percona/percona-toolkit
1
0
Fork 0
mirror of https://github.com/percona/percona-toolkit.git synced 2026-02-27 02:00:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1065 from percona/PT-2215_pt-table-sync_does_not_recognize_the_privileges_in_roles_for_MariaDB

Browse Source 
Pt 2215 pt table sync does not recognize the privileges in roles for maria db
This commit is contained in:
Sveta Smirnova
2026-02-17 20:36:05 +03:00
committed by GitHub
parent 4c03acb4ed 0955421c18
commit dd589f0b49
12 changed files with 129 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
bin/pt-archiver
View File

@@ -3964,9 +3964,7 @@ sub _find_replicas_by_hosts {
sub get_connected_replicas { sub get_connected_replicas {
my ( $self, $dbh ) = @_; my ( $self, $dbh ) = @_;
my $show = "SHOW GRANTS FOR "; my $sql = "SHOW GRANTS";
my $user = 'CURRENT_USER()';
my $sql = $show . $user;
PTDEBUG && _d($dbh, $sql); PTDEBUG && _d($dbh, $sql);
my $proc; my $proc;
@@ -3975,23 +3973,9 @@ sub get_connected_replicas {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/ m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)}; } @{$dbh->selectcol_arrayref($sql)};
}; };
if ( $EVAL_ERROR ) {
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
if ( $EVAL_ERROR =~ m/no such grant defined for user/ ) {
PTDEBUG && _d('Retrying SHOW GRANTS without host; error:',
$EVAL_ERROR);
($user) = split('@', $user);
$sql = $show . $user;
PTDEBUG && _d($sql);
eval {
$proc = grep {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)};
};
}
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
}
if ( !$proc ) { if ( !$proc ) {
die "You do not have the PROCESS privilege"; die "You do not have the PROCESS privilege";
} }

24
bin/pt-heartbeat
View File

@@ -420,9 +420,7 @@ sub _find_replicas_by_hosts {
sub get_connected_replicas { sub get_connected_replicas {
my ( $self, $dbh ) = @_; my ( $self, $dbh ) = @_;
my $show = "SHOW GRANTS FOR "; my $sql = "SHOW GRANTS";
my $user = 'CURRENT_USER()';
my $sql = $show . $user;
PTDEBUG && _d($dbh, $sql); PTDEBUG && _d($dbh, $sql);
my $proc; my $proc;
@@ -431,23 +429,9 @@ sub get_connected_replicas {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/ m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)}; } @{$dbh->selectcol_arrayref($sql)};
}; };
if ( $EVAL_ERROR ) {
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
if ( $EVAL_ERROR =~ m/no such grant defined for user/ ) {
PTDEBUG && _d('Retrying SHOW GRANTS without host; error:',
$EVAL_ERROR);
($user) = split('@', $user);
$sql = $show . $user;
PTDEBUG && _d($sql);
eval {
$proc = grep {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)};
};
}
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
}
if ( !$proc ) { if ( !$proc ) {
die "You do not have the PROCESS privilege"; die "You do not have the PROCESS privilege";
} }

24
bin/pt-kill
View File

@@ -4238,9 +4238,7 @@ sub _find_replicas_by_hosts {
sub get_connected_replicas { sub get_connected_replicas {
my ( $self, $dbh ) = @_; my ( $self, $dbh ) = @_;
my $show = "SHOW GRANTS FOR "; my $sql = "SHOW GRANTS";
my $user = 'CURRENT_USER()';
my $sql = $show . $user;
PTDEBUG && _d($dbh, $sql); PTDEBUG && _d($dbh, $sql);
my $proc; my $proc;
@@ -4249,23 +4247,9 @@ sub get_connected_replicas {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/ m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)}; } @{$dbh->selectcol_arrayref($sql)};
}; };
if ( $EVAL_ERROR ) {
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
if ( $EVAL_ERROR =~ m/no such grant defined for user/ ) {
PTDEBUG && _d('Retrying SHOW GRANTS without host; error:',
$EVAL_ERROR);
($user) = split('@', $user);
$sql = $show . $user;
PTDEBUG && _d($sql);
eval {
$proc = grep {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)};
};
}
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
}
if ( !$proc ) { if ( !$proc ) {
die "You do not have the PROCESS privilege"; die "You do not have the PROCESS privilege";
} }

24
bin/pt-online-schema-change
View File

@@ -4529,9 +4529,7 @@ sub _find_replicas_by_hosts {
sub get_connected_replicas { sub get_connected_replicas {
my ( $self, $dbh ) = @_; my ( $self, $dbh ) = @_;
my $show = "SHOW GRANTS FOR "; my $sql = "SHOW GRANTS";
my $user = 'CURRENT_USER()';
my $sql = $show . $user;
PTDEBUG && _d($dbh, $sql); PTDEBUG && _d($dbh, $sql);
my $proc; my $proc;
@@ -4540,23 +4538,9 @@ sub get_connected_replicas {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/ m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)}; } @{$dbh->selectcol_arrayref($sql)};
}; };
if ( $EVAL_ERROR ) {
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
if ( $EVAL_ERROR =~ m/no such grant defined for user/ ) {
PTDEBUG && _d('Retrying SHOW GRANTS without host; error:',
$EVAL_ERROR);
($user) = split('@', $user);
$sql = $show . $user;
PTDEBUG && _d($sql);
eval {
$proc = grep {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)};
};
}
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
}
if ( !$proc ) { if ( !$proc ) {
die "You do not have the PROCESS privilege"; die "You do not have the PROCESS privilege";
} }

24
bin/pt-query-digest
View File

@@ -10835,9 +10835,7 @@ sub _find_replicas_by_hosts {
sub get_connected_replicas { sub get_connected_replicas {
my ( $self, $dbh ) = @_; my ( $self, $dbh ) = @_;
my $show = "SHOW GRANTS FOR "; my $sql = "SHOW GRANTS";
my $user = 'CURRENT_USER()';
my $sql = $show . $user;
PTDEBUG && _d($dbh, $sql); PTDEBUG && _d($dbh, $sql);
my $proc; my $proc;
@@ -10846,23 +10844,9 @@ sub get_connected_replicas {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/ m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)}; } @{$dbh->selectcol_arrayref($sql)};
}; };
if ( $EVAL_ERROR ) {
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
if ( $EVAL_ERROR =~ m/no such grant defined for user/ ) {
PTDEBUG && _d('Retrying SHOW GRANTS without host; error:',
$EVAL_ERROR);
($user) = split('@', $user);
$sql = $show . $user;
PTDEBUG && _d($sql);
eval {
$proc = grep {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)};
};
}
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
}
if ( !$proc ) { if ( !$proc ) {
die "You do not have the PROCESS privilege"; die "You do not have the PROCESS privilege";
} }

24
bin/pt-replica-find
View File

@@ -2567,9 +2567,7 @@ sub _find_replicas_by_hosts {
sub get_connected_replicas { sub get_connected_replicas {
my ( $self, $dbh ) = @_; my ( $self, $dbh ) = @_;
my $show = "SHOW GRANTS FOR "; my $sql = "SHOW GRANTS";
my $user = 'CURRENT_USER()';
my $sql = $show . $user;
PTDEBUG && _d($dbh, $sql); PTDEBUG && _d($dbh, $sql);
my $proc; my $proc;
@@ -2578,23 +2576,9 @@ sub get_connected_replicas {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/ m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)}; } @{$dbh->selectcol_arrayref($sql)};
}; };
if ( $EVAL_ERROR ) {
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
if ( $EVAL_ERROR =~ m/no such grant defined for user/ ) {
PTDEBUG && _d('Retrying SHOW GRANTS without host; error:',
$EVAL_ERROR);
($user) = split('@', $user);
$sql = $show . $user;
PTDEBUG && _d($sql);
eval {
$proc = grep {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)};
};
}
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
}
if ( !$proc ) { if ( !$proc ) {
die "You do not have the PROCESS privilege"; die "You do not have the PROCESS privilege";
} }

24
bin/pt-replica-restart
View File

@@ -2981,9 +2981,7 @@ sub _find_replicas_by_hosts {
sub get_connected_replicas { sub get_connected_replicas {
my ( $self, $dbh ) = @_; my ( $self, $dbh ) = @_;
my $show = "SHOW GRANTS FOR "; my $sql = "SHOW GRANTS";
my $user = 'CURRENT_USER()';
my $sql = $show . $user;
PTDEBUG && _d($dbh, $sql); PTDEBUG && _d($dbh, $sql);
my $proc; my $proc;
@@ -2992,23 +2990,9 @@ sub get_connected_replicas {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/ m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)}; } @{$dbh->selectcol_arrayref($sql)};
}; };
if ( $EVAL_ERROR ) {
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
if ( $EVAL_ERROR =~ m/no such grant defined for user/ ) {
PTDEBUG && _d('Retrying SHOW GRANTS without host; error:',
$EVAL_ERROR);
($user) = split('@', $user);
$sql = $show . $user;
PTDEBUG && _d($sql);
eval {
$proc = grep {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)};
};
}
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
}
if ( !$proc ) { if ( !$proc ) {
die "You do not have the PROCESS privilege"; die "You do not have the PROCESS privilege";
} }

24
bin/pt-table-checksum
View File

@@ -5484,9 +5484,7 @@ sub _find_replicas_by_hosts {
sub get_connected_replicas { sub get_connected_replicas {
my ( $self, $dbh ) = @_; my ( $self, $dbh ) = @_;
my $show = "SHOW GRANTS FOR "; my $sql = "SHOW GRANTS";
my $user = 'CURRENT_USER()';
my $sql = $show . $user;
PTDEBUG && _d($dbh, $sql); PTDEBUG && _d($dbh, $sql);
my $proc; my $proc;
@@ -5495,23 +5493,9 @@ sub get_connected_replicas {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/ m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)}; } @{$dbh->selectcol_arrayref($sql)};
}; };
if ( $EVAL_ERROR ) {
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
if ( $EVAL_ERROR =~ m/no such grant defined for user/ ) {
PTDEBUG && _d('Retrying SHOW GRANTS without host; error:',
$EVAL_ERROR);
($user) = split('@', $user);
$sql = $show . $user;
PTDEBUG && _d($sql);
eval {
$proc = grep {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)};
};
}
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
}
if ( !$proc ) { if ( !$proc ) {
die "You do not have the PROCESS privilege"; die "You do not have the PROCESS privilege";
} }

24
bin/pt-table-sync
View File

@@ -7014,9 +7014,7 @@ sub _find_replicas_by_hosts {
sub get_connected_replicas { sub get_connected_replicas {
my ( $self, $dbh ) = @_; my ( $self, $dbh ) = @_;
my $show = "SHOW GRANTS FOR "; my $sql = "SHOW GRANTS";
my $user = 'CURRENT_USER()';
my $sql = $show . $user;
PTDEBUG && _d($dbh, $sql); PTDEBUG && _d($dbh, $sql);
my $proc; my $proc;
@@ -7025,23 +7023,9 @@ sub get_connected_replicas {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/ m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)}; } @{$dbh->selectcol_arrayref($sql)};
}; };
if ( $EVAL_ERROR ) {
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
if ( $EVAL_ERROR =~ m/no such grant defined for user/ ) {
PTDEBUG && _d('Retrying SHOW GRANTS without host; error:',
$EVAL_ERROR);
($user) = split('@', $user);
$sql = $show . $user;
PTDEBUG && _d($sql);
eval {
$proc = grep {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)};
};
}
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
}
if ( !$proc ) { if ( !$proc ) {
die "You do not have the PROCESS privilege"; die "You do not have the PROCESS privilege";
} }

27
lib/MasterSlave.pm
View File

@@ -381,9 +381,7 @@ sub get_connected_replicas {
my ( $self, $dbh ) = @_; my ( $self, $dbh ) = @_;
# Check for the PROCESS privilege. # Check for the PROCESS privilege.
my $show = "SHOW GRANTS FOR "; my $sql = "SHOW GRANTS";
my $user = 'CURRENT_USER()';
my $sql = $show . $user;
PTDEBUG && _d($dbh, $sql); PTDEBUG && _d($dbh, $sql);
my $proc; my $proc;
@@ -392,26 +390,9 @@ sub get_connected_replicas {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/ m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)}; } @{$dbh->selectcol_arrayref($sql)};
}; };
if ( $EVAL_ERROR ) {
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
if ( $EVAL_ERROR =~ m/no such grant defined for user/ ) {
# Try again without a host.
PTDEBUG && _d('Retrying SHOW GRANTS without host; error:',
$EVAL_ERROR);
($user) = split('@', $user);
$sql = $show . $user;
PTDEBUG && _d($sql);
eval {
$proc = grep {
m/ALL PRIVILEGES.*?\*\.\*|PROCESS/
} @{$dbh->selectcol_arrayref($sql)};
};
}
# The 2nd try above might have cleared $EVAL_ERROR.
# If not, die now.
die "Failed to $sql: $EVAL_ERROR" if $EVAL_ERROR;
}
if ( !$proc ) { if ( !$proc ) {
die "You do not have the PROCESS privilege"; die "You do not have the PROCESS privilege";
} }

BIN
sandbox/servers/mariadb/11.3/data.tar.gz
View File

Binary file not shown.

89
t/pt-table-sync/pt-2215.t Normal file
View File

@@ -0,0 +1,89 @@
#!/usr/bin/env perl
BEGIN {
die "The PERCONA_TOOLKIT_BRANCH environment variable is not set.\n"
unless $ENV{PERCONA_TOOLKIT_BRANCH} && -d $ENV{PERCONA_TOOLKIT_BRANCH};
unshift @INC, "$ENV{PERCONA_TOOLKIT_BRANCH}/lib";
};
use strict;
use warnings FATAL => 'all';
use English qw(-no_match_vars);
use Test::More;
use PerconaTest;
use Sandbox;
require "$trunk/bin/pt-table-sync";
my $dp = new DSNParser(opts=>$dsn_opts);
my $sb = new Sandbox(basedir => '/tmp', DSNParser => $dp);
my $source_dbh = $sb->get_dbh_for('source');
my $replica_dbh = $sb->get_dbh_for('replica1');
if ( !$source_dbh ) {
plan skip_all => 'Cannot connect to sandbox source';
}
elsif ( !$replica_dbh ) {
plan skip_all => 'Cannot connect to sandbox replica';
}
elsif ( $sandbox_version lt '8.0' and $ENV{FORK} ne 'mariadb' ) {
plan skip_all => "Requires MySQL 8.0 or newer or MariaDB";
}
else {
plan tests => 3;
}
my ($output, $exit_code);
my @args = (qw(--sync-to-source -t sakila.actor --print --chunk-size 100));
my $to = 'TO';
$ENV{FORK} eq 'mariadb' and $to = 'FOR';
$sb->do_as_root(
'source',
q/CREATE USER `vinnie`@`%` IDENTIFIED BY 'percona123'/,
q/GRANT USAGE ON *.* TO `vinnie`@`%`/,
q/CREATE ROLE `dba`/,
q/GRANT ALL PRIVILEGES ON *.* TO `dba` WITH GRANT OPTION/,
q/GRANT `dba` TO `vinnie`@`%`/,
qq/SET DEFAULT ROLE `dba` ${to} `vinnie`@`%`/,
);
if ( $ENV{FORK} ne 'mariadb') {
diag(`/tmp/12345/use -h127.1 -P12345 -uvinnie -ppercona123 --ssl-mode=DISABLED --get-server-public-key -e 'select 1' 2>&1 > /dev/null`);
diag(`/tmp/12345/use -h127.1 -P12346 -uvinnie -ppercona123 --ssl-mode=DISABLED --get-server-public-key -e 'select 1' 2>&1 > /dev/null`);
diag(`/tmp/12345/use -h127.1 -P12347 -uvinnie -ppercona123 --ssl-mode=DISABLED --get-server-public-key -e 'select 1' 2>&1 > /dev/null`);
}
$sb->load_file('source', "t/pt-online-schema-change/samples/ssl_dsns.sql");
($output, $exit_code) = full_output(
sub { pt_table_sync::main('h=127.1,P=12346,D=sakila,t=actor,u=vinnie,p=percona123', @args) },
stderr => 1,
);
is(
$exit_code,
0,
"No error for the user with privileges granted by the role"
) or diag($output);
unlike(
$output,
qr/You do not have the PROCESS privilege at/,
'No error for missing PROCESS privilege'
) or diag($output);
# #############################################################################
# Done.
# #############################################################################
$sb->do_as_root(
'source',
q/DROP USER `vinnie`@`%`/,
q/DROP ROLE `dba`/,
);
$sb->wipe_clean($source_dbh);
$sb->wait_for_replicas();
ok($sb->ok(), "Sandbox servers") or BAIL_OUT(__FILE__ . " broke the sandbox");
exit;