1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
|
################################################################################
# This test case tests START GROUP_REPLICATION command with different
# combination of credentials with test_plugin_server.
#
# Test:
# 0. The test requires two servers: M1 and M2.
# 1. Bootstrap M1.
# Install test authentication plugin.
# Create new users.
# 2. Reset recovery interval to 1 and count to 2 for M2.
# 3. Test credentials as parameter START GR.
# Confirm password is not logged.
# 4. SSL - Test credentials as parameter START GR.
# Confirm password is not logged.
# 5. Test wrong credentials.
# Confirm password is not logged.
# 6. Cleanup.
################################################################################
--source include/big_test.inc
--source include/have_group_replication_xcom_communication_stack.inc
--source include/have_group_replication_plugin.inc
--let $rpl_skip_group_replication_start= 1
--source include/group_replication.inc
# have_plugin_auth is simply plugin table check
# If we load it GR fails, so we post-pone install
# Validate plugins
--let plugins = PLUGIN_AUTH,GROUP_REPLICATION
--source include/check_plugin_dir.inc
--echo
--echo # 1. Bootstrap M1.
--echo # Install test authentication plugin.
--echo # Create new users.
--let $rpl_connection_name= server1
--source include/rpl_connection.inc
--replace_result $PLUGIN_AUTH PLUGIN_AUTH
--eval INSTALL PLUGIN test_plugin_server SONAME '$PLUGIN_AUTH'
--source include/start_and_bootstrap_group_replication.inc
SET SQL_LOG_BIN=0;
CREATE USER 'plug_user_p' IDENTIFIED WITH 'test_plugin_server' AS 'proxy_user_p';
CREATE USER 'plug_user_wp' IDENTIFIED WITH 'test_plugin_server' AS 'proxy_user_wp';
CREATE USER 'proxy_user_p' IDENTIFIED BY 'password';
CREATE USER 'proxy_user_wp' IDENTIFIED BY '';
GRANT ALL PRIVILEGES ON *.* TO 'proxy_user_p';
GRANT ALL PRIVILEGES ON *.* TO 'proxy_user_wp';
GRANT PROXY ON 'proxy_user_p' to 'plug_user_p';
GRANT PROXY ON 'proxy_user_wp' to 'plug_user_wp';
GRANT REPLICATION SLAVE ON *.* TO 'plug_user_p';
GRANT REPLICATION SLAVE ON *.* TO 'plug_user_wp';
SET SQL_LOG_BIN=1;
--echo
--echo # 2. Reset recovery interval to 1 and count to 2 for M2.
--let $rpl_connection_name= server2
--source include/rpl_connection.inc
SET @old_log_output= @@log_output;
SET GLOBAL log_output= 'TABLE,FILE';
RESET SLAVE ALL FOR CHANNEL 'group_replication_recovery';
--replace_result $PLUGIN_AUTH PLUGIN_AUTH
--eval INSTALL PLUGIN test_plugin_server SONAME '$PLUGIN_AUTH'
SET @saved_group_replication_recovery_reconnect_interval = @@GLOBAL.group_replication_recovery_reconnect_interval;
SET @saved_gr_recovery_retry_count = @@GLOBAL.group_replication_recovery_retry_count;
SET GLOBAL group_replication_recovery_reconnect_interval= 1;
SET GLOBAL group_replication_recovery_retry_count= 2;
--replace_result $group_replication_group_name GROUP_REPLICATION_GROUP_NAME
--eval SET GLOBAL group_replication_group_name= "$group_replication_group_name"
--echo
--echo # 3. Test credentials as parameter START GR.
--echo # Confirm password is not logged.
## Credentials with password.
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_p' , PASSWORD= 'proxy_user_p';
--let $group_replication_member_state = ONLINE
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_user_p%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
## Credentials without password(test plugin).
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_wp' , PASSWORD= 'proxy_user_wp';
--let $group_replication_member_state = ONLINE
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_user_wp%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
## Credentials with password and plugin name.
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_p' , PASSWORD= 'proxy_user_p' , DEFAULT_AUTH= 'auth_test_plugin';
--let $group_replication_member_state = ONLINE
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_user_p%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
## Credentials without password and plugin name.
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_wp' , PASSWORD= 'proxy_user_wp' , DEFAULT_AUTH= 'auth_test_plugin';
--let $group_replication_member_state = ONLINE
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_user_wp%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
## Credentials without password and complete credentials.
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_wp' , PASSWORD= 'proxy_user_wp' , DEFAULT_AUTH= 'auth_test_plugin';
--let $group_replication_member_state = ONLINE
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_user_wp%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
--echo
--echo # 4. SSL - Test credentials as parameter START GR.
--echo # Confirm password is not logged.
SET @group_replication_recovery_use_ssl_save= @@GLOBAL.group_replication_recovery_use_ssl;
SET GLOBAL group_replication_recovery_use_ssl= ON;
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_p' , PASSWORD= 'proxy_user_p';
--let $group_replication_member_state = ONLINE
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_user_p%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_p' , PASSWORD= 'proxy_user_p' , DEFAULT_AUTH= 'auth_test_plugin';
--let $group_replication_member_state = ONLINE
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_userwp%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER= 'plug_user_wp' , PASSWORD= 'proxy_user_wp' , DEFAULT_AUTH= 'auth_test_plugin';
--let $group_replication_member_state = ONLINE
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_user_wp%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
SET @@GLOBAL.group_replication_recovery_use_ssl= @group_replication_recovery_use_ssl_save;
--echo
--echo # 5. Test wrong credentials.
--echo # Confirm password is not logged.
## Wrong password.
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER='plug_user_p',PASSWORD='WRONG';
--let $group_replication_member_state = ERROR
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_user_p%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
## No passord(test plugin).
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
START GROUP_REPLICATION USER='plug_user_wp';
--let $group_replication_member_state = ERROR
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_user_wp%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is NOT LOGGED not even secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "0"
--source include/assert.inc
## No user.
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
--error ER_GROUP_REPLICATION_USER_MANDATORY_MSG
START GROUP_REPLICATION PASSWORD='wrong';
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%wrong%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
## Wrong authentication plugin.
SET GLOBAL super_read_only= FALSE;
SET SQL_LOG_BIN=0;
TRUNCATE mysql.general_log;
SET SQL_LOG_BIN=1;
--eval START GROUP_REPLICATION USER='plug_user_p' , PASSWORD='proxy_user_p' , DEFAULT_AUTH='wrong_auth';
--let $group_replication_member_state = ONLINE
--source include/gr_wait_for_member_state.inc
--source include/stop_group_replication.inc
--let $assert_text= Password is not logged.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%proxy_user_p%"]" = "0"
--source include/assert.inc
--let $assert_text= Password is logged as secret.
--let $assert_cond= "[SELECT COUNT(*) FROM mysql.general_log WHERE argument LIKE "START GROUP_REPLICATION %PASSWORD_=%<secret>%"]" = "1"
--source include/assert.inc
--echo
--echo # 6. Cleanup.
CHANGE REPLICATION SOURCE TO SOURCE_USER='root' , SOURCE_PASSWORD='' FOR CHANNEL 'group_replication_recovery';
--source include/start_group_replication.inc
SET SESSION sql_log_bin = 0;
call mtr.add_suppression("Replica I/O for channel 'group_replication_recovery': Fatal error: Invalid .* username when attempting to connect to the source server.*");
call mtr.add_suppression("There was an error when connecting to the donor server. Please check that group_replication_recovery channel credentials and all MEMBER_HOST column values of performance_schema.replication_group_members table are correct and DNS resolvable.");
call mtr.add_suppression("For details please check performance_schema.replication_connection_status table and error log messages of Replica I/O for channel group_replication_recovery.");
call mtr.add_suppression("There was an error when connecting to the donor server. Please check that group_replication_recovery channel credentials and all MEMBER_HOST column values of performance_schema.replication_group_members table are correct and DNS resolvable.");
call mtr.add_suppression("Maximum number of retries when trying to connect to a donor reached. Aborting group replication incremental recovery.");
call mtr.add_suppression("Fatal error during the incremental recovery process of Group Replication. The server will leave the group.");
call mtr.add_suppression("The server was automatically set into read only mode after an error was detected.");
call mtr.add_suppression("Skipping leave operation: concurrent attempt to leave the group is on-going.");
call mtr.add_suppression("The server was automatically set into read only mode after an error was detected.");
SET SESSION sql_log_bin = 1;
SET @@GLOBAL.group_replication_recovery_reconnect_interval = @saved_group_replication_recovery_reconnect_interval;
SET @@GLOBAL.group_replication_recovery_retry_count = @saved_gr_recovery_retry_count;
SET GLOBAL log_output= @old_log_output;
UNINSTALL PLUGIN test_plugin_server;
--let $rpl_connection_name= server1
--source include/rpl_connection.inc
SET SESSION sql_log_bin = 0;
call mtr.add_suppression("Wrong password supplied for proxy_user_p");
call mtr.add_suppression("Wrong password supplied for proxy_user_wp");
DROP USER 'plug_user_p';
DROP USER 'plug_user_wp';
DROP USER 'proxy_user_p';
DROP USER 'proxy_user_wp';
SET SESSION sql_log_bin = 1;
UNINSTALL PLUGIN test_plugin_server;
TRUNCATE mysql.general_log;
--source include/group_replication_end.inc
|
