From f5233e167891128d38adeadb242006cc1625f06b Mon Sep 17 00:00:00 2001 From: Samuel Chiang Date: Fri, 21 Jul 2023 12:29:22 -0700 Subject: [PATCH] Turn on tests in CI dimension for mySQL (#1063) We've recently resolved missing symbols and gaps for mySQL. This turns on running unit tests with MySQL/AWS-LC. --- .../github_ci_integration_omnibus.yaml | 3 +- .../linux-x86/ubuntu-22.04_base/Dockerfile | 2 +- .../mysql_patch/test_wl13075-off.patch | 32 ++++++++ .../ci/integration/run_mariadb_integration.sh | 2 +- tests/ci/integration/run_mysql_integration.sh | 75 +++++++++++++++++-- 5 files changed, 104 insertions(+), 10 deletions(-) create mode 100644 tests/ci/integration/mysql_patch/test_wl13075-off.patch diff --git a/tests/ci/cdk/cdk/codebuild/github_ci_integration_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/github_ci_integration_omnibus.yaml index 0442b0bbb1..5454d2dadd 100644 --- a/tests/ci/cdk/cdk/codebuild/github_ci_integration_omnibus.yaml +++ b/tests/ci/cdk/cdk/codebuild/github_ci_integration_omnibus.yaml @@ -35,8 +35,7 @@ batch: compute-type: BUILD_GENERAL1_MEDIUM image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-22.04_gcc-12x_latest - # Only runs the build for now, tests are disabled. MySQL build is bloated without any obvious build configurations we can - # use to speed up the build, so we use a larger instance here. + # MySQL build is bloated without any obvious build configurations we can use to speed up the build, so we use a larger instance here. - identifier: mysql_integration buildspec: tests/ci/codebuild/common/run_simple_target.yml env: diff --git a/tests/ci/docker_images/linux-x86/ubuntu-22.04_base/Dockerfile b/tests/ci/docker_images/linux-x86/ubuntu-22.04_base/Dockerfile index a7cd9c753a..3276cc16b9 100644 --- a/tests/ci/docker_images/linux-x86/ubuntu-22.04_base/Dockerfile +++ b/tests/ci/docker_images/linux-x86/ubuntu-22.04_base/Dockerfile @@ -40,6 +40,7 @@ RUN set -ex && \ llvm-dev \ libicu-dev \ libipc-run-perl \ + libjson-perl \ libpcre2-dev \ libreadline-dev \ libudev-dev \ @@ -63,7 +64,6 @@ RUN set -ex && \ # Download a copy of LLVM's libcxx which is required for building and running with Memory Sanitizer git clone https://github.com/llvm/llvm-project.git --branch llvmorg-11.1.0 --depth 1 && \ cd llvm-project && rm -rf $(ls -A | grep -Ev "(libcxx|libcxxabi)") && \ - apt-get --purge remove -y unzip && \ apt-get autoremove --purge -y && \ apt-get clean && \ apt-get autoclean && \ diff --git a/tests/ci/integration/mysql_patch/test_wl13075-off.patch b/tests/ci/integration/mysql_patch/test_wl13075-off.patch new file mode 100644 index 0000000000..e99a44eb63 --- /dev/null +++ b/tests/ci/integration/mysql_patch/test_wl13075-off.patch @@ -0,0 +1,32 @@ +diff --git a/testclients/mysql_client_test.cc b/testclients/mysql_client_test.cc +index f1e6744b..26021419 100644 +--- a/testclients/mysql_client_test.cc ++++ b/testclients/mysql_client_test.cc +@@ -23050,6 +23050,9 @@ static void test_bug32915973() { + mysql_stmt_close(stmt); + } + ++/* This test uses stateful session resumption, which is not supported in AWS-LC. */ ++#if !defined (OPENSSL_IS_AWSLC) ++ + static void test_wl13075() { + int rc; + myheader("test_wl13075"); +@@ -23182,6 +23185,7 @@ static void test_wl13075() { + DIE_UNLESS(ret_ses_data == nullptr); + } + } ++#endif + + static void finish_with_error(MYSQL *con) { + fprintf(stderr, "[%i] %s\n", mysql_errno(con), mysql_error(con)); +@@ -23841,7 +23845,9 @@ static struct my_tests_st my_tests[] = { + {"test_bug32892045", test_bug32892045}, + {"test_bug33164347", test_bug33164347}, + {"test_bug32915973", test_bug32915973}, ++#if !defined (OPENSSL_IS_AWSLC) + {"test_wl13075", test_wl13075}, ++#endif + {"test_bug34007830", test_bug34007830}, + {"test_bug33535746", test_bug33535746}, + {"test_server_telemetry_traces", test_server_telemetry_traces}, diff --git a/tests/ci/integration/run_mariadb_integration.sh b/tests/ci/integration/run_mariadb_integration.sh index cf616372a4..a9ef3e95b8 100755 --- a/tests/ci/integration/run_mariadb_integration.sh +++ b/tests/ci/integration/run_mariadb_integration.sh @@ -53,7 +53,7 @@ function mariadb_run_tests() { # More complicated integration tests. mtr expects to be launched in-place and with write access to it's own directories # # main.plugin_load passes, but is skipped over since it generates a warning when we run the script in Codebuild. Warnings will cause - # a failure in MariaDB's test runs, unless --nowarnings is turned on. The warning is not reproducable in Gitlab's CI or any local + # a failure in MariaDB's test runs, unless --nowarnings is turned on. The warning is not reproducible in Gitlab's CI or any local # container runs. This test isn't relevant to AWS-LC integration so we skip over the Codebuild specific issue for now. echo "main.mysqldump : Field separator argument is not what is expected; check the manual when executing 'SELECT INTO OUTFILE' main.flush_logs_not_windows : query 'flush logs' succeeded - should have failed with error ER_CANT_CREATE_FILE (1004) diff --git a/tests/ci/integration/run_mysql_integration.sh b/tests/ci/integration/run_mysql_integration.sh index 5b7c877568..02a7b35aca 100755 --- a/tests/ci/integration/run_mysql_integration.sh +++ b/tests/ci/integration/run_mysql_integration.sh @@ -25,10 +25,12 @@ BOOST_INSTALL_FOLDER=/home/dependencies/boost # Assumes script is executed from the root of aws-lc directory SCRATCH_FOLDER=${SYS_ROOT}/"MYSQL_BUILD_ROOT" MYSQL_SRC_FOLDER="${SCRATCH_FOLDER}/mysql-server" -MYSQL_BUILD_FOLDER="${SCRATCH_FOLDER}/server/mysql-aws-lc" +MYSQL_BUILD_FOLDER="${SCRATCH_FOLDER}/mysql-aws-lc" +MYSQL_PATCH_FOLDER=${SRC_ROOT}/"tests/ci/integration/mysql_patch" AWS_LC_BUILD_FOLDER="${SCRATCH_FOLDER}/aws-lc-build" AWS_LC_INSTALL_FOLDER="${MYSQL_SRC_FOLDER}/aws-lc-install" + mkdir -p ${SCRATCH_FOLDER} rm -rf ${SCRATCH_FOLDER}/* cd ${SCRATCH_FOLDER} @@ -43,17 +45,77 @@ function mysql_patch_reminder() { } function mysql_build() { - cmake ${MYSQL_SRC_FOLDER} -GNinja -DENABLED_PROFILING=OFF -DWITH_NDB_JAVA=OFF -DWITH_BOOST=${BOOST_INSTALL_FOLDER} -DWITH_SSL=${AWS_LC_INSTALL_FOLDER} "-B${MYSQL_BUILD_FOLDER}" + cmake ${MYSQL_SRC_FOLDER} -GNinja -DWITH_BOOST=${BOOST_INSTALL_FOLDER} -DWITH_SSL=${AWS_LC_INSTALL_FOLDER} "-B${MYSQL_BUILD_FOLDER}" ninja -C ${MYSQL_BUILD_FOLDER} ls -R ${MYSQL_BUILD_FOLDER} } function mysql_run_tests() { - pushd ${MYSQL_BUILD_FOLDER} - ninja test + pushd ${MYSQL_BUILD_FOLDER}/mysql-test + # More complicated integration tests. mtr expects to be launched in-place and with write access to it's own directories. + # + # Tests marked with Bug#0000 are tests that have are known to fail in containerized environments. These tests aren't exactly relevant + # to testing AWS-LC functionality. + # Tests marked with Bug#0001 use DHE cipher suites for the connection. AWS-LC has no intention of supporting DHE cipher suites. + # Tests marked with Bug#0002 use stateful session resumption, otherwise known as session caching. It is known that AWS-LC does not + # currently support this. + echo "main.mysqlpump_bugs : Bug#0000 Can't create/open a file ~/dump.sql' +main.restart_server : Bug#0000 mysqld is not managed by supervisor process +main.file_contents : Bug#0000 Cannot open 'INFO_SRC' in '' +main.resource_group_thr_prio_unsupported : Bug#0000 Invalid thread priority value -5 +main.dd_upgrade_error : Bug#0000 running mysqld as root +main.dd_upgrade_error_cs : Bug#0000 running mysqld as root +main.basedir : Bug#0000 running mysqld as root +main.lowercase_fs_off : Bug#0000 running mysqld as root +main.upgrade : Bug#0000 running mysqld as root +main.mysqld_cmdline_warnings : Bug#0000 running mysqld as root +main.mysqld_daemon : Bug#0000 failed, error: 256, status: 1, errno: 2. +main.mysqld_safe : Bug#0000 nonexistent: No such file or directory +main.grant_user_lock : Bug#0000 Access denied for user root at localhost +main.persisted_variables_bugs_fast : Bug#0000 Unsure +main.mysqldump : Bug#0000 contains nonaggregated column +main.func_math : Bug#0000 should have failed with errno 1690 +main.derived_condition_pushdown : Bug#0000 Fails with OpenSSL as well. Not relevant to AWS-LC. +main.grant_alter_user_qa : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support. +main.grant_user_lock_qa : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support. +main.openssl_1 : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support. +main.ssl : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support. +main.ssl_cipher : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support. +main.ssl_dynamic : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support. +main.ssl-sha512 : Bug#0001 Uses DHE cipher suites in test, which AWS-LC does not support. +main.ssl_cache : Bug#0002 AWS-LC does not support Stateful session resumption (Session Caching). +main.ssl_cache_tls13 : Bug#0002 AWS-LC does not support Stateful session resumption (Session Caching). +"> skiplist + ./mtr --suite=main --force --parallel=auto --skip-test-list=${MYSQL_BUILD_FOLDER}/mysql-test/skiplist --retry-failure=3 popd } +# MySQL tests expect the OpenSSL style of error messages. We patch this to expect AWS-LC's style. +# These are checked as part of mySQL's unit tests, but we don't actually run them in our CI. They are known to be flaky +# within docker containers. The mtr tests are much more robust and run full server test suites that actually do TLS +# connections end-to-end. +# TODO: Remove this when we make an upstream contribution. +function mysql_patch_error_strings() { + MYSQL_TEST_FILES=("test_routing_splicer.cc" "test_http_server.cc") + MYSQL_ERROR_STRING=("certificate verify failed" "no start line" "ee key too small") + AWS_LC_EXPECTED_ERROR_STRING=("CERTIFICATE_VERIFY_FAILED" "NO_START_LINE" "key-size too small") + for file in "${MYSQL_TEST_FILES[@]}"; do + for i in "${!MYSQL_ERROR_STRING[@]}"; do + find ./ -type f -name "$file" | xargs sed -i -e "s|${MYSQL_ERROR_STRING[$i]}|${AWS_LC_EXPECTED_ERROR_STRING[$i]}|g" + done + done +} + +# MySQL relies on some behaviour that AWS-LC intentionally does not provide support for. Some of these known gaps are listed below: +# * DH cipher suites in libssl +# * Stateful session resumption +function mysql_patch_tests() { + for patchfile in $(find -L "${MYSQL_PATCH_FOLDER}" -type f -name '*.patch'); do + echo "Apply patch $patchfile..." + patch -p1 --quiet -i "$patchfile" + done +} + # Get latest MySQL version. MySQL often updates with large changes depending on OpenSSL all at once, so we pin to a specific version. mysql_patch_reminder git clone https://github.com/mysql/mysql-server.git ${MYSQL_SRC_FOLDER} -b ${MYSQL_VERSION_TAG} --depth 1 @@ -62,7 +124,8 @@ ls aws_lc_build ${SRC_ROOT} ${AWS_LC_BUILD_FOLDER} ${AWS_LC_INSTALL_FOLDER} pushd ${MYSQL_SRC_FOLDER} +mysql_patch_tests +mysql_patch_error_strings mysql_build -# TODO: There are still pending test failures that need to be resolved. Turn this on once we resolve them. -# mysql_run_tests +mysql_run_tests popd