Turn on tests in CI dimension for mySQL (#1063)

We've recently resolved missing symbols and gaps for mySQL. This turns
on running unit tests with MySQL/AWS-LC.

tests/ci/cdk/cdk/codebuild/github_ci_integration_omnibus.yaml

@@ -35,8 +35,7 @@ batch:
         compute-type: BUILD_GENERAL1_MEDIUM
         image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-22.04_gcc-12x_latest
 
-    # Only runs the build for now, tests are disabled. MySQL build is bloated without any obvious build configurations we can
-    # use to speed up the build, so we use a larger instance here.
+    # MySQL build is bloated without any obvious build configurations we can use to speed up the build, so we use a larger instance here.
     - identifier: mysql_integration
       buildspec: tests/ci/codebuild/common/run_simple_target.yml
       env:

tests/ci/docker_images/linux-x86/ubuntu-22.04_base/Dockerfile

@@ -40,6 +40,7 @@ RUN set -ex && \
     llvm-dev \
     libicu-dev \
     libipc-run-perl \
+    libjson-perl \
     libpcre2-dev \
     libreadline-dev \
     libudev-dev \
@@ -63,7 +64,6 @@ RUN set -ex && \
     # Download a copy of LLVM's libcxx which is required for building and running with Memory Sanitizer
     git clone https://github.com/llvm/llvm-project.git --branch llvmorg-11.1.0  --depth 1 && \
     cd llvm-project && rm -rf $(ls -A | grep -Ev "(libcxx|libcxxabi)") && \
-    apt-get --purge remove -y unzip && \
     apt-get autoremove --purge -y && \
     apt-get clean && \
     apt-get autoclean && \

tests/ci/integration/mysql_patch/test_wl13075-off.patch

@@ -0,0 +1,32 @@
+diff --git a/testclients/mysql_client_test.cc b/testclients/mysql_client_test.cc
+index f1e6744b..26021419 100644
+--- a/testclients/mysql_client_test.cc
++++ b/testclients/mysql_client_test.cc
+@@ -23050,6 +23050,9 @@ static void test_bug32915973() {
+   mysql_stmt_close(stmt);
+ }
+
++/* This test uses stateful session resumption, which is not supported in AWS-LC. */
++#if !defined (OPENSSL_IS_AWSLC)
++
+ static void test_wl13075() {
+   int rc;
+   myheader("test_wl13075");
+@@ -23182,6 +23185,7 @@ static void test_wl13075() {
+     DIE_UNLESS(ret_ses_data == nullptr);
+   }
+ }
++#endif
+
+ static void finish_with_error(MYSQL *con) {
+   fprintf(stderr, "[%i] %s\n", mysql_errno(con), mysql_error(con));
+@@ -23841,7 +23845,9 @@ static struct my_tests_st my_tests[] = {
+     {"test_bug32892045", test_bug32892045},
+     {"test_bug33164347", test_bug33164347},
+     {"test_bug32915973", test_bug32915973},
++#if !defined (OPENSSL_IS_AWSLC)
+     {"test_wl13075", test_wl13075},
++#endif
+     {"test_bug34007830", test_bug34007830},
+     {"test_bug33535746", test_bug33535746},
+     {"test_server_telemetry_traces", test_server_telemetry_traces},

tests/ci/integration/run_mariadb_integration.sh

@@ -53,7 +53,7 @@ function mariadb_run_tests() {
   # More complicated integration tests. mtr expects to be launched in-place and with write access to it's own directories
   #
   # main.plugin_load passes, but is skipped over since it generates a warning when we run the script in Codebuild. Warnings will cause
-  # a failure in MariaDB's test runs, unless --nowarnings is turned on. The warning is not reproducable in Gitlab's CI or any local
+  # a failure in MariaDB's test runs, unless --nowarnings is turned on. The warning is not reproducible in Gitlab's CI or any local
   # container runs. This test isn't relevant to AWS-LC integration so we skip over the Codebuild specific issue for now.
   echo "main.mysqldump : Field separator argument is not what is expected; check the manual when executing 'SELECT INTO OUTFILE'
 main.flush_logs_not_windows : query 'flush logs' succeeded - should have failed with error ER_CANT_CREATE_FILE (1004)

tests/ci/integration/run_mysql_integration.sh

@@ -25,10 +25,12 @@ BOOST_INSTALL_FOLDER=/home/dependencies/boost
 # Assumes script is executed from the root of aws-lc directory
 SCRATCH_FOLDER=${SYS_ROOT}/"MYSQL_BUILD_ROOT"
 MYSQL_SRC_FOLDER="${SCRATCH_FOLDER}/mysql-server"
-MYSQL_BUILD_FOLDER="${SCRATCH_FOLDER}/server/mysql-aws-lc"
+MYSQL_BUILD_FOLDER="${SCRATCH_FOLDER}/mysql-aws-lc"
+MYSQL_PATCH_FOLDER=${SRC_ROOT}/"tests/ci/integration/mysql_patch"
 AWS_LC_BUILD_FOLDER="${SCRATCH_FOLDER}/aws-lc-build"
 AWS_LC_INSTALL_FOLDER="${MYSQL_SRC_FOLDER}/aws-lc-install"
 
+
 mkdir -p ${SCRATCH_FOLDER}
 rm -rf ${SCRATCH_FOLDER}/*
 cd ${SCRATCH_FOLDER}
@@ -43,17 +45,77 @@ function mysql_patch_reminder() {
 }
 
 function mysql_build() {
-  cmake ${MYSQL_SRC_FOLDER} -GNinja -DENABLED_PROFILING=OFF -DWITH_NDB_JAVA=OFF  -DWITH_BOOST=${BOOST_INSTALL_FOLDER} -DWITH_SSL=${AWS_LC_INSTALL_FOLDER} "-B${MYSQL_BUILD_FOLDER}"
+  cmake ${MYSQL_SRC_FOLDER} -GNinja -DWITH_BOOST=${BOOST_INSTALL_FOLDER} -DWITH_SSL=${AWS_LC_INSTALL_FOLDER} "-B${MYSQL_BUILD_FOLDER}"
   ninja -C ${MYSQL_BUILD_FOLDER}
   ls -R ${MYSQL_BUILD_FOLDER}
 }
 
 function mysql_run_tests() {
-  pushd ${MYSQL_BUILD_FOLDER}
-  ninja test
+  pushd ${MYSQL_BUILD_FOLDER}/mysql-test
+  # More complicated integration tests. mtr expects to be launched in-place and with write access to it's own directories.
+  #
+  # Tests marked with Bug#0000 are tests that have are known to fail in containerized environments. These tests aren't exactly relevant
+  # to testing AWS-LC functionality.
+  # Tests marked with Bug#0001 use DHE cipher suites for the connection. AWS-LC has no intention of supporting DHE cipher suites.
+  # Tests marked with Bug#0002 use stateful session resumption, otherwise known as session caching. It is known that AWS-LC does not
+  # currently support this.
+  echo "main.mysqlpump_bugs : Bug#0000 Can't create/open a file ~/dump.sql'
+main.restart_server : Bug#0000 mysqld is not managed by supervisor process
+main.file_contents : Bug#0000 Cannot open 'INFO_SRC' in ''
+main.resource_group_thr_prio_unsupported : Bug#0000 Invalid thread priority value -5
+main.dd_upgrade_error : Bug#0000 running mysqld as root
+main.dd_upgrade_error_cs : Bug#0000 running mysqld as root
+main.basedir : Bug#0000 running mysqld as root
+main.lowercase_fs_off : Bug#0000 running mysqld as root
+main.upgrade : Bug#0000 running mysqld as root
+main.mysqld_cmdline_warnings : Bug#0000 running mysqld as root
+main.mysqld_daemon : Bug#0000 failed, error: 256, status: 1, errno: 2.
+main.mysqld_safe : Bug#0000 nonexistent: No such file or directory
+main.grant_user_lock : Bug#0000 Access denied for user root at localhost
+main.persisted_variables_bugs_fast : Bug#0000 Unsure
+main.mysqldump : Bug#0000 contains nonaggregated column
+main.func_math : Bug#0000 should have failed with errno 1690
+main.derived_condition_pushdown : Bug#0000 Fails with OpenSSL as well. Not relevant to AWS-LC.
+main.grant_alter_user_qa : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support.
+main.grant_user_lock_qa : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support.
+main.openssl_1 : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support.
+main.ssl : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support.
+main.ssl_cipher : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support.
+main.ssl_dynamic : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support.
+main.ssl-sha512 : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support.
+main.ssl_cache : Bug#0002 AWS-LC does not support Stateful session resumption (Session Caching).
+main.ssl_cache_tls13 : Bug#0002 AWS-LC does not support Stateful session resumption (Session Caching).
+"> skiplist
+  ./mtr --suite=main --force --parallel=auto --skip-test-list=${MYSQL_BUILD_FOLDER}/mysql-test/skiplist --retry-failure=3
   popd
 }
 
+# MySQL tests expect the OpenSSL style of error messages. We patch this to expect AWS-LC's style.
+# These are checked as part of mySQL's unit tests, but we don't actually run them in our CI. They are known to be flaky
+# within docker containers. The mtr tests are much more robust and run full server test suites that actually do TLS
+# connections end-to-end.
+# TODO: Remove this when we make an upstream contribution.
+function mysql_patch_error_strings() {
+  MYSQL_TEST_FILES=("test_routing_splicer.cc" "test_http_server.cc")
+  MYSQL_ERROR_STRING=("certificate verify failed" "no start line" "ee key too small")
+  AWS_LC_EXPECTED_ERROR_STRING=("CERTIFICATE_VERIFY_FAILED" "NO_START_LINE" "key-size too small")
+  for file in "${MYSQL_TEST_FILES[@]}"; do
+    for i in "${!MYSQL_ERROR_STRING[@]}"; do
+      find ./ -type f -name "$file" | xargs sed -i -e "s|${MYSQL_ERROR_STRING[$i]}|${AWS_LC_EXPECTED_ERROR_STRING[$i]}|g"
+    done
+  done
+}
+
+# MySQL relies on some behaviour that AWS-LC intentionally does not provide support for. Some of these known gaps are listed below:
+# * DH cipher suites in libssl
+# * Stateful session resumption
+function mysql_patch_tests() {
+  for patchfile in $(find -L "${MYSQL_PATCH_FOLDER}" -type f -name '*.patch'); do
+    echo "Apply patch $patchfile..."
+    patch -p1 --quiet -i "$patchfile"
+  done
+}
+
 # Get latest MySQL version. MySQL often updates with large changes depending on OpenSSL all at once, so we pin to a specific version.
 mysql_patch_reminder
 git clone https://github.com/mysql/mysql-server.git ${MYSQL_SRC_FOLDER} -b ${MYSQL_VERSION_TAG} --depth 1
@@ -62,7 +124,8 @@ ls
 
 aws_lc_build ${SRC_ROOT} ${AWS_LC_BUILD_FOLDER} ${AWS_LC_INSTALL_FOLDER}
 pushd ${MYSQL_SRC_FOLDER}
+mysql_patch_tests
+mysql_patch_error_strings
 mysql_build
-# TODO: There are still pending test failures that need to be resolved. Turn this on once we resolve them.
-# mysql_run_tests
+mysql_run_tests
 popd