WL#10886 : Add/Extend mtr tests for Replication/GR for roles

This patch implements tests to:
1. Verify that ROLES are replicated successfully.
2. Verify that ROLES on replication users used in 'CHANGE MASTER TO'
   work as expected for RPL/GR.
3. Verify that Activating the role by 'ALTER USER' is successful on
   both master/slave and GR members.
4. Verify execution of GR/RPL commands is successful by the user when
   different privileges are granted by roles.

Author: Deepthi ES

mysql-test/suite/rpl/r/rpl_roles.result

@@ -19,6 +19,7 @@ FROM_HOST	FROM_USER	TO_HOST	TO_USER	WITH_ADMIN_OPTION
 %	r1	%	r2	N
 %	r2	localhost	u1	N
 %	r3	localhost	u1	N
+[connection master]
 REVOKE r3 FROM u1@localhost;
 ALTER USER u1@localhost DEFAULT ROLE r1;
 include/sync_slave_sql_with_master.inc
@@ -29,6 +30,7 @@ SELECT * FROM mysql.role_edges;
 FROM_HOST	FROM_USER	TO_HOST	TO_USER	WITH_ADMIN_OPTION
 %	r1	%	r2	N
 %	r2	localhost	u1	N
+[connection master]
 ALTER USER u1@localhost DEFAULT ROLE NONE;
 include/sync_slave_sql_with_master.inc
 SELECT * FROM mysql.default_roles;
@@ -37,15 +39,52 @@ SELECT * FROM mysql.role_edges;
 FROM_HOST	FROM_USER	TO_HOST	TO_USER	WITH_ADMIN_OPTION
 %	r1	%	r2	N
 %	r2	localhost	u1	N
+[connection master]
 REVOKE r1 FROM r2;
 include/sync_slave_sql_with_master.inc
 SELECT * FROM mysql.default_roles;
 HOST	USER	DEFAULT_ROLE_HOST	DEFAULT_ROLE_USER
 SELECT * FROM mysql.role_edges;
 FROM_HOST	FROM_USER	TO_HOST	TO_USER	WITH_ADMIN_OPTION
 %	r2	localhost	u1	N
+include/stop_slave.inc
+set sql_log_bin=0;
+call mtr.add_suppression(".*Slave I/O for channel '': Master command COM_REGISTER_SLAVE failed.*");
+call mtr.add_suppression(".*Slave I/O thread couldn't register on master");
+set sql_log_bin=1;
+[connection master]
+CREATE ROLE r4;
+GRANT REPLICATION SLAVE ON *.* TO r4;
+GRANT r4 to u1@localhost;
+SELECT * FROM mysql.default_roles;
+HOST	USER	DEFAULT_ROLE_HOST	DEFAULT_ROLE_USER
+SELECT * FROM mysql.role_edges;
+FROM_HOST	FROM_USER	TO_HOST	TO_USER	WITH_ADMIN_OPTION
+%	r2	localhost	u1	N
+%	r4	localhost	u1	N
+[connection slave]
+CHANGE MASTER TO MASTER_USER='u1';
+Warnings:
+Note	1759	Sending passwords in plain text without SSL/TLS is extremely insecure.
+Note	1760	Storing MySQL user name or password information in the master info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the 'START SLAVE Syntax' in the MySQL Manual for more information.
+START SLAVE;
+include/wait_for_slave_io_error.inc [errno=1597]
+[connection master]
+ALTER USER u1@localhost DEFAULT ROLE ALL;
+SELECT * FROM mysql.default_roles;
+HOST	USER	DEFAULT_ROLE_HOST	DEFAULT_ROLE_USER
+localhost	u1	%	r2
+localhost	u1	%	r4
+SELECT * FROM mysql.role_edges;
+FROM_HOST	FROM_USER	TO_HOST	TO_USER	WITH_ADMIN_OPTION
+%	r2	localhost	u1	N
+%	r4	localhost	u1	N
+[connection slave]
+START SLAVE IO_THREAD;
+include/wait_for_slave_io_to_start.inc
 # Cleanup Statement
-DROP ROLE r1, r2, r3;
+[connection master]
+DROP ROLE r1, r2, r3,r4;
 DROP USER u1@localhost;
 include/sync_slave_sql_with_master.inc
 SELECT * FROM mysql.default_roles;
@@ -64,6 +103,10 @@ slave-bin.000001	#	Query	#	#	use `test`; REVOKE r3 FROM u1@localhost
 slave-bin.000001	#	Query	#	#	use `test`; ALTER USER u1@localhost DEFAULT ROLE r1
 slave-bin.000001	#	Query	#	#	use `test`; ALTER USER u1@localhost DEFAULT ROLE NONE
 slave-bin.000001	#	Query	#	#	use `test`; REVOKE r1 FROM r2
-slave-bin.000001	#	Query	#	#	use `test`; DROP ROLE r1, r2, r3
+slave-bin.000001	#	Query	#	#	use `test`; CREATE ROLE r4
+slave-bin.000001	#	Query	#	#	use `test`; GRANT REPLICATION SLAVE ON *.* TO 'r4'@'%'
+slave-bin.000001	#	Query	#	#	use `test`; GRANT r4 to u1@localhost
+slave-bin.000001	#	Query	#	#	use `test`; ALTER USER u1@localhost DEFAULT ROLE ALL
+slave-bin.000001	#	Query	#	#	use `test`; DROP ROLE r1, r2, r3,r4
 slave-bin.000001	#	Query	#	#	use `test`; DROP USER u1@localhost
 include/rpl_end.inc

mysql-test/suite/rpl/t/rpl_roles.test

@@ -6,11 +6,13 @@
 # Creation:                                                          #
 # 2016-08-26 prabprad Added this test as part of WL#988 Roles        #
 #                                                                    #
+# WL#10886 : Add/Extend mtr tests for Replication/GR for roles       #
+# This test was extended to verify starting of replication           #
+# by using roles to grant privileges to user.                        #
 ######################################################################
 
 --source include/master-slave.inc
 # Create roles, user and role hierarchy on master
---connection master
 CREATE ROLE r1, r2, r3;
 CREATE USER u1@localhost;
 GRANT r1 TO r2;
@@ -25,40 +27,70 @@ ALTER USER u1@localhost DEFAULT ROLE ALL;
 # All the operations done in master will affect the
 # mysql.roles_edges and mysql.default_roles table only.
 # Hence only this table is checked on slave.
---connection slave
 SELECT * FROM mysql.default_roles;
 SELECT * FROM mysql.role_edges;
---connection master
+--source include/rpl_connection_master.inc
 REVOKE r3 FROM u1@localhost;
 ALTER USER u1@localhost DEFAULT ROLE r1;
 --source include/sync_slave_sql_with_master.inc
---connection slave
 SELECT * FROM mysql.default_roles;
 SELECT * FROM mysql.role_edges;
---connection master
+--source include/rpl_connection_master.inc
 ALTER USER u1@localhost DEFAULT ROLE NONE;
 --source include/sync_slave_sql_with_master.inc
---connection slave
 SELECT * FROM mysql.default_roles;
 SELECT * FROM mysql.role_edges;
---connection master
+--source include/rpl_connection_master.inc
 REVOKE r1 FROM r2;
 --source include/sync_slave_sql_with_master.inc
---connection slave
 SELECT * FROM mysql.default_roles;
 SELECT * FROM mysql.role_edges;
 
---echo # Cleanup Statement
---connection master
-DROP ROLE r1, r2, r3;
-DROP USER u1@localhost;
---source include/sync_slave_sql_with_master.inc
+# Start replication by using roles to grant priviliges to user
+# STOP SLAVE
+--source include/stop_slave.inc
+set sql_log_bin=0;
+call mtr.add_suppression(".*Slave I/O for channel '': Master command COM_REGISTER_SLAVE failed.*");
+call mtr.add_suppression(".*Slave I/O thread couldn't register on master");
+set sql_log_bin=1;
+
+# Create role,user on master for replication
+--source include/rpl_connection_master.inc
+CREATE ROLE r4;
+GRANT REPLICATION SLAVE ON *.* TO r4;
+GRANT r4 to u1@localhost;
 SELECT * FROM mysql.default_roles;
 SELECT * FROM mysql.role_edges;
-source include/show_binlog_events.inc;
---source include/rpl_end.inc
 
+--source include/rpl_connection_slave.inc
+CHANGE MASTER TO MASTER_USER='u1';
+START SLAVE;
+
+# Wait until IO_THREAD is inactive
+--let $wait_condition=SELECT COUNT(*)=1 FROM performance_schema.replication_connection_status WHERE service_state='OFF'
+--source include/wait_condition_or_abort.inc
 
+# Error ER_SLAVE_MASTER_COM_FAILURE as user 'u1' doesn't have REPLICATION SLAVE privilege
+--let $slave_io_errno=convert_error(ER_SLAVE_MASTER_COM_FAILURE)
+--source include/wait_for_slave_io_error.inc
+
+# Enable role 'r4' for user 'u1'
+--source include/rpl_connection_master.inc
+ALTER USER u1@localhost DEFAULT ROLE ALL;
+SELECT * FROM mysql.default_roles;
+SELECT * FROM mysql.role_edges;
 
+--source include/rpl_connection_slave.inc
+START SLAVE IO_THREAD;
+--source include/wait_for_slave_io_to_start.inc
 
+--echo # Cleanup Statement
+--source include/rpl_connection_master.inc
+DROP ROLE r1, r2, r3,r4;
+DROP USER u1@localhost;
+--source include/sync_slave_sql_with_master.inc
+SELECT * FROM mysql.default_roles;
+SELECT * FROM mysql.role_edges;
+source include/show_binlog_events.inc;
 
+--source include/rpl_end.inc

rapid/plugin/group_replication/tests/mtr/r/gr_roles.result

@@ -0,0 +1,88 @@
+include/group_replication.inc [rpl_server_count=2]
+Warnings:
+Note	####	Sending passwords in plain text without SSL/TLS is extremely insecure.
+Note	####	Storing MySQL user name or password information in the master info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the 'START SLAVE Syntax' in the MySQL Manual for more information.
+[connection server1]
+CREATE ROLE 'gr_user','gr_recovery_user';
+GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO 'gr_user';
+GRANT REPLICATION SLAVE ON *.* TO 'gr_recovery_user';
+CREATE USER 'alpha' IDENTIFIED BY 'alpha';
+GRANT gr_user TO alpha;
+# Check that 'gr_user' role is assigned to 'alpha' user
+[connection alpha]
+ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation
+SET GLOBAL group_replication_bootstrap_group= 1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation
+START GROUP_REPLICATION;
+ERROR 42000: Access denied; you need (at least one of) the SUPER or GROUP_REPLICATION_ADMIN privilege(s) for this operation
+[connection server1]
+ALTER USER alpha DEFAULT ROLE 'gr_user';
+# Check that 'gr_user' role is enabled for 'alpha' user
+[connection alpha]
+SELECT CURRENT_ROLE();
+CURRENT_ROLE()
+`gr_user`@`%`
+SET GLOBAL group_replication_group_name= "GROUP_REPLICATION_GROUP_NAME";
+SET GLOBAL group_replication_bootstrap_group= 1;
+START GROUP_REPLICATION;
+ERROR 42000: Access denied; you need (at least one of) the SUPER or GROUP_REPLICATION_ADMIN privilege(s) for this operation
+[connection server1]
+GRANT GROUP_REPLICATION_ADMIN ON *.* TO 'gr_user';
+[connection alpha]
+START GROUP_REPLICATION;
+SET GLOBAL group_replication_bootstrap_group= 0;
+[connection server1]
+# Wait until server1 is ONLINE
+[connection server2]
+set sql_log_bin=0;
+call mtr.add_suppression(".*Slave I/O for channel 'group_replication_recovery': Master command COM_REGISTER_SLAVE failed.*");
+call mtr.add_suppression(".*Slave I/O thread couldn't register on master");
+set sql_log_bin=1;
+SET GLOBAL group_replication_group_name= "GROUP_REPLICATION_GROUP_NAME";
+CHANGE MASTER TO MASTER_USER='alpha', MASTER_PASSWORD='alpha' FOR CHANNEL 'group_replication_recovery';
+Warnings:
+Note	1759	Sending passwords in plain text without SSL/TLS is extremely insecure.
+Note	1760	Storing MySQL user name or password information in the master info repository is not secure and is therefore not recommended. Please consider using the USER and PASSWORD connection options for START SLAVE; see the 'START SLAVE Syntax' in the MySQL Manual for more information.
+START GROUP_REPLICATION;
+Pattern found.
+Pattern found.
+include/stop_group_replication.inc
+[connection server1]
+GRANT gr_recovery_user TO alpha;
+ALTER USER alpha DEFAULT ROLE ALL;
+# Check that all roles assigned to 'alpha' user are enabled
+SELECT DEFAULT_ROLE_USER FROM mysql.default_roles WHERE USER='alpha';
+DEFAULT_ROLE_USER
+gr_recovery_user
+gr_user
+SELECT FROM_USER FROM mysql.role_edges WHERE TO_USER='alpha';
+FROM_USER
+gr_recovery_user
+gr_user
+[connection alpha]
+SELECT CURRENT_ROLE();
+CURRENT_ROLE()
+`gr_recovery_user`@`%`,`gr_user`@`%`
+SHOW GRANTS;
+Grants for alpha@%
+GRANT REPLICATION SLAVE ON *.* TO `alpha`@`%`
+GRANT GROUP_REPLICATION_ADMIN,SYSTEM_VARIABLES_ADMIN ON *.* TO `alpha`@`%`
+GRANT `gr_recovery_user`@`%`,`gr_user`@`%` TO `alpha`@`%`
+CREATE DATABASE newtest;
+ERROR 42000: Access denied for user 'alpha'@'%' to database 'newtest'
+[connection server2]
+START GROUP_REPLICATION;
+GRANT ALL ON newtest.* TO gr_recovery_user;
+[connection alpha]
+CREATE DATABASE newtest;
+use newtest;
+CREATE TABLE t1(a INT PRIMARY KEY);
+INSERT INTO t1 VALUES (1),(2);
+UPDATE t1 SET a=4 WHERE a=1;
+DELETE FROM t1;
+[connection server2]
+DROP TABLE newtest.t1;
+DROP DATABASE newtest;
+DROP ROLE gr_user, gr_recovery_user;
+DROP USER alpha;
+include/group_replication_end.inc