Merge pull request #5470 from kamil-holubicki/PS-9453-post-push-fix-2…

…-8.0 PS-9453: percona_telemetry causes a long wait on COND_thd_list due to the absence of the root user
percona · Nov 6, 2024 · 5aca63e · 5aca63e
2 parents e94b355 + da94357
commit 5aca63e
Show file tree

Hide file tree

Showing 51 changed files with 239 additions and 194 deletions.
diff --git a/components/percona_telemetry/data_provider.cc b/components/percona_telemetry/data_provider.cc
@@ -24,17 +24,16 @@ namespace {
 inline const char *b2s(bool val) { return val ? "1" : "0"; }
 
 /*
-  mysql.session user is mostly enough, but it lacks the following privileges:
-
-  1. REPLICATION SLAVE
-  2. REPLICATION CLIENT
-  3. SELECT on mysql.component
-  4. SELECT on performance_schema.replication_group_members
-
-  These privileges are added at server startup in setup_percona_telemetry()
-  if Percona telemetry is enabled.
+  percona.telemetry user is created when server starts with telemetry
+  enabled. The user is deleted, when the server is started with telemetry
+  disabled.
+
+  Privileges:
+  1. SELECT
+  2. REPLICATION SLAVE
+  3. REPLICATION CLIENT
 */
-constexpr const char default_command_user_name[] = "mysql.session";
+constexpr const char default_command_user_name[] = "percona.telemetry";
 constexpr const char default_command_host_name[] = "localhost";
 
 namespace JSONKey {

diff --git a/mysql-test/include/mtr_check.sql b/mysql-test/include/mtr_check.sql
@@ -210,17 +210,24 @@ BEGIN
       AND USER NOT IN ('unauthenticated user','mysql.session', 'event_scheduler')
         ORDER BY COMMAND;
 
-  -- During the installation of Percona Telemetry Component we grant 'mysql.session' user with additional privileges.
-  -- It happens during the server startup, so servers started during the test will have related timestamps different in general.
+  -- During the installation of Percona Telemetry Component we create 'percona.telemetry'.
+  -- It happens during the server startup, so servers started during the test will have the same user
+  -- with different password_last_changed timestamps.
   -- Some tests (e.g. clone plugin related) restore the clone instance state by cloning the donor. In such a case restored
   -- instance will have different timestamps at the beginning and the end of the test and MTR check will complain because of
   -- different tables checksums.
-  -- Workaround this problem by excluding mysql.tables_priv from checksum calculation. 
-  -- Instead, dump all tables privileges but without TIMESTAMP column.
+  -- Workaround this problem by excluding mysql.user from checksum calculation. 
+  -- Instead, dump the table but without password_last_changed column.
   -- This is the same approach as for INFORMATION_SCHEMA.ROUTINES above.
-  SELECT /*+SET_VAR(use_secondary_engine=OFF)*/ host, db, user, table_name, grantor, table_priv, column_priv
-    FROM mysql.tables_priv ORDER BY host, db, user, table_name;
-
+  SELECT /*+SET_VAR(use_secondary_engine=OFF)*/ Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv,
+    Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
+    Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv, Execute_priv, Repl_slave_priv, Repl_client_priv,
+    Create_view_priv, Show_view_priv, Create_routine_priv, Alter_routine_priv, Create_user_priv, Event_priv, Trigger_priv,
+    Create_tablespace_priv, ssl_type, ssl_cipher, x509_issuer, x509_subject, max_questions, max_updates, max_connections,
+    max_user_connections, plugin, authentication_string, password_expired, password_lifetime, account_locked, Create_role_priv,
+    Drop_role_priv, Password_reuse_history, Password_reuse_time, Password_require_current, User_attributes 
+  FROM mysql.user ORDER BY Host, User;
+
   -- Checksum system tables to make sure they have been properly
   -- restored after test.
   -- skip mysql.proc however, as created timestamps may have been updated by
@@ -249,12 +256,12 @@ BEGIN
     mysql.replication_group_member_actions,
     mysql.role_edges,
     mysql.slow_log,
+    mysql.tables_priv,
     mysql.time_zone,
     mysql.time_zone_leap_second,
     mysql.time_zone_name,
     mysql.time_zone_transition,
-    mysql.time_zone_transition_type,
-    mysql.user;
+    mysql.time_zone_transition_type;
 
   -- Check that Replica IO Monitor thread state is the same before
   -- and after the test run, which is not running.

diff --git a/mysql-test/include/plugin_auth_check_non_default_users.inc b/mysql-test/include/plugin_auth_check_non_default_users.inc
@@ -1,2 +1,2 @@
 --sorted_result
-SELECT user,plugin FROM mysql.user WHERE user NOT IN ('root', 'mysql.sys', 'mysql.session', 'mysql.infoschema');
+SELECT user,plugin FROM mysql.user WHERE user NOT IN ('root', 'mysql.sys', 'mysql.session', 'mysql.infoschema', 'percona.telemetry');
diff --git a/mysql-test/r/func_uuid.result b/mysql-test/r/func_uuid.result
@@ -314,7 +314,7 @@ DROP TABLE t2;
 #
 #  Bug#26395601 DIFFERENT BEHAVIOR BETWEEN CLASSIC AND NODE SESSION WITH UUID()
 #
-CREATE TABLE t as SELECT replace(uuid(), '-', '=') as v from mysql.user;
+CREATE TABLE t as SELECT replace(uuid(), '-', '=') as v from mysql.user WHERE User != 'percona.telemetry';
 SELECT COUNT(DISTINCT v) FROM t;
 COUNT(DISTINCT v)
 4

diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result
@@ -831,9 +831,7 @@ show grants for mysqltest_8;
 Grants for mysqltest_8@%
 GRANT USAGE ON *.* TO `mysqltest_8`@`%`
 GRANT UPDATE ON `test`.`t1` TO `mysqltest_8`@`%`
-select * from  information_schema.table_privileges where table_schema NOT IN ('sys','mysql')
-and not (grantee = "'mysql.session'@'localhost'"
-and table_name in ('component', 'replication_group_members'));
+select * from  information_schema.table_privileges where table_schema NOT IN ('sys','mysql');
 GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	PRIVILEGE_TYPE	IS_GRANTABLE
 'mysqltest_8'@'%'	def	test	t1	UPDATE	NO
 'mysqltest_8'@''	def	test	t1	UPDATE	NO
@@ -847,9 +845,7 @@ GRANT USAGE ON *.* TO `mysqltest_8`@``
 show grants for mysqltest_8;
 Grants for mysqltest_8@%
 GRANT USAGE ON *.* TO `mysqltest_8`@`%`
-select * from  information_schema.table_privileges where table_schema NOT IN ('sys','mysql')
-and not (grantee = "'mysql.session'@'localhost'"
-and table_name in ('component', 'replication_group_members'));
+select * from  information_schema.table_privileges where table_schema NOT IN ('sys','mysql');
 GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	PRIVILEGE_TYPE	IS_GRANTABLE
 flush privileges;
 show grants for mysqltest_8@'';

diff --git a/mysql-test/r/information_schema_ci.result b/mysql-test/r/information_schema_ci.result
@@ -544,9 +544,7 @@ grant select (a) on test.t1 to joe@localhost with grant option;
 select * from INFORMATION_SCHEMA.COLUMN_PRIVILEGES WHERE table_schema != 'sys';
 GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	COLUMN_NAME	PRIVILEGE_TYPE	IS_GRANTABLE
 'joe'@'localhost'	def	test	t1	a	SELECT	YES
-select * from INFORMATION_SCHEMA.TABLE_PRIVILEGES WHERE table_schema NOT IN ('sys','mysql')
-and not (grantee = "'mysql.session'@'localhost'"
-and table_name in ('component', 'replication_group_members'));
+select * from INFORMATION_SCHEMA.TABLE_PRIVILEGES WHERE table_schema NOT IN ('sys','mysql');
 GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	PRIVILEGE_TYPE	IS_GRANTABLE
 drop view v1, v2, v3;
 drop table t1;

diff --git a/mysql-test/r/information_schema_cs.result b/mysql-test/r/information_schema_cs.result
@@ -544,9 +544,7 @@ grant select (a) on test.t1 to joe@localhost with grant option;
 select * from INFORMATION_SCHEMA.COLUMN_PRIVILEGES WHERE table_schema != 'sys';
 GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	COLUMN_NAME	PRIVILEGE_TYPE	IS_GRANTABLE
 'joe'@'localhost'	def	test	t1	a	SELECT	YES
-select * from INFORMATION_SCHEMA.TABLE_PRIVILEGES WHERE table_schema NOT IN ('sys','mysql')
-and not (grantee = "'mysql.session'@'localhost'"
-and table_name in ('component', 'replication_group_members'));
+select * from INFORMATION_SCHEMA.TABLE_PRIVILEGES WHERE table_schema NOT IN ('sys','mysql');
 GRANTEE	TABLE_CATALOG	TABLE_SCHEMA	TABLE_NAME	PRIVILEGE_TYPE	IS_GRANTABLE
 drop view v1, v2, v3;
 drop table t1;

diff --git a/mysql-test/r/initialize-bug20350099.result b/mysql-test/r/initialize-bug20350099.result
@@ -17,7 +17,7 @@ ERROR HY000: You must reset your password using ALTER USER statement before exec
 # Check the count of columns in mysql
 # check the user account
 SELECT user, host, plugin, LENGTH(authentication_string)
-FROM mysql.user ORDER BY user;
+FROM mysql.user WHERE user != 'percona.telemetry' ORDER BY user;
 user	host	plugin	LENGTH(authentication_string)
 mysql.infoschema	localhost	caching_sha2_password	70
 mysql.session	localhost	caching_sha2_password	70

diff --git a/mysql-test/r/initialize-sha256.result b/mysql-test/r/initialize-sha256.result
@@ -17,7 +17,7 @@ SET PASSWORD='';
 # Check the count of columns in mysql
 # check the user account
 SELECT user, host, plugin, LENGTH(authentication_string) > 0
-FROM mysql.user ORDER BY user;
+FROM mysql.user WHERE user != 'percona.telemetry' ORDER BY user;
 user	host	plugin	LENGTH(authentication_string) > 0
 mysql.infoschema	localhost	caching_sha2_password	1
 mysql.session	localhost	caching_sha2_password	1

diff --git a/mysql-test/r/initialize.result b/mysql-test/r/initialize.result
@@ -17,7 +17,7 @@ SET PASSWORD='';
 # Check the count of columns in mysql
 # check the user account
 SELECT user, host, plugin, LENGTH(authentication_string)
-FROM mysql.user ORDER by user;
+FROM mysql.user WHERE user != 'percona.telemetry' ORDER by user;
 user	host	plugin	LENGTH(authentication_string)
 mysql.infoschema	localhost	caching_sha2_password	70
 mysql.session	localhost	caching_sha2_password	70
@@ -67,7 +67,7 @@ SELECT 1;
 # Take out the extra t1 column
 # check the user account
 SELECT user, host, plugin, LENGTH(authentication_string)
-FROM mysql.user ORDER BY user;
+FROM mysql.user WHERE user != 'percona.telemetry' ORDER BY user;
 user	host	plugin	LENGTH(authentication_string)
 mysql.infoschema	localhost	caching_sha2_password	70
 mysql.session	localhost	caching_sha2_password	70