diff options
Diffstat (limited to 'mysql-test/suite/binlog_encryption/encrypted_master_switch_to_unencrypted_coords.test')
-rw-r--r-- | mysql-test/suite/binlog_encryption/encrypted_master_switch_to_unencrypted_coords.test | 166 |
1 files changed, 166 insertions, 0 deletions
diff --git a/mysql-test/suite/binlog_encryption/encrypted_master_switch_to_unencrypted_coords.test b/mysql-test/suite/binlog_encryption/encrypted_master_switch_to_unencrypted_coords.test new file mode 100644 index 00000000000..e05994f1943 --- /dev/null +++ b/mysql-test/suite/binlog_encryption/encrypted_master_switch_to_unencrypted_coords.test @@ -0,0 +1,166 @@ +# +# The test starts with unencrypted master. +# It stops replication, generates a few statement and row events +# on the master, then restarts the server with encrypted binlog, +# generates some more events and restarts it back without encryption +# (no encryption plugin). +# Then it resumes replication and should error with +# ER_MASTER_FATAL_ERROR_READING_BINLOG because the encrypted binlog is +# sent and unable to be decrypted. +# +# Note this variation of encrypted_master_switch_to_unencrypted tests +# using MASTER_USE_GTID=NO. In contrast to the GTID variant of this +# test, at part 3 (the error case), the master will scan binlogs +# starting from the first one (which is unencrypted initially, so +# replication is okay) and continue until the slave encounters the +# first encrypted event, which causes the slave to error. +# + +--source include/have_binlog_format_mixed.inc + +--echo ################# +--echo # Initialization +--echo ################# + +--let $rpl_topology= 1->2 +--source include/rpl_init.inc + +--connection server_2 +--source include/stop_slave.inc +CHANGE MASTER TO MASTER_USE_GTID=NO; +--source include/start_slave.inc + +--connection server_1 + +--enable_connect_log + +# We stop replication because we want it to happen after the switch + +--connection server_2 +--disable_connect_log +--source include/stop_slave.inc +CHANGE MASTER TO MASTER_USE_GTID=NO; +--enable_connect_log + +--echo ##################################################### +--echo # Part 1: unencrypted master +--echo ##################################################### + +--connection server_1 + +call mtr.add_suppression("Got fatal error 1236 from master when reading data from binary log: 'Could not decrypt binlog: encryption key error;"); + +CREATE TABLE table1_no_encryption ( + pk INT AUTO_INCREMENT PRIMARY KEY, + ts TIMESTAMP NULL, + b BLOB +) ENGINE=MyISAM; + +INSERT INTO table1_no_encryption VALUES (NULL,NOW(),'data_no_encryption'); +INSERT INTO table1_no_encryption SELECT NULL,NOW(),b FROM table1_no_encryption; +FLUSH BINARY LOGS; +SET binlog_format=ROW; +INSERT INTO table1_no_encryption SELECT NULL,NOW(),b FROM table1_no_encryption; +INSERT INTO table1_no_encryption SELECT NULL,NOW(),b FROM table1_no_encryption; + +# Make sure that binary logs are not encrypted + +--let SEARCH_RANGE = 500000 +--let SEARCH_FILE= master-bin.0* +--let SEARCH_PATTERN= table1_no_encryption +--source include/search_pattern_in_file.inc + +# We are storing the position now, because up to this point the slave +# should be able to synchronize with master +--save_master_pos + +--echo ##################################################### +--echo # Part 2: restart master, now with binlog encryption +--echo ##################################################### + +--let $rpl_server_parameters= --encrypt-binlog=1 --plugin-load-add=file_key_management --file-key-management --loose-file-key-management-filename=$MYSQL_TEST_DIR/std_data/keys.txt + +--let $rpl_server_number= 1 +--source restart_server.inc + +CREATE TABLE table2_to_encrypt ( + pk INT AUTO_INCREMENT PRIMARY KEY, + ts TIMESTAMP NULL, + b BLOB +) ENGINE=MyISAM; + +INSERT INTO table2_to_encrypt VALUES (NULL,NOW(),'data_to_encrypt'); +INSERT INTO table2_to_encrypt SELECT NULL,NOW(),b FROM table2_to_encrypt; +FLUSH BINARY LOGS; +SET binlog_format=ROW; +INSERT INTO table2_to_encrypt SELECT NULL,NOW(),b FROM table2_to_encrypt; +INSERT INTO table2_to_encrypt SELECT NULL,NOW(),b FROM table2_to_encrypt; + +# Make sure that binary logs are encrypted + +--let SEARCH_FILE= master-bin.0* +--let SEARCH_PATTERN= table2_to_encrypt +--source include/search_pattern_in_file.inc + +--echo ##################################################### +--echo # Part 3: restart master again without encryption +--echo ##################################################### + +--let $rpl_server_parameters= --encrypt-binlog=0 +--let $rpl_server_number= 1 +--source restart_server.inc + +CREATE TABLE table3_no_encryption ( + pk INT AUTO_INCREMENT PRIMARY KEY, + ts TIMESTAMP NULL, + b BLOB +) ENGINE=MyISAM; + +INSERT INTO table3_no_encryption VALUES (NULL,NOW(),'data_no_encryption'); +INSERT INTO table3_no_encryption SELECT NULL,NOW(),b FROM table3_no_encryption; +INSERT INTO table3_no_encryption SELECT NULL,NOW(),b FROM table3_no_encryption; + +--echo ##################################################### +--echo # Check: resume replication and check how it goes +--echo ##################################################### + +--connection server_2 +start slave; +# The slave should be able to synchronize with master up to +# the previously saved position (when the log was still unencrypted) +--sync_with_master + +--connection server_1 +# Now save the current position and make slave to try to syncrhonize. +# It shouldn't work, the slave IO thread is expected to abort with an error +--save_master_pos + +--connection server_2 +--let slave_io_errno=1236 +--source include/wait_for_slave_io_error.inc + +--sorted_result +SHOW TABLES; + +--disable_connect_log +--source include/stop_slave.inc +--enable_connect_log +--let $master_use_gtid_option= No +--source include/reset_slave.inc + +--echo ########## +--echo # Cleanup +--echo ########## + +--connection server_1 +reset master; + +SELECT COUNT(*) FROM table1_no_encryption; +SELECT COUNT(*) FROM table2_to_encrypt; +SELECT COUNT(*) FROM table3_no_encryption; +DROP TABLE table1_no_encryption, table2_to_encrypt, table3_no_encryption; + +--connection server_2 +--disable_connect_log +--source include/start_slave.inc +--source include/rpl_end.inc |