Exemple #1
0
    def test_check_missing_privileges(self):
        """ Tests the User's check_missing_privileges method"""

        self.server.exec_query("Drop USER if exists 'Jonh_CAPITALS'@'{0}'"
                               "".format(self.server.host))
        user_name = 'Jonh_CAPITALS'
        user_obj = User(self.server,
                        "{0}@{1}".format(user_name, self.server.host),
                        verbosity=1)
        self.assertFalse(user_obj.exists())

        user_obj.create(disable_binlog=True, ssl=True)
        self.assertTrue(user_obj.exists())

        self.assertListEqual(
            user_obj.check_missing_privileges(
                ["REPLICATION SLAVE", "CREATE USER"], as_string=False),
            ["CREATE USER", "REPLICATION SLAVE"])

        self.assertEqual(
            user_obj.check_missing_privileges(
                ["REPLICATION SLAVE", "CREATE USER"]),
            "CREATE USER and REPLICATION SLAVE")

        change_user_privileges(self.server,
                               user_name,
                               self.server.host,
                               grant_list=["REPLICATION SLAVE", "CREATE USER"],
                               disable_binlog=True)
        self.assertListEqual(user_obj.get_grants(refresh=True),
                             [("GRANT REPLICATION SLAVE, CREATE USER ON *.* "
                               "TO 'Jonh_CAPITALS'@'localhost'", )])
        self.assertListEqual(
            user_obj.check_missing_privileges(
                ["REPLICATION SLAVE", "CREATE USER"], as_string=False), [])

        self.assertEqual(
            user_obj.check_missing_privileges(
                ["REPLICATION SLAVE", "CREATE USER"]), "")

        user_obj.drop()

        user_name = 'some_user'
        self.server.exec_query("Drop USER if exists '{0}'@'{1}'"
                               "".format(user_name, self.server.host))
        change_user_privileges(self.server,
                               user_name,
                               self.server.host,
                               user_passwd="some pass",
                               grant_list=["REPLICATION SLAVE", "CREATE USER"],
                               disable_binlog=True,
                               create_user=True)
        change_user_privileges(self.server,
                               user_name,
                               self.server.host,
                               revoke_list=["REPLICATION SLAVE"],
                               disable_binlog=True)

        # expect GadgetError: Query failed: Unknown system variable
        with self.assertRaises(GadgetError) as test_raises:
            user_obj.drop(user_name)
        exception = test_raises.exception
        self.assertTrue("Cannot parse user@host" in exception.errmsg,
                        "The exception message was not the expected")
        user_obj.drop("{0}@{1}".format(user_name, self.server.host))
        self.server.exec_query("Drop USER if exists '{0}'@'{1}'"
                               "".format(user_name, self.server.host))
Exemple #2
0
    def test_check_server_requirements(self):
        """Tests check_server_requirements method"""
        skip_if_not_GR_approved(self.server1)
        self.server.exec_query("drop user if exists 'new_rpl_user'")
        self.server.exec_query("drop user if exists 'replic_user'@'%'")
        self.server.exec_query("drop user if exists 'replic_user'@'localhost'")
        # Test with default values, server.user must have SUPER
        options = {
            "replication_user": "******",
            "rep_user_passwd": "rplr_pass",
        }
        rpl_settings = get_rpl_usr(options)
        req_dict = get_req_dict(self.server, rpl_settings["replication_user"])
        self.assertTrue(
            check_server_requirements(self.server,
                                      req_dict,
                                      rpl_settings,
                                      verbose=True,
                                      dry_run=False,
                                      skip_backup=True))

        self.assertTrue(
            User(self.server, "replic_user@%", None).exists(),
            "User was not created on check_server_requirements")

        # Test using an admin user without CREATE USER privilege.
        grant_list = ["SELECT"]
        self.server.exec_query("DROP USER IF EXISTS "
                               "'replic_user'@'localhost'")
        change_user_privileges(self.server,
                               "replic_user",
                               'localhost',
                               "rplr_pass",
                               grant_list=grant_list,
                               create_user=True)

        server2 = Server({
            "conn_info":
            "replic_user@localhost:{0}"
            "".format(self.server.port)
        })
        server2.passwd = "rplr_pass"
        server2.connect()
        qry_key = ("select MEMBER_HOST, MEMBER_PORT from {0}"
                   "".format(REP_GROUP_MEMBERS_TABLE))

        frozen_queries = {qry_key: [[server2.host, server2.port]]}
        mock_server = get_mock_server(server2, variables=frozen_queries)

        options = {
            "replication_user": "******",
            "rep_user_passwd": "rpl_pass",
        }
        rpl_settings = get_rpl_usr(options)
        req_dict = get_req_dict(server2, rpl_settings["replication_user"])

        # expect GadgetError: Query failed: No required privileges
        #                                   to create the replication user
        with self.assertRaises(GadgetError) as test_raises:
            check_server_requirements(mock_server,
                                      req_dict,
                                      rpl_settings,
                                      verbose=True,
                                      dry_run=False,
                                      skip_backup=True)
        exception = test_raises.exception
        self.assertTrue(
            "required privileges to create" in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        # Test existing user and admin user without REPLICATION SLAVE grant
        grant_list = ["SELECT"]
        revoke_list = ["REPLICATION SLAVE"]
        change_user_privileges(self.server,
                               "new_rpl_user",
                               "%",
                               grant_list=grant_list,
                               revoke_list=revoke_list,
                               create_user=True,
                               with_grant=True)
        revoke_list = ["REPLICATION SLAVE"]
        change_user_privileges(self.server,
                               "replic_user",
                               "%",
                               revoke_list=revoke_list)

        # expect GadgetError: does not have the REPLICATION SLAVE privilege,
        #                     and can not be granted by.
        with self.assertRaises(GadgetError) as test_raises:
            check_server_requirements(mock_server,
                                      req_dict,
                                      rpl_settings,
                                      verbose=True,
                                      dry_run=False,
                                      skip_backup=True)
        exception = test_raises.exception
        self.assertTrue(
            "does not have the REPLICATION SLAVE privilege, "
            "and can not be granted by" in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        self.assertTrue(
            "SUPER privilege required to disable the binlog."
            in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        # self.server.exec_query("drop user if exists 'replic_user'@'%'")
        # Test existing user and admin user without REPLICATION SLAVE grant
        grant_list = ["SELECT"]
        revoke_list = ["REPLICATION SLAVE"]
        change_user_privileges(self.server,
                               "new_rpl_user",
                               "%",
                               grant_list=grant_list,
                               revoke_list=revoke_list)
        grant_list = ["REPLICATION SLAVE", "SUPER"]
        change_user_privileges(self.server,
                               "replic_user",
                               "localhost",
                               grant_list=grant_list,
                               with_grant=True)

        # reset session to get new privileges.
        server2.disconnect()
        server2.connect()
        mock_server = get_mock_server(server2, variables=frozen_queries)

        self.assertTrue(
            check_server_requirements(mock_server,
                                      req_dict,
                                      rpl_settings,
                                      verbose=True,
                                      dry_run=False,
                                      skip_backup=True))

        # Test existing rpl user and admin user without grant
        # admin user: replic_user
        # rpl user: new_rpl_user
        grant_list = ["REPLICATION SLAVE"]
        change_user_privileges(self.server,
                               "new_rpl_user",
                               "%",
                               grant_list=grant_list)
        grant_list = ["SELECT", "CREATE USER"]
        change_user_privileges(self.server,
                               "create_rpl",
                               "127.0.0.1",
                               user_passwd="c_pass",
                               grant_list=grant_list,
                               create_user=True,
                               with_grant=True)
        server3 = Server({
            "conn_info":
            "[email protected]:{0}"
            "".format(self.server.port)
        })
        server3.passwd = "c_pass"
        server3.connect()
        req_dict3 = get_req_dict(server3, rpl_settings["replication_user"])
        # expect GadgetError: No required privileges
        #                     to grant Replication Slave privilege
        with self.assertRaises(GadgetError) as test_raises:
            check_server_requirements(server3,
                                      req_dict3,
                                      rpl_settings,
                                      verbose=True,
                                      dry_run=False,
                                      skip_backup=True)
        exception = test_raises.exception
        self.assertTrue(
            "SUPER privilege needed to run the CHANGE MASTER "
            "command" in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        # Test invalid server_id
        mock_server = get_mock_server(self.server,
                                      variables={"server_id": "0"})
        req_dict = get_req_dict(self.server, rpl_settings["replication_user"])

        # expect GadgetError: server_id not valid
        with self.assertRaises(GadgetError) as test_raises:
            check_server_requirements(mock_server,
                                      req_dict,
                                      rpl_settings,
                                      verbose=True,
                                      dry_run=False,
                                      skip_backup=True)
        exception = test_raises.exception
        self.assertTrue(
            "is not valid, it must be a positive integer" in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        # Test duplicate server_id
        mock_server = get_mock_server(self.server,
                                      variables={"server_id": "101"})
        req_dict["SERVER_ID"] = {"peers": [mock_server]}
        # expect GadgetError: server_id is already used by peer
        with self.assertRaises(GadgetError) as test_raises:
            check_server_requirements(mock_server,
                                      req_dict,
                                      rpl_settings,
                                      verbose=True,
                                      dry_run=False,
                                      skip_backup=True)
        exception = test_raises.exception
        self.assertTrue(
            "is already used by peer" in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        # Test existing user and admin with required grants
        req_dict = get_req_dict(self.server, rpl_settings["replication_user"])
        grant_list = ["REPLICATION SLAVE"]
        change_user_privileges(self.server,
                               "new_rpl_user",
                               "%",
                               grant_list=grant_list)
        self.assertTrue(
            check_server_requirements(self.server,
                                      req_dict,
                                      rpl_settings,
                                      verbose=True,
                                      dry_run=False,
                                      skip_backup=True))

        # Tests server variables not meet required values
        req_dict = get_req_dict(self.server, rpl_settings["replication_user"])
        req_dict[SERVER_VARIABLES] = {
            "log_bin": {
                ONE_OF: ("0", )
            },
            "binlog_format": {
                ONE_OF: ("", )
            },
            "binlog_checksum": {
                ONE_OF: ("", )
            },
            "gtid_mode": {
                ONE_OF: ("OFF", )
            },
            "log_slave_updates": {
                ONE_OF: ("0", )
            },
            "enforce_gtid_consistency": {
                ONE_OF: ("OFF", )
            },
        }
        # expect GadgetError: change the configuration values
        with self.assertRaises(GadgetError) as test_raises:
            check_server_requirements(self.server,
                                      req_dict,
                                      rpl_settings,
                                      verbose=True,
                                      dry_run=True,
                                      update=False,
                                      skip_backup=True)
        exception = test_raises.exception
        self.assertIn(
            "on server {0} are incompatible with Group "
            "Replication.".format(self.server), exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        # Test server version
        req_dict[SERVER_VERSION] = "99.9.9"
        # expect GadgetError: Query failed: server version
        with self.assertRaises(GadgetError) as test_raises:
            check_server_requirements(self.server,
                                      req_dict,
                                      rpl_settings,
                                      verbose=True,
                                      dry_run=True,
                                      update=False,
                                      skip_backup=True)
        exception = test_raises.exception
        self.assertTrue(
            "does not meet the required MySQL server version"
            in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        self.server.exec_query("drop user if exists 'replic_user'")
        self.server.exec_query("drop user if exists 'create_rpl'")
        self.server.exec_query("drop user if exists 'new_rpl_user'")
Exemple #3
0
    def test_check_missing_privileges(self):
        """ Tests the User's check_missing_privileges method"""

        self.server.exec_query("Drop USER if exists 'Jonh_CAPITALS'@'{0}'"
                               "".format(self.server.host))
        user_name = 'Jonh_CAPITALS'
        user_obj = User(self.server, "{0}@{1}".format(user_name,
                                                      self.server.host),
                        verbosity=1)
        self.assertFalse(user_obj.exists())

        user_obj.create(disable_binlog=True, ssl=True)
        self.assertTrue(user_obj.exists())

        self.assertListEqual(
            user_obj.check_missing_privileges(
                ["REPLICATION SLAVE", "CREATE USER"], as_string=False),
            ["CREATE USER", "REPLICATION SLAVE"])

        self.assertEqual(
            user_obj.check_missing_privileges(["REPLICATION SLAVE",
                                               "CREATE USER"]),
            "CREATE USER and REPLICATION SLAVE")

        change_user_privileges(self.server, user_name, self.server.host,
                               grant_list=["REPLICATION SLAVE", "CREATE USER"],
                               disable_binlog=True)
        self.assertListEqual(user_obj.get_grants(refresh=True),
                             [("GRANT REPLICATION SLAVE, CREATE USER ON *.* "
                               "TO 'Jonh_CAPITALS'@'localhost'",)])
        self.assertListEqual(
            user_obj.check_missing_privileges(["REPLICATION SLAVE",
                                               "CREATE USER"],
                                              as_string=False), [])

        self.assertEqual(
            user_obj.check_missing_privileges(["REPLICATION SLAVE",
                                               "CREATE USER"]), "")

        user_obj.drop()

        user_name = 'some_user'
        self.server.exec_query("Drop USER if exists '{0}'@'{1}'"
                               "".format(user_name, self.server.host))
        change_user_privileges(self.server, user_name, self.server.host,
                               user_passwd="some pass",
                               grant_list=["REPLICATION SLAVE", "CREATE USER"],
                               disable_binlog=True, create_user=True)
        change_user_privileges(self.server, user_name, self.server.host,
                               revoke_list=["REPLICATION SLAVE"],
                               disable_binlog=True)

        # expect GadgetError: Query failed: Unknown system variable
        with self.assertRaises(GadgetError) as test_raises:
            user_obj.drop(user_name)
        exception = test_raises.exception
        self.assertTrue("Cannot parse user@host" in exception.errmsg,
                        "The exception message was not the expected")
        user_obj.drop("{0}@{1}".format(user_name, self.server.host))
        self.server.exec_query("Drop USER if exists '{0}'@'{1}'"
                               "".format(user_name, self.server.host))
Exemple #4
0
    def test_bootstrap_noselect_priv(self):
        """Tests commands without Select privilege.
        """
        self.server.exec_query("drop user if exists 'not_select'@'%'")
        change_user_privileges(self.server,
                               "not_select",
                               "%",
                               user_passwd="pass",
                               create_user=True)

        server1 = Server(
            {"conn_info": "not_select@localhost:{0}".format(self.server.port)})
        server1.passwd = "pass"
        server1.connect()
        # Fill the options
        options = {
            "group_name": "b7286041-3016-11e6-ba52-507b9d87510a",
            "gr_host": ":{0}".format(self.server.port),
            "replication_user": "******",
            "rep_user_passwd": "passwd",
            "verbose": True,
            "dry_run": False,
        }

        # expect GadgetError: Query failed: not have enough privileges to
        #                                   verify server
        with self.assertRaises(GadgetError) as test_raises:
            leave(server1, **options)
        exception = test_raises.exception
        self.assertTrue(
            "not have enough privileges to verify server" in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        # reconnect the server.
        server1.connect()

        # expect GadgetError: Query failed: not have enough privileges to
        #                                   verify server
        with self.assertRaises(GadgetError) as test_raises:
            start(server1, **options)
        exception = test_raises.exception
        self.assertTrue(
            "The operation could not continue due to" in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        # reconnect the server.
        server1.connect()

        # expect GadgetError: Query failed: not have enough privileges to
        #                                   verify server
        with self.assertRaises(GadgetError) as test_raises:
            health(server1, **options)
        exception = test_raises.exception
        self.assertTrue(
            "not have enough privileges to verify server" in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))

        # reconnect the server.
        server1.connect()

        # expect GadgetError: Query failed: not have enough privileges to
        #                                   verify server
        with self.assertRaises(GadgetError) as test_raises:
            leave(server1, **options)
        exception = test_raises.exception
        self.assertTrue(
            "not have enough privileges to verify server" in exception.errmsg,
            "The exception message was not the expected. {0}"
            "".format(exception.errmsg))
Exemple #5
0
    def test_bootstrap_noselect_priv(self):
        """Tests commands without Select privilege.
        """
        self.server.exec_query("drop user if exists 'not_select'@'%'")
        change_user_privileges(self.server, "not_select", "%",
                               user_passwd="pass", create_user=True)

        server1 = Server({
            "conn_info": "not_select@localhost:{0}".format(self.server.port)})
        server1.passwd = "pass"
        server1.connect()
        # Fill the options
        options = {
            "group_name": "b7286041-3016-11e6-ba52-507b9d87510a",
            "gr_host": ":{0}".format(self.server.port),
            "replication_user": "******",
            "rep_user_passwd": "passwd",
            "verbose": True,
            "dry_run": False,
        }

        # expect GadgetError: Query failed: not have enough privileges to
        #                                   verify server
        with self.assertRaises(GadgetError) as test_raises:
            leave(server1, **options)
        exception = test_raises.exception
        self.assertTrue("not have enough privileges to verify server" in
                        exception.errmsg,
                        "The exception message was not the expected. {0}"
                        "".format(exception.errmsg))

        # reconnect the server.
        server1.connect()

        # expect GadgetError: Query failed: not have enough privileges to
        #                                   verify server
        with self.assertRaises(GadgetError) as test_raises:
            start(server1, **options)
        exception = test_raises.exception
        self.assertTrue("The operation could not continue due to" in
                        exception.errmsg,
                        "The exception message was not the expected. {0}"
                        "".format(exception.errmsg))

        # reconnect the server.
        server1.connect()

        # expect GadgetError: Query failed: not have enough privileges to
        #                                   verify server
        with self.assertRaises(GadgetError) as test_raises:
            health(server1, **options)
        exception = test_raises.exception
        self.assertTrue("not have enough privileges to verify server" in
                        exception.errmsg,
                        "The exception message was not the expected. {0}"
                        "".format(exception.errmsg))

        # reconnect the server.
        server1.connect()

        # expect GadgetError: Query failed: not have enough privileges to
        #                                   verify server
        with self.assertRaises(GadgetError) as test_raises:
            leave(server1, **options)
        exception = test_raises.exception
        self.assertTrue("not have enough privileges to verify server" in
                        exception.errmsg,
                        "The exception message was not the expected. {0}"
                        "".format(exception.errmsg))