Tests clean-up regarding SUPER privilege:

miguelaraujo · miguelaraujo · commit 2cf45df098aa · 2023-11-24T22:36:47.000Z
SUPER has been deprecated in 8.0 so it will eventually be removed, all
logic in Shell was already updated to ensure SUPER is not used in 8.0,
however, some tests weren't updated yet.

This patch updates the remaining tests that make use of SUPER to ensure
it's not used when ran against a version &gt;= 8.0.

Change-Id: I7050ae6c07eb41e4cbb03c9b70b5fa8b59afb27b
diff --git a/unittest/modules/schema_dumper_t.cc b/unittest/modules/schema_dumper_t.cc
@@ -25,14 +25,12 @@
 #include <algorithm>
 #include <array>
 #include <set>
-#include <unordered_set>
 
 // needs to be included first for FRIEND_TEST
 #include "unittest/gprod_clean.h"
 
 #include "modules/util/dump/schema_dumper.h"
 
-#include "modules/util/load/dump_loader.h"
 #include "mysqlshdk/libs/db/mysql/session.h"
 #include "mysqlshdk/libs/storage/backend/file.h"
 #include "mysqlshdk/libs/utils/utils_file.h"
@@ -789,30 +787,10 @@ TEST_F(Schema_dumper_test, dump_filtered_grants) {
       "CREATE USER IF NOT EXISTS 'admin2'@'localhost' IDENTIFIED BY 'pwd';");
   session->execute(
       "GRANT ALL ON *.* TO 'admin2'@'localhost' WITH GRANT OPTION;");
-  session->execute(
-      "CREATE USER IF NOT EXISTS 'superfirst'@'localhost' IDENTIFIED BY "
-      "'pwd';");
-  session->execute(
-      "GRANT SUPER, LOCK TABLES ON *.* TO 'superfirst'@'localhost';");
-  session->execute(
-      "CREATE USER IF NOT EXISTS 'superafter'@'localhost' IDENTIFIED BY "
-      "'pwd';");
-  session->execute(
-      "GRANT INSERT,super, UPDATE ON *.* TO 'superafter'@'localhost';");
-  session->execute(
-      "CREATE USER IF NOT EXISTS 'superonly'@'localhost' IDENTIFIED BY "
-      "'pwd';");
-  session->execute("GRANT SUPER, RELOAD ON *.* TO 'superonly'@'localhost';");
   session->execute(
       "CREATE USER IF NOT EXISTS 'dumptestuser'@'localhost' IDENTIFIED BY "
       "'pwd';");
   session->execute("GRANT SELECT ON * . * TO 'dumptestuser'@'localhost';");
-  session->execute(
-      "CREATE USER IF NOT EXISTS 'abr@dab'@'localhost' IDENTIFIED BY "
-      "'pwd';");
-  session->execute(
-      "GRANT INSERT,SUPER,FILE,LOCK TABLES , reload, "
-      "SELECT ON * . * TO 'abr@dab'@'localhost';");
   std::string partial_revoke = "ON";
   if (_target_server_version >= mysqlshdk::utils::Version(8, 0, 20)) {
     partial_revoke = session->query("show variables like 'partial_revokes';")
@@ -907,34 +885,13 @@ TEST_F(Schema_dumper_test, dump_filtered_grants) {
   EXPECT_THAT(out,
               AnyOf(HasSubstr(dumptestuser),
                     HasSubstr(shcore::str_replace(dumptestuser, "'", "`"))));
-  EXPECT_THAT(out, HasSubstr("-- begin user 'abr@dab'@'localhost'"));
 
   if (_target_server_version >= mysqlshdk::utils::Version(8, 0, 20)) {
     EXPECT_THAT(out,
                 HasSubstr("GRANT SELECT ON *.* TO `dumptestuser`@`localhost`"));
-    EXPECT_THAT(
-        out,
-        HasSubstr("GRANT LOCK TABLES ON *.* TO `superfirst`@`localhost`;"));
-    EXPECT_THAT(
-        out,
-        HasSubstr("GRANT INSERT, UPDATE ON *.* TO `superafter`@`localhost`;"));
-    EXPECT_THAT(out, Not(HasSubstr("TO `superonly`@`localhost`;")));
-    EXPECT_THAT(out, HasSubstr(R"(-- begin grants 'abr@dab'@'localhost'
-GRANT SELECT, INSERT, LOCK TABLES ON *.* TO `abr@dab`@`localhost`;
--- end grants 'abr@dab'@'localhost')"));
   } else {
     EXPECT_THAT(
         out, HasSubstr("GRANT SELECT ON *.* TO 'dumptestuser'@'localhost';"));
-    EXPECT_THAT(
-        out,
-        HasSubstr("GRANT LOCK TABLES ON *.* TO 'superfirst'@'localhost';"));
-    EXPECT_THAT(
-        out,
-        HasSubstr("GRANT INSERT, UPDATE ON *.* TO 'superafter'@'localhost';"));
-    EXPECT_THAT(out, Not(HasSubstr("TO 'superonly'@'localhost';")));
-    EXPECT_THAT(out, HasSubstr(R"(-- begin grants 'abr@dab'@'localhost'
-GRANT SELECT, INSERT, LOCK TABLES ON *.* TO 'abr@dab'@'localhost';
--- end grants 'abr@dab'@'localhost')"));
   }
   EXPECT_THAT(out, Not(HasSubstr("SUPER")));
 
@@ -945,11 +902,7 @@ GRANT SELECT, INSERT, LOCK TABLES ON *.* TO 'abr@dab'@'localhost';
   testutil->call_mysqlsh_c({_mysql_uri, "--sql", "-f", file_path});
   EXPECT_TRUE(output_handler.std_err.empty());
 
-  session->execute("drop user 'superfirst'@'localhost';");
-  session->execute("drop user 'superafter'@'localhost';");
-  session->execute("drop user 'superonly'@'localhost';");
   session->execute("drop user 'dumptestuser'@'localhost';");
-  session->execute("drop user 'abr@dab'@'localhost';");
   if (_target_server_version >= mysqlshdk::utils::Version(8, 0, 20)) {
     session->execute("DROP ROLE da_dumper");
     session->execute("DROP USER `dave`@`%`");
@@ -958,6 +911,74 @@ GRANT SELECT, INSERT, LOCK TABLES ON *.* TO 'abr@dab'@'localhost';
   }
 }
 
+TEST_F(Schema_dumper_test, dump_filtered_grants_super_priv) {
+  // Skip if version >= 8.4. Super has been removed in 8.4.
+  if (_target_server_version >= mysqlshdk::utils::Version(8, 4)) {
+    SKIP_TEST("SUPER has been removed in 8.4.");
+  };
+
+  session->execute(
+      "CREATE USER IF NOT EXISTS 'superfirst'@'localhost' IDENTIFIED BY "
+      "'pwd';");
+  session->execute("GRANT SUPER ON *.* TO 'superfirst'@'localhost';");
+  session->execute("GRANT LOCK TABLES ON *.* TO 'superfirst'@'localhost';");
+  session->execute(
+      "CREATE USER IF NOT EXISTS 'superafter'@'localhost' IDENTIFIED BY "
+      "'pwd';");
+  session->execute("GRANT INSERT, UPDATE ON *.* TO 'superafter'@'localhost';");
+  session->execute("GRANT SUPER ON *.* TO 'superafter'@'localhost';");
+  session->execute(
+      "CREATE USER IF NOT EXISTS 'superonly'@'localhost' IDENTIFIED BY "
+      "'pwd';");
+  session->execute("GRANT RELOAD ON *.* TO 'superonly'@'localhost';");
+  session->execute("GRANT SUPER ON *.* TO 'superonly'@'localhost';");
+  session->execute(
+      "CREATE USER IF NOT EXISTS 'abr@dab'@'localhost' IDENTIFIED BY "
+      "'pwd';");
+  session->execute(
+      "GRANT INSERT,SUPER,FILE,LOCK TABLES , reload, "
+      "SELECT ON * . * TO 'abr@dab'@'localhost';");
+
+  Schema_dumper sd(session);
+  sd.opt_mysqlaas = true;
+  sd.opt_strip_restricted_grants = true;
+  Filtering_options filters;
+  filters.users().exclude(
+      std::array{"mysql.infoschema", "mysql.session", "mysql.sys", "root"});
+  EXPECT_GE(sd.dump_grants(file.get(), filters).size(), 3);
+  EXPECT_TRUE(output_handler.std_err.empty());
+  wipe_all();
+  file->flush();
+  file->close();
+  auto out = testutil->cat_file(file_path);
+
+  EXPECT_THAT(
+      out, HasSubstr("GRANT LOCK TABLES ON *.* TO 'superfirst'@'localhost';"));
+  EXPECT_THAT(
+      out,
+      HasSubstr("GRANT INSERT, UPDATE ON *.* TO 'superafter'@'localhost';"));
+  EXPECT_THAT(out, Not(HasSubstr("TO 'superonly'@'localhost';")));
+
+  EXPECT_THAT(out, HasSubstr("-- begin user 'abr@dab'@'localhost'"));
+  EXPECT_THAT(out, HasSubstr(R"(-- begin grants 'abr@dab'@'localhost'
+GRANT SELECT, INSERT, LOCK TABLES ON *.* TO 'abr@dab'@'localhost';
+-- end grants 'abr@dab'@'localhost')"));
+
+  EXPECT_THAT(out, Not(HasSubstr("SUPER")));
+
+  EXPECT_THAT(out, Not(HasSubstr("'root'")));
+  EXPECT_THAT(out, Not(HasSubstr("EXISTS 'mysql")));
+
+  wipe_all();
+  testutil->call_mysqlsh_c({_mysql_uri, "--sql", "-f", file_path});
+  EXPECT_TRUE(output_handler.std_err.empty());
+
+  session->execute("drop user 'superfirst'@'localhost';");
+  session->execute("drop user 'superafter'@'localhost';");
+  session->execute("drop user 'superonly'@'localhost';");
+  session->execute("drop user 'abr@dab'@'localhost';");
+}
+
 TEST_F(Schema_dumper_test, opt_mysqlaas) {
   Schema_dumper sd(session);
   sd.opt_mysqlaas = true;
diff --git a/unittest/scripts/js_devapi/scripts/dba_interactive.js b/unittest/scripts/js_devapi/scripts/dba_interactive.js
@@ -176,7 +176,7 @@ connect_to_sandbox([__mysql_sandbox_port2]);
 session.runSql('SET GLOBAL super_read_only = 0');
 session.runSql("SET SQL_LOG_BIN=0");
 session.runSql("CREATE USER missingprivileges@localhost");
-session.runSql("GRANT SUPER, CREATE USER ON *.* TO missingprivileges@localhost");
+session.runSql("GRANT CREATE USER ON *.* TO missingprivileges@localhost");
 session.runSql("GRANT SELECT ON `performance_schema`.* TO missingprivileges@localhost WITH GRANT OPTION");
 session.runSql("GRANT SELECT ON `mysql_innodb_cluster_metadata`.* TO missingprivileges@localhost");
 session.runSql("GRANT REPLICATION SLAVE ON *.* TO missingprivileges@localhost WITH GRANT OPTION;");
diff --git a/unittest/scripts/js_devapi/scripts/dba_no_interactive.js b/unittest/scripts/js_devapi/scripts/dba_no_interactive.js
@@ -121,7 +121,7 @@ dba.configureLocalInstance('root@localhost:' + __mysql_sandbox_port2, {mycnfPath
 connect_to_sandbox([__mysql_sandbox_port2]);
 session.runSql("SET SQL_LOG_BIN=0");
 session.runSql("CREATE USER missingprivileges@localhost");
-session.runSql("GRANT SUPER, CREATE USER ON *.* TO missingprivileges@localhost");
+session.runSql("GRANT CREATE USER ON *.* TO missingprivileges@localhost");
 session.runSql("GRANT SELECT ON `performance_schema`.* TO missingprivileges@localhost WITH GRANT OPTION");
 session.runSql("GRANT SELECT ON `mysql_innodb_cluster_metadata`.* TO missingprivileges@localhost");
 session.runSql("GRANT REPLICATION SLAVE ON *.* TO missingprivileges@localhost WITH GRANT OPTION;");
diff --git a/unittest/scripts/js_devapi/validation/dba_interactive.js b/unittest/scripts/js_devapi/validation/dba_interactive.js
@@ -267,7 +267,7 @@ The instance cluster settings were successfully persisted.
 
 //@# Dba: configureLocalInstance not enough privileges 1 {VER(<8.0.0)}
 |ERROR: The account 'missingprivileges'@'localhost' is missing privileges required to manage an InnoDB Cluster:|
-|GRANT FILE, PROCESS, RELOAD, REPLICATION CLIENT, SELECT, SHUTDOWN ON *.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
+|GRANT FILE, PROCESS, RELOAD, REPLICATION CLIENT, SELECT, SHUTDOWN, SUPER ON *.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT DELETE, INSERT, UPDATE ON mysql.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, EXECUTE, INDEX, INSERT, LOCK TABLES, REFERENCES, SHOW VIEW, TRIGGER, UPDATE ON mysql_innodb_cluster_metadata.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, EXECUTE, INDEX, INSERT, LOCK TABLES, REFERENCES, SHOW VIEW, TRIGGER, UPDATE ON mysql_innodb_cluster_metadata_bkp.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
@@ -281,7 +281,7 @@ The instance cluster settings were successfully persisted.
 
 //@# Dba: configureLocalInstance not enough privileges 2 {VER(<8.0.0)}
 |ERROR: The account 'missingprivileges'@'localhost' is missing privileges required to manage an InnoDB Cluster:|
-|GRANT FILE, PROCESS, RELOAD, REPLICATION CLIENT, SELECT, SHUTDOWN ON *.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
+|GRANT FILE, PROCESS, RELOAD, REPLICATION CLIENT, SELECT, SHUTDOWN, SUPER ON *.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT DELETE, INSERT, UPDATE ON mysql.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, EXECUTE, INDEX, INSERT, LOCK TABLES, REFERENCES, SHOW VIEW, TRIGGER, UPDATE ON mysql_innodb_cluster_metadata.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, EXECUTE, INDEX, INSERT, LOCK TABLES, REFERENCES, SHOW VIEW, TRIGGER, UPDATE ON mysql_innodb_cluster_metadata_bkp.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
@@ -295,7 +295,7 @@ The instance cluster settings were successfully persisted.
 
 //@# Dba: configureLocalInstance not enough privileges 3 {VER(<8.0.0)}
 |ERROR: The account 'missingprivileges'@'localhost' is missing privileges required to manage an InnoDB Cluster:|
-|GRANT FILE, PROCESS, RELOAD, REPLICATION CLIENT, SELECT, SHUTDOWN ON *.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
+|GRANT FILE, PROCESS, RELOAD, REPLICATION CLIENT, SELECT, SHUTDOWN, SUPER ON *.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT DELETE, INSERT, UPDATE ON mysql.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, EXECUTE, INDEX, INSERT, LOCK TABLES, REFERENCES, SHOW VIEW, TRIGGER, UPDATE ON mysql_innodb_cluster_metadata.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, EXECUTE, INDEX, INSERT, LOCK TABLES, REFERENCES, SHOW VIEW, TRIGGER, UPDATE ON mysql_innodb_cluster_metadata_bkp.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
diff --git a/unittest/scripts/js_devapi/validation/dba_no_interactive.js b/unittest/scripts/js_devapi/validation/dba_no_interactive.js
@@ -280,7 +280,7 @@ The instance '<<<hostname>>>:<<<__mysql_sandbox_port2>>>' was configured to be u
 
 //@# Dba: configureLocalInstance not enough privileges {VER(<8.0.0)}
 |ERROR: The account 'missingprivileges'@'localhost' is missing privileges required to manage an InnoDB Cluster:|
-|GRANT FILE, PROCESS, RELOAD, REPLICATION CLIENT, SELECT, SHUTDOWN ON *.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
+|GRANT FILE, PROCESS, RELOAD, REPLICATION CLIENT, SELECT, SHUTDOWN, SUPER ON *.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT DELETE, INSERT, UPDATE ON mysql.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, EXECUTE, INDEX, INSERT, LOCK TABLES, REFERENCES, SHOW VIEW, TRIGGER, UPDATE ON mysql_innodb_cluster_metadata.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
 |GRANT ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, EXECUTE, INDEX, INSERT, LOCK TABLES, REFERENCES, SHOW VIEW, TRIGGER, UPDATE ON mysql_innodb_cluster_metadata_bkp.* TO 'missingprivileges'@'localhost' WITH GRANT OPTION;|
