-
Notifications
You must be signed in to change notification settings - Fork 4k
/
Copy pathbinlog_encryption.test
140 lines (115 loc) · 3.99 KB
/
binlog_encryption.test
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
###############################################################################
# Variable Name: binlog_encryption
# Scope: global
# Access Type: dynamic
# Data Type: boolean
#
# Description: Test case for checking the behavior of dynamic system variable
# "binlog_encryption", specifically regarding:
# - Scope & access type
# - Valid & default value
# - Invalid values
# - Required privileges
#
# Reference: WL#10957
###############################################################################
--source include/have_component_keyring_file.inc
--source suite/component_keyring_file/inc/setup_component.inc
# Save initial value
--let $saved_binlog_encryption= `SELECT @@global.binlog_encryption`
#
# Scope: Global only
#
SELECT COUNT(@@GLOBAL.binlog_encryption);
--error ER_INCORRECT_GLOBAL_LOCAL_VAR
SELECT COUNT(@@SESSION.binlog_encryption);
--disable_warnings
SELECT VARIABLE_NAME FROM performance_schema.global_variables WHERE VARIABLE_NAME='binlog_encryption';
SELECT VARIABLE_NAME FROM performance_schema.session_variables WHERE VARIABLE_NAME='binlog_encryption';
--enable_warnings
#
# Access Type: Dynamic
#
SET GLOBAL binlog_encryption= ON;
--let $assert_text= 'binlog_encryption is a dynamic variable'
--let $assert_cond= "[SELECT @@GLOBAL.binlog_encryption]" = "1"
--source include/assert.inc
#
# Valid values and Default value
#
SET GLOBAL binlog_encryption= OFF;
--let $assert_text= 'binlog_encryption should be OFF'
--let $assert_cond= "[SELECT @@GLOBAL.binlog_encryption]" = "0"
--source include/assert.inc
SET GLOBAL binlog_encryption= ON;
--let $assert_text= 'binlog_encryption should be ON'
--let $assert_cond= "[SELECT @@GLOBAL.binlog_encryption]" = "1"
--source include/assert.inc
SET GLOBAL binlog_encryption= 0;
--let $assert_text= 'binlog_encryption should be OFF'
--let $assert_cond= "[SELECT @@GLOBAL.binlog_encryption]" = "0"
--source include/assert.inc
SET GLOBAL binlog_encryption= 1;
--let $assert_text= 'binlog_encryption should be ON'
--let $assert_cond= "[SELECT @@GLOBAL.binlog_encryption]" = "1"
--source include/assert.inc
SET GLOBAL binlog_encryption= DEFAULT;
--let $assert_text= 'binlog_encryption should be OFF'
--let $assert_cond= "[SELECT @@GLOBAL.binlog_encryption]" = "0"
--source include/assert.inc
#
# Invalid values
#
--error ER_WRONG_VALUE_FOR_VAR
SET GLOBAL binlog_encryption= NULL;
--error ER_WRONG_VALUE_FOR_VAR
SET GLOBAL binlog_encryption= '';
--error ER_WRONG_VALUE_FOR_VAR
SET GLOBAL binlog_encryption= -1;
--error ER_WRONG_TYPE_FOR_VAR
SET GLOBAL binlog_encryption= 1.0;
--error ER_WRONG_VALUE_FOR_VAR
SET GLOBAL binlog_encryption= 'GARBAGE';
--error ER_WRONG_VALUE_FOR_VAR
SET GLOBAL binlog_encryption= 2;
--echo Expect value still set to "OFF"
SELECT @@global.binlog_encryption;
#
# Privileges
#
CREATE USER user1;
--connect(conn_user1,localhost,user1,,)
--Error ER_SPECIFIC_ACCESS_DENIED_ERROR
SET GLOBAL binlog_encryption=ON;
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
ALTER INSTANCE ROTATE BINLOG MASTER KEY;
--connection default
GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO user1@'%';
--connection conn_user1
# SYSTEM_VARIABLES_ADMIN is not enough
--Error ER_SPECIFIC_ACCESS_DENIED_ERROR
SET GLOBAL binlog_encryption=ON;
--error ER_SPECIFIC_ACCESS_DENIED_ERROR
ALTER INSTANCE ROTATE BINLOG MASTER KEY;
--connection default
GRANT BINLOG_ENCRYPTION_ADMIN ON *.* TO user1@'%';
--connection conn_user1
SET GLOBAL binlog_encryption=ON;
ALTER INSTANCE ROTATE BINLOG MASTER KEY;
--connection default
REVOKE SYSTEM_VARIABLES_ADMIN ON *.* FROM user1@'%';
--connection conn_user1
ALTER INSTANCE ROTATE BINLOG MASTER KEY;
# BINLOG_ENCRYPTION_ADMIN is not enough
--Error ER_SPECIFIC_ACCESS_DENIED_ERROR
SET GLOBAL binlog_encryption=OFF;
--connection default
REVOKE BINLOG_ENCRYPTION_ADMIN ON *.* FROM user1@'%';
--connection default
--disconnect conn_user1
DROP USER user1;
# Clean up
--disable_query_log
--eval SET GLOBAL binlog_encryption= $saved_binlog_encryption
--enable_query_log
--source suite/component_keyring_file/inc/teardown_component.inc