This is an automated email from the ASF dual-hosted git repository.
chengzhang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new aa99ff660c6 Add insert select rewrite for encrypt (#32939)
aa99ff660c6 is described below
commit aa99ff660c6ad27cd9e7ae4f4ab9d7472ec47bef
Author: ZhangCheng <[email protected]>
AuthorDate: Fri Sep 20 22:21:52 2024 +0800
Add insert select rewrite for encrypt (#32939)
* Add insert select rewrite for encrypt
* Add insert select rewrite for encrypt
* Add insert select rewrite for encrypt
* Add insert select rewrite for encrypt
---
.../context/EncryptSQLRewriteContextDecorator.java | 13 ++++-
.../parameter/EncryptParameterRewriterBuilder.java | 2 +
.../EncryptInsertPredicateParameterRewriter.java | 61 ++++++++++++++++++++
.../rewrite/token/EncryptTokenGenerateBuilder.java | 4 ++
...EncryptInsertPredicateColumnTokenGenerator.java | 62 ++++++++++++++++++++
...yptInsertPredicateRightValueTokenGenerator.java | 67 ++++++++++++++++++++++
.../dataset/encrypt/insert_select_user_table.xml | 60 +++++++++++++++++++
.../test/resources/cases/dml/e2e-dml-insert.xml | 4 ++
.../query-with-cipher/dml/insert/insert-select.xml | 30 ++++++++++
9 files changed, 301 insertions(+), 2 deletions(-)
diff --git
a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/context/EncryptSQLRewriteContextDecorator.java
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/context/EncryptSQLRewriteContextDecorator.java
index 703255426f1..c93868e106f 100644
---
a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/context/EncryptSQLRewriteContextDecorator.java
+++
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/context/EncryptSQLRewriteContextDecorator.java
@@ -25,6 +25,7 @@ import
org.apache.shardingsphere.encrypt.rewrite.token.EncryptTokenGenerateBuild
import org.apache.shardingsphere.encrypt.rule.EncryptRule;
import org.apache.shardingsphere.infra.annotation.HighFrequencyInvocation;
import
org.apache.shardingsphere.infra.binder.context.statement.SQLStatementContext;
+import
org.apache.shardingsphere.infra.binder.context.statement.dml.InsertStatementContext;
import org.apache.shardingsphere.infra.binder.context.type.TableAvailable;
import org.apache.shardingsphere.infra.binder.context.type.WhereAvailable;
import org.apache.shardingsphere.infra.config.props.ConfigurationProperties;
@@ -76,13 +77,21 @@ public final class EncryptSQLRewriteContextDecorator
implements SQLRewriteContex
private Collection<EncryptCondition> createEncryptConditions(final
EncryptRule encryptRule, final SQLRewriteContext sqlRewriteContext) {
SQLStatementContext sqlStatementContext =
sqlRewriteContext.getSqlStatementContext();
+ if (sqlStatementContext instanceof InsertStatementContext && null !=
((InsertStatementContext) sqlStatementContext).getInsertSelectContext()
+ && !((WhereAvailable) ((InsertStatementContext)
sqlStatementContext).getInsertSelectContext().getSelectStatementContext()).getWhereSegments().isEmpty())
{
+ return doCreateEncryptConditions(encryptRule, sqlRewriteContext,
((InsertStatementContext)
sqlStatementContext).getInsertSelectContext().getSelectStatementContext());
+ }
+ return doCreateEncryptConditions(encryptRule, sqlRewriteContext,
sqlStatementContext);
+ }
+
+ private Collection<EncryptCondition> doCreateEncryptConditions(final
EncryptRule encryptRule, final SQLRewriteContext sqlRewriteContext, final
SQLStatementContext sqlStatementContext) {
if (!(sqlStatementContext instanceof WhereAvailable)) {
return Collections.emptyList();
}
Collection<WhereSegment> whereSegments = ((WhereAvailable)
sqlStatementContext).getWhereSegments();
Collection<ColumnSegment> columnSegments = ((WhereAvailable)
sqlStatementContext).getColumnSegments();
- return new EncryptConditionEngine(encryptRule,
sqlRewriteContext.getDatabase().getSchemas())
- .createEncryptConditions(whereSegments, columnSegments,
sqlStatementContext, sqlRewriteContext.getDatabase().getName());
+ return new EncryptConditionEngine(encryptRule,
sqlRewriteContext.getDatabase().getSchemas()).createEncryptConditions(whereSegments,
columnSegments, sqlStatementContext,
+ sqlRewriteContext.getDatabase().getName());
}
private void rewriteParameters(final SQLRewriteContext sqlRewriteContext,
final Collection<ParameterRewriter> parameterRewriters) {
diff --git
a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/parameter/EncryptParameterRewriterBuilder.java
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/parameter/EncryptParameterRewriterBuilder.java
index 9cafc0033d3..da9ad3e9eff 100644
---
a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/parameter/EncryptParameterRewriterBuilder.java
+++
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/parameter/EncryptParameterRewriterBuilder.java
@@ -26,6 +26,7 @@ import
org.apache.shardingsphere.encrypt.rewrite.parameter.rewriter.EncryptAssig
import
org.apache.shardingsphere.encrypt.rewrite.parameter.rewriter.EncryptInsertOnDuplicateKeyUpdateValueParameterRewriter;
import
org.apache.shardingsphere.encrypt.rewrite.parameter.rewriter.EncryptInsertValueParameterRewriter;
import
org.apache.shardingsphere.encrypt.rewrite.parameter.rewriter.EncryptPredicateParameterRewriter;
+import
org.apache.shardingsphere.encrypt.rewrite.parameter.rewriter.EncryptInsertPredicateParameterRewriter;
import org.apache.shardingsphere.encrypt.rule.EncryptRule;
import
org.apache.shardingsphere.infra.binder.context.statement.SQLStatementContext;
import org.apache.shardingsphere.infra.database.core.type.DatabaseTypeRegistry;
@@ -59,6 +60,7 @@ public final class EncryptParameterRewriterBuilder implements
ParameterRewriterB
Collection<ParameterRewriter> result = new LinkedList<>();
addParameterRewriter(result, new
EncryptAssignmentParameterRewriter(encryptRule));
addParameterRewriter(result, new
EncryptPredicateParameterRewriter(encryptRule));
+ addParameterRewriter(result, new
EncryptInsertPredicateParameterRewriter(encryptRule));
addParameterRewriter(result, new
EncryptInsertValueParameterRewriter(encryptRule));
addParameterRewriter(result, new
EncryptInsertOnDuplicateKeyUpdateValueParameterRewriter(encryptRule));
return result;
diff --git
a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/parameter/rewriter/EncryptInsertPredicateParameterRewriter.java
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/parameter/rewriter/EncryptInsertPredicateParameterRewriter.java
new file mode 100644
index 00000000000..9c7ab57b811
--- /dev/null
+++
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/parameter/rewriter/EncryptInsertPredicateParameterRewriter.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.encrypt.rewrite.parameter.rewriter;
+
+import lombok.RequiredArgsConstructor;
+import lombok.Setter;
+import org.apache.shardingsphere.encrypt.rewrite.aware.DatabaseNameAware;
+import org.apache.shardingsphere.encrypt.rewrite.aware.EncryptConditionsAware;
+import org.apache.shardingsphere.encrypt.rewrite.condition.EncryptCondition;
+import org.apache.shardingsphere.encrypt.rule.EncryptRule;
+import
org.apache.shardingsphere.infra.binder.context.statement.SQLStatementContext;
+import
org.apache.shardingsphere.infra.binder.context.statement.dml.InsertStatementContext;
+import org.apache.shardingsphere.infra.binder.context.type.WhereAvailable;
+import
org.apache.shardingsphere.infra.rewrite.parameter.builder.ParameterBuilder;
+import
org.apache.shardingsphere.infra.rewrite.parameter.rewriter.ParameterRewriter;
+
+import java.util.Collection;
+import java.util.List;
+
+/**
+ * Insert predicate parameter rewriter for encrypt.
+ */
+@RequiredArgsConstructor
+@Setter
+public final class EncryptInsertPredicateParameterRewriter implements
ParameterRewriter, EncryptConditionsAware, DatabaseNameAware {
+
+ private final EncryptRule encryptRule;
+
+ private Collection<EncryptCondition> encryptConditions;
+
+ private String databaseName;
+
+ @Override
+ public boolean isNeedRewrite(final SQLStatementContext
sqlStatementContext) {
+ return sqlStatementContext instanceof InsertStatementContext && null
!= ((InsertStatementContext) sqlStatementContext).getInsertSelectContext()
+ && !((WhereAvailable) ((InsertStatementContext)
sqlStatementContext).getInsertSelectContext().getSelectStatementContext()).getWhereSegments().isEmpty();
+ }
+
+ @Override
+ public void rewrite(final ParameterBuilder paramBuilder, final
SQLStatementContext sqlStatementContext, final List<Object> params) {
+ EncryptPredicateParameterRewriter rewriter = new
EncryptPredicateParameterRewriter(encryptRule);
+ rewriter.setEncryptConditions(encryptConditions);
+ rewriter.setDatabaseName(databaseName);
+ rewriter.rewrite(paramBuilder, ((InsertStatementContext)
sqlStatementContext).getInsertSelectContext().getSelectStatementContext(),
params);
+ }
+}
diff --git
a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/EncryptTokenGenerateBuilder.java
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/EncryptTokenGenerateBuilder.java
index b948ce29b80..3ce4dff89aa 100644
---
a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/EncryptTokenGenerateBuilder.java
+++
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/EncryptTokenGenerateBuilder.java
@@ -31,6 +31,8 @@ import
org.apache.shardingsphere.encrypt.rewrite.token.generator.insert.EncryptI
import
org.apache.shardingsphere.encrypt.rewrite.token.generator.insert.EncryptInsertDerivedColumnsTokenGenerator;
import
org.apache.shardingsphere.encrypt.rewrite.token.generator.insert.EncryptInsertOnUpdateTokenGenerator;
import
org.apache.shardingsphere.encrypt.rewrite.token.generator.insert.EncryptInsertValuesTokenGenerator;
+import
org.apache.shardingsphere.encrypt.rewrite.token.generator.predicate.EncryptInsertPredicateColumnTokenGenerator;
+import
org.apache.shardingsphere.encrypt.rewrite.token.generator.predicate.EncryptInsertPredicateRightValueTokenGenerator;
import
org.apache.shardingsphere.encrypt.rewrite.token.generator.predicate.EncryptPredicateColumnTokenGenerator;
import
org.apache.shardingsphere.encrypt.rewrite.token.generator.predicate.EncryptPredicateRightValueTokenGenerator;
import
org.apache.shardingsphere.encrypt.rewrite.token.generator.projection.EncryptInsertSelectProjectionTokenGenerator;
@@ -67,7 +69,9 @@ public final class EncryptTokenGenerateBuilder implements
SQLTokenGeneratorBuild
addSQLTokenGenerator(result, new
EncryptInsertAssignmentTokenGenerator(encryptRule));
addSQLTokenGenerator(result, new
EncryptUpdateAssignmentTokenGenerator(encryptRule));
addSQLTokenGenerator(result, new
EncryptPredicateColumnTokenGenerator(encryptRule));
+ addSQLTokenGenerator(result, new
EncryptInsertPredicateColumnTokenGenerator(encryptRule));
addSQLTokenGenerator(result, new
EncryptPredicateRightValueTokenGenerator(encryptRule));
+ addSQLTokenGenerator(result, new
EncryptInsertPredicateRightValueTokenGenerator(encryptRule));
addSQLTokenGenerator(result, new
EncryptInsertValuesTokenGenerator(encryptRule));
addSQLTokenGenerator(result, new
EncryptInsertDefaultColumnsTokenGenerator(encryptRule));
addSQLTokenGenerator(result, new
EncryptInsertCipherNameTokenGenerator(encryptRule));
diff --git
a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/generator/predicate/EncryptInsertPredicateColumnTokenGenerator.java
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/generator/predicate/EncryptInsertPredicateColumnTokenGenerator.java
new file mode 100644
index 00000000000..5ffa8f3b155
--- /dev/null
+++
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/generator/predicate/EncryptInsertPredicateColumnTokenGenerator.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.encrypt.rewrite.token.generator.predicate;
+
+import lombok.RequiredArgsConstructor;
+import lombok.Setter;
+import org.apache.shardingsphere.encrypt.rule.EncryptRule;
+import org.apache.shardingsphere.infra.annotation.HighFrequencyInvocation;
+import
org.apache.shardingsphere.infra.binder.context.statement.SQLStatementContext;
+import
org.apache.shardingsphere.infra.binder.context.statement.dml.InsertStatementContext;
+import org.apache.shardingsphere.infra.binder.context.type.WhereAvailable;
+import
org.apache.shardingsphere.infra.metadata.database.schema.model.ShardingSphereSchema;
+import
org.apache.shardingsphere.infra.rewrite.sql.token.common.generator.CollectionSQLTokenGenerator;
+import
org.apache.shardingsphere.infra.rewrite.sql.token.common.generator.aware.SchemaMetaDataAware;
+import org.apache.shardingsphere.infra.rewrite.sql.token.common.pojo.SQLToken;
+
+import java.util.Collection;
+import java.util.Map;
+
+/**
+ * Insert predicate column token generator for encrypt.
+ */
+@HighFrequencyInvocation
+@RequiredArgsConstructor
+@Setter
+public final class EncryptInsertPredicateColumnTokenGenerator implements
CollectionSQLTokenGenerator<SQLStatementContext>, SchemaMetaDataAware {
+
+ private final EncryptRule encryptRule;
+
+ private Map<String, ShardingSphereSchema> schemas;
+
+ private ShardingSphereSchema defaultSchema;
+
+ @Override
+ public boolean isGenerateSQLToken(final SQLStatementContext
sqlStatementContext) {
+ return sqlStatementContext instanceof InsertStatementContext && null
!= ((InsertStatementContext) sqlStatementContext).getInsertSelectContext()
+ && !((WhereAvailable) ((InsertStatementContext)
sqlStatementContext).getInsertSelectContext().getSelectStatementContext()).getWhereSegments().isEmpty();
+ }
+
+ @Override
+ public Collection<SQLToken> generateSQLTokens(final SQLStatementContext
sqlStatementContext) {
+ EncryptPredicateColumnTokenGenerator generator = new
EncryptPredicateColumnTokenGenerator(encryptRule);
+ generator.setSchemas(schemas);
+ generator.setDefaultSchema(defaultSchema);
+ return generator.generateSQLTokens(((InsertStatementContext)
sqlStatementContext).getInsertSelectContext().getSelectStatementContext());
+ }
+}
diff --git
a/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/generator/predicate/EncryptInsertPredicateRightValueTokenGenerator.java
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/generator/predicate/EncryptInsertPredicateRightValueTokenGenerator.java
new file mode 100644
index 00000000000..293ac09c4d6
--- /dev/null
+++
b/features/encrypt/core/src/main/java/org/apache/shardingsphere/encrypt/rewrite/token/generator/predicate/EncryptInsertPredicateRightValueTokenGenerator.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.encrypt.rewrite.token.generator.predicate;
+
+import lombok.RequiredArgsConstructor;
+import lombok.Setter;
+import org.apache.shardingsphere.encrypt.rewrite.aware.DatabaseNameAware;
+import org.apache.shardingsphere.encrypt.rewrite.aware.EncryptConditionsAware;
+import org.apache.shardingsphere.encrypt.rewrite.condition.EncryptCondition;
+import org.apache.shardingsphere.encrypt.rule.EncryptRule;
+import org.apache.shardingsphere.infra.annotation.HighFrequencyInvocation;
+import
org.apache.shardingsphere.infra.binder.context.statement.SQLStatementContext;
+import
org.apache.shardingsphere.infra.binder.context.statement.dml.InsertStatementContext;
+import org.apache.shardingsphere.infra.binder.context.type.WhereAvailable;
+import
org.apache.shardingsphere.infra.rewrite.sql.token.common.generator.CollectionSQLTokenGenerator;
+import
org.apache.shardingsphere.infra.rewrite.sql.token.common.generator.aware.ParametersAware;
+import org.apache.shardingsphere.infra.rewrite.sql.token.common.pojo.SQLToken;
+
+import java.util.Collection;
+import java.util.List;
+
+/**
+ * Insert predicate right value token generator for encrypt.
+ */
+@HighFrequencyInvocation
+@RequiredArgsConstructor
+@Setter
+public final class EncryptInsertPredicateRightValueTokenGenerator implements
CollectionSQLTokenGenerator<SQLStatementContext>, ParametersAware,
EncryptConditionsAware, DatabaseNameAware {
+
+ private final EncryptRule encryptRule;
+
+ private List<Object> parameters;
+
+ private Collection<EncryptCondition> encryptConditions;
+
+ private String databaseName;
+
+ @Override
+ public boolean isGenerateSQLToken(final SQLStatementContext
sqlStatementContext) {
+ return sqlStatementContext instanceof InsertStatementContext && null
!= ((InsertStatementContext) sqlStatementContext).getInsertSelectContext()
+ && !((WhereAvailable) ((InsertStatementContext)
sqlStatementContext).getInsertSelectContext().getSelectStatementContext()).getWhereSegments().isEmpty();
+ }
+
+ @Override
+ public Collection<SQLToken> generateSQLTokens(final SQLStatementContext
sqlStatementContext) {
+ EncryptPredicateRightValueTokenGenerator generator = new
EncryptPredicateRightValueTokenGenerator(encryptRule);
+ generator.setParameters(parameters);
+ generator.setEncryptConditions(encryptConditions);
+ generator.setDatabaseName(databaseName);
+ return generator.generateSQLTokens(((InsertStatementContext)
sqlStatementContext).getInsertSelectContext().getSelectStatementContext());
+ }
+}
diff --git
a/test/e2e/sql/src/test/resources/cases/dml/dataset/encrypt/insert_select_user_table.xml
b/test/e2e/sql/src/test/resources/cases/dml/dataset/encrypt/insert_select_user_table.xml
new file mode 100644
index 00000000000..f6b7dd5e98a
--- /dev/null
+++
b/test/e2e/sql/src/test/resources/cases/dml/dataset/encrypt/insert_select_user_table.xml
@@ -0,0 +1,60 @@
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<dataset update-count="1">
+ <metadata data-nodes="encrypt.t_user">
+ <column name="user_id" type="numeric" />
+ <column name="user_name_cipher" type="varchar" />
+ <column name="user_name_like" type="varchar" />
+ <column name="password_cipher" type="varchar" />
+ <column name="email_cipher" type="varchar" />
+ <column name="user_telephone_cipher" type="varchar" />
+ <column name="user_telephone_like" type="varchar" />
+ <column name="creation_date" type="datetime" />
+ </metadata>
+ <row data-node="encrypt.t_user" values="10, sVq8Lmm+j6bZE5EKSilJEQ==,
yi`mht`m, aQol0b6th65d0aXe+zFPsQ==,
WM0fHOH91JNWnHTkiqBdyNmzk4uJ7CCz4mB1va9Ya1M=, kLjLJIMnfyHT2nA+viaoaQ==,
01454589811, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="11, fQ7IzBxKVuNHtUF6h6WSBg==,
mhth, wuhmEKgdgrWQYt+Ev0hgGA==, svATu3uWv9KfiloWJeWx3A==,
0kDFxndQdzauFwL/wyCsNQ==, 01454589810, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="12, AQRWSlufQPog/b64YRhu6Q==,
x`mhxt, x7A+2jq9B6DSOSFtSOibdA==, nHJv9e6NiClIuGHOjHLvCAq2ZLhWcqfQ8/EQnIqMx+g=,
a/SzSJLapt5iBXvF2c9ycw==, 01454589811, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="13, 5NqS4YvpT+mHBFqZOZ3QDA==,
yi`pmht, zi6b4xYRjjV+bBk2R4wB+w==,
MLBZczLjriUXvg3aM5QPTxMJbLjNh8yeNrSNBek/VTw=, b6VVhG+F6ujG8IMUZJAIFg==,
01454589814, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="14, qeIY9od3u1KwhjihzLQUTQ==,
yitph, 51UmlLAC+tUvdOAj8CjWfQ==, JCmeNdPyrKO5BW5zvhAA+g==,
f995xinpZdKMVU5J5/yv3w==, 01454589815, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="15, VbNUtguwtpeGhHGnPJ3aXg==,
mha`, +3/5CVbqoKhg3sqznKTFFQ==, T+X+e3Q3+ZNIXXmg/80uxg==,
GETj+S6DrO042E7NuBXLBQ==, 01454589814, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="16, U0/Ao/w1u7L5avR3fAH2Og==,
x`mhiht, jFfFMYxv02DjaFRuAoCDGw==,
RNW/KRq5HeL2YTfAdXSyARMJbLjNh8yeNrSNBek/VTw=, +lbvjJwO7VO4HUKc0Mw0NA==,
01454589815, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="17, zb1sgBigoMi7JPSoY4bAVw==,
yite`, VFIjocgjujJCJc6waWXqJA==, 1vF/ET3nBxt7T7vVfAndZQ==,
wFvs5BH6OikgveBeTEBwsQ==, 01454589818, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="18, rJzNIrFEnx296kW+N1YmMw==,
ttmdq, LaODSKGyR7vZ1IvmBOe9vA==, 5u4GIQkJsWRmnJHWaHNSjg==,
uwqm2O1Lv2tNTraJX1ym7Q==, 01454589819, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="19, qHwpQ9kteL8VX6iTUhNdbQ==,
yiptt`m, MyOShk4kjRnds7CZfU5NCw==,
HmYCo7QBfJ2E0EvaGHBCOBMJbLjNh8yeNrSNBek/VTw=, YLNQuuUPMGA21nhKWPzzsg==,
01454589818, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="20, qCCmvf7OWRxbVbtLb0az1g==, upl,
fzdTMkzpBvgNYmKSQAp8Fg==, gOoP4Mf0P4ISOJp6A4sRmg==, l4xa4HwOfs/jusoJon9Wzw==,
01454589801, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="21, IYJ1COaRQ0gSjWMC/UAeMg==,
lpad, 1uEDMeYh2jstbOf6kx/cqw==, tikMAFiQ37u2VgWqUT38Eg==,
rGpr30UXfczXjCjdvPN+BA==, 01454589800, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="22, 7wvZZ7NVHgk6m1vB/sTC1Q==,
idqqx, OirN3gvz9uBnrq88nfa1wQ==, T7K/Uz1O2m+3xvB0+c4nGQ==,
7+fCU+VbQZKgLJXZPTTegA==, 01454589801, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="23, SbVQWl8JbnxflCfGJ7KZdA==,
i`ldt, hWVVYdkdTUTgm08haeq+tw==, Uk3ju6GteCD1qEHns5ZhKA==,
DpnV86FZefwBRmIAVBh2gg==, 01454589804, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="24, fx7OfSAYqVpjNa7LoKhXvw==,
x`ed, N2W9ijAXNkBxhkvJiIwp0A==, lAAGItVLmb1H69++1MDrIA==,
QrE62wAb8B+2cEPcs4Lm1Q==, 01454589805, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="25, wH3/LdWShD9aCb8eCIm3Tg==,
qptd, GDixtt6NzPOVv6H0dmov5g==, T1yfJSyVxumZUfkDnmUQxA==,
iU+AsGczboCRfU+Zr7mcpw==, 01454589804, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="26, GgJQTndbxyBZ2tECS8SmqQ==,
apti, gLgVFLFIyyKwdQCXaw78Ag==, O+JIn9XZ3yq6RnKElHuqlA==,
kwYlbu9aF7ndvMTcj8QBSg==, 01454589805, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="27, lv8w8g32kuTXNvSUUypOig==,
i`dl, 8i0YH2mn6kXSyvBjM5p+Yg==, gqRoJF5S66SvBalc2RCo1A==,
2ob/3UYqRsZA5VdScnaWxQ==, 01454589808, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="28, P9YCbFvWCIhcS99KyKH2zA==,
ipqe`m, PRrI4z4FrWwLvcHPx9g4og==, y8q31Jj4PFSyZHiLVIxKEQq2ZLhWcqfQ8/EQnIqMx+g=,
kDF2za26uOerlNYWYHRT2Q==, 01454589809, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="29, 5wu9XvlJAVtjKijhxt6SQQ==,
itmhd, O4pgkLgz34N+C4bIUOQVnA==, UH7ihg16J61Np/EYMQnXIA==,
z2hbJQD4dRkVVITNxAac5Q==, 01454589808, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="30, i50fpEe3j0VOy/Hbfmr5Bg==, 兹卜,
MyOShk4kjRnds7CZfU5NCw==, WM0fHOH91JNWnHTkiqBdyNmzk4uJ7CCz4mB1va9Ya1M=,
uRbQGcAhuXmxdIzRsgiy8g==, 09101401454, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="31, wLXX1Gs7zl0PkyJRMIxmCQ==, 兹付,
fzdTMkzpBvgNYmKSQAp8Fg==, cq1LN85LmWHrEtS4gN/ac9mzk4uJ7CCz4mB1va9Ya1M=,
jDL+p5OyKQXfQ4H8JpNKJQ==, 09101401454, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="32, 5NNYIZCq4Dxab0uKWXt93A==, 兹咔,
1uEDMeYh2jstbOf6kx/cqw==, rehTd++DbFy3qYqeDJUjRRMJbLjNh8yeNrSNBek/VTw=,
60fpnMdKCWeyKzxkdthn2Q==, 09101401454, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="33, 8kgeyqYaHUMq6di5BVt3Ow==, 伴伌,
OirN3gvz9uBnrq88nfa1wQ==, svATu3uWv9KfiloWJeWx3A==, 60fpnMdKCWeyKzxkdthn2Q==,
09101401454, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="34, THN1NIcHrqnfvPKR92lAKw==, 伴侁,
ZSU1lmpj8cugQHD59QxPhQ==, KtMacpLCtRTSl+VeCPYrPwq2ZLhWcqfQ8/EQnIqMx+g=,
60fpnMdKCWeyKzxkdthn2Q==, 09101401454, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="35, R3tsv8yeGKXz7WXLYfjkPA==, 伈夸噥,
31jh3gwg1fgDFnd6iYxU+Q==, ZsrMzd0mjJ9H3fxe4UNVfQsU49iKH47f2rb+/uKuo9M=,
60fpnMdKCWeyKzxkdthn2Q==, 09101401454, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="36, M2hIFm7Z/s4zGd+rPD1USA==, 伈僘噭,
bO/8ha1eS/H8/3DugjdOAQ==, PyO5yO0W8v5cpLPhqASTHA==, 60fpnMdKCWeyKzxkdthn2Q==,
09101401454, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="37, aXS0VfnqHIAnOAtDjsF/9Q==, 伈嶱啴,
bO/8ha1eS/H8/3DugjdOAQ==, fwyOxfHtLxNuSCFmghYiY0qMsgbpjg5UIo3xmJOLGu0=,
60fpnMdKCWeyKzxkdthn2Q==, 09101401454, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="38, 59/68izQEdnwNSueX1lPAA==, 伈乄,
ilD/Tk7DUG4+EuznS1bNLg==, 2emhAeiXPr0kHbFrhYlM1dmzk4uJ7CCz4mB1va9Ya1M=,
60fpnMdKCWeyKzxkdthn2Q==, 09101401454, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="39, fn9LnNltUAOWO0F0iy0+Jw==, 伈妅,
qe/WdUiSPP1RAsSSuejGJw==, zx2omwIbXHpEJeh8ta7HqQq2ZLhWcqfQ8/EQnIqMx+g=,
60fpnMdKCWeyKzxkdthn2Q==, 09101401454, 2017-08-08" />
+ <row data-node="encrypt.t_user" values="40, fQ7IzBxKVuNHtUF6h6WSBg==,
mhth, wuhmEKgdgrWQYt+Ev0hgGA==, svATu3uWv9KfiloWJeWx3A==,
0kDFxndQdzauFwL/wyCsNQ==, 01454589810, 2017-08-08" />
+</dataset>
diff --git a/test/e2e/sql/src/test/resources/cases/dml/e2e-dml-insert.xml
b/test/e2e/sql/src/test/resources/cases/dml/e2e-dml-insert.xml
index eff31f59f11..32338032a96 100644
--- a/test/e2e/sql/src/test/resources/cases/dml/e2e-dml-insert.xml
+++ b/test/e2e/sql/src/test/resources/cases/dml/e2e-dml-insert.xml
@@ -96,6 +96,10 @@
<assertion parameters="999:int, 10:int, insertALL:String, 998:int,
10:int, insertALL:String"
expected-data-file="batch_insert_into_order_with_select.xml" />
</test-case>
+ <test-case sql="INSERT INTO t_user (user_id, user_name, password, email,
telephone, creation_date) SELECT ?, user_name, password, email, telephone,
creation_date FROM t_user where user_name = ? and user_id = ?"
scenario-types="encrypt" db-types="MySQL">
+ <assertion parameters="40:int, lisi:String, 11:int"
expected-data-file="insert_select_user_table.xml" />
+ </test-case>
+
<test-case sql="INSERT INTO t_order_item VALUES (?, ?, 1, 1,
'2017-08-08')" scenario-types="db,tbl,dbtbl_with_readwrite_splitting">
<assertion parameters="1:int, 1:int"
expected-data-file="insert_without_generate_key_column.xml"
expected-generated-key-data-file="insert_without_generate_key_column_generated_key_data.xml"
/>
</test-case>
diff --git
a/test/it/rewriter/src/test/resources/scenario/encrypt/case/query-with-cipher/dml/insert/insert-select.xml
b/test/it/rewriter/src/test/resources/scenario/encrypt/case/query-with-cipher/dml/insert/insert-select.xml
new file mode 100644
index 00000000000..62272153b8a
--- /dev/null
+++
b/test/it/rewriter/src/test/resources/scenario/encrypt/case/query-with-cipher/dml/insert/insert-select.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<rewrite-assertions yaml-rule="scenario/encrypt/config/query-with-cipher.yaml">
+ <rewrite-assertion id="insert_select_account_bak_for_parameters"
db-types="MySQL">
+ <input sql="INSERT INTO t_account_detail (account_id,
certificate_number, password, amount, status) SELECT 40, certificate_number,
password, amount, status FROM t_account WHERE certificate_number = ?"
parameters="cert1" />
+ <output sql="INSERT INTO t_account_detail (account_id,
cipher_certificate_number, assisted_query_certificate_number,
like_query_certificate_number, cipher_password, assisted_query_password,
like_query_password, cipher_amount, status) SELECT 40,
cipher_certificate_number, assisted_query_certificate_number,
like_query_certificate_number, cipher_password, assisted_query_password,
like_query_password, cipher_amount, status FROM t_account WHERE
assisted_query_certificate_number = ?"
+ parameters="assisted_query_cert1" />
+ </rewrite-assertion>
+
+ <rewrite-assertion id="insert_select_account_bak_for_literal"
db-types="MySQL">
+ <input sql="INSERT INTO t_account_detail (account_id,
certificate_number, password, amount, status) SELECT 40, certificate_number,
password, amount, status FROM t_account WHERE certificate_number = 'cert1'" />
+ <output sql="INSERT INTO t_account_detail (account_id,
cipher_certificate_number, assisted_query_certificate_number,
like_query_certificate_number, cipher_password, assisted_query_password,
like_query_password, cipher_amount, status) SELECT 40,
cipher_certificate_number, assisted_query_certificate_number,
like_query_certificate_number, cipher_password, assisted_query_password,
like_query_password, cipher_amount, status FROM t_account WHERE
assisted_query_certificate_number = 'ass [...]
+ </rewrite-assertion>
+</rewrite-assertions>
