polardbxengine/mysql-test/suite/group_replication/t/gr_recovery_ssl_variables.test

################################################################################
# Bug#26142801: RECOVERY: SSL_VERIFY_SERVER_CERT AND SSL_ALLOWED ARE NOT RESET
# BY GR VARIABLES
#
# Test verifies that both SSL_VERIFY_SERVER_CERT and SSL_ALLOWED variables are
# SET and RESET appropriately.
#
# Test:
# 0. The test requires two servers: M1 and M2.
# 1. Bootstrap the first server M1.
# 2. On M2 take a backup of existing ssl specific variables.
# 3. Set group_replication_recovery_use_ssl and
#    group_replication_recovery_ssl_verify_server_cert variables.
# 4. Verify using SHOW SLAVE STATUS that none of these options options are
#    enabled for recovery channel on M2.
# 5. Verify that recovery cannot advance as SSL options are not configured
#    properly.
# 6. Reset the above SSL variables and start the group replication once again.
# 7. Verify that group is online and the above SSL variables are also set to
#    off.
# 8. Clean up.
################################################################################
--source include/have_group_replication_plugin.inc
--let $rpl_skip_group_replication_start= 1
--source include/group_replication.inc

--source include/start_and_bootstrap_group_replication.inc

--let $rpl_connection_name= server2
--source include/rpl_connection.inc

--echo #
--echo # Make a copy of existing SSL options before modifying them.
--echo #

--let $conf_rec_retries= `SELECT @@GLOBAL.group_replication_recovery_retry_count;`
--let $conf_rec_ssl_verify= `SELECT @@GLOBAL.group_replication_recovery_ssl_verify_server_cert;`
--let $conf_rec_use_ssl= `SELECT @@GLOBAL.group_replication_recovery_use_ssl;`

set session sql_log_bin=0;
call mtr.add_suppression("There was an error when connecting to the donor*");
call mtr.add_suppression("For details please check performance_schema.replication_connection_status table and error log messages of Slave I/O for channel group_replication_recovery.");
call mtr.add_suppression("Maximum number of retries when*");
call mtr.add_suppression("Fatal error during the incremental recovery process of Group Replication. The server will leave the group.");
call mtr.add_suppression("Skipping leave operation: concurrent attempt to leave the group is on-going.");
call mtr.add_suppression("The server was automatically set into read only mode after an error was detected.");
set session sql_log_bin=1;

--echo #
--echo # Set group_replication_recovery_use_ssl & group_replication_recovery_ssl_verify_server_cert
--echo #

SET GLOBAL group_replication_recovery_retry_count = 1;
SET GLOBAL group_replication_recovery_use_ssl =  1;
SET GLOBAL group_replication_recovery_ssl_verify_server_cert = 1;

--echo #
--echo # Verify that none of the above SSL options are already set
--echo # These options are only set when distributed recovery starts
--echo #

--let $rpl_channel_name= 'group_replication_recovery'
--let $status_items= Master_SSL_Allowed, Master_SSL_Verify_Server_Cert
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--disable_warnings
--source include/show_slave_status.inc
--enable_warnings

--echo #
--echo # See when SSL is required that Recovery cannot advance when not properly configured
--echo #

--let $group_replication_start_member_state= ERROR
--source include/start_group_replication.inc

--echo #
--echo # Verify that SSL options are shown in SHOW SLAVE STATUS output
--echo #

--let $rpl_channel_name= 'group_replication_recovery'
--let $status_items= Master_SSL_Allowed, Master_SSL_Verify_Server_Cert
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--disable_warnings
--source include/show_slave_status.inc
--enable_warnings

--source include/stop_group_replication.inc

--echo #
--echo # Reset SSL variables for recovery channel
--echo #

SET GLOBAL group_replication_recovery_use_ssl = default;                # Default = 0.
SET GLOBAL group_replication_recovery_ssl_verify_server_cert = default; # Default = 0.

--echo #
--echo # Verify that group replication member state is online.
--echo #

--let $group_replication_start_member_state= ONLINE
--source include/start_group_replication.inc

--echo #
--echo # Verify that Master_SSL_Allowed and Master_SSL_Verify_Server_Cert are set to default.
--echo #

--let $rpl_channel_name= 'group_replication_recovery'
--let $status_items= Master_SSL_Allowed, Master_SSL_Verify_Server_Cert
--replace_result $MYSQL_TEST_DIR MYSQL_TEST_DIR
--disable_warnings
--source include/show_slave_status.inc
--enable_warnings

--echo #
--echo # Clean up
--echo #

# No need to print this to the result file

--disable_result_log
--eval SET @@GLOBAL.group_replication_recovery_use_ssl= $conf_rec_use_ssl
--eval SET @@GLOBAL.group_replication_recovery_ssl_verify_server_cert= $conf_rec_ssl_verify
--eval SET @@GLOBAL.group_replication_recovery_retry_count= $conf_rec_retries
--enable_result_log

--source include/group_replication_end.inc