Some initial work to enable integration tests on MariaDB

steveteahan · Jan 18, 2021 · 0af1d2b · 0af1d2b
1 parent b25fb59
commit 0af1d2b
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 10 deletions.
diff --git a/tests/integration/targets/setup_mysql/defaults/main.yml b/tests/integration/targets/setup_mysql/defaults/main.yml
@@ -5,9 +5,9 @@ home_dir: /root
 
 percona_client_version: 5.7
 
-mariadb_install: false
+mariadb_install: true
 
 mysql_version: 8.0.22
-mariadb_version: 10.5.4
+mariadb_version: 10.2.36
 
 mysql_base_port: 3306
diff --git a/tests/integration/targets/setup_mysql/tasks/config.yml b/tests/integration/targets/setup_mysql/tasks/config.yml
@@ -1,4 +1,5 @@
 ---
+
 - name: "{{ role_name }} | config | download mysql tarball"
   get_url:
     url: "{{ install_src }}"
@@ -9,7 +10,23 @@
     cmd: "dbdeployer unpack {{ dbdeployer_sandbox_download_dir }}/{{ install_tarball }}"
     creates: "{{ dbdeployer_sandbox_binary_dir }}/{{ install_version }}"
 
+# Setup self-signed certificates for MariaDB. MySQL doesn't need this step because it is handled by default.
+- name: "{{ role_name }} | config | mariadb certificate authority"
+  shell:
+    cmd: |
+      openssl genrsa 2048 > /tmp/ca-key.pem
+      openssl req -new -x509 -nodes -subj '/CN=mariadb-tests-ca/' -days 1095 -key /tmp/ca-key.pem -out /etc/mysql/ca.pem
+  when: install_type == 'mariadb'
+
+- name: "{{ role_name }} | config | mariadb key and certificate"
+  shell:
+    cmd: |
+      openssl req -newkey rsa:2048 -subj '/CN=mariadb-tests-cert/' -nodes -keyout /tmp/server-key.pem -out /tmp/server-req.pem
+      openssl rsa -in /tmp/server-key.pem -out /etc/mysql/server-key.pem
+      openssl x509 -req -in /tmp/server-req.pem -days 365 -CA /etc/mysql/ca.pem -CAkey /tmp/ca-key.pem -set_serial 01 -out /etc/mysql/server-cert.pem
+  when: install_type == 'mariadb'
+
 - name: "{{ role_name }} | config | setup replication topology"
   shell:
-    cmd: "dbdeployer deploy multiple {{ install_version }} --base-port {{ mysql_base_port }} --my-cnf-options=\"master_info_repository='TABLE'\" --my-cnf-options=\"relay_log_info_repository='TABLE'\""
+    cmd: "dbdeployer deploy multiple {{ install_version }} --base-port {{ mysql_base_port }} --my-cnf-options=\"master_info_repository='TABLE'\" --my-cnf-options=\"relay_log_info_repository='TABLE'\" --my-cnf-options=\"ssl-ca=/etc/mysql/ca.pem\" --my-cnf-options=\"ssl-cert=/etc/mysql/server-cert.pem\" --my-cnf-options=\"ssl-key=/etc/mysql/server-key.pem\""
     creates: "{{ dbdeployer_sandbox_home_dir }}/multi_msb_{{ install_version|replace('.','_') }}"
diff --git a/tests/integration/targets/test_mysql_user/tasks/issue-28.yml b/tests/integration/targets/test_mysql_user/tasks/issue-28.yml
@@ -5,9 +5,17 @@
       login_password: '{{ mysql_password }}'
       login_host: 127.0.0.1
       login_port: '{{ mysql_primary_port }}'
+    server_cert_file: /tmp/cert.pem
 
   block:
 
+    # Using openssl s_client only returns the actual server certificate and not the CA certificate for MariaDB with the
+    # current test configuration. This can probably be fixed, but deferring that work for now.
+    - name: Change server_cert_file for MariaDB
+      set_fact:
+        server_cert_file: /etc/mysql/ca.pem
+      when: install_type == 'mariadb'
+
     # ============================================================
     - shell: pip show pymysql | awk '/Version/ {print $2}'
       register: pymysql_version
@@ -43,7 +51,7 @@
         login_password: '{{ user_password_1 }}'
         login_host: 127.0.0.1
         login_port: '{{ mysql_primary_port }}'
-        ca_cert: /tmp/cert.pem
+        ca_cert: '{{ server_cert_file }}'
       register: result
       ignore_errors: yes
 
@@ -66,7 +74,7 @@
         login_password: '{{ user_password_1 }}'
         login_host: 127.0.0.1
         login_port: '{{ mysql_primary_port }}'
-        ca_cert: /tmp/cert.pem
+        ca_cert: '{{ server_cert_file }}'
         check_hostname: no
       register: result
       ignore_errors: yes

diff --git a/tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml b/tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml
@@ -8,6 +8,7 @@
       login_port: '{{ mysql_primary_port }}'
     test_user_name: 'test_user_plugin_auth'
     test_plugin_type: 'mysql_native_password'
+    test_plugin_type_check: 'mysql_native_password'
     test_plugin_hash: '*0CB5B86F23FDC24DB19A29B8854EB860CBC47793'
     test_plugin_auth_string: 'Fdt8fd^34ds'
     test_plugin_new_hash: '*E74368AC90460FA669F6D41BFB7F2A877DB73745'
@@ -16,6 +17,12 @@
     test_default_priv: '*.*:{{ test_default_priv_type }}'
 
   block:
+    # MariaDB handles plugin auth differently. Even if a user is created with mysql_native_password auth, when checking
+    # SHOW CREATE USER 'IDENTIFIED BY PASSWORD' will be shown instead.
+    - name: Change test_plugin_type_check for MariaDB
+      set_fact:
+        test_plugin_type_check: 'IDENTIFIED BY PASSWORD'
+      when: install_type == 'mariadb'
 
     # ============================================================
     # Test plugin auth initially setting a hash and then changing to a different hash.
@@ -38,7 +45,7 @@
       assert:
         that:
           - "result.changed == true"
-          - "'{{ test_plugin_type }}' in show_create_user.stdout"
+          - "'{{ test_plugin_type_check }}' in show_create_user.stdout"
 
     - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
 
@@ -109,7 +116,7 @@
       assert:
         that:
           - "result.changed == true"
-          - "'{{ test_plugin_type }}' in show_create_user.stdout"
+          - "'{{ test_plugin_type_check }}' in show_create_user.stdout"
 
     - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
 
@@ -194,7 +201,7 @@
       assert:
         that:
           - "result.changed == true"
-          - "'{{ test_plugin_type }}' in show_create_user.stdout"
+          - "'{{ test_plugin_type_check }}' in show_create_user.stdout"
 
     - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
 
@@ -279,7 +286,7 @@
       assert:
         that:
           - "result.changed == true"
-          - "'{{ test_plugin_type }}' in show_create_user.stdout"
+          - "'{{ test_plugin_type_check }}' in show_create_user.stdout"
 
     - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
 
@@ -358,7 +365,7 @@
         assert:
           that:
             - "result.changed == true"
-            - "'{{ test_plugin_type }}' in show_create_user.stdout"
+            - "'{{ test_plugin_type_check }}' in show_create_user.stdout"
 
       - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}