From 2eed41fe3f751306e47ec101384078d3ac552569 Mon Sep 17 00:00:00 2001 From: Anton Matvienko Date: Wed, 3 May 2023 07:39:36 +0000 Subject: [PATCH] PXC-3546: [MTR] Fix failing keyring_vault sute tests https://jira.percona.com/browse/PXC-3546 All tests had the same cause of failure: keyring_vault plugin installation requires keyring_vault_config variable with valid data in the file. Setting this variable at the time of the test run is not possible as the file is generated within the test itself. Restarting the server solved the problem. This breaking change has been made intentionally in PXC-2135 (commit b58c1d13dfe0). Before the change plugin was loaded without valid or any keyring_vault_config file, so we could SET that plugin variable. Reasons for deletion: - keyring_vault_timeout: relies on keyring_vault_config with invalid data, which is now impossible. --- .../innodb_online_alter_encryption-master.opt | 3 - .../mtr/innodb_online_alter_encryption.result | 1 - .../mtr/innodb_online_alter_encryption.test | 5 +- .../mtr/innodb_row_log_encryption-master.opt | 4 - .../mtr/innodb_row_log_encryption.result | 1 - .../tests/mtr/innodb_row_log_encryption.test | 5 +- .../mtr/install_keyring_vault-master.opt | 1 - .../tests/mtr/install_keyring_vault.result | 6 +- .../tests/mtr/install_keyring_vault.test | 9 +- .../mtr/keyring_vault_config_qa-master.opt | 1 - .../tests/mtr/keyring_vault_config_qa.result | 8 +- .../tests/mtr/keyring_vault_config_qa.test | 9 +- .../mtr/keyring_vault_timeout-master.opt | 1 - .../tests/mtr/keyring_vault_timeout.result | 13 -- .../tests/mtr/keyring_vault_timeout.test | 82 --------- .../tests/mtr/rpl_key_rotation-master.opt | 2 - .../tests/mtr/rpl_key_rotation-slave.opt | 4 - .../tests/mtr/rpl_key_rotation.result | 18 +- .../tests/mtr/rpl_key_rotation.test | 30 +++- .../tests/mtr/table_encrypt_2-master.opt | 2 - .../tests/mtr/table_encrypt_2.result | 2 +- .../tests/mtr/table_encrypt_2.test | 9 +- .../mtr/table_encrypt_2_directory.result | 167 ------------------ .../tests/mtr/table_encrypt_5-master.opt | 1 - .../tests/mtr/table_encrypt_5.test | 5 +- ...emp_table_encrypt_keyring_vault-master.opt | 2 - .../tests/mtr/timeout_basic-master.opt | 2 - .../tests/mtr/timeout_basic.result | 2 + .../tests/mtr/timeout_basic.test | 20 +++ .../mtr/wrong_keyring_vault_config.result | 1 + .../tests/mtr/wrong_keyring_vault_config.test | 3 +- 31 files changed, 79 insertions(+), 340 deletions(-) delete mode 100644 plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption-master.opt delete mode 100644 plugin/keyring_vault/tests/mtr/innodb_row_log_encryption-master.opt delete mode 100644 plugin/keyring_vault/tests/mtr/install_keyring_vault-master.opt delete mode 100644 plugin/keyring_vault/tests/mtr/keyring_vault_config_qa-master.opt delete mode 100644 plugin/keyring_vault/tests/mtr/keyring_vault_timeout-master.opt delete mode 100644 plugin/keyring_vault/tests/mtr/keyring_vault_timeout.result delete mode 100644 plugin/keyring_vault/tests/mtr/keyring_vault_timeout.test delete mode 100644 plugin/keyring_vault/tests/mtr/rpl_key_rotation-master.opt delete mode 100644 plugin/keyring_vault/tests/mtr/rpl_key_rotation-slave.opt delete mode 100644 plugin/keyring_vault/tests/mtr/table_encrypt_2-master.opt delete mode 100644 plugin/keyring_vault/tests/mtr/table_encrypt_2_directory.result delete mode 100644 plugin/keyring_vault/tests/mtr/table_encrypt_5-master.opt delete mode 100644 plugin/keyring_vault/tests/mtr/temp_table_encrypt_keyring_vault-master.opt delete mode 100644 plugin/keyring_vault/tests/mtr/timeout_basic-master.opt diff --git a/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption-master.opt b/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption-master.opt deleted file mode 100644 index 5d9bbb435d6e..000000000000 --- a/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption-master.opt +++ /dev/null @@ -1,3 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT -$KEYRING_VAULT_PLUGIN_LOAD ---innodb-sort-buffer-size=64k diff --git a/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption.result b/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption.result index db05495b76d2..e6d852e5adc5 100644 --- a/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption.result +++ b/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption.result @@ -1,4 +1,3 @@ -SET @@global.keyring_vault_config="MYSQLTEST_VARDIR/keyring_vault.conf"; # restart: CREATE TABLE t1 (id INT NOT NULL PRIMARY KEY, a VARCHAR(255)) ENGINE=InnoDB ENCRYPTION='y'; CREATE TABLE t2 (id INT NOT NULL PRIMARY KEY, a VARCHAR(255)) ENGINE=InnoDB; diff --git a/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption.test b/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption.test index 3b74ec940a91..0f7d606a5809 100644 --- a/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption.test +++ b/plugin/keyring_vault/tests/mtr/innodb_online_alter_encryption.test @@ -20,10 +20,7 @@ call mtr.add_suppression("keyring_vault initialization failure"); call mtr.add_suppression("A message intended for a client cannot be sent there as no client-session is attached"); --enable_query_log ---let $keyring_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --loose-keyring_vault_config=$vault_conf_file --innodb-sort-buffer-size=64k --innodb_encrypt_online_alter_logs=ON - ---replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR -eval SET @@global.keyring_vault_config="$vault_conf_file"; +--let $keyring_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --keyring_vault_config=$vault_conf_file --innodb-sort-buffer-size=64k --innodb_encrypt_online_alter_logs=ON --source include/innodb_online_alter_encryption.inc diff --git a/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption-master.opt b/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption-master.opt deleted file mode 100644 index cdcb72ec4604..000000000000 --- a/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption-master.opt +++ /dev/null @@ -1,4 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT -$KEYRING_VAULT_PLUGIN_LOAD ---innodb-sort-buffer-size=64k ---innodb_encrypt_online_alter_logs=ON diff --git a/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption.result b/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption.result index 797da1560424..fa7b2fc6a2fd 100644 --- a/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption.result +++ b/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption.result @@ -1,4 +1,3 @@ -SET @@global.keyring_vault_config="MYSQLTEST_VARDIR/keyring_vault.conf"; # restart: CREATE TABLE t1(id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, credit_card VARCHAR(200), private VARCHAR(50)) ENGINE=InnoDB ENCRYPTION='y'; SET DEBUG_SYNC= 'ddl_after_scan SIGNAL opened WAIT_FOR rotated'; diff --git a/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption.test b/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption.test index 8d7cc3aca061..afec866a4e05 100644 --- a/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption.test +++ b/plugin/keyring_vault/tests/mtr/innodb_row_log_encryption.test @@ -21,10 +21,7 @@ call mtr.add_suppression("keyring_vault initialization failure"); call mtr.add_suppression("A message intended for a client cannot be sent there as no client-session is attached"); --enable_query_log ---let $keyring_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --loose-keyring_vault_config=$vault_conf_file --innodb-sort-buffer-size=64k --innodb_encrypt_online_alter_logs=ON - ---replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR -eval SET @@global.keyring_vault_config="$vault_conf_file"; +--let $keyring_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --keyring_vault_config=$vault_conf_file --innodb-sort-buffer-size=64k --innodb_encrypt_online_alter_logs=ON --source include/innodb_row_log_encryption.inc diff --git a/plugin/keyring_vault/tests/mtr/install_keyring_vault-master.opt b/plugin/keyring_vault/tests/mtr/install_keyring_vault-master.opt deleted file mode 100644 index f896e2bda971..000000000000 --- a/plugin/keyring_vault/tests/mtr/install_keyring_vault-master.opt +++ /dev/null @@ -1 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT diff --git a/plugin/keyring_vault/tests/mtr/install_keyring_vault.result b/plugin/keyring_vault/tests/mtr/install_keyring_vault.result index 7704cf923857..8ae655554049 100644 --- a/plugin/keyring_vault/tests/mtr/install_keyring_vault.result +++ b/plugin/keyring_vault/tests/mtr/install_keyring_vault.result @@ -1,8 +1,4 @@ -SET @@global.keyring_vault_config='MYSQLTEST_VARDIR/keyring_vault1.conf'; -ERROR HY000: Unknown system variable 'keyring_vault_config' -INSTALL PLUGIN keyring_vault SONAME 'keyring_vault.so'; -Warnings: -Warning 42000 keyring_vault initialization failure. Please check the server log. +# restart: SET @@global.keyring_vault_config='MYSQLTEST_VARDIR/keyring_vault2.conf'; SET @@global.keyring_vault_config='MYSQLTEST_VARDIR/keyring_vault1.conf'; UNINSTALL PLUGIN keyring_vault; diff --git a/plugin/keyring_vault/tests/mtr/install_keyring_vault.test b/plugin/keyring_vault/tests/mtr/install_keyring_vault.test index 4b505b1f3265..ebb1c99d902b 100644 --- a/plugin/keyring_vault/tests/mtr/install_keyring_vault.test +++ b/plugin/keyring_vault/tests/mtr/install_keyring_vault.test @@ -35,12 +35,9 @@ call mtr.add_suppression("for being a mount point unsuccessful - skipped."); call mtr.add_suppression("for being a mount point successful - identified kv-v2 secret engine."); --enable_query_log ---replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR ---error ER_UNKNOWN_SYSTEM_VARIABLE -eval SET @@global.keyring_vault_config='$conf_file1'; - ---replace_regex /\.dll/.so/ -eval INSTALL PLUGIN keyring_vault SONAME '$KEYRING_VAULT_PLUGIN'; +--let $restart_parameters = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --keyring_vault_config=$conf_file1 +--let $do_not_echo_parameters = 1 +--source include/restart_mysqld.inc --replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR eval SET @@global.keyring_vault_config='$conf_file2'; diff --git a/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa-master.opt b/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa-master.opt deleted file mode 100644 index f896e2bda971..000000000000 --- a/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa-master.opt +++ /dev/null @@ -1 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT diff --git a/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa.result b/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa.result index a310a549cbdd..363404d04bff 100644 --- a/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa.result +++ b/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa.result @@ -1,13 +1,9 @@ -INSTALL PLUGIN keyring_vault SONAME 'keyring_vault.so'; -Warnings: -Warning 42000 keyring_vault initialization failure. Please check the server log. +# restart: SELECT PLUGIN_NAME,PLUGIN_VERSION,PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE plugin_name='keyring_vault'; PLUGIN_NAME keyring_vault PLUGIN_VERSION 1.0 PLUGIN_STATUS ACTIVE - -SET @@global.keyring_vault_config='MYSQLTEST_VARDIR/keyring_vault1.conf'; SELECT @@global.keyring_vault_config; @@global.keyring_vault_config MYSQLTEST_VARDIR/keyring_vault1.conf @@ -44,6 +40,6 @@ UNINSTALL PLUGIN keyring_vault; SELECT PLUGIN_NAME,PLUGIN_VERSION,PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE plugin_name='keyring_vault'; DROP TABLE t1; -# restart +# restart: #End: diff --git a/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa.test b/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa.test index a9d15358d423..39188001e022 100644 --- a/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa.test +++ b/plugin/keyring_vault/tests/mtr/keyring_vault_config_qa.test @@ -51,14 +51,13 @@ call mtr.add_suppression("for being a mount point successful - identified kv-v2 --enable_query_log # Installing keyring plugin. ---replace_regex /\.dll/.so/ -eval INSTALL PLUGIN keyring_vault SONAME '$KEYRING_VAULT_PLUGIN'; +--let $restart_parameters = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --keyring_vault_config=$conf_file1 +--let $do_not_echo_parameters = 1 +--source include/restart_mysqld.inc + # Check keyring plugin query_vertical SELECT PLUGIN_NAME,PLUGIN_VERSION,PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE plugin_name='keyring_vault'; ---echo ---replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR -eval SET @@global.keyring_vault_config='$conf_file1'; --replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR SELECT @@global.keyring_vault_config; # Creating table with encryption. diff --git a/plugin/keyring_vault/tests/mtr/keyring_vault_timeout-master.opt b/plugin/keyring_vault/tests/mtr/keyring_vault_timeout-master.opt deleted file mode 100644 index f896e2bda971..000000000000 --- a/plugin/keyring_vault/tests/mtr/keyring_vault_timeout-master.opt +++ /dev/null @@ -1 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT diff --git a/plugin/keyring_vault/tests/mtr/keyring_vault_timeout.result b/plugin/keyring_vault/tests/mtr/keyring_vault_timeout.result deleted file mode 100644 index c8d140c3af2a..000000000000 --- a/plugin/keyring_vault/tests/mtr/keyring_vault_timeout.result +++ /dev/null @@ -1,13 +0,0 @@ -INSTALL PLUGIN keyring_vault SONAME 'keyring_vault.so'; -Warnings: -Warning 42000 keyring_vault initialization failure. Please check the server log. -include/assert.inc [Default vaule of keyring_vault_timeout should be 15] -SET @@GLOBAL.keyring_vault_timeout = 15; -SET @@GLOBAL.keyring_vault_config = 'MYSQLTEST_VARDIR/keyring_vault_incorrect_server.conf'; -ERROR 42000: Variable 'keyring_vault_config' can't be set to the value of 'MYSQLTEST_VARDIR/keyring_vault_incorrect_server.conf' -include/assert.inc [Connection time must be bigger than keyring_vault_timeout] -SET @@GLOBAL.keyring_vault_timeout = 5; -SET @@global.keyring_vault_config = 'MYSQLTEST_VARDIR/keyring_vault_incorrect_server.conf'; -ERROR 42000: Variable 'keyring_vault_config' can't be set to the value of 'MYSQLTEST_VARDIR/keyring_vault_incorrect_server.conf' -include/assert.inc [Connection time must be bigger than keyring_vault_timeout] -UNINSTALL PLUGIN keyring_vault; diff --git a/plugin/keyring_vault/tests/mtr/keyring_vault_timeout.test b/plugin/keyring_vault/tests/mtr/keyring_vault_timeout.test deleted file mode 100644 index 1ed4e50bbaa0..000000000000 --- a/plugin/keyring_vault/tests/mtr/keyring_vault_timeout.test +++ /dev/null @@ -1,82 +0,0 @@ ---source include/have_keyring_vault_plugin.inc - -# PS-298: keyring_vault's timeout should be configurable - ---let $vault_conf_mount_point_uuid = `SELECT UUID()` - ---source parse_combination.inc - ---let $vault_conf_file = $MYSQLTEST_VARDIR/keyring_vault_incorrect_server.conf ---let $vault_conf_address = http://192.168.255.1 ---let $vault_conf_mount_point_suffix = ---let $skip_vault_conf_ca = 1 ---source generate_conf_file.inc - ---replace_regex /\.dll/.so/ -eval INSTALL PLUGIN keyring_vault SONAME '$KEYRING_VAULT_PLUGIN'; - ---let $assert_text = Default vaule of keyring_vault_timeout should be 15 ---let $assert_cond = "[SELECT @@keyring_vault_timeout = 15]" = 1 ---source include/assert.inc - ---disable_query_log -call mtr.add_suppression("Plugin keyring_vault reported: 'keyring_vault initialization failure."); -call mtr.add_suppression("Plugin keyring_vault reported: 'Could not open credentials file.'"); -call mtr.add_suppression("Plugin keyring_vault reported: 'CURL returned this error code: 28 with error message : Connection timed out after"); -call mtr.add_suppression("Plugin keyring_vault reported: 'Could not retrieve list of keys from Vault.'"); -call mtr.add_suppression("Plugin keyring_vault reported: 'Error while loading keyring content. The keyring might be malformed'"); -call mtr.add_suppression("Plugin keyring_vault reported: 'CURL returned this error code: 28 with error message : connect\\(\\) timed out!'"); -call mtr.add_suppression("Plugin keyring_vault reported: 'CURL returned this error code: 28 with error message : Operation timed out after"); -call mtr.add_suppression("Plugin keyring_vault reported: 'CURL returned this error code: 7 with error message : couldn't connect to host'"); -call mtr.add_suppression("Plugin keyring_vault reported: 'CURL returned this error code: 7 with error message : Failed to connect to"); -call mtr.add_suppression("Plugin keyring_vault reported: 'vault_ca is not specified but vault_url is https://"); -call mtr.add_suppression("Plugin keyring_vault reported: 'Auto-detected mount point version is not the same as specified in 'secret_mount_point_version'\\."); -call mtr.add_suppression("for being a mount point unsuccessful - skipped."); -call mtr.add_suppression("for being a mount point successful - identified kv-v2 secret engine."); ---enable_query_log - - -SET @@GLOBAL.keyring_vault_timeout = 15; - ---let $connection_time_start = `SELECT UNIX_TIMESTAMP()` - -# Here, we are trying to set keyring_vault_config variable to existing, but not accessible address. -# As the connection is not possible we should receive connection timeout - according to the value of -# keyring_vault_timeout variable. - ---replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR ---error ER_WRONG_VALUE_FOR_VAR -eval SET @@GLOBAL.keyring_vault_config = '$vault_conf_file'; - ---let $connection_time_end = `SELECT UNIX_TIMESTAMP()` ---let $connection_time = `SELECT $connection_time_end - $connection_time_start` - -# Here, we check if connection timeouted correctly - we should receive timeout after -# keyring_vault_timeout seconds. We do not check the upper bound as we cannot -# estimate how much time connection can take in build system (Jenkins). - ---let $timeout = `SELECT @@GLOBAL.keyring_vault_timeout` ---let $assert_text = Connection time must be bigger than keyring_vault_timeout ---let $assert_cond = $timeout <= $connection_time ---source include/assert.inc - -SET @@GLOBAL.keyring_vault_timeout = 5; - ---let $connection_time_start = `SELECT UNIX_TIMESTAMP()` - ---replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR ---error ER_WRONG_VALUE_FOR_VAR -eval SET @@global.keyring_vault_config = '$vault_conf_file'; - ---let $connection_time_end = `SELECT UNIX_TIMESTAMP()` ---let $connection_time = `SELECT $connection_time_end - $connection_time_start` - ---let $timeout = `SELECT @@GLOBAL.keyring_vault_timeout` ---let $assert_text = Connection time must be bigger than keyring_vault_timeout ---let $assert_cond = $timeout <= $connection_time ---source include/assert.inc - -UNINSTALL PLUGIN keyring_vault; - -# Removing .conf files ---remove_file $vault_conf_file diff --git a/plugin/keyring_vault/tests/mtr/rpl_key_rotation-master.opt b/plugin/keyring_vault/tests/mtr/rpl_key_rotation-master.opt deleted file mode 100644 index 1f8fd2247925..000000000000 --- a/plugin/keyring_vault/tests/mtr/rpl_key_rotation-master.opt +++ /dev/null @@ -1,2 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT -$KEYRING_VAULT_PLUGIN_LOAD diff --git a/plugin/keyring_vault/tests/mtr/rpl_key_rotation-slave.opt b/plugin/keyring_vault/tests/mtr/rpl_key_rotation-slave.opt deleted file mode 100644 index ed232f51ff3e..000000000000 --- a/plugin/keyring_vault/tests/mtr/rpl_key_rotation-slave.opt +++ /dev/null @@ -1,4 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT -$KEYRING_VAULT_PLUGIN_LOAD - ---master-retry-count=60 diff --git a/plugin/keyring_vault/tests/mtr/rpl_key_rotation.result b/plugin/keyring_vault/tests/mtr/rpl_key_rotation.result index e0125f1a03aa..4258fa33d187 100644 --- a/plugin/keyring_vault/tests/mtr/rpl_key_rotation.result +++ b/plugin/keyring_vault/tests/mtr/rpl_key_rotation.result @@ -3,9 +3,13 @@ Warnings: Note #### Sending passwords in plain text without SSL/TLS is extremely insecure. Note #### Storing MySQL user name or password information in the master info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the 'START SLAVE Syntax' in the MySQL Manual for more information. [connection master] -SET @@global.keyring_vault_config='MYSQLTEST_VARDIR/keyring_vault2.conf'; +include/rpl_stop_server.inc [server_number=2] +include/rpl_stop_server.inc [server_number=1] [On Master] -SET @@global.keyring_vault_config='MYSQLTEST_VARDIR/keyring_vault1.conf'; +include/rpl_start_server.inc [server_number=1] +[On Slave] +include/rpl_start_server.inc [server_number=2] +include/start_slave.inc CHANGE REPLICATION SOURCE TO SOURCE_CONNECT_RETRY = 100; ALTER INSTANCE ROTATE INNODB MASTER KEY; @@ -70,8 +74,6 @@ INSERT INTO t4 VALUES(1, "rpltest"); START REPLICA SQL_THREAD; include/wait_for_slave_sql_error.inc [errno=3185] INSTALL PLUGIN keyring_vault SONAME 'keyring_vault.so'; -Warnings: -Warning 42000 keyring_vault initialization failure. Please check the server log. SET @@global.keyring_vault_config='MYSQLTEST_VARDIR/keyring_vault2.conf'; SELECT PLUGIN_NAME,PLUGIN_VERSION,PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE plugin_name='keyring_vault'; @@ -99,21 +101,17 @@ ALTER INSTANCE ROTATE INNODB MASTER KEY; ERROR HY000: Can't find master key from keyring, please check in the server log if a keyring is loaded and initialized successfully. # Installing keyring_vault plugin on master. INSTALL PLUGIN keyring_vault SONAME 'keyring_vault.so'; -Warnings: -Warning 42000 keyring_vault initialization failure. Please check the server log. # Cleanup DROP TABLE t1,t2,t3,t4; UNINSTALL PLUGIN keyring_vault; include/sync_slave_sql_with_master.inc include/rpl_restart_server.inc [server_number=1] SELECT @@global.keyring_vault_config; -@@global.keyring_vault_config - +ERROR HY000: Unknown system variable 'keyring_vault_config' include/sync_slave_sql_with_master.inc UNINSTALL PLUGIN keyring_vault; include/rpl_restart_server.inc [server_number=2] START REPLICA; SELECT @@global.keyring_vault_config; -@@global.keyring_vault_config - +ERROR HY000: Unknown system variable 'keyring_vault_config' include/rpl_end.inc diff --git a/plugin/keyring_vault/tests/mtr/rpl_key_rotation.test b/plugin/keyring_vault/tests/mtr/rpl_key_rotation.test index 9efd8eb60fff..25d804b8c71a 100644 --- a/plugin/keyring_vault/tests/mtr/rpl_key_rotation.test +++ b/plugin/keyring_vault/tests/mtr/rpl_key_rotation.test @@ -43,14 +43,34 @@ call mtr.add_suppression("for being a mount point successful - identified kv-v2 --enable_query_log --connection slave ---replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR -eval SET @@global.keyring_vault_config='$conf_file2'; +--let $rpl_server_number= 2 +--source include/rpl_stop_server.inc + +--connection master +--let $rpl_server_number= 1 +--source include/rpl_stop_server.inc --connection master --echo [On Master] ---replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR -eval SET @@global.keyring_vault_config='$conf_file1'; +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $KEYRING_PLUGIN keyring_vault.so $KEYRING_VAULT_PLUGIN_OPT KEYRING_VAULT_PLUGIN_OPT +--let $rpl_server_parameters= $KEYRING_VAULT_PLUGIN_LOAD $KEYRING_VAULT_PLUGIN_OPT --keyring_vault_config=$conf_file1 +--let $rpl_server_number= 1 +--let $rpl_omit_print_server_parameters= 1 +--source include/rpl_start_server.inc + +--connection slave +--echo [On Slave] +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $KEYRING_PLUGIN keyring_vault.so $KEYRING_VAULT_PLUGIN_OPT KEYRING_VAULT_PLUGIN_OPT +--let $rpl_server_parameters= $KEYRING_VAULT_PLUGIN_LOAD $KEYRING_VAULT_PLUGIN_OPT --keyring_vault_config=$conf_file2 --master-retry-count=60 +--let $rpl_server_number= 2 +--let $rpl_omit_print_server_parameters= 1 +--source include/rpl_start_server.inc +--source include/start_slave.inc +--let $rpl_omit_print_server_parameters= 0 +--let $rpl_server_parameters= + +--connection master CHANGE REPLICATION SOURCE TO SOURCE_CONNECT_RETRY = 100; --echo @@ -151,6 +171,7 @@ UNINSTALL PLUGIN keyring_vault; --source include/rpl_restart_server.inc --connection master +--error ER_UNKNOWN_SYSTEM_VARIABLE SELECT @@global.keyring_vault_config; --source include/sync_slave_sql_with_master.inc @@ -163,6 +184,7 @@ UNINSTALL PLUGIN keyring_vault; --connection slave START REPLICA; +--error ER_UNKNOWN_SYSTEM_VARIABLE SELECT @@global.keyring_vault_config; --connection master diff --git a/plugin/keyring_vault/tests/mtr/table_encrypt_2-master.opt b/plugin/keyring_vault/tests/mtr/table_encrypt_2-master.opt deleted file mode 100644 index 1f8fd2247925..000000000000 --- a/plugin/keyring_vault/tests/mtr/table_encrypt_2-master.opt +++ /dev/null @@ -1,2 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT -$KEYRING_VAULT_PLUGIN_LOAD diff --git a/plugin/keyring_vault/tests/mtr/table_encrypt_2.result b/plugin/keyring_vault/tests/mtr/table_encrypt_2.result index d39439df4742..190e92d470ff 100644 --- a/plugin/keyring_vault/tests/mtr/table_encrypt_2.result +++ b/plugin/keyring_vault/tests/mtr/table_encrypt_2.result @@ -1,4 +1,4 @@ -SET @@global.keyring_vault_config = 'MYSQLTEST_VARDIR/keyring_vault1.conf'; +# restart: CREATE TABLE t1(c1 int) ENGINE=InnoDB ENCRYPTION="Y"; DROP TABLE t1; # restart: diff --git a/plugin/keyring_vault/tests/mtr/table_encrypt_2.test b/plugin/keyring_vault/tests/mtr/table_encrypt_2.test index 76efbc7d34d7..d85802cfcb2d 100644 --- a/plugin/keyring_vault/tests/mtr/table_encrypt_2.test +++ b/plugin/keyring_vault/tests/mtr/table_encrypt_2.test @@ -29,8 +29,8 @@ if (!$vault_conf_mount_point_directory) --source mount_point_service.inc } ---let $keyring1_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --loose-keyring_vault_config=$conf_file1 ---let $keyring2_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --loose-keyring_vault_config=$conf_file2 +--let $keyring1_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --keyring_vault_config=$conf_file1 +--let $keyring2_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --keyring_vault_config=$conf_file2 --disable_query_log call mtr.add_suppression("\\[ERROR\\] .*MY-\\d+.* Function 'keyring_vault' already exists"); @@ -40,8 +40,9 @@ call mtr.add_suppression("keyring_vault initialization failure"); call mtr.add_suppression("A message intended for a client cannot be sent there as no client-session is attached"); --enable_query_log ---replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR -eval SET @@global.keyring_vault_config = '$conf_file1'; +--let $restart_parameters = $keyring1_restart_param +--let $do_not_echo_parameters = 1 +--source include/restart_mysqld.inc --let $encryption_type = Y --source include/table_encrypt_2.inc diff --git a/plugin/keyring_vault/tests/mtr/table_encrypt_2_directory.result b/plugin/keyring_vault/tests/mtr/table_encrypt_2_directory.result deleted file mode 100644 index 2b35ffc21f62..000000000000 --- a/plugin/keyring_vault/tests/mtr/table_encrypt_2_directory.result +++ /dev/null @@ -1,167 +0,0 @@ -call mtr.add_suppression("\\[ERROR\\] .*MY-\\d+.* Function 'keyring_vault' already exists"); -call mtr.add_suppression("\\[ERROR\\] .*MY-\\d+.* Couldn't load plugin named 'keyring_vault' with soname 'keyring_vault.*'."); -call mtr.add_suppression("Plugin keyring_vault reported"); -call mtr.add_suppression("keyring_vault initialization failure"); -SET @@global.keyring_vault_config="MYSQLTEST_VARDIR/std_data/keyring_vault_confs/keyring_vault1.conf"; -CREATE TABLE t1(c1 int) ENGINE=InnoDB ENCRYPTION="Y"; -DROP TABLE t1; -# restart: -SET GLOBAL innodb_file_per_table = 1; -SELECT @@innodb_file_per_table; -@@innodb_file_per_table -1 -CREATE TABLE t1(c1 INT, c2 char(20)) ENCRYPTION="Y" ENGINE = InnoDB; -SHOW CREATE TABLE t1; -Table Create Table -t1 CREATE TABLE `t1` ( - `c1` int DEFAULT NULL, - `c2` char(20) DEFAULT NULL -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci ENCRYPTION='Y' -INSERT INTO t1 VALUES(0, "aaaaa"); -INSERT INTO t1 VALUES(1, "bbbbb"); -INSERT INTO t1 VALUES(2, "ccccc"); -INSERT INTO t1 VALUES(3, "ddddd"); -INSERT INTO t1 VALUES(4, "eeeee"); -INSERT INTO t1 VALUES(5, "fffff"); -INSERT INTO t1 VALUES(6, "ggggg"); -INSERT INTO t1 VALUES(7, "hhhhh"); -INSERT INTO t1 VALUES(8, "iiiii"); -INSERT INTO t1 VALUES(9, "jjjjj"); -INSERT INTO t1 select * from t1; -INSERT INTO t1 select * from t1; -INSERT INTO t1 select * from t1; -INSERT INTO t1 select * from t1; -INSERT INTO t1 select * from t1; -INSERT INTO t1 select * from t1; -SELECT * FROM t1 LIMIT 10; -c1 c2 -0 aaaaa -1 bbbbb -2 ccccc -3 ddddd -4 eeeee -5 fffff -6 ggggg -7 hhhhh -8 iiiii -9 jjjjj -# restart: -SELECT * FROM t1 LIMIT 10; -c1 c2 -0 aaaaa -1 bbbbb -2 ccccc -3 ddddd -4 eeeee -5 fffff -6 ggggg -7 hhhhh -8 iiiii -9 jjjjj -ALTER INSTANCE ROTATE INNODB MASTER KEY; -DROP TABLE t1; -CREATE TABLE t1(c1 INT, c2 char(20)) ENCRYPTION="Y" ENGINE = InnoDB; -INSERT INTO t1 VALUES(0, "aaaaa"); -INSERT INTO t1 VALUES(1, "bbbbb"); -INSERT INTO t1 VALUES(2, "ccccc"); -INSERT INTO t1 VALUES(3, "ddddd"); -INSERT INTO t1 VALUES(4, "eeeee"); -INSERT INTO t1 VALUES(5, "fffff"); -INSERT INTO t1 VALUES(6, "ggggg"); -INSERT INTO t1 VALUES(7, "hhhhh"); -INSERT INTO t1 VALUES(8, "iiiii"); -INSERT INTO t1 VALUES(9, "jjjjj"); -# restart: -SELECT * FROM t1 LIMIT 10; -c1 c2 -0 aaaaa -1 bbbbb -2 ccccc -3 ddddd -4 eeeee -5 fffff -6 ggggg -7 hhhhh -8 iiiii -9 jjjjj -DROP TABLE t1; -# restart: -SET block_encryption_mode = 'aes-256-cbc'; -DROP DATABASE IF EXISTS tde_db; -CREATE DATABASE tde_db; -CREATE TABLE tde_db.t1(c1 INT PRIMARY KEY, c2 char(50)) ENCRYPTION = 'Y' ENGINE = InnoDB; -INSERT INTO tde_db.t1 VALUES(0, 'abc'); -INSERT INTO tde_db.t1 VALUES(1, 'xyz'); -INSERT INTO tde_db.t1 VALUES(2, null); -INSERT INTO tde_db.t1 VALUES(3, null); -SELECT * FROM tde_db.t1 LIMIT 10; -c1 c2 -0 abc -1 xyz -2 NULL -3 NULL -ALTER INSTANCE ROTATE INNODB MASTER KEY; -SELECT * FROM tde_db.t1 LIMIT 10; -c1 c2 -0 abc -1 xyz -2 NULL -3 NULL -# Mysqldump output - -CREATE DATABASE /*!32312 IF NOT EXISTS*/ `tde_db` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci */ /*!80016 DEFAULT ENCRYPTION='N' */; - -USE `tde_db`; -/*!40101 SET @saved_cs_client = @@character_set_client */; - SET character_set_client = utf8mb4 ; -CREATE TABLE `t1` ( - `c1` int NOT NULL, - `c2` char(50) DEFAULT NULL, - PRIMARY KEY (`c1`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci ENCRYPTION='Y'; -/*!40101 SET character_set_client = @saved_cs_client */; -INSERT INTO `t1` VALUES (0,'abc'),(1,'xyz'),(2,NULL),(3,NULL); -# Redirecting mysqlpump output to MYSQL_TMP_DIR/mysqlpump_encrypt.sql -DROP DATABASE tde_db; -Pattern "ALTER INSTANCE ROTATE INNODB MASTER KEY" found -# Loading tables from mysqlpump_encrypt.sql -SELECT * FROM tde_db.t1 LIMIT 10; -c1 c2 -0 abc -1 xyz -2 NULL -3 NULL -INSERT INTO tde_db.t1 VALUES(4, null); -SELECT * FROM tde_db.t1 LIMIT 10; -c1 c2 -0 abc -1 xyz -2 NULL -3 NULL -4 NULL -DROP DATABASE tde_db; -# -# Bug #26634507 CREATE_OPTIONS FLD IN INFORMATION_SCHEMA.TABLES NOT -# FILLING PROPERLY. -# The CREATE_OPTIONS field from I_S.TABLES should show the option -# 'ENCRYPTION='. -# -CREATE TABLE not_encrypted1 (col1 INT) ENCRYPTION='n'; -CREATE TABLE not_encrypted2 (col1 INT) ENCRYPTION='N'; -CREATE TABLE encrypted1 (col1 INT) ENCRYPTION='y'; -CREATE TABLE encrypted2 (col1 INT) ENCRYPTION='Y'; -SELECT TABLE_SCHEMA, TABLE_NAME, CREATE_OPTIONS -FROM INFORMATION_SCHEMA.TABLES -WHERE TABLE_NAME like '%encrypted%' - ORDER BY TABLE_NAME; -TABLE_SCHEMA TABLE_NAME CREATE_OPTIONS -test encrypted1 ENCRYPTION='y' -test encrypted2 ENCRYPTION='Y' -test not_encrypted1 -test not_encrypted2 -DROP TABLE encrypted1; -DROP TABLE not_encrypted1; -DROP TABLE encrypted2; -DROP TABLE not_encrypted2; -# restart: -SET GLOBAL innodb_file_per_table=1; diff --git a/plugin/keyring_vault/tests/mtr/table_encrypt_5-master.opt b/plugin/keyring_vault/tests/mtr/table_encrypt_5-master.opt deleted file mode 100644 index f896e2bda971..000000000000 --- a/plugin/keyring_vault/tests/mtr/table_encrypt_5-master.opt +++ /dev/null @@ -1 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT diff --git a/plugin/keyring_vault/tests/mtr/table_encrypt_5.test b/plugin/keyring_vault/tests/mtr/table_encrypt_5.test index f8afcadfa723..4e96d14cc003 100644 --- a/plugin/keyring_vault/tests/mtr/table_encrypt_5.test +++ b/plugin/keyring_vault/tests/mtr/table_encrypt_5.test @@ -34,8 +34,9 @@ call mtr.add_suppression("for being a mount point successful - identified kv-v2 --enable_query_log --let $keyring_plugin_name = keyring_vault ---let $keyring1_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --loose-keyring_vault_config=$conf_file1 ---let $keyring2_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --loose-keyring_vault_config=$conf_file2 +--let $keyring1_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --keyring_vault_config=$conf_file1 +--let $keyring2_restart_param = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --keyring_vault_config=$conf_file2 +--let $keyring_setup_without_plugin_param = restart: --loose-keyring_vault_config=$conf_file1 --let $install_keyring_statement = INSTALL PLUGIN keyring_vault SONAME '$KEYRING_VAULT_PLUGIN' --let $select_keyring_variable_statement = SELECT @@global.keyring_vault_config --let $set_keyring_variable_to_keyring1 = SET @@global.keyring_vault_config='$conf_file1' diff --git a/plugin/keyring_vault/tests/mtr/temp_table_encrypt_keyring_vault-master.opt b/plugin/keyring_vault/tests/mtr/temp_table_encrypt_keyring_vault-master.opt deleted file mode 100644 index 1f8fd2247925..000000000000 --- a/plugin/keyring_vault/tests/mtr/temp_table_encrypt_keyring_vault-master.opt +++ /dev/null @@ -1,2 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT -$KEYRING_VAULT_PLUGIN_LOAD diff --git a/plugin/keyring_vault/tests/mtr/timeout_basic-master.opt b/plugin/keyring_vault/tests/mtr/timeout_basic-master.opt deleted file mode 100644 index 1f8fd2247925..000000000000 --- a/plugin/keyring_vault/tests/mtr/timeout_basic-master.opt +++ /dev/null @@ -1,2 +0,0 @@ -$KEYRING_VAULT_PLUGIN_OPT -$KEYRING_VAULT_PLUGIN_LOAD diff --git a/plugin/keyring_vault/tests/mtr/timeout_basic.result b/plugin/keyring_vault/tests/mtr/timeout_basic.result index a3bab998aacf..2dce2e03ea1c 100644 --- a/plugin/keyring_vault/tests/mtr/timeout_basic.result +++ b/plugin/keyring_vault/tests/mtr/timeout_basic.result @@ -1,6 +1,8 @@ call mtr.add_suppression("keyring_vault initialization failure."); call mtr.add_suppression("Plugin keyring_vault reported: 'Could not open credentials file.'"); call mtr.add_suppression("A message intended for a client cannot be sent there as no client-session is attached"); +call mtr.add_suppression("Plugin keyring_vault reported"); +# restart: SET @start_global_value = @@GLOBAL.keyring_vault_timeout; SET @@GLOBAL.keyring_vault_timeout = 100; SET @@GLOBAL.keyring_vault_timeout = DEFAULT; diff --git a/plugin/keyring_vault/tests/mtr/timeout_basic.test b/plugin/keyring_vault/tests/mtr/timeout_basic.test index 00d14b0060ff..c3e5943172a3 100644 --- a/plugin/keyring_vault/tests/mtr/timeout_basic.test +++ b/plugin/keyring_vault/tests/mtr/timeout_basic.test @@ -13,6 +13,25 @@ call mtr.add_suppression("keyring_vault initialization failure."); call mtr.add_suppression("Plugin keyring_vault reported: 'Could not open credentials file.'"); call mtr.add_suppression("A message intended for a client cannot be sent there as no client-session is attached"); +call mtr.add_suppression("Plugin keyring_vault reported"); + +############################################################# +# Initialization # +############################################################# + +--let $vault_conf_mount_point_uuid = `SELECT UUID()` +--source parse_combination.inc + +--let $vault_conf_file = $MYSQLTEST_VARDIR/keyring_vault.conf +--let $vault_conf_mount_point_suffix = +--source generate_conf_file.inc + +--let $mount_point_service_op = CREATE +--source mount_point_service.inc + +--let $restart_parameters = restart: $KEYRING_VAULT_PLUGIN_OPT $KEYRING_VAULT_PLUGIN_EARLY_LOAD --keyring_vault_config=$vault_conf_file +--let $do_not_echo_parameters = 1 +--source include/restart_mysqld.inc ############################################################# # Save initial value # @@ -182,3 +201,4 @@ SELECT keyring_vault_timeout = @@GLOBAL.keyring_vault_timeout; # Restore initial value # #################################### SET @@GLOBAL.keyring_vault_timeout = @start_global_value; +--remove_file $vault_conf_file diff --git a/plugin/keyring_vault/tests/mtr/wrong_keyring_vault_config.result b/plugin/keyring_vault/tests/mtr/wrong_keyring_vault_config.result index 503645ff9a3e..2f5866ef4ce6 100644 --- a/plugin/keyring_vault/tests/mtr/wrong_keyring_vault_config.result +++ b/plugin/keyring_vault/tests/mtr/wrong_keyring_vault_config.result @@ -1,3 +1,4 @@ call mtr.add_suppression("Plugin keyring_vault reported: 'Could not open credentials file.'"); call mtr.add_suppression("keyring_vault initialization failure."); call mtr.add_suppression("A message intended for a client cannot be sent"); +call mtr.add_suppression("Plugin 'keyring_vault' init function returned error."); diff --git a/plugin/keyring_vault/tests/mtr/wrong_keyring_vault_config.test b/plugin/keyring_vault/tests/mtr/wrong_keyring_vault_config.test index 153475347f3a..64834355272e 100644 --- a/plugin/keyring_vault/tests/mtr/wrong_keyring_vault_config.test +++ b/plugin/keyring_vault/tests/mtr/wrong_keyring_vault_config.test @@ -6,5 +6,4 @@ call mtr.add_suppression("Plugin keyring_vault reported: 'Could not open credentials file.'"); call mtr.add_suppression("keyring_vault initialization failure."); -call mtr.add_suppression("A message intended for a client cannot be sent"); - +call mtr.add_suppression("A message intended for a client cannot be sent");call mtr.add_suppression("Plugin 'keyring_vault' init function returned error.");