File: gr_recovery_tlsv13_empty_ciphersuites.test

package info (click to toggle)
mysql-8.0 8.0.43-3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 1,273,924 kB
  • sloc: cpp: 4,684,605; ansic: 412,450; pascal: 108,398; java: 83,641; perl: 30,221; cs: 27,067; sql: 26,594; sh: 24,181; python: 21,816; yacc: 17,169; php: 11,522; xml: 7,388; javascript: 7,076; makefile: 2,194; lex: 1,075; awk: 670; asm: 520; objc: 183; ruby: 97; lisp: 86
file content (115 lines) | stat: -rw-r--r-- 4,996 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
 
################################################################################
# Validate Group Replication behavior when members have empty TLS ciphersuites.
#
# Test:
# 0. The test requires two servers: M1 and M2.
# 1. Setup the first member (M1) with a recovery user that requires TLS 1.3
#    with default ciphersuites.
# 2. Add some data and bootstrap start a group on M1.
# 3. Configure a joining member (M2) to use SSL options and a empty TLS
#    ciphersuite on recovery. Member will not be able to join.
# 4. Configure a joining member (M2) to use SSL options and a default TLS
#    ciphersuite on recovery. Member will be able to join.
# 5. Clean up.
################################################################################

--source include/have_tlsv13.inc
--source include/have_group_replication_xcom_communication_stack.inc
--source include/have_group_replication_plugin.inc
--let $rpl_skip_group_replication_start= 1
--source include/group_replication.inc

--echo #
--echo # Setup the first member with a recovery user that requires TLS 1.3
--echo #

--let $rpl_connection_name= server1
--source include/rpl_connection.inc

# create a user for replication that requires ssl encryption
SET SESSION sql_log_bin=0;
CREATE USER 'rec_ssl_user'@'%' REQUIRE SSL;
GRANT replication slave ON *.* TO 'rec_ssl_user'@'%';
SET SESSION sql_log_bin=1;

SET @tls_version_saved= @@GLOBAL.tls_version;
SET GLOBAL tls_version='TLSv1.3';
ALTER INSTANCE RELOAD TLS;

--echo #
--echo # Add some data and start the member
--echo #

CREATE TABLE t1 (c1 INT NOT NULL PRIMARY KEY) ENGINE=InnoDB;
INSERT INTO t1 VALUES (1);

--source include/start_and_bootstrap_group_replication.inc

--echo #
--echo # Configure a joining member to use SSL options and a empty TLS
--echo # ciphersuite on recovery. Member will not be able to join.
--echo #

--let $rpl_connection_name= server2
--source include/rpl_connection.inc

SET SESSION sql_log_bin= 0;
call mtr.add_suppression("There was an error when connecting to the donor server. Please check that group_replication_recovery channel credentials and all MEMBER_HOST column values of performance_schema.replication_group_members table are correct and DNS resolvable.");
call mtr.add_suppression("Plugin group_replication reported: 'For details please check performance_schema.replication_connection_status table and error log messages of Replica I/O for channel group_replication_recovery.");
call mtr.add_suppression("Plugin group_replication reported: 'Maximum number of retries when trying to connect to a donor reached. Aborting group replication incremental recovery.");
call mtr.add_suppression("Fatal error during the incremental recovery process of Group Replication. The server will leave the group.");
call mtr.add_suppression("The server was automatically set into read only mode after an error was detected.");
call mtr.add_suppression("Skipping leave operation: concurrent attempt to leave the group is on-going.");
SET SESSION sql_log_bin= 1;

--disable_warnings
CHANGE REPLICATION SOURCE TO SOURCE_USER="rec_ssl_user" FOR CHANNEL "group_replication_recovery";
--enable_warnings

SET @group_replication_recovery_use_ssl_saved= @@GLOBAL.group_replication_recovery_use_ssl;
SET GLOBAL group_replication_recovery_use_ssl= 1;
SET @group_replication_recovery_tls_ciphersuites_saved= @@GLOBAL.group_replication_recovery_tls_ciphersuites;
SET GLOBAL group_replication_recovery_tls_ciphersuites= '';

SET @group_replication_recovery_retry_count_saved= @@GLOBAL.group_replication_recovery_retry_count;
SET GLOBAL group_replication_recovery_retry_count= 1;

--let $group_replication_start_member_state= ERROR
--source include/start_group_replication.inc

--let $assert_text = incremental recovery connection failed with error CR_SSL_CONNECTION_ERROR
--let $assert_cond = "[SELECT LAST_ERROR_NUMBER FROM performance_schema.replication_connection_status where CHANNEL_NAME = \'group_replication_recovery\']" = "2026"
--source include/assert.inc

--source include/stop_group_replication.inc

--echo #
--echo # Configure a joining member to use SSL options and default TLS
--echo # ciphersuites on recovery. Member will be able to join.
--echo #

SET GLOBAL group_replication_recovery_tls_ciphersuites= DEFAULT;

--source include/start_group_replication.inc

--echo #
--echo # Clean up
--echo #
--let $rpl_connection_name= server2
--source include/rpl_connection.inc
SET @@GLOBAL.group_replication_recovery_use_ssl= @group_replication_recovery_use_ssl_saved;
SET @@GLOBAL.group_replication_recovery_tls_ciphersuites= @group_replication_recovery_tls_ciphersuites_saved;
SET @@GLOBAL.group_replication_recovery_retry_count= @group_replication_recovery_retry_count_saved;

--let $rpl_connection_name= server1
--source include/rpl_connection.inc
SET @@GLOBAL.tls_version= @tls_version_saved;
ALTER INSTANCE RELOAD TLS;

SET SESSION sql_log_bin=0;
DROP USER 'rec_ssl_user';
SET SESSION sql_log_bin=1;

DROP TABLE t1;

--source include/group_replication_end.inc