PT-1488 Added MySQL 8 roles support to pt-show-grants

This commit is contained in:
Carlos Salguero
2018-03-30 16:35:08 -03:00
parent 2bb4f481dc
commit c6a8f843a7
3 changed files with 144 additions and 2 deletions

View File

@@ -1922,9 +1922,25 @@ sub main {
my $ignore_users = $o->get('ignore'); my $ignore_users = $o->get('ignore');
my $exit_status = 0; my $exit_status = 0;
if (my $roles = get_roles($dbh)) {
print "-- Roles\n";
my $count=0;
for my $role (@$roles) {
next if ($o->get("skip-unused-roles") && $role->{active} == 0);
$count++;
printf('CREATE ROLE IF NOT EXISTS `%s`;'."\n", $role->{name});
}
if ($count == 0) {
print "No active roles found\n";
}
print "-- End of roles listing\n";
}
USER: USER:
foreach my $u ( @$users ) { foreach my $u ( @$users ) {
my $user_host = "'$u->{User}'\@'$u->{Host}'"; my $user_host = "`$u->{User}`\@`$u->{Host}`";
if ( $ignore_users && $ignore_users->{$user_host} ) { if ( $ignore_users && $ignore_users->{$user_host} ) {
PTDEBUG && _d('Ignoring user', $user_host); PTDEBUG && _d('Ignoring user', $user_host);
next USER; next USER;
@@ -2084,6 +2100,39 @@ sub parse_user {
return ( $user, $host ); return ( $user, $host );
} }
sub get_roles {
my $dbh = shift;
my $query = <<__EOQ;
SELECT DISTINCT user.user AS name, IF(from_user IS NULL,0, 1) AS active
FROM mysql.user
LEFT JOIN mysql.role_edges ON role_edges.from_user=user.user
WHERE `account_locked`='Y'
AND `password_expired`='Y'
AND `authentication_string`=''
__EOQ
PTDEBUG && _d("Getting roles");
PTDEBUG && _d($query);
my $roles;
eval { $roles = $dbh->selectall_arrayref($query, { Slice => {} }) };
if ($EVAL_ERROR) {
warn "Cannot list roles: $EVAL_ERROR";
PTDEBUG && _d("Cannot list roles: $EVAL_ERROR");
}
return $roles;
}
sub is_role {
my ($users, $grant) = @_;
foreach my $u ( @$users ) {
my $user_host = "`$u->{User}`\@`$u->{Host}`";
warn "> user_host: $user_host";
if ($grant eq $user_host) {
return 1;
}
}
return 0;
}
sub split_grants { sub split_grants {
my ($grants) = @_; my ($grants) = @_;
return unless $grants; return unless $grants;
@@ -2346,6 +2395,10 @@ example, specifying C<--set-vars wait_timeout=500> overrides the defaultvalue of
The tool prints a warning and continues if a variable cannot be set. The tool prints a warning and continues if a variable cannot be set.
=item --skip-unused-roles
When dumping MySQL 8+ roles, skip unused roles.
=item --socket =item --socket
short form: -S; type: string short form: -S; type: string

View File

@@ -391,7 +391,7 @@ sub verify_test_data {
my @diffs; my @diffs;
foreach my $c ( @checksums ) { foreach my $c ( @checksums ) {
next unless $c->{checksum}; next unless $c->{checksum};
if ( $c->{checksum} ne $ref->{$c->{table}}->{checksum} ) { if ( $ref->{$c->{table}} && $c->{checksum} ne $ref->{$c->{table}}->{checksum} ) {
push @diffs, $c->{table}; push @diffs, $c->{table};
} }
} }

View File

@@ -0,0 +1,89 @@
#!/usr/bin/env perl
BEGIN {
die "The PERCONA_TOOLKIT_BRANCH environment variable is not set.\n"
unless $ENV{PERCONA_TOOLKIT_BRANCH} && -d $ENV{PERCONA_TOOLKIT_BRANCH};
unshift @INC, "$ENV{PERCONA_TOOLKIT_BRANCH}/lib";
};
use strict;
use warnings FATAL => 'all';
use English qw(-no_match_vars);
use Test::More;
use PerconaTest;
use Sandbox;
use SqlModes;
require "$trunk/bin/pt-show-grants";
my $dp = new DSNParser(opts=>$dsn_opts);
my $sb = new Sandbox(basedir => '/tmp', DSNParser => $dp);
my $dbh = $sb->get_dbh_for('master');
if ( !$dbh ) {
plan skip_all => 'Cannot connect to sandbox master';
} elsif ($sandbox_version < '8.0') {
plan skip_all => "There are no roles in this MySQL version. Need MySQL 8.0+";
} else {
plan tests => 4;
}
$sb->wipe_clean($dbh);
my $setup_queries = [
"CREATE ROLE IF NOT EXISTS 'app_developer', 'app_read', 'app_write', 'tester';",
"GRANT ALL ON test.* TO 'app_developer';",
"GRANT SELECT ON test.* TO 'app_read';",
"GRANT SELECT ON test.* TO 'tester';",
"CREATE USER 'zapp'\@'localhost' IDENTIFIED WITH 'mysql_native_password' BY 'test1234';",
"GRANT 'app_read','app_write' TO 'zapp'\@'localhost';",
"GRANT 'tester' TO 'zapp'\@'localhost' WITH ADMIN OPTION;",
"FLUSH PRIVILEGES",
];
my $cleanup_queries = [
"DROP USER IF EXISTS 'zapp'\@'localhost'",
"DROP ROLE IF EXISTS 'app_developer', 'app_read', 'app_write', 'tester'",
"FLUSH PRIVILEGES",
];
for my $query(@$setup_queries) {
$sb->do_as_root('master', $query);
}
my $output;
my $cnf = '/tmp/12345/my.sandbox.cnf';
eval {
$output = output(
sub { pt_show_grants::main('-F', $cnf, '--skip-unused-roles'); }
);
};
is(
$EVAL_ERROR,
'',
'Does not die on anonymous user (issue 445)',
);
like(
$output,
qr/CREATE ROLE IF NOT EXISTS `app_read`;/,
'Roles has been created'
) or diag($output);
unlike(
$output,
qr/CREATE ROLE IF NOT EXISTS `app_developer`;/,
'Unused roles has been skipped'
);
for my $query(@$cleanup_queries) {
$sb->do_as_root('master', $query);
}
# #############################################################################
# Done.
# #############################################################################
$sb->wipe_clean($dbh);
ok($sb->ok(), "Sandbox servers") or BAIL_OUT(__FILE__ . " broke the sandbox");
exit;