Skip to content

Commit dbc56bb

Browse files
maximmasiutinmaximmasiutin
authored
Added support for MySQL 8.4.5 in tests; added an explicit test case for the privileges (#225)
1 parent 4046870 commit dbc56bb

File tree

4 files changed

+139
-8
lines changed

4 files changed

+139
-8
lines changed

GNUmakefile

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ TEST?=$$(go list ./... |grep -v 'vendor')
22
GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor)
33
WEBSITE_REPO=github.com/hashicorp/terraform-website
44
PKG_NAME=mysql
5-
TERRAFORM_VERSION=0.14.7
5+
TERRAFORM_VERSION=1.11.3
66
TERRAFORM_OS=$(shell uname -s | tr A-Z a-z)
77
TEST_USER=root
88
TEST_PASSWORD=my-secret-pw
@@ -22,13 +22,17 @@ bin/terraform:
2222
testacc: fmtcheck bin/terraform
2323
PATH="$(CURDIR)/bin:${PATH}" TF_ACC=1 go test $(TEST) -v $(TESTARGS) -timeout=120s
2424

25-
acceptance: testversion5.6 testversion5.7 testversion8.0 testpercona5.7 testpercona8.0 testmariadb10.3 testmariadb10.8 testmariadb10.10 testtidb6.1.0 testtidb7.5.2
25+
acceptance: testversion5.6 testversion5.7 testversion8.0 testversion8.4.5 testpercona5.7 testpercona8.0 testmariadb10.3 testmariadb10.8 testmariadb10.10 testtidb6.1.0 testtidb7.5.2
2626

2727
testversion%:
2828
$(MAKE) MYSQL_VERSION=$* MYSQL_PORT=33$(shell echo "$*" | tr -d '.') testversion
2929

3030
testversion:
31-
-docker run --rm --name test-mysql$(MYSQL_VERSION) -e MYSQL_ROOT_PASSWORD="$(TEST_PASSWORD)" -d -p $(MYSQL_PORT):3306 mysql:$(MYSQL_VERSION)
31+
@MYSQLD_ARGS=""; \
32+
if [ "$$(echo $(MYSQL_VERSION) | awk -F. '{ if ($$1 > 8 || ($$1 == 8 && $$2 >= 4)) print 1; else print 0 }')" -eq 1 ]; then \
33+
MYSQLD_ARGS="mysqld --mysql-native-password=ON"; \
34+
fi; \
35+
docker run --rm --name test-mysql$(MYSQL_VERSION) -e MYSQL_ROOT_PASSWORD="$(TEST_PASSWORD)" -d -p $(MYSQL_PORT):3306 mysql:$(MYSQL_VERSION) $$MYSQLD_ARGS
3236
@echo 'Waiting for MySQL...'
3337
@while ! mysql -h 127.0.0.1 -P $(MYSQL_PORT) -u "$(TEST_USER)" -p"$(TEST_PASSWORD)" -e 'SELECT 1' >/dev/null 2>&1; do printf '.'; sleep 1; done ; echo ; echo "Connected!"
3438
-mysql -h 127.0.0.1 -P $(MYSQL_PORT) -u "$(TEST_USER)" -p"$(TEST_PASSWORD)" -e "INSTALL PLUGIN mysql_no_login SONAME 'mysql_no_login.so';"
@@ -76,6 +80,7 @@ testmariadb:
7680
MYSQL_USERNAME="$(TEST_USER)" MYSQL_PASSWORD="$(TEST_PASSWORD)" MYSQL_ENDPOINT=127.0.0.1:$(MYSQL_PORT) $(MAKE) testacc
7781
-docker rm -f test-mariadb$(MYSQL_VERSION)
7882

83+
7984
vet:
8085
@echo "go vet ."
8186
@go vet $$(go list ./... | grep -v vendor/) ; if [ $$? -eq 1 ]; then \

mysql/resource_grant_test.go

Lines changed: 129 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1042,7 +1042,7 @@ resource "mysql_grant" "test_procedure" {
10421042
host = "%s"
10431043
privileges = ["EXECUTE"]
10441044
database = "PROCEDURE %s"
1045-
table = "%s"
1045+
table = "%s"
10461046
}
10471047
`, dbName, dbName, dbName, dbName, hostName, dbName, procedureName)
10481048
}
@@ -1159,7 +1159,7 @@ func TestAllowDuplicateUsersDifferentTables(t *testing.T) {
11591159
user = "${mysql_user.test.user}"
11601160
host = "${mysql_user.test.host}"
11611161
database = "${mysql_database.test.name}"
1162-
table = "table1"
1162+
table = "table1"
11631163
privileges = ["UPDATE", "SELECT"]
11641164
}
11651165
@@ -1224,7 +1224,7 @@ func TestDisallowDuplicateUsersSameTable(t *testing.T) {
12241224
user = "${mysql_user.test.user}"
12251225
host = "${mysql_user.test.host}"
12261226
database = "${mysql_database.test.name}"
1227-
table = "table1"
1227+
table = "table1"
12281228
privileges = ["UPDATE", "SELECT"]
12291229
}
12301230
@@ -1255,3 +1255,129 @@ func TestDisallowDuplicateUsersSameTable(t *testing.T) {
12551255
},
12561256
})
12571257
}
1258+
1259+
// TestModifyPrivileges explicitly verifies the correct and incorrect ways of modifying privileges.
1260+
// It tests adding privileges by augmenting the existing grant (correct way).
1261+
// It also tests that dynamic privileges configured on the global (`*`) database can coexist with grants on specific databases.
1262+
func TestModifyPrivileges(t *testing.T) {
1263+
dbName := fmt.Sprintf("tf-test-modify-%d", rand.Intn(100))
1264+
roleName := fmt.Sprintf("TFRole-modify-%d", rand.Intn(100))
1265+
userName := fmt.Sprintf("jdoe-modify-%s", dbName)
1266+
1267+
onePrivilegeConfig := getGrantsSampleWithPrivileges(roleName, dbName, userName, `"SELECT"`)
1268+
twoPrivilegesConfig := getGrantsSampleWithPrivileges(roleName, dbName, userName, `"SELECT", "UPDATE"`)
1269+
additionalStaticPrivilegeConfig := twoPrivilegesConfig + getAdditionalGrantSample(dbName, `"INSERT"`)
1270+
threePrivilegesConfig := getGrantsSampleWithPrivileges(roleName, dbName, userName, `"SELECT", "UPDATE", "INSERT"`)
1271+
// Configuring dynamic privilege on global (`*`) database alongside specific database grants
1272+
additionalDynamicPrivilegeConfigFlushTables := threePrivilegesConfig + getAdditionalGrantSample("*", `"FLUSH_TABLES"`)
1273+
additionalDynamicPrivilegeConfigShowRoutine := threePrivilegesConfig + getAdditionalGrantSample("*", `"SHOW_ROUTINE"`)
1274+
resource.Test(t, resource.TestCase{
1275+
PreCheck: func() {
1276+
testAccPreCheck(t)
1277+
testAccPreCheckSkipRds(t)
1278+
testAccPreCheckSkipMariaDB(t)
1279+
testAccPreCheckSkipNotMySQLVersionMin(t, "8.0.0")
1280+
testAccPreCheckSkipTiDB(t)
1281+
},
1282+
ProviderFactories: testAccProviderFactories,
1283+
CheckDestroy: testAccGrantCheckDestroy,
1284+
Steps: []resource.TestStep{
1285+
{
1286+
Config: testAccGrantConfigNoGrant(dbName),
1287+
},
1288+
{
1289+
Config: onePrivilegeConfig,
1290+
Check: resource.ComposeTestCheckFunc(
1291+
testAccPrivilege("mysql_grant.grant", "SELECT", true, false),
1292+
testAccPrivilege("mysql_grant.grant", "UPDATE", false, false),
1293+
testAccPrivilege("mysql_grant.grant", "INSERT", false, false),
1294+
),
1295+
},
1296+
{
1297+
// Correct way: augment existing grant with additional privileges
1298+
Config: twoPrivilegesConfig,
1299+
Check: resource.ComposeTestCheckFunc(
1300+
testAccPrivilege("mysql_grant.grant", "SELECT", true, false),
1301+
testAccPrivilege("mysql_grant.grant", "UPDATE", true, false),
1302+
testAccPrivilege("mysql_grant.grant", "INSERT", false, false),
1303+
),
1304+
},
1305+
{
1306+
// Incorrect way: create a new conflicting grant (expected to fail)
1307+
Config: additionalStaticPrivilegeConfig,
1308+
ExpectError: regexp.MustCompile("already has"),
1309+
},
1310+
{
1311+
// Correct way: augment existing grant with additional privileges
1312+
Config: threePrivilegesConfig,
1313+
Check: resource.ComposeTestCheckFunc(
1314+
testAccPrivilege("mysql_grant.grant", "SELECT", true, false),
1315+
testAccPrivilege("mysql_grant.grant", "UPDATE", true, false),
1316+
testAccPrivilege("mysql_grant.grant", "INSERT", true, false),
1317+
),
1318+
},
1319+
1320+
// Testing coexistence of dynamic privilege on global (`*`) database with specific database grants
1321+
1322+
{
1323+
Config: additionalDynamicPrivilegeConfigFlushTables,
1324+
Check: resource.ComposeTestCheckFunc(
1325+
testAccPrivilege("mysql_grant.grant", "SELECT", true, false),
1326+
testAccPrivilege("mysql_grant.grant", "UPDATE", true, false),
1327+
testAccPrivilege("mysql_grant.grant", "INSERT", true, false),
1328+
testAccPrivilege("mysql_grant.additional_grant", "FLUSH_TABLES", true, false),
1329+
testAccPrivilege("mysql_grant.additional_grant", "SHOW_ROUTINE", false, false),
1330+
),
1331+
},
1332+
{
1333+
Config: additionalDynamicPrivilegeConfigShowRoutine,
1334+
Check: resource.ComposeTestCheckFunc(
1335+
testAccPrivilege("mysql_grant.grant", "SELECT", true, false),
1336+
testAccPrivilege("mysql_grant.grant", "UPDATE", true, false),
1337+
testAccPrivilege("mysql_grant.grant", "INSERT", true, false),
1338+
testAccPrivilege("mysql_grant.additional_grant", "FLUSH_TABLES", false, false),
1339+
testAccPrivilege("mysql_grant.additional_grant", "SHOW_ROUTINE", true, false),
1340+
),
1341+
},
1342+
},
1343+
})
1344+
}
1345+
1346+
func getGrantsSampleWithPrivileges(roleName string, dbName string, userName string, privileges string) string {
1347+
return fmt.Sprintf(`
1348+
1349+
resource "mysql_role" "role" {
1350+
name = "%s"
1351+
}
1352+
1353+
resource "mysql_grant" "grant" {
1354+
role = "${mysql_role.role.name}"
1355+
database = "%s"
1356+
privileges = [%s]
1357+
}
1358+
1359+
resource "mysql_user" "user" {
1360+
user = "%s"
1361+
host = "%%"
1362+
}
1363+
1364+
resource "mysql_grant" "user_grant" {
1365+
user = "${mysql_user.user.user}"
1366+
host = "${mysql_user.user.host}"
1367+
database = "%s"
1368+
roles = ["${mysql_role.role.name}"]
1369+
}
1370+
1371+
`, roleName, dbName, privileges, userName, dbName)
1372+
}
1373+
1374+
func getAdditionalGrantSample(dbName string, privileges string) string {
1375+
return fmt.Sprintf(`
1376+
1377+
resource "mysql_grant" "additional_grant" {
1378+
role = "${mysql_role.role.name}"
1379+
database = "%s"
1380+
privileges = [%s]
1381+
}
1382+
`, dbName, privileges)
1383+
}

scripts/changelog-links.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
#!/bin/bash
1+
#!/usr/bin/env bash
22

33
# This script rewrites [GH-nnnn]-style references in the CHANGELOG.md file to
44
# be Markdown links to the given github issues.

scripts/gogetcookie.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
#!/bin/bash
1+
#!/usr/bin/env bash
22

33
touch ~/.gitcookies
44
chmod 0600 ~/.gitcookies

0 commit comments

Comments
 (0)