Merge pull request #686 from percona/pt-2247

Pt 2247
percona · May 21, 2024 · a74cf58 · a74cf58
2 parents afadcfa + f3f4943
commit a74cf58
Show file tree

Hide file tree

Showing 2 changed files with 107 additions and 7 deletions.
diff --git a/bin/pt-show-grants b/bin/pt-show-grants
@@ -2062,25 +2062,35 @@ sub main {
 
       # If MySQL 5.7.6+ then we need to use SHOW CREATE USER
       my @create_user;
-      if (( VersionCompare::cmp($version, '5.7.6') >= 0 ) &&
-          ( VersionCompare::cmp($version, '10.0.0') <= 0 )) {
+      if ( ( VersionCompare::cmp($version, '5.7.6') >= 0 ) ) {
          eval {
             @create_user = @{ $dbh->selectcol_arrayref("SHOW CREATE USER $user_host") };
          };
          if ( $EVAL_ERROR ) {
             PTDEBUG && _d($EVAL_ERROR);
             $exit_status = 1;
          }
-         PTDEBUG && _d('CreateUser:', Dumper(\@create_user));
-         # make this replication safe converting the CREATE USER into
-         # CREATE USER IF NOT EXISTS and then doing an ALTER USER
+         if ( $#create_user >= 0 ) {
+            PTDEBUG && _d('CREATE USER:', Dumper(\@create_user));
+
+            # Make this replication safe converting the CREATE USER into
+            # CREATE USER IF NOT EXISTS and then doing an ALTER USER
             my $create = $create_user[0];
             my $alter  = $create;
             $create =~ s{CREATE USER}{CREATE USER IF NOT EXISTS};
             $create =~ s{ IDENTIFIED .*}{};
             $alter  =~ s{CREATE USER}{ALTER USER};
+
+            # We need to cleanup MariaDB diversions
+            if ( ($version =~ m/MariaDB/) && $o->get('convert-MariaDB')){
+               $create =~ s{ AS.*PASSWORD }{ AS };
+               $create =~ s/IDENTIFIED.*USING.*unix_socket.*/IDENTIFIED WITH auth_socket/;
+               $create =~ s/IDENTIFIED AS/IDENTIFIED WITH mysql_native_password AS/;
+            }
+
             @create_user = ( $create, $alter );
-            PTDEBUG && _d('AdjustedCreateUser:', Dumper(\@create_user));
+            PTDEBUG && _d('Adjusted CREATE USER:', Dumper(\@create_user));
+         }
       }
       my @grants;
       eval {
@@ -2090,6 +2100,15 @@ sub main {
          PTDEBUG && _d($EVAL_ERROR);
          $exit_status = 1;
       }
+
+      # We need to remove password form the user grants when dump MariaDB
+      if ( $version =~ m/MariaDB/ ){
+         PTDEBUG && _d('Original Grants - MariaDB:', Dumper(\@grants));
+         for my $i (0 .. $#grants){
+            $grants[$i] =~ s{IDENTIFIED.*}{};
+         }
+      }
+
       PTDEBUG && _d('Grants:', Dumper(\@grants));
       next unless @grants;
 
@@ -2169,7 +2188,7 @@ sub main {
 
       if ( $o->get('drop') && !defined($u->{IsRole}) ) {
          print join("\n",
-            "DROP USER $user_host;",
+            "DROP USER IF EXISTS $user_host;",
             "DELETE FROM `mysql`.`user` WHERE `User`='$u->{User}' AND `Host`='$u->{Host}';",
             ), "\n";
       }
@@ -2456,6 +2475,10 @@ type: array
 
 Only show grants for this comma-separated list of users.
 
+=item --convert-MariaDB
+
+Convert proprietary MariaDB syntax into valid MySQL form
+
 =item --password
 
 short form: -p; type: string

diff --git a/t/pt-show-grants/pt-2247.t b/t/pt-show-grants/pt-2247.t
@@ -0,0 +1,77 @@
+#!/usr/bin/env perl
+
+BEGIN {
+   die "The PERCONA_TOOLKIT_BRANCH environment variable is not set.\n"
+      unless $ENV{PERCONA_TOOLKIT_BRANCH} && -d $ENV{PERCONA_TOOLKIT_BRANCH};
+   unshift @INC, "$ENV{PERCONA_TOOLKIT_BRANCH}/lib";
+};
+
+use strict;
+use warnings FATAL => 'all';
+use English qw(-no_match_vars);
+use Test::More;
+
+use PerconaTest;
+use Sandbox;
+use SqlModes;
+use VersionParser;
+require "$trunk/bin/pt-show-grants";
+
+my $dp = new DSNParser(opts=>$dsn_opts);
+my $sb = new Sandbox(basedir => '/tmp', DSNParser => $dp);
+my $dbh = $sb->get_dbh_for('master');
+
+if ( !$dbh ) {
+   plan skip_all => 'Cannot connect to sandbox master';
+}
+
+if ( VersionParser->new($dbh)->flavor !~ m/maria/i ) {
+   plan skip_all => "This test requires MariaDB";
+}
+
+$sb->wipe_clean($dbh);
+
+my $output;
+my $cnf = '/tmp/12345/my.sandbox.cnf';
+
+diag(`/tmp/12345/use -u root -e "CREATE USER 'sally'\@'%' IDENTIFIED BY 'A005?>6LZe1'"`);
+
+ok(
+   `/tmp/12345/use -s -u sally -p'A005?>6LZe1' -e "SELECT 1" 2>/dev/null`,
+   'User sally can log in before tests'
+);
+
+$output = output(
+   sub { pt_show_grants::main('-F', $cnf, qw(--only sally)); }
+);
+
+like(
+   $output,
+   qr/CREATE USER IF NOT EXISTS `sally`@`%`;/,
+   'CREATE USER printed'
+) or diag($output);
+
+like(
+   $output,
+   qr/ALTER USER `sally`@`%` IDENTIFIED BY PASSWORD '\*A5C09B5E9542E3C716E3E0A711336D9ABB48D89F';/,
+   'ALTER USER printed'
+) or diag($output);
+
+diag(`/tmp/12345/use -u root -e "DROP USER 'sally'\@'%'"`);
+open(my $pipe, '|-', '/tmp/12345/use -u root');
+print $pipe $output;
+close($pipe);
+
+ok(
+   `/tmp/12345/use -s -u sally -p'A005?>6LZe1' -e "SELECT 1" 2>/dev/null`,
+   'User sally can log in'
+) or diag($output);
+
+diag(`/tmp/12345/use -u root -e "DROP USER 'sally'\@'%'"`);
+
+# #############################################################################
+# Done.
+# #############################################################################
+$sb->wipe_clean($dbh);
+ok($sb->ok(), "Sandbox servers") or BAIL_OUT(__FILE__ . " broke the sandbox");
+done_testing;