BUG#26248116 : MYSQLPROVISION DOES NOT USE SECURE CONNECTIONS BY DEFAULT

Paulo Jesus · Paulo Jesus · commit f7da22cfae30 · 2017-10-09T18:43:00.000+01:00
The mysqlprovision internal component of the AdminAPI was not supporting
secure connection by default due to a known limitation from connector-python.
However, starting from connector-python 2.1.7 secure connections are
established by default and that version (or higher) should be used for
mysqlprovision.

This patch add unit tests for regression to ensure that a version of
connector-python with support for secure connection by default is used.
diff --git a/python/mysql_gadgets/__init__.py b/python/mysql_gadgets/__init__.py
@@ -44,7 +44,8 @@
 LICENSE_FRM = (VERSION_FRM + "\n" + COPYRIGHT_FULL)
 PYTHON_MIN_VERSION = (2, 7, 0)
 PYTHON_MAX_VERSION = (4, 0, 0)
-CONNECTOR_MIN_VERSION = (1, 2, 1)
+# Minimum connector-python version that supports secure connection by default.
+CONNECTOR_MIN_VERSION = (2, 1, 7)
 
 # Using mathematical notation for intervals, supported MYSQL versions are as
 # follows: [MIN_MYSQL_VERSION, MAX_MYSQL_VERSION [
diff --git a/unittest/scripts/js_devapi/scripts/dba_cluster_no_misconfigurations.js b/unittest/scripts/js_devapi/scripts/dba_cluster_no_misconfigurations.js
@@ -10,6 +10,31 @@ if (__have_ssl)
 else
   var cluster = dba.createCluster('dev');
 
+// Dba.dissolve
+cluster.dissolve({force:true});
+
+// Regression for BUG#26248116 : MYSQLPROVISION DOES NOT USE SECURE CONNECTIONS BY DEFAULT
+// Test can only be performed if SSL is supported.
+//@ Create cluster requiring secure connections (if supported)
+if (__have_ssl) {
+  var result = session.runSql("SELECT @@global.require_secure_transport");
+  var row = result.fetchOne();
+  var req_sec_trans = row[0];
+  session.runSql("SET @@global.require_secure_transport = ON");
+  var cluster = dba.createCluster('dev', {memberSslMode: 'REQUIRED', clearReadOnly: true});
+} else {
+  var cluster = dba.createCluster('dev', {memberSslMode: 'DISABLED', clearReadOnly: true});
+}
+
+//@ Add instance requiring secure connections (if supported)
+add_instance_to_cluster(cluster, __mysql_sandbox_port2);
+
+//@ Dissolve cluster requiring secure connections (if supported)
+cluster.dissolve({force:true});
+if (__have_ssl) {
+  session.runSql("SET @@global.require_secure_transport = '" + req_sec_trans + "'");
+}
+
 //@ Finalization
 // Will delete the sandboxes ONLY if this test was executed standalone
 if (deployed_here)
diff --git a/unittest/scripts/js_devapi/validation/dba_cluster_no_misconfigurations.js b/unittest/scripts/js_devapi/validation/dba_cluster_no_misconfigurations.js
@@ -4,5 +4,17 @@
 //@ Dba.createCluster
 ||
 
+// Dba.dissolve
+||
+
+//@ Create cluster requiring secure connections (if supported)
+||
+
+//@ Add instance requiring secure connections (if supported)
+||
+
+//@ Dissolve cluster requiring secure connections (if supported)
+||
+
 //@ Finalization
 ||
