cache(new_principal_key);
 
 	LWLockRelease(tde_lwlock_enc_keys());
 
@@ -800,14 +794,11 @@ GetPrincipalKeyNoDefault(Oid dbOid, LWLockMode lockMode)
 
 #ifndef FRONTEND
 	Assert(LWLockHeldByMeInMode(tde_lwlock_enc_keys(), lockMode));
-	/* We don't store global space key in cache */
-	if (!TDEisInGlobalSpace(dbOid))
-	{
-		principalKey = get_principal_key_from_cache(dbOid);
 
-		if (likely(principalKey))
-			return principalKey;
-	}
+	principalKey = get_principal_key_from_cache(dbOid);
+
+	if (likely(principalKey))
+		return principalKey;
 
 	if (lockMode != LW_EXCLUSIVE)
 	{
@@ -819,8 +810,7 @@ GetPrincipalKeyNoDefault(Oid dbOid, LWLockMode lockMode)
 	principalKey = get_principal_key_from_keyring(dbOid);
 
 #ifndef FRONTEND
-	/* We don't store global space key in cache */
-	if (principalKey && !TDEisInGlobalSpace(dbOid))
+	if (principalKey)
 	{
 		push_principal_key_to_cache(principalKey);
 
@@ -986,11 +976,8 @@ pg_tde_rotate_default_key_for_database(TDEPrincipalKey *oldKey, TDEPrincipalKey
 	/* key rotation */
 	pg_tde_perform_rotate_key(oldKey, newKey, true);
 
-	if (!TDEisInGlobalSpace(newKey->keyInfo.databaseId))
-	{
-		clear_principal_key_cache(oldKey->keyInfo.databaseId);
-		push_principal_key_to_cache(newKey);
-	}
+	clear_principal_key_cache(oldKey->keyInfo.databaseId);
+	push_principal_key_to_cache(newKey);
 
 	pfree(newKey);
 }
 
@@ -33,6 +33,4 @@
 	_obj_oid \
 }
 
-#define TDEisInGlobalSpace(dbOid) 	(dbOid == GLOBAL_DATA_TDE_OID)
-
 #endif							/* TDE_GLOBAL_CATALOG_H */
@@ -23,10 +23,14 @@
 	"SELECT pg_tde_add_global_key_provider_file('file-keyring-010', '/tmp/pg_tde_test_keyring010.per');"
 );
 
+PGTDE::psql($node, 'postgres', 'SELECT pg_tde_verify_server_key();');
+
 PGTDE::psql($node, 'postgres',
 	"SELECT pg_tde_set_server_key_using_global_key_provider('server-key', 'file-keyring-010');"
 );
 
+PGTDE::psql($node, 'postgres', 'SELECT pg_tde_verify_server_key();');
+
 PGTDE::psql($node, 'postgres', 'ALTER SYSTEM SET pg_tde.wal_encrypt = on;');
 
 PGTDE::append_to_result_file("-- server restart with wal encryption");
 
@@ -5,12 +5,20 @@ SELECT pg_tde_add_global_key_provider_file('file-keyring-010', '/tmp/pg_tde_test
                                   -1
 (1 row)
 
+SELECT pg_tde_verify_server_key();
+psql:<stdin>:1: ERROR:  principal key not configured for current database
 SELECT pg_tde_set_server_key_using_global_key_provider('server-key', 'file-keyring-010');
  pg_tde_set_server_key_using_global_key_provider 
 -------------------------------------------------
 
 (1 row)
 
+SELECT pg_tde_verify_server_key();
+ pg_tde_verify_server_key 
+--------------------------
+ 
+(1 row)
+
 ALTER SYSTEM SET pg_tde.wal_encrypt = on;
 -- server restart with wal encryption
 SHOW pg_tde.wal_encrypt;
Original file line number	Diff line number	Diff line change
`@@ -261,9 +261,9 @@ pg_tde_create_wal_key(InternalKey rel_key_data, const RelFileLocator newrlocat`
`261`	`261`	`{`
`262`	`262`	`TDEPrincipalKey *principal_key;`
`263`	`263`
`264`		`- LWLockAcquire(tde_lwlock_enc_keys(), LW_SHARED);`
	`264`	`+ LWLockAcquire(tde_lwlock_enc_keys(), LW_EXCLUSIVE);`
`265`	`265`
`266`		`- principal_key = GetPrincipalKey(newrlocator->dbOid, LW_SHARED);`
	`266`	`+ principal_key = GetPrincipalKey(newrlocator->dbOid, LW_EXCLUSIVE);`
`267`	`267`	`if (principal_key == NULL)`
`268`	`268`	`{`
`269`	`269`	`ereport(ERROR,`
Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,4 @@`
`33`	`33`	`_obj_oid \`
`34`	`34`	`}`
`35`	`35`
`36`		`-#define TDEisInGlobalSpace(dbOid) (dbOid == GLOBAL_DATA_TDE_OID)`
`37`		`-`
`38`	`36`	`#endif /* TDE_GLOBAL_CATALOG_H */`