percona/percona-toolkit
1
0
Fork 0
mirror of https://github.com/percona/percona-toolkit.git synced 2025-09-01 18:25:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

PT-191 - add ssl options to DSN

Browse Source 
- Added test cases to ensure SSL is working in all tools
This commit is contained in:
Sveta Smirnova
2025-07-26 14:18:30 +03:00
parent 7a8fee3d86
commit b7094dfd09
25 changed files with 808 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
t/pt-archiver/samples/pt-191-error.cnf Normal file
View File

@@ -0,0 +1,5 @@
[client]
user=msandbox
ssl-ca=/tmp/12345/data/ca.pem
ssl-cert=/tmp/12345/data/server-cert.pem
ssl-key=/tmp/12345/data/client-key.pem

4
t/pt-archiver/samples/pt-191-replica1.cnf Normal file
View File

@@ -0,0 +1,4 @@
[client]
ssl-ca=/tmp/12346/data/ca.pem
ssl-cert=/tmp/12346/data/client-cert.pem
ssl-key=/tmp/12346/data/client-key.pem

4
t/pt-archiver/samples/pt-191-replica2.cnf Normal file
View File

@@ -0,0 +1,4 @@
[client]
ssl-ca=/tmp/12347/data/ca.pem
ssl-cert=/tmp/12347/data/client-cert.pem
ssl-key=/tmp/12347/data/client-key.pem

4
t/pt-archiver/samples/pt-191.cnf Normal file
View File

@@ -0,0 +1,4 @@
[client]
ssl-ca=/tmp/12345/data/ca.pem
ssl-cert=/tmp/12345/data/client-cert.pem
ssl-key=/tmp/12345/data/client-key.pem

42
t/pt-archiver/ssl.t
View File

@@ -83,6 +83,48 @@ like(
'Queries printed'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_archiver::main('--source', "F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1",
qw(--no-check-charset --purge --dry-run --port 12345),
"--where", "film_id < 100")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_archiver::main('--source', "F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1",
qw(--no-check-charset --purge --dry-run --port 12345),
"--where", "film_id < 100")
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

38
t/pt-config-diff/ssl.t
View File

@@ -80,6 +80,44 @@ is(
"No output when no diff"
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_config_diff::main("F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1", 'h=127.1')
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_config_diff::main("F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1", 'h=127.1')
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

40
t/pt-deadlock-logger/ssl.t
View File

@@ -165,6 +165,46 @@ like(
'Deadlock logger prints the output'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_deadlock_logger::main("F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1",
qw(--iterations 1));
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_deadlock_logger::main("F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1",
qw(--iterations 1));
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

28
t/pt-duplicate-key-checker/ssl.t
View File

@@ -93,6 +93,34 @@ if ($sandbox_version ge '8.0') {
);
}
$output = `$cmd -d mysql -t columns_priv -v F=t/pt-archiver/samples/pt-191.cnf,P=12345,u=sha256_user,p=sha256_user%password,s=1 2>&1`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$cmd -d mysql -t columns_priv -v F=t/pt-archiver/samples/pt-191-error.cnf,P=12345,u=sha256_user,p=sha256_user%password,s=1 2>&1`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

38
t/pt-find/ssl.t
View File

@@ -29,7 +29,7 @@ elsif ( $sandbox_version lt '8.0' ) {
my $output;
my $cnf = '/tmp/12345/my.sandbox.cnf';
my $cmd = "$trunk/bin/pt-find -F $cnf ";
my $cmd = "$trunk/bin/pt-find";
$sb->do_as_root(
'source',
@@ -37,7 +37,7 @@ $sb->do_as_root(
q/GRANT ALL ON *.* TO sha256_user@'%'/,
);
$output = `$cmd mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=0 2>&1`;
$output = `$cmd -F $cnf --host=127.0.0.1 --port=12345 mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=0 2>&1`;
isnt(
$?,
@@ -47,11 +47,11 @@ isnt(
like(
$output,
qr/Access denied/,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'Secure connection error raised when no SSL connection used'
) or diag($output);
$output = `$cmd mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=1 2>&1`;
$output = `$cmd -F $cnf --host=127.0.0.1 --port=12345 mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=1 2>&1`;
is(
$?,
@@ -61,12 +61,40 @@ is(
unlike(
$output,
qr/Access denied/,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'Secure connection error raised when no SSL connection used'
) or diag($output);
like($output, qr/`mysql`.`columns_priv`/, 'Found mysql.columns_priv');
$output = `$cmd -F t/pt-archiver/samples/pt-191.cnf --host=127.0.0.1 --port=12345 mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=1 2>&1`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$cmd -F t/pt-archiver/samples/pt-191-error.cnf --host=127.0.0.1 --port=12345 mysql --tblregex column --user=sha256_user --password=sha256_user%password --mysql_ssl=1 2>&1`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

38
t/pt-fk-error-logger/ssl.t
View File

@@ -95,6 +95,44 @@ like(
"Prints fk error by default"
);
($output, $exit_code) = full_output(
sub {
pt_fk_error_logger::main(@args, 'F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1'),
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_fk_error_logger::main(@args, 'F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1'),
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

40
t/pt-heartbeat/ssl.t
View File

@@ -53,7 +53,7 @@ $sb->do_as_root(
);
isnt(
$?,
$exit_code,
0,
"Error raised when SSL connection is not used"
) or diag($output);
@@ -71,7 +71,7 @@ like(
);
is(
$?,
$exit_code,
0,
"No error for user, identified with caching_sha2_password"
) or diag($output);
@@ -89,6 +89,42 @@ is(
"Automatically inserts heartbeat row (issue 1292)"
);
($output, $exit_code) = full_output(
sub { pt_heartbeat::main("F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1",
qw(-D test --check)) },
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_heartbeat::main("F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1",
qw(-D test --check)) },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

47
t/pt-index-usage/ssl.t
View File

@@ -95,6 +95,53 @@ like(
'A simple query that does not use any indexes',
) or diag($output);
@args = ('-F', "$trunk/t/pt-archiver/samples/pt-191.cnf");
($output, $exit_code) = full_output(
sub {
pt_index_usage::main(
@args,
qw(--host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1),
"$trunk/$samples/slow001.txt")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
@args = ('-F', "$trunk/t/pt-archiver/samples/pt-191-error.cnf");
($output, $exit_code) = full_output(
sub {
pt_index_usage::main(
#"-F $trunk/t/pt-archiver/samples/pt-191-error.cnf",
@args,
qw(--host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1),
"$trunk/$samples/slow001.txt")
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

36
t/pt-kill/ssl.t
View File

@@ -30,12 +30,12 @@ elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
else {
plan tests => 6;
plan tests => 10;
}
my ($output, $exit_code);
my $cnf = '/tmp/12345/my.sandbox.cnf';
my $cmd = "$trunk/bin/pt-kill -F $cnf";
my $cmd = "$trunk/bin/pt-kill";
$sb->do_as_root(
'source',
@@ -43,7 +43,7 @@ $sb->do_as_root(
q/GRANT PROCESS ON *.* TO sha256_user@'%'/,
);
$output = `$cmd h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=0 --busy-time 1s --print --run-time 10 2>&1`;
$output = `$cmd F=$cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=0 --busy-time 1s --print --run-time 10 2>&1`;
isnt(
$?,
@@ -61,7 +61,7 @@ like(
# Backticks don't work here.
system("/tmp/12345/use -e 'select sleep(5)' >/dev/null &");
$output = `$cmd h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --busy-time 1s --print --run-time 10 2>&1`;
$output = `$cmd F=$cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --busy-time 1s --print --run-time 10 2>&1`;
is(
$?,
@@ -91,6 +91,34 @@ ok(
"There were 2 to 5 captures"
) or diag($output);
$output = `$cmd F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --busy-time 1s --print --run-time 10 2>&1`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$cmd F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 --busy-time 1s --print --run-time 10 2>&1`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

30
t/pt-mysql-summary/ssl.t
View File

@@ -29,7 +29,7 @@ elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
else {
plan tests => 6;
plan tests => 10;
}
my ($tool) = 'pt-mysql-summary';
@@ -74,6 +74,34 @@ like(
"Authentication with caching_sha2_password works"
);
$output = `$trunk/bin/$tool --host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password 2>&1 -- --defaults-file=t/pt-archiver/samples/pt-191.cnf --ssl-mode=required`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$trunk/bin/$tool --host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password 2>&1 -- --defaults-file=t/pt-archiver/samples/pt-191-error.cnf --ssl-mode=required`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL error: Unable to get private key from/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

13
t/pt-online-schema-change/samples/ssl_dsns.sql Normal file
View File

@@ -0,0 +1,13 @@
CREATE DATABASE IF NOT EXISTS test_ssl;
USE test_ssl;
DROP TABLE IF EXISTS `dsns`;
CREATE TABLE `dsns` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`parent_id` int(11) DEFAULT NULL,
`dsn` varchar(255) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;
INSERT INTO `dsns` VALUES (1, NULL, "F=/home/sveta/src/percona/percona-toolkit/t/pt-archiver/samples/pt-191-replica1.cnf,P=12346,h=127.0.0.1,u=root,p=msandbox,s=1");
INSERT INTO `dsns` VALUES (2, NULL, "F=/home/sveta/src/percona/percona-toolkit/t/pt-archiver/samples/pt-191-replica2.cnf,P=12347,h=127.0.0.1,u=root,p=msandbox,s=1");

48
t/pt-online-schema-change/ssl.t
View File

@@ -45,6 +45,7 @@ $sb->do_as_root(
'source',
q/CREATE USER IF NOT EXISTS sha256_user@'%' IDENTIFIED WITH caching_sha2_password BY 'sha256_user%password' REQUIRE SSL/,
q/GRANT ALL ON test.* TO sha256_user@'%'/,
q/GRANT SELECT ON test_ssl.* TO sha256_user@'%'/,
q/GRANT REPLICATION SLAVE ON *.* TO sha256_user@'%'/,
q/GRANT SUPER ON *.* TO sha256_user@'%'/,
);
@@ -54,6 +55,7 @@ $sb->do_as_root(
# #############################################################################
$sb->load_file('source', "$sample/del-trg-bug-1103672.sql");
$sb->load_file('source', "$sample/ssl_dsns.sql");
($output, $exit_code) = full_output(
sub { pt_online_schema_change::main(@args,
@@ -101,6 +103,52 @@ like(
"DROP PRIMARY KEY"
);
# Restoring environment for the new test
$sb->load_file('source', "$sample/del-trg-bug-1103672.sql");
($output, $exit_code) = full_output(
sub { pt_online_schema_change::main(@args,
"$source_dsn,F=t/pt-archiver/samples/pt-191.cnf,D=test,t=t1,u=sha256_user,p=sha256_user%password,s=1",
"--alter", "drop primary key, add column _id int unsigned not null primary key auto_increment FIRST",
qw(--execute --no-check-alter),
"--recursion-method=dsn=F=t/pt-archiver/samples/pt-191.cnf,D=test_ssl,t=dsns,h=127.0.0.1,P=12345,u=sha256_user,p=sha256_user%password,s=1"),
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_online_schema_change::main(@args,
"F=$trunk/t/pt-archiver/samples/pt-191-error.cnf,$source_dsn,D=test,t=t1,u=sha256_user,p=sha256_user%password,s=1",
"--alter", "drop primary key, add column _id int unsigned not null primary key auto_increment FIRST",
qw(--execute --no-check-alter)),
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

28
t/pt-replica-restart/ssl.t
View File

@@ -95,6 +95,34 @@ unlike(
'--error-text works (issue 459)'
);
$output = `$trunk/bin/pt-replica-restart --max-sleep 0.25 F=t/pt-archiver/samples/pt-191-replica1.cnf,h=127.1,P=12346,u=sha256_user,p=sha256_user%password,s=1 --error-text "doesn't exist" --run-time 1s 2>&1`;
is(
$?,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
$output = `$trunk/bin/pt-replica-restart --max-sleep 0.25 F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12346,u=sha256_user,p=sha256_user%password,s=1 --error-text "doesn't exist" --run-time 1s 2>&1`;
isnt(
$?,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

42
t/pt-show-grants/ssl.t
View File

@@ -88,6 +88,48 @@ like(
'It lives',
);
($output, $exit_code) = full_output(
sub { pt_show_grants::main(
'-F', 't/pt-archiver/samples/pt-191.cnf',
'h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1',
qw(--drop --flush --revoke --separate)
); },
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_show_grants::main(
'-F', 't/pt-archiver/samples/pt-191-error.cnf',
'h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1',
qw(--drop --flush --revoke --separate)
); },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

40
t/pt-stalk/ssl.t
View File

@@ -112,6 +112,46 @@ or diag(
'collector', `cat $dest/*-output 2>/dev/null`,
);
cleanup();
$exit_code = system("$trunk/bin/pt-stalk --host=127.1 --port=12345 --no-stalk --run-time 2 --dest $dest --prefix nostalk --pid $pid_file --iterations 1 --user=sha256_user --password=sha256_user%password -- --defaults-file=t/pt-archiver/samples/pt-191.cnf --ssl-mode=required >$log_file 2>&1");
PerconaTest::wait_until(sub { !-f $pid_file });
$output = `cat $log_file 2>/dev/null`;
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
cleanup();
$exit_code = system("$trunk/bin/pt-stalk --host=127.1 --port=12345 --no-stalk --run-time 2 --dest $dest --prefix nostalk --pid $pid_file --iterations 1 --user=sha256_user --password=sha256_user%password -- --defaults-file=t/pt-archiver/samples/pt-191-error.cnf --ssl-mode=required >$log_file 2>&1");
PerconaTest::wait_until(sub { !-f $pid_file });
$output = `cat $log_file 2>/dev/null`;
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL error: Unable to get private key from/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

44
t/pt-table-checksum/ssl.t
View File

@@ -26,7 +26,7 @@ elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
else {
plan tests => 7;
plan tests => 11;
}
# The sandbox servers run with lock_wait_timeout=3 and it's not dynamic
@@ -47,11 +47,13 @@ $sb->do_as_root(
'source',
q/CREATE USER IF NOT EXISTS sha256_user@'%' IDENTIFIED WITH caching_sha2_password BY 'sha256_user%password' REQUIRE SSL/,
q/GRANT ALL ON test.* TO sha256_user@'%'/,
q/GRANT SELECT ON test_ssl.* TO sha256_user@'%'/,
q/GRANT ALL ON percona.* TO sha256_user@'%'/,
q/GRANT REPLICATION SLAVE ON *.* TO sha256_user@'%'/,
q/GRANT REPLICATION CLIENT ON *.* TO sha256_user@'%'/,
);
$sb->load_file('source', "t/pt-online-schema-change/samples/ssl_dsns.sql");
$dbh->do("insert into test.foo values (null, 'john, smith')");
($output, $exit_code) = full_output(
@@ -100,6 +102,46 @@ like(
'Checksums the table (issue 388)'
);
($output, $exit_code) = full_output(
sub {
pt_table_checksum::main(
@args,
'F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1',
qw(-d test),
"--recursion-method=dsn=F=t/pt-archiver/samples/pt-191.cnf,D=test_ssl,t=dsns,h=127.0.0.1,P=12345,u=sha256_user,p=sha256_user%password,s=1")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_table_checksum::main(@args, 'F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1', qw(-d test)) },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

54
t/pt-table-sync/ssl.t
View File

@@ -30,7 +30,7 @@ elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
else {
plan tests => 6;
plan tests => 10;
}
my ($output, $exit_code);
@@ -40,10 +40,14 @@ $sb->do_as_root(
'source',
q/CREATE USER IF NOT EXISTS sha256_user@'%' IDENTIFIED WITH caching_sha2_password BY 'sha256_user%password' REQUIRE SSL/,
q/GRANT ALL ON sakila.* TO sha256_user@'%'/,
q/GRANT ALL ON percona.* TO sha256_user@'%'/,
q/GRANT SELECT ON test_ssl.* TO sha256_user@'%'/,
q/GRANT REPLICATION CLIENT ON *.* TO sha256_user@'%'/,
q/GRANT PROCESS ON *.* TO sha256_user@'%'/,
);
$sb->load_file('source', "t/pt-online-schema-change/samples/ssl_dsns.sql");
($output, $exit_code) = full_output(
sub { pt_table_sync::main('h=127.1,P=12346,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=0', @args) },
stderr => 1,
@@ -84,6 +88,54 @@ like(
"Zero chunk"
);
# Prepare checksums table
diag(`$trunk/bin/pt-table-checksum F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 -d sakila --recursion-method=dsn=F=t/pt-archiver/samples/pt-191.cnf,D=test_ssl,t=dsns,h=127.0.0.1,P=12345,u=sha256_user,p=sha256_user%password,s=1 2>&1 >/dev/null`);
@args = (qw(--recursion-method=dsn --replicate=percona.checksums -t sakila.actor -v -v --print --chunk-size 100));
($output, $exit_code) = full_output(
sub {
pt_table_sync::main(
'F=t/pt-archiver/samples/pt-191,h=127.1,P=12346,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1',
@args,
"--recursion-method=dsn=F=t/pt-archiver/samples/pt-191-replica1.cnf,D=test_ssl,t=dsns,h=127.0.0.1,P=12345,u=sha256_user,p=sha256_user%password,s=1"
) },
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_table_sync::main(
'F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,D=sakila,t=film,u=sha256_user,p=sha256_user%password,s=1',
@args,
"--recursion-method=dsn=F=t/pt-archiver/samples/pt-191.cnf,D=test_ssl,t=dsns,h=127.0.0.1,P=12345,u=sha256_user,p=sha256_user%password,s=1"
) },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

39
t/pt-table-usage/ssl.t
View File

@@ -26,7 +26,7 @@ elsif ( $sandbox_version lt '8.0' ) {
plan skip_all => "Requires MySQL 8.0 or newer";
}
else {
plan tests => 6;
plan tests => 10;
}
my ($output, $exit_code);
@@ -82,6 +82,43 @@ is(
"",
"No error if table doesn't exist"
);
($output, $exit_code) = full_output(
sub { pt_table_usage::main('--explain-extended', "F=t/pt-archiver/samples/pt-191.cnf,h=127.1,P=12345,D=sakila,u=sha256_user,p=sha256_user%password,s=1",
'--query', 'select * from foo, bar where id=1') },
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_table_usage::main('--explain-extended', "F=t/pt-archiver/samples/pt-191-error.cnf,h=127.1,P=12345,D=sakila,u=sha256_user,p=sha256_user%password,s=1",
'--query', 'select * from foo, bar where id=1') },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

42
t/pt-upgrade/ssl.t
View File

@@ -98,6 +98,48 @@ is(
"Does not fail on SELECT...INTO statements"
);
($output, $exit_code) = full_output(
sub {
pt_upgrade::main("F=t/pt-archiver/samples/pt-191.cnf,${host1_dsn},u=sha256_user,p=sha256_user%password,s=1", '--save-results', $tmpdir,
qw(--type rawlog),
"$samples/select_into.log")
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_upgrade::main("F=t/pt-archiver/samples/pt-191-error.cnf,${host1_dsn},u=sha256_user,p=sha256_user%password,s=1", '--save-results', $tmpdir,
qw(--type rawlog),
"$samples/select_into.log")
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

34
t/pt-variable-advisor/ssl.t
View File

@@ -81,6 +81,40 @@ unlike(
"No innodb_max_dirty_pages_pct warning (bug 1168106)"
);
($output, $exit_code) = full_output(
sub { pt_variable_advisor::main("F=t/pt-archiver/samples/pt-191.cnf,${dsn},u=sha256_user,p=sha256_user%password,s=1") },
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub { pt_variable_advisor::main("F=t/pt-archiver/samples/pt-191-error.cnf,${dsn},u=sha256_user,p=sha256_user%password,s=1") },
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################

45
t/pt-visual-explain/ssl.t
View File

@@ -80,6 +80,51 @@ unlike(
'No secure connection error'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_visual_explain::main(
'--connect',
't/pt-visual-explain/samples/query.sql',
qw(-F t/pt-archiver/samples/pt-191.cnf --host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1)
)
},
stderr => 1,
);
is(
$exit_code,
0,
"No error for SSL options in the configuration file"
) or diag($output);
unlike(
$output,
qr/Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection./,
'No secure connection error with correct SSL options in the configuration file'
) or diag($output);
($output, $exit_code) = full_output(
sub {
pt_visual_explain::main(
'--connect',
't/pt-visual-explain/samples/query.sql',
qw(-F t/pt-archiver/samples/pt-191-error.cnf --host=127.1 --port=12345 --user=sha256_user --password=sha256_user%password --mysql_ssl=1)
)
},
stderr => 1,
);
isnt(
$exit_code,
0,
"Error for invalid SSL options in the configuration file"
) or diag($output);
like(
$output,
qr/SSL connection error: Unable to get private key at/,
'SSL connection error with incorrect SSL options in the configuration file'
) or diag($output);
# #############################################################################
# Done.