File: gr_recovery_tlsv13_nondefault_ciphersuite.test

package info (click to toggle)
mysql-8.0 8.0.43-3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 1,273,924 kB
  • sloc: cpp: 4,684,605; ansic: 412,450; pascal: 108,398; java: 83,641; perl: 30,221; cs: 27,067; sql: 26,594; sh: 24,181; python: 21,816; yacc: 17,169; php: 11,522; xml: 7,388; javascript: 7,076; makefile: 2,194; lex: 1,075; awk: 670; asm: 520; objc: 183; ruby: 97; lisp: 86
file content (137 lines) | stat: -rw-r--r-- 4,712 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
 
################################################################################
# Base test to verify the basic TLS 1.3 support on Group Replication.
#
# Test:
# 0. The test requires two servers: M1 and M2.
# 1. Setup the first member (M1) with a recovery user that requires TLS 1.3 with
#    a non-default ciphersuite.
# 2. Add some data and bootstrap start a group on M1.
# 3. Configure joining member (M2) to use SSL options on recovery. Start GR on
#    M2. Check the data is there.
# 4. Clean up.
################################################################################

--source include/have_tlsv13.inc
--source include/have_group_replication_plugin.inc
--let $rpl_skip_group_replication_start= 1
--source include/group_replication.inc

--echo #
--echo # Setup the first member with a recovery user that requires TLS 1.3
--echo #

--let $rpl_connection_name= server1
--source include/rpl_connection.inc

# create a user for replication that requires ssl encryption
SET SESSION sql_log_bin=0;
CREATE USER 'rec_ssl_user'@'%' REQUIRE SSL;
GRANT replication slave ON *.* TO 'rec_ssl_user'@'%';
GRANT GROUP_REPLICATION_STREAM ON *.* TO 'rec_ssl_user'@'%';
FLUSH PRIVILEGES;
SET SESSION sql_log_bin=1;

SET @tls_version_saved= @@GLOBAL.tls_version;
SET GLOBAL tls_version='TLSv1.3';
SET @tls_ciphersuites_saved= @@GLOBAL.tls_ciphersuites;
SET GLOBAL tls_ciphersuites='TLS_AES_128_CCM_8_SHA256';
SET @group_replication_recovery_tls_ciphersuites_saved= @@GLOBAL.group_replication_recovery_tls_ciphersuites;
SET GLOBAL group_replication_recovery_tls_ciphersuites='TLS_AES_128_CCM_8_SHA256';

SET @conf_rec_ssl_mode= @@GLOBAL.group_replication_ssl_mode;
SET GLOBAL group_replication_ssl_mode= REQUIRED;

ALTER INSTANCE RELOAD TLS;

--echo #
--echo # Add some data and start the member
--echo #

CREATE TABLE t1 (c1 INT NOT NULL PRIMARY KEY) ENGINE=InnoDB;
INSERT INTO t1 VALUES (1);

--source include/start_and_bootstrap_group_replication.inc

--echo #
--echo # Configure a joining member to use SSL options on recovery and start it
--echo #

--let $rpl_connection_name= server2
--source include/rpl_connection.inc

SET SESSION sql_log_bin=0;
CREATE USER 'rec_ssl_user'@'%' REQUIRE SSL;
GRANT replication slave ON *.* TO 'rec_ssl_user'@'%';
GRANT GROUP_REPLICATION_STREAM ON *.* TO 'rec_ssl_user'@'%';
FLUSH PRIVILEGES;
SET SESSION sql_log_bin=1;

# Configure TLS on the server to allow GCS connections over TLS
SET @tls_version_saved= @@GLOBAL.tls_version;
SET GLOBAL tls_version='TLSv1.3';
SET @tls_ciphersuites_saved= @@GLOBAL.tls_ciphersuites;
SET GLOBAL tls_ciphersuites='TLS_AES_128_CCM_8_SHA256';

SET @conf_rec_ssl_mode= @@GLOBAL.group_replication_ssl_mode;
SET GLOBAL group_replication_ssl_mode= REQUIRED;

ALTER INSTANCE RELOAD TLS;

--disable_warnings
CHANGE REPLICATION SOURCE TO SOURCE_USER="rec_ssl_user" FOR CHANNEL "group_replication_recovery";
--enable_warnings

SET @group_replication_recovery_use_ssl_saved= @@GLOBAL.group_replication_recovery_use_ssl;
SET GLOBAL group_replication_recovery_use_ssl=1;
SET @group_replication_recovery_tls_ciphersuites_saved= @@GLOBAL.group_replication_recovery_tls_ciphersuites;
SET GLOBAL group_replication_recovery_tls_ciphersuites='TLS_AES_128_CCM_8_SHA256';

--source include/start_group_replication.inc

--echo #
--echo # Check the data is there
--echo #

--let $assert_text= On the recovered member, the table should exist and have 1 elements;
--let $assert_cond= [select count(*) from t1] = 1;
--source include/assert.inc

--echo #
--echo # Clean up
--echo #
--let $rpl_connection_name= server2
--source include/rpl_connection.inc
SET @@GLOBAL.tls_version= @tls_version_saved;
SET @@GLOBAL.tls_ciphersuites= @tls_ciphersuites_saved;
ALTER INSTANCE RELOAD TLS;
SET @@GLOBAL.group_replication_recovery_use_ssl= @group_replication_recovery_use_ssl_saved;
SET @@GLOBAL.group_replication_recovery_tls_ciphersuites= @group_replication_recovery_tls_ciphersuites_saved;

--let $rpl_connection_name= server1
--source include/rpl_connection.inc
SET @@GLOBAL.tls_version= @tls_version_saved;
SET @@GLOBAL.tls_ciphersuites= @tls_ciphersuites_saved;
SET @@GLOBAL.group_replication_recovery_tls_ciphersuites= @group_replication_recovery_tls_ciphersuites_saved;

SET @@GLOBAL.group_replication_ssl_mode= @conf_rec_ssl_mode;
ALTER INSTANCE RELOAD TLS;

ALTER INSTANCE RELOAD TLS;

SET SESSION sql_log_bin=0;
DROP USER 'rec_ssl_user';
SET SESSION sql_log_bin=1;

DROP TABLE t1;

--let $rpl_connection_name= server2
--source include/rpl_connection.inc

SET SESSION sql_log_bin=0;
DROP USER 'rec_ssl_user';
SET SESSION sql_log_bin=1;

SET @@GLOBAL.group_replication_ssl_mode= @conf_rec_ssl_mode;
ALTER INSTANCE RELOAD TLS;

--source include/group_replication_end.inc