PT-191 - add ssl options to DSN

- Typo in t/pt-index-usage/ssl.t - Missed test t/pt-query-digest/ssl.t - Missed option --mysql_ssl in pt-query-digest
2025-09-24 21:35:00 +00:00 · 2025-07-28 19:05:00 +03:00
parent b7094dfd09
commit 2954d5a749
3 changed files with 140 additions and 1 deletions
--- a/bin/pt-query-digest
+++ b/bin/pt-query-digest
@@ -16194,6 +16194,12 @@ type: int; default: 74

 Trim lines to this length. 0=Do not trim lines.

+=item --mysql_ssl
+
+short form: -s; type: int
+
+Create SSL MySQL connection.
+
 =item --order-by

 type: Array; default: Query_time:sum
--- a/t/pt-index-usage/ssl.t
+++ b/t/pt-index-usage/ssl.t
@@ -122,7 +122,6 @@ unlike(
 ($output, $exit_code) = full_output(
   sub {
      pt_index_usage::main(
-         #"-F $trunk/t/pt-archiver/samples/pt-191-error.cnf",
         @args,
         qw(--host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1),
         "$trunk/$samples/slow001.txt")
--- a/t/pt-query-digest/ssl.t
+++ b/t/pt-query-digest/ssl.t
@@ -0,0 +1,134 @@
+#!/usr/bin/env perl
+
+BEGIN {
+   die "The PERCONA_TOOLKIT_BRANCH environment variable is not set.\n"
+      unless $ENV{PERCONA_TOOLKIT_BRANCH} && -d $ENV{PERCONA_TOOLKIT_BRANCH};
+   unshift @INC, "$ENV{PERCONA_TOOLKIT_BRANCH}/lib";
+};
+
+use strict;
+use warnings FATAL => 'all';
+use English qw(-no_match_vars);
+use Test::More;
+
+use PerconaTest;
+use Sandbox;
+
+require "$trunk/bin/pt-query-digest";
+require VersionParser;
+
+my $dp   = new DSNParser(opts=>$dsn_opts);
+my $sb   = new Sandbox(basedir => '/tmp', DSNParser => $dp);
+my $dbh  = $sb->get_dbh_for('source');
+
+if ( !$dbh ) {
+   plan skip_all => 'Cannot connect to sandbox source';
+}
+elsif ( $sandbox_version lt '8.0' ) {
+   plan skip_all => "Requires MySQL 8.0 or newer";
+}
+
+my ($output, $exit_code);
+my $cnf      = "/tmp/12345/my.sandbox.cnf";
+my $samples  = "$trunk/t/pt-query-digest/samples";
+
+$sb->do_as_root(
+   'source',
+   q/CREATE USER IF NOT EXISTS sha256_user@'%' IDENTIFIED WITH caching_sha2_password BY 'sha256_user%password' REQUIRE SSL/,
+   q/GRANT ALL ON sakila.* TO sha256_user@'%'/,
+);
+
+($output, $exit_code) = full_output(
+   sub {
+      pt_query_digest::main("--explain=F=$cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=0",
+         "$samples/slow028.txt")
+   },
+   stderr => 1,
+);
+
+isnt(
+   $exit_code,
+   0,
+   "Error raised when SSL connection is not used"
+) or diag($output);
+
+like(
+   $output,
+   qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
+   'Secure connection error raised when no SSL connection used'
+) or diag($output);
+
+($output, $exit_code) = full_output(
+   sub {
+      pt_query_digest::main("--explain='F=$cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1'",
+         "$samples/slow028.txt")
+   },
+   stderr => 1,
+);
+
+is(
+   $exit_code,
+   0,
+   "No error for user, identified with caching_sha2_password"
+) or diag($output);
+
+unlike(
+   $output,
+   qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
+   'No secure connection error'
+) or diag($output);
+
+like(
+   $output,
+   qr/Query size            24      24      24      24      24       0      24/,
+   'Analysis printed'
+) or diag($output);
+
+($output, $exit_code) = full_output(
+   sub {
+      pt_query_digest::main("--explain=F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1",
+         "$samples/slow028.txt")
+   },
+   stderr => 1,
+);
+
+is(
+   $exit_code,
+   0,
+   "No error for SSL options in the configuration file"
+) or diag($output);
+
+unlike(
+   $output,
+   qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
+   'No secure connection error with correct SSL options in the configuration file'
+) or diag($output);
+
+($output, $exit_code) = full_output(
+   sub {
+      pt_query_digest::main("--explain=F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1",
+         "$samples/slow028.txt")
+   },
+   stderr => 1,
+);
+
+isnt(
+   $exit_code,
+   0,
+   "Error for invalid SSL options in the configuration file"
+) or diag($output);
+
+like(
+   $output,
+   qr/SSL connection error: Unable to get private key at/,
+   'SSL connection error with incorrect SSL options in the configuration file'
+) or diag($output);
+
+# #############################################################################
+# Done.
+# #############################################################################
+$sb->do_as_root('source', q/DROP USER 'sha256_user'@'%'/);
+
+$sb->wipe_clean($dbh);
+ok($sb->ok(), "Sandbox servers") or BAIL_OUT(__FILE__ . " broke the sandbox");
+done_testing;