File: grant_dynamic_flush.test

package info (click to toggle)
mysql-8.0 8.0.43-3
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 1,273,924 kB
  • sloc: cpp: 4,684,605; ansic: 412,450; pascal: 108,398; java: 83,641; perl: 30,221; cs: 27,067; sql: 26,594; sh: 24,181; python: 21,816; yacc: 17,169; php: 11,522; xml: 7,388; javascript: 7,076; makefile: 2,194; lex: 1,075; awk: 670; asm: 520; objc: 183; ruby: 97; lisp: 86
file content (143 lines) | stat: -rw-r--r-- 4,535 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
 
--echo #
--echo # WL#14303: More granular privilege control of the FLUSH operations
--echo #

# Save the initial number of concurrent sessions
--source include/count_sessions.inc
enable_connect_log;

--echo # Check who has the FLUSH_xx privileges.
--echo # Success criteria: Should be root and 4 rows
SELECT GRANTEE, PRIVILEGE_TYPE, IS_GRANTABLE FROM INFORMATION_SCHEMA.USER_PRIVILEGES
  WHERE PRIVILEGE_TYPE LIKE 'FLUSH_%' ORDER BY 1,2,3;

--echo # FR1: FLUSH HOSTS is deprecated
--echo # Success criteria: deprecation warning
FLUSH HOSTS;
--echo # Success criteria: no warning
TRUNCATE TABLE performance_schema.host_cache;


--echo # FR2: FLUSH_OPTIMIZER_COSTS should allow FLUSH OPTIMIZER_COSTS
CREATE USER wl14303@localhost;
GRANT FLUSH_OPTIMIZER_COSTS ON *.* TO  wl14303@localhost;
connect(FLUSH_OPTIMIZER_COSTS_con,localhost,wl14303,,);
--echo # Success criteria: should work
FLUSH OPTIMIZER_COSTS;
--echo # Success criteria: should fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
FLUSH HOSTS;
connection default;
disconnect FLUSH_OPTIMIZER_COSTS_con;
DROP USER wl14303@localhost;

--echo # FR3: FLUSH_STATUS should allow FLUSH STATUS
CREATE USER wl14303@localhost;
GRANT FLUSH_STATUS ON *.* TO  wl14303@localhost;
connect(FLUSH_STATUS_con,localhost,wl14303,,);
--echo # Success criteria: should work
FLUSH STATUS;
--echo # Success criteria: should fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
FLUSH HOSTS;
connection default;
disconnect FLUSH_STATUS_con;
DROP USER wl14303@localhost;

--echo # FR4: FLUSH_USER_RESOURCES should allow FLUSH USER_RESOURCES
CREATE USER wl14303@localhost;
GRANT FLUSH_USER_RESOURCES ON *.* TO  wl14303@localhost;
connect(FLUSH_USER_RESOURCES_con,localhost,wl14303,,);
--echo # Success criteria: should work
FLUSH USER_RESOURCES;
--echo # Success criteria: should fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
FLUSH HOSTS;
connection default;
disconnect FLUSH_USER_RESOURCES_con;
DROP USER wl14303@localhost;

--echo # FR5: FLUSH_TABLES should allow FLUSH TABLES
CREATE USER wl14303@localhost;
GRANT FLUSH_TABLES ON *.* TO wl14303@localhost;
CREATE TABLE t1(a int);
GRANT ALL PRIVILEGES ON t1 TO wl14303@localhost;
connect(FLUSH_TABLES_con,localhost,wl14303,,);
--echo # Success criteria: should work
FLUSH TABLES;
--echo # Success criteria: should work
FLUSH TABLES t1;
--echo # Success criteria: should work
FLUSH TABLES WITH READ LOCK;
UNLOCK TABLES;
--echo # Success criteria: should work
FLUSH TABLES t1 WITH READ LOCK;
UNLOCK TABLES;
--echo # Success criteria: should work
FLUSH TABLES t1 FOR EXPORT;
UNLOCK TABLES;

--echo # Success criteria: should fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
FLUSH HOSTS;
connection default;
disconnect FLUSH_TABLES_con;
REVOKE ALL PRIVILEGES ON t1 FROM wl14303@localhost;
DROP USER wl14303@localhost;
DROP TABLE t1;


--echo # FR6: RELOAD privilege works
CREATE USER wl14303@localhost;
GRANT RELOAD ON *.* TO wl14303@localhost;
connect(RELOAD_con,localhost,wl14303,,);
--echo # Success criteria: should work
FLUSH HOSTS;
FLUSH OPTIMIZER_COSTS;
FLUSH STATUS;
FLUSH USER_RESOURCES;
FLUSH TABLES;
connection default;
disconnect RELOAD_con;
DROP USER wl14303@localhost;


--echo # test combo of FLUSH options
CREATE USER wl14303@localhost;
GRANT FLUSH_STATUS,FLUSH_USER_RESOURCES ON *.* TO  wl14303@localhost;
connect(COMBO_con,localhost,wl14303,,);
--echo # two new ones (allowed, forbidden): should fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
FLUSH STATUS,OPTIMIZER_COSTS;
--echo # two new ones (forbidden, allowed): should fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
FLUSH OPTIMIZER_COSTS,STATUS;
--echo # old and a new one: should fail
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
FLUSH STATUS,PRIVILEGES;
--echo # two new ones: should work
FLUSH STATUS,USER_RESOURCES;
connection default;
disconnect COMBO_con;
DROP USER wl14303@localhost;

--echo # FR8: test mysqladmin
SET @saved_log_output = @@global.log_output;
SET @saved_general_log = @@global.general_log;

SET global log_output='table';
SET global general_log=on;
--exec $MYSQLADMIN --no-defaults -u root -S $MASTER_MYSOCK -P $MASTER_MYPORT flush-hosts 2>&1
SET global general_log=@saved_general_log;
SET global log_output=@saved_log_output;
--echo # Success criteria: should contain just 1 TRUNCATE TABLE rows
query_vertical SELECT command_type, argument FROM mysql.general_log WHERE command_type='Query';

TRUNCATE TABLE mysql.general_log;


# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc
disable_connect_log;

--echo # End of 8.0 tests