percona/percona-toolkit
1
0
Fork 0
mirror of https://github.com/percona/percona-toolkit.git synced 2025-09-02 02:34:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #982 from percona/PT-191_add_ssl_options_to_DSN

Browse Source 
PT-191 - add ssl options to DSN
This commit is contained in:
Sveta Smirnova
2025-08-06 16:30:28 +03:00
committed by GitHub
parent 818051fa47 5100e9b1aa
commit 0b91854014
44 changed files with 1714 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
t/pt-archiver/samples/pt-191-error.cnf Normal file
View File

@@ -0,0 +1,5 @@
[client]
user=msandbox
ssl-ca=/tmp/12345/data/ca.pem
ssl-cert=/tmp/12345/data/server-cert.pem
ssl-key=/tmp/12345/data/client-key.pem

4
t/pt-archiver/samples/pt-191-replica1.cnf Normal file
View File

@@ -0,0 +1,4 @@
[client]
ssl-ca=/tmp/12346/data/ca.pem
ssl-cert=/tmp/12346/data/client-cert.pem
ssl-key=/tmp/12346/data/client-key.pem

4
t/pt-archiver/samples/pt-191-replica2.cnf Normal file
View File

@@ -0,0 +1,4 @@
[client]
ssl-ca=/tmp/12347/data/ca.pem
ssl-cert=/tmp/12347/data/client-cert.pem
ssl-key=/tmp/12347/data/client-key.pem

4
t/pt-archiver/samples/pt-191.cnf Normal file
View File

@@ -0,0 +1,4 @@
[client]
ssl-ca=/tmp/12345/data/ca.pem
ssl-cert=/tmp/12345/data/client-cert.pem
ssl-key=/tmp/12345/data/client-key.pem

71
t/pt-archiver/ssl.t
View File

@@ -83,6 +83,77 @@ like(
'Queries printed'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_archiver::main('--source=t=film',
qw(--host 127.1 --port 12345 -D sakila),
qw(--user sha256_user --password sha256_user%password --mysql_ssl 1),
qw(--no-check-charset --purge --dry-run --port 12345),
"--where", "film_id < 100")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password and option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
like(
$output,
qr/DELETE FROM `sakila`.`film` WHERE/,
'Queries printed with option --mysql_ssl'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_archiver::main('--source', "F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1",
qw(--no-check-charset --purge --dry-run --port 12345),
"--where", "film_id < 100")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_archiver::main('--source', "F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1",
qw(--no-check-charset --purge --dry-run --port 12345),
"--where", "film_id < 100")
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

65
t/pt-config-diff/ssl.t
View File

@@ -80,6 +80,71 @@ is(
"No output when no diff"
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_config_diff::main(
qw(--host 127.1 --port 12345 --user sha256_user),
qw(--password sha256_user%password --mysql_ssl 1),
'h=127.1')
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password and option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
is(
$output,
"",
"No output when no diff and option --mysql_ssl"
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_config_diff::main("F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1", 'h=127.1')
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_config_diff::main("F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1", 'h=127.1')
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

67
t/pt-deadlock-logger/ssl.t
View File

@@ -165,6 +165,73 @@ like(
'Deadlock logger prints the output'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_deadlock_logger::main(
qw(--host 127.1 --port 12345 --user sha256_user),
qw(--password sha256_user%password --mysql_ssl 1),
qw(--iterations 1));
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
like(
$output,
qr/127\.1.+msandbox.+GEN_CLUST_INDEX/,
'Deadlock logger prints the output with option --mysql_ssl'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_deadlock_logger::main("F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1",
qw(--iterations 1));
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_deadlock_logger::main("F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1",
qw(--iterations 1));
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

55
t/pt-duplicate-key-checker/ssl.t
View File

@@ -93,6 +93,61 @@ if ($sandbox_version ge '8.0') {
);
}
$output = `$cmd -d mysql -t columns_priv -v --host 127.1 --port 12345 --user sha256_user --password=sha256_user%password --mysql_ssl=1`;
is(
$?,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl=1"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl=1'
) or diag($output);
# In version 8.0 order of columns in the index changed
if ($sandbox_version ge '8.0') {
like($output,
qr/PRIMARY \(`Host`,`User`,`Db`,`Table_name`,`Column_name`\)/,
'Finds mysql.columns_priv PK with option --mysql_ssl=1'
);
} else {
like($output,
qr/PRIMARY \(`Host`,`Db`,`User`,`Table_name`,`Column_name`\)/,
'Finds mysql.columns_priv PKi with option --mysql_ssl=1'
);
}
$output = `$cmd -d mysql -t columns_priv -v F=t/pt-archiver/samples/pt-191.cnf,P=12345,u=sha256_user,p=sha256_user%password,s=1 2>&1`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$cmd -d mysql -t columns_priv -v F=t/pt-archiver/samples/pt-191-error.cnf,P=12345,u=sha256_user,p=sha256_user%password,s=1 2>&1`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

68
t/pt-find/ssl.t
View File

@@ -29,7 +29,7 @@ elsif ( $sandbox_version lt '8.0' ) {
my $output;
my $cnf = '/tmp/12345/my.sandbox.cnf';
my $cmd = "$trunk/bin/pt-find -F $cnf ";
my $cmd = "$trunk/bin/pt-find";
$sb->do_as_root(
'source',
@@ -37,7 +37,7 @@ $sb->do_as_root(
q/GRANT ALL ON *.* TO sha256_user@'%'/,
);
$output = `$cmd mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=0 2>&1`;
$output = `$cmd -F $cnf --host=127.0.0.1 --port=12345 mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=0 2>&1`;
isnt(
$?,
@@ -47,26 +47,80 @@ isnt(
like(
$output,
qr/Access denied/,
'Secure connection error raised when no SSL connection used'
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error raised when SSL connection used'
) or diag($output);
$output = `$cmd mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=1 2>&1`;
$output = `$cmd -F $cnf --host=127.0.0.1 --port=12345 mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=1 2>&1`;
is(
$?,
0,
"Error raised when SSL connection is not used"
"Error not raised when SSL connection is used"
) or diag($output);
unlike(
$output,
qr/Access denied/,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'Secure connection error raised when no SSL connection used'
) or diag($output);
like($output, qr/`mysql`.`columns_priv`/, 'Found mysql.columns_priv');
$dbh->do('CREATE DATABASE IF NOT EXISTS test');
$dbh->do('CREATE TABLE test.pt_find_ssl(cnt INT)');
$output = `$cmd -F $cnf --host=127.0.0.1 --port=12345 mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=1 --exec-dsn=h=127.1,P=12346,u=sha256_user,p=sha256_user%password,s=1 --exec-plus "INSERT INTO test.pt_find_ssl() SELECT COUNT(*) FROM %s" 2>&1`;
is(
$?,
0,
"Error not raised when SSL connection is used with DSN"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error raised when SSL connection used with DSN'
) or diag($output);
$output = `/tmp/12346/use -N -e "SELECT COUNT(*) FROM test.pt_find_ssl"`;
chomp($output);
is(
$output,
1,
'DSN option s works with pt-find'
) or diag($output);
$output = `$cmd -F t/pt-archiver/samples/pt-191.cnf --host=127.0.0.1 --port=12345 mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=1 2>&1`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$cmd -F t/pt-archiver/samples/pt-191-error.cnf --host=127.0.0.1 --port=12345 mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=1 2>&1`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

65
t/pt-fk-error-logger/ssl.t
View File

@@ -95,6 +95,71 @@ like(
"Prints fk error by default"
);
($output, $exit_code) = full_output(
sub {
pt_fk_error_logger::main(@args, 'h=127.1',
qw(--port 12345 --user sha256_user),
qw(--password sha256_user%password --mysql_ssl 1))
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option mysql_ssl'
) or diag($output);
like(
$output,
qr/Foreign key constraint fails/,
"Prints fk error by default with option mysql_ssl"
);
($output, $exit_code) = full_output(
sub {
pt_fk_error_logger::main(@args, 'F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1'),
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_fk_error_logger::main(@args, 'F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1'),
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

67
t/pt-heartbeat/ssl.t
View File

@@ -53,7 +53,7 @@ $sb->do_as_root(
);
isnt(
$?,
$exit_code,
0,
"Error raised when SSL connection is not used"
) or diag($output);
@@ -71,7 +71,7 @@ like(
);
is(
$?,
$exit_code,
0,
"No error for user, identified with caching_sha2_password"
) or diag($output);
@@ -89,6 +89,69 @@ is(
"Automatically inserts heartbeat row (issue 1292)"
);
($output, $exit_code) = full_output(
sub { pt_heartbeat::main(
qw(--host 127.1 --port 12345 --user sha256_user),
qw(--password sha256_user%password --mysql_ssl=1),
qw(-D test --check)) },
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
$row = $dbh->selectall_hashref('select * from test.heartbeat', 'id');
is(
$row->{1}->{id},
1,
"Automatically inserts heartbeat row (issue 1292) with option --mysql_ssl"
);
($output, $exit_code) = full_output(
sub { pt_heartbeat::main("F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1",
qw(-D test --check)) },
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_heartbeat::main("F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1",
qw(-D test --check)) },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

87
t/pt-index-usage/ssl.t
View File

@@ -39,6 +39,7 @@ $sb->do_as_root(
'source',
q/CREATE USER IF NOT EXISTS sha256_user@'%' IDENTIFIED WITH caching_sha2_password BY 'sha256_user%password' REQUIRE SSL/,
q/GRANT ALL ON sakila.* TO sha256_user@'%'/,
q/GRANT ALL ON test.* TO sha256_user@'%'/,
);
# This query doesn't use indexes so there's an unused PK and
@@ -95,6 +96,92 @@ like(
'A simple query that does not use any indexes',
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_index_usage::main(
@args,
qw(--host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1),
qw(--create-save-results-database),
'--save-results-database=h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1,D=test',
"$trunk/$samples/slow001.txt")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password via DSN"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with DSN'
) or diag($output);
$output = `/tmp/12345/use -N -e "SHOW TABLES FROM test"`;
my $expected = <<EOF;
index_alternatives
index_usage
indexes
queries
tables
EOF
is(
$output,
$expected,
'Results are saved'
) or diag($output);
@args = ('-F', "$trunk/t/pt-archiver/samples/pt-191.cnf");
($output, $exit_code) = full_output(
sub {
pt_index_usage::main(
@args,
qw(--host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1),
"$trunk/$samples/slow001.txt")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
@args = ('-F', "$trunk/t/pt-archiver/samples/pt-191-error.cnf");
($output, $exit_code) = full_output(
sub {
pt_index_usage::main(
@args,
qw(--host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1),
"$trunk/$samples/slow001.txt")
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

70
t/pt-kill/ssl.t
View File

@@ -30,12 +30,12 @@ elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
else {
plan tests => 6;
plan tests => 13;
}
my ($output, $exit_code);
my $cnf = '/tmp/12345/my.sandbox.cnf';
my $cmd = "$trunk/bin/pt-kill -F $cnf";
my $cmd = "$trunk/bin/pt-kill";
$sb->do_as_root(
'source',
@@ -43,7 +43,7 @@ $sb->do_as_root(
q/GRANT PROCESS ON *.* TO sha256_user@'%'/,
);
$output = `$cmd h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=0 --busy-time 1s --print --run-time 10 2>&1`;
$output = `$cmd F=$cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=0 --busy-time 1s --print --run-time 10 2>&1`;
isnt(
$?,
@@ -61,7 +61,7 @@ like(
# Backticks don't work here.
system("/tmp/12345/use -e 'select sleep(5)' >/dev/null &");
$output = `$cmd h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --busy-time 1s --print --run-time 10 2>&1`;
$output = `$cmd F=$cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --busy-time 1s --print --run-time 10 2>&1`;
is(
$?,
@@ -91,6 +91,68 @@ ok(
"There were 2 to 5 captures"
) or diag($output);
# Shell out to a sleep(10) query and try to capture the query.
# Backticks don't work here.
system("/tmp/12345/use -e 'select sleep(5)' >/dev/null &");
$output = `$cmd --host 127.1 --port 12345 --user sha256_user --password=sha256_user%password --mysql_ssl 1 --busy-time 1s --print --run-time 10 2>&1`;
is(
$?,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
# $output ought to be something like
# 2009-05-27T22:19:40 KILL 5 (Query 1 sec) select sleep(10)
# 2009-05-27T22:19:41 KILL 5 (Query 2 sec) select sleep(10)
# 2009-05-27T22:19:42 KILL 5 (Query 3 sec) select sleep(10)
# 2009-05-27T22:19:43 KILL 5 (Query 4 sec) select sleep(10)
# 2009-05-27T22:19:44 KILL 5 (Query 5 sec) select sleep(10)
# 2009-05-27T22:19:45 KILL 5 (Query 6 sec) select sleep(10)
# 2009-05-27T22:19:46 KILL 5 (Query 7 sec) select sleep(10)
# 2009-05-27T22:19:47 KILL 5 (Query 8 sec) select sleep(10)
# 2009-05-27T22:19:48 KILL 5 (Query 9 sec) select sleep(10)
@times = $output =~ m/\(Query (\d+) sec\)/g;
ok(
@times > 2 && @times < 7,
"There were 2 to 5 captures with option --mysql_ssl"
) or diag($output);
$output = `$cmd F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --busy-time 1s --print --run-time 10 2>&1`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$cmd F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --busy-time 1s --print --run-time 10 2>&1`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

30
t/pt-mysql-summary/ssl.t
View File

@@ -29,7 +29,7 @@ elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
else {
plan tests => 6;
plan tests => 10;
}
my ($tool) = 'pt-mysql-summary';
@@ -74,6 +74,34 @@ like(
"Authentication with caching_sha2_password works"
);
$output = `$trunk/bin/$tool --host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password 2>&1 -- --defaults-file=t/pt-archiver/samples/pt-191.cnf --ssl-mode=required`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$trunk/bin/$tool --host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password 2>&1 -- --defaults-file=t/pt-archiver/samples/pt-191-error.cnf --ssl-mode=required`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL error: Unable to get private key from/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

13
t/pt-online-schema-change/samples/ssl_dsns.sql Normal file
View File

@@ -0,0 +1,13 @@
CREATE DATABASE IF NOT EXISTS test_ssl;
USE test_ssl;
DROP TABLE IF EXISTS `dsns`;
CREATE TABLE `dsns` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`parent_id` int(11) DEFAULT NULL,
`dsn` varchar(255) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;
INSERT INTO `dsns` VALUES (1, NULL, "F=/home/sveta/src/percona/percona-toolkit/t/pt-archiver/samples/pt-191-replica1.cnf,P=12346,h=127.0.0.1,u=root,p=msandbox,s=1");
INSERT INTO `dsns` VALUES (2, NULL, "F=/home/sveta/src/percona/percona-toolkit/t/pt-archiver/samples/pt-191-replica2.cnf,P=12347,h=127.0.0.1,u=root,p=msandbox,s=1");

78
t/pt-online-schema-change/ssl.t
View File

@@ -45,6 +45,7 @@ $sb->do_as_root(
'source',
q/CREATE USER IF NOT EXISTS sha256_user@'%' IDENTIFIED WITH caching_sha2_password BY 'sha256_user%password' REQUIRE SSL/,
q/GRANT ALL ON test.* TO sha256_user@'%'/,
q/GRANT SELECT ON test_ssl.* TO sha256_user@'%'/,
q/GRANT REPLICATION SLAVE ON *.* TO sha256_user@'%'/,
q/GRANT SUPER ON *.* TO sha256_user@'%'/,
);
@@ -54,6 +55,7 @@ $sb->do_as_root(
# #############################################################################
$sb->load_file('source', "$sample/del-trg-bug-1103672.sql");
$sb->load_file('source', "$sample/ssl_dsns.sql");
($output, $exit_code) = full_output(
sub { pt_online_schema_change::main(@args,
@@ -101,6 +103,82 @@ like(
"DROP PRIMARY KEY"
);
# Restoring environment for the new test
$sb->load_file('source', "$sample/del-trg-bug-1103672.sql");
($output, $exit_code) = full_output(
sub { pt_online_schema_change::main(@args,
"$source_dsn,D=test,t=t1",
qw(--user sha256_user --password sha256_user%password --mysql_ssl 1),
"--alter", "drop primary key, add column _id int unsigned not null primary key auto_increment FIRST",
qw(--execute --no-check-alter)),
},
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
like(
$output,
qr/Successfully altered `test`.`t1`/,
"DROP PRIMARY KEY with option --mysql_ssl"
);
# Restoring environment for the new test
$sb->load_file('source', "$sample/del-trg-bug-1103672.sql");
($output, $exit_code) = full_output(
sub { pt_online_schema_change::main(@args,
"$source_dsn,F=t/pt-archiver/samples/pt-191.cnf,D=test,t=t1,u=sha256_user,p=sha256_user%password,s=1",
"--alter", "drop primary key, add column _id int unsigned not null primary key auto_increment FIRST",
qw(--execute --no-check-alter),
"--recursion-method=dsn=F=t/pt-archiver/samples/pt-191.cnf,D=test_ssl,t=dsns,h=127.0.0.1,P=12345,u=sha256_user,p=sha256_user%password,s=1"),
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_online_schema_change::main(@args,
"F=$trunk/t/pt-archiver/samples/pt-191-error.cnf,$source_dsn,D=test,t=t1,u=sha256_user,p=sha256_user%password,s=1",
"--alter", "drop primary key, add column _id int unsigned not null primary key auto_increment FIRST",
qw(--execute --no-check-alter)),
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

161
t/pt-query-digest/ssl.t Normal file
View File

@@ -0,0 +1,161 @@
#!/usr/bin/env perl
BEGIN {
die "The PERCONA_TOOLKIT_BRANCH environment variable is not set.\n"
unless $ENV{PERCONA_TOOLKIT_BRANCH} && -d $ENV{PERCONA_TOOLKIT_BRANCH};
unshift @INC, "$ENV{PERCONA_TOOLKIT_BRANCH}/lib";
};
use strict;
use warnings FATAL => 'all';
use English qw(-no_match_vars);
use Test::More;
use PerconaTest;
use Sandbox;
require "$trunk/bin/pt-query-digest";
require VersionParser;
my $dp = new DSNParser(opts=>$dsn_opts);
my $sb = new Sandbox(basedir => '/tmp', DSNParser => $dp);
my $dbh = $sb->get_dbh_for('source');
if ( !$dbh ) {
plan skip_all => 'Cannot connect to sandbox source';
}
elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
my ($output, $exit_code);
my $cnf = "/tmp/12345/my.sandbox.cnf";
my $samples = "$trunk/t/pt-query-digest/samples";
$sb->do_as_root(
'source',
q/CREATE USER IF NOT EXISTS sha256_user@'%' IDENTIFIED WITH caching_sha2_password BY 'sha256_user%password' REQUIRE SSL/,
q/GRANT ALL ON sakila.* TO sha256_user@'%'/,
);
($output, $exit_code) = full_output(
sub {
pt_query_digest::main("--explain=F=$cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=0",
"$samples/slow028.txt")
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error raised when SSL connection is not used"
) or diag($output);
like(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'Secure connection error raised when no SSL connection used'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_query_digest::main("--explain='F=$cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1'",
"$samples/slow028.txt")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error'
) or diag($output);
like(
$output,
qr/Query size 24 24 24 24 24 0 24/,
'Analysis printed'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_query_digest::main("--explain=h=127.1,P=12345,u=sha256_user,p=sha256_user%password",
qw(--mysql_ssl 1),
"$samples/slow028.txt")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
like(
$output,
qr/Query size 24 24 24 24 24 0 24/,
'Analysis printed with option --mysql_ssl'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_query_digest::main("--explain=F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1",
"$samples/slow028.txt")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_query_digest::main("--explain=F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1",
"$samples/slow028.txt")
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################
$sb->do_as_root('source', q/DROP USER 'sha256_user'@'%'/);
$sb->wipe_clean($dbh);
ok($sb->ok(), "Sandbox servers") or BAIL_OUT(__FILE__ . " broke the sandbox");
done_testing;

152
t/pt-replica-find/ssl.t Normal file
View File

@@ -0,0 +1,152 @@
#!/usr/bin/env perl
BEGIN {
die "The PERCONA_TOOLKIT_BRANCH environment variable is not set.\n"
unless $ENV{PERCONA_TOOLKIT_BRANCH} && -d $ENV{PERCONA_TOOLKIT_BRANCH};
unshift @INC, "$ENV{PERCONA_TOOLKIT_BRANCH}/lib";
};
use strict;
use warnings FATAL => 'all';
use English qw(-no_match_vars);
use Test::More;
use PerconaTest;
use Sandbox;
require "$trunk/bin/pt-replica-find";
if ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
my $dp = new DSNParser(opts=>$dsn_opts);
my $sb = new Sandbox(basedir => '/tmp', DSNParser => $dp);
my $source_dbh = $sb->get_dbh_for('source');
my $replica1_dbh = $sb->get_dbh_for('replica1');
my $replica2_dbh = $sb->get_dbh_for('replica2');
my $output;
# This test is sensitive to ghost/old replicas created/destroyed by other
# tests. So we stop the replicas, restart the source, and start everything
# again. Hopefully this will return the env to its original state.
$replica2_dbh->do("STOP ${replica_name}");
$replica1_dbh->do("STOP ${replica_name}");
diag(`/tmp/12345/stop >/dev/null`);
diag(`/tmp/12345/start >/dev/null`);
$replica1_dbh->do("START ${replica_name}");
$replica2_dbh->do("START ${replica_name}");
if ( !$source_dbh ) {
plan skip_all => 'Cannot connect to sandbox source';
}
elsif ( !$replica1_dbh ) {
plan skip_all => 'Cannot connect to sandbox replica';
}
elsif ( !$replica2_dbh ) {
plan skip_all => 'Cannot connect to second sandbox replica';
}
$sb->do_as_root(
'source',
q/CREATE USER IF NOT EXISTS sha256_user@'%' IDENTIFIED WITH caching_sha2_password BY 'sha256_user%password' REQUIRE SSL/,
q/GRANT REPLICATION SLAVE, PROCESS ON *.* TO sha256_user@'%'/,
);
# Start an instance
$output = `$trunk/bin/pt-replica-find h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=0 --report-format hostname 2>&1`;
isnt(
$?,
0,
"Error raised when SSL connection is not used"
) or diag($output);
like(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'Secure connection error raised when no SSL connection used'
) or diag($output);
$output = `$trunk/bin/pt-replica-find h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --report-format hostname 2>&1`;
is(
$?,
0,
"No error for user, identified with caching_sha2_password"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error'
) or diag($output);
my $expected = <<EOF;
127.1:12345
+- 127.0.0.1:12346
+- 127.0.0.1:12347
EOF
is($output, $expected, 'Source with replica and replica of replica');
$output = `$trunk/bin/pt-replica-find --host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1 --report-format hostname 2>&1`;
is(
$?,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
$expected = <<EOF;
127.1:12345
+- 127.0.0.1:12346
+- 127.0.0.1:12347
EOF
is(
$output,
$expected,
'Source with replica and replica of replica with option --mysql_ssl'
);
$output = `$trunk/bin/pt-replica-find F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --report-format hostname --recurse 0 2>&1`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$trunk/bin/pt-replica-find F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --report-format hostname --recurse 0 2>&1`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################
$sb->do_as_root('source', q/DROP USER 'sha256_user'@'%'/);
ok($sb->ok(), "Sandbox servers") or BAIL_OUT(__FILE__ . " broke the sandbox");
done_testing;

48
t/pt-replica-restart/ssl.t
View File

@@ -95,6 +95,54 @@ unlike(
'--error-text works (issue 459)'
);
$output = `$trunk/bin/pt-replica-restart --max-sleep 0.25 --host=127.1 --port=12346 --user=sha256_user --password=sha256_user%password --mysql_ssl=1 --error-text "doesn't exist" --run-time 1s 2>&1`;
is(
$?,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
unlike(
$output,
qr/Error does not match/,
'--error-text works (issue 459) with option --mysql_ssl'
);
$output = `$trunk/bin/pt-replica-restart --max-sleep 0.25 F=t/pt-archiver/samples/pt-191-replica1.cnf,h=127.1,P=12346,u=sha256_user,p=sha256_user%password,s=1 --error-text "doesn't exist" --run-time 1s 2>&1`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$trunk/bin/pt-replica-restart --max-sleep 0.25 F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12346,u=sha256_user,p=sha256_user%password,s=1 --error-text "doesn't exist" --run-time 1s 2>&1`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

70
t/pt-show-grants/ssl.t
View File

@@ -88,6 +88,76 @@ like(
'It lives',
);
($output, $exit_code) = full_output(
sub { pt_show_grants::main(
'-F', $cnf,
qw(--host 127.1 --port 12345 --user sha256_user),
qw(--password sha256_user%password --mysql_ssl 1),
qw(--drop --flush --revoke --separate)
); },
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
like(
$output,
qr/Grants dumped by/,
'It lives with option --mysql_ssl',
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_show_grants::main(
'-F', 't/pt-archiver/samples/pt-191.cnf',
'h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1',
qw(--drop --flush --revoke --separate)
); },
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_show_grants::main(
'-F', 't/pt-archiver/samples/pt-191-error.cnf',
'h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1',
qw(--drop --flush --revoke --separate)
); },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

40
t/pt-stalk/ssl.t
View File

@@ -112,6 +112,46 @@ or diag(
'collector', `cat $dest/*-output 2>/dev/null`,
);
cleanup();
$exit_code = system("$trunk/bin/pt-stalk --host=127.1 --port=12345 --no-stalk --run-time 2 --dest $dest --prefix nostalk --pid $pid_file --iterations 1 --user=sha256_user --password=sha256_user%password -- --defaults-file=t/pt-archiver/samples/pt-191.cnf --ssl-mode=required >$log_file 2>&1");
PerconaTest::wait_until(sub { !-f $pid_file });
$output = `cat $log_file 2>/dev/null`;
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
cleanup();
$exit_code = system("$trunk/bin/pt-stalk --host=127.1 --port=12345 --no-stalk --run-time 2 --dest $dest --prefix nostalk --pid $pid_file --iterations 1 --user=sha256_user --password=sha256_user%password -- --defaults-file=t/pt-archiver/samples/pt-191-error.cnf --ssl-mode=required >$log_file 2>&1");
PerconaTest::wait_until(sub { !-f $pid_file });
$output = `cat $log_file 2>/dev/null`;
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL error: Unable to get private key from/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

77
t/pt-table-checksum/ssl.t
View File

@@ -26,7 +26,7 @@ elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
else {
plan tests => 7;
plan tests => 15;
}
# The sandbox servers run with lock_wait_timeout=3 and it's not dynamic
@@ -47,11 +47,13 @@ $sb->do_as_root(
'source',
q/CREATE USER IF NOT EXISTS sha256_user@'%' IDENTIFIED WITH caching_sha2_password BY 'sha256_user%password' REQUIRE SSL/,
q/GRANT ALL ON test.* TO sha256_user@'%'/,
q/GRANT SELECT ON test_ssl.* TO sha256_user@'%'/,
q/GRANT ALL ON percona.* TO sha256_user@'%'/,
q/GRANT REPLICATION SLAVE ON *.* TO sha256_user@'%'/,
q/GRANT REPLICATION CLIENT ON *.* TO sha256_user@'%'/,
);
$sb->load_file('source', "t/pt-online-schema-change/samples/ssl_dsns.sql");
$dbh->do("insert into test.foo values (null, 'john, smith')");
($output, $exit_code) = full_output(
@@ -100,6 +102,79 @@ like(
'Checksums the table (issue 388)'
);
($output, $exit_code) = full_output(
sub { pt_table_checksum::main(
@args,
qw(--host 127.1 --port 12345 --user sha256_user),
qw(--password sha256_user%password --mysql_ssl 1),
qw(-d test)) },
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
unlike(
$output,
qr/Use of uninitialized value/,
'No error (issue 388) with option --mysql_ssl'
);
like(
$output,
qr/^\S+\s+0\s+0\s+1\s+0\s+1\s+/m,
'Checksums the table (issue 388) with option --mysql_ssl'
);
($output, $exit_code) = full_output(
sub {
pt_table_checksum::main(
@args,
'F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1',
qw(-d test),
"--recursion-method=dsn=F=t/pt-archiver/samples/pt-191.cnf,D=test_ssl,t=dsns,h=127.0.0.1,P=12345,u=sha256_user,p=sha256_user%password,s=1")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_table_checksum::main(@args, 'F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1', qw(-d test)) },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

79
t/pt-table-sync/ssl.t
View File

@@ -30,7 +30,7 @@ elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
else {
plan tests => 6;
plan tests => 13;
}
my ($output, $exit_code);
@@ -40,10 +40,14 @@ $sb->do_as_root(
'source',
q/CREATE USER IF NOT EXISTS sha256_user@'%' IDENTIFIED WITH caching_sha2_password BY 'sha256_user%password' REQUIRE SSL/,
q/GRANT ALL ON sakila.* TO sha256_user@'%'/,
q/GRANT ALL ON percona.* TO sha256_user@'%'/,
q/GRANT SELECT ON test_ssl.* TO sha256_user@'%'/,
q/GRANT REPLICATION CLIENT ON *.* TO sha256_user@'%'/,
q/GRANT PROCESS ON *.* TO sha256_user@'%'/,
);
$sb->load_file('source', "t/pt-online-schema-change/samples/ssl_dsns.sql");
($output, $exit_code) = full_output(
sub { pt_table_sync::main('h=127.1,P=12346,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=0', @args) },
stderr => 1,
@@ -84,6 +88,79 @@ like(
"Zero chunk"
);
($output, $exit_code) = full_output(
sub { pt_table_sync::main('D=sakila,t=film',
qw(--host 127.1 --port 12346 --user sha256_user),
qw(--password sha256_user%password --mysql_ssl 1), @args) },
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
like(
$output,
qr/WHERE \(`film_id` = 0\)/,
"Zero chunk with option --mysql_ssl"
);
# Prepare checksums table
diag(`$trunk/bin/pt-table-checksum F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 -d sakila --recursion-method=dsn=F=t/pt-archiver/samples/pt-191.cnf,D=test_ssl,t=dsns,h=127.0.0.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 2>&1 >/dev/null`);
@args = (qw(--recursion-method=dsn --replicate=percona.checksums -t sakila.actor -v -v --print --chunk-size 100));
($output, $exit_code) = full_output(
sub {
pt_table_sync::main(
'F=t/pt-archiver/samples/pt-191,h=127.1,P=12346,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1',
@args,
"--recursion-method=dsn=F=t/pt-archiver/samples/pt-191-replica1.cnf,D=test_ssl,t=dsns,h=127.0.0.1,P=12345,u=sha256_user,p=sha256_user%password,s=1"
) },
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_table_sync::main(
'F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1',
@args,
"--recursion-method=dsn=F=t/pt-archiver/samples/pt-191.cnf,D=test_ssl,t=dsns,h=127.0.0.1,P=12345,u=sha256_user,p=sha256_user%password,s=1"
) },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

65
t/pt-table-usage/ssl.t
View File

@@ -26,7 +26,7 @@ elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
else {
plan tests => 6;
plan tests => 13;
}
my ($output, $exit_code);
@@ -82,6 +82,69 @@ is(
"",
"No error if table doesn't exist"
);
($output, $exit_code) = full_output(
sub { pt_table_usage::main('--explain-extended',
qw(127.1 --port 12345 --database sakila --user sha256_user),
qw(--password sha256_user%password --mysql_ssl 1),
'--query', 'select * from foo, bar where id=1') },
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
is(
$output,
"",
"No error if table doesn't exist with option --mysql_ssl"
);
($output, $exit_code) = full_output(
sub { pt_table_usage::main('--explain-extended', "F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,D=sakila,u=sha256_user,p=sha256_user%password,s=1",
'--query', 'select * from foo, bar where id=1') },
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_table_usage::main('--explain-extended', "F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,D=sakila,u=sha256_user,p=sha256_user%password,s=1",
'--query', 'select * from foo, bar where id=1') },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

71
t/pt-upgrade/ssl.t
View File

@@ -98,6 +98,77 @@ is(
"Does not fail on SELECT...INTO statements"
);
($output, $exit_code) = full_output(
sub {
pt_upgrade::main("${host1_dsn}",
qw(--user sha256_user --password sha256_user%password --mysql_ssl 1),
'--save-results', $tmpdir,
qw(--type rawlog),
"$samples/select_into.log",
)},
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
is(
$exit_code,
0,
"Does not fail on SELECT...INTO statements with option --mysql_ssl"
);
($output, $exit_code) = full_output(
sub {
pt_upgrade::main("F=t/pt-archiver/samples/pt-191.cnf,${host1_dsn},u=sha256_user,p=sha256_user%password,s=1", '--save-results', $tmpdir,
qw(--type rawlog),
"$samples/select_into.log")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_upgrade::main("F=t/pt-archiver/samples/pt-191-error.cnf,${host1_dsn},u=sha256_user,p=sha256_user%password,s=1", '--save-results', $tmpdir,
qw(--type rawlog),
"$samples/select_into.log")
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

58
t/pt-variable-advisor/ssl.t
View File

@@ -81,6 +81,64 @@ unlike(
"No innodb_max_dirty_pages_pct warning (bug 1168106)"
);
($output, $exit_code) = full_output(
sub { pt_variable_advisor::main("${dsn}",
qw(--user sha256_user --password sha256_user%password --mysql_ssl 1)) },
stderr => 1,
);
is(
$exit_code,
0,
"No error for user, identified with caching_sha2_password with option --mysql_ssl"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with option --mysql_ssl'
) or diag($output);
unlike(
$output,
qr/innodb_max_dirty_pages_pct/,
"No innodb_max_dirty_pages_pct warning (bug 1168106) with option --mysql_ssl"
);
($output, $exit_code) = full_output(
sub { pt_variable_advisor::main("F=t/pt-archiver/samples/pt-191.cnf,${dsn},u=sha256_user,p=sha256_user%password,s=1") },
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_variable_advisor::main("F=t/pt-archiver/samples/pt-191-error.cnf,${dsn},u=sha256_user,p=sha256_user%password,s=1") },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

45
t/pt-visual-explain/ssl.t
View File

@@ -80,6 +80,51 @@ unlike(
'No secure connection error'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_visual_explain::main(
'--connect',
't/pt-visual-explain/samples/query.sql',
qw(-F t/pt-archiver/samples/pt-191.cnf --host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1)
)
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_visual_explain::main(
'--connect',
't/pt-visual-explain/samples/query.sql',
qw(-F t/pt-archiver/samples/pt-191-error.cnf --host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1)
)
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.