Add MTR tests for privacy plugin

Summary:
This diff adds 20 MTR tests under a new test suite -- privacy. Most of them came from D28427704 test plan:
1. privacy_plugin_load: A basic test seeing if the plugin is loaded successfully. If not, the test shall be skipped
2. privacy_plugin_cache: Test verifies the caching works by looking into sql_privacy_log.
2. DI Policy tests :
    * privacy_configerator_policy_bypass_on_always_false_off
    * privacy_configerator_policy_bypass_on_always_false_on
    * privacy_configerator_policy_debug_dump
    * privacy_configerator_policy_fail_close_pes_check_fail
    * privacy_configerator_policy_fail_close_pes_check_pass
    * privacy_configerator_policy_fail_open_pes_check_fail
    * privacy_configerator_policy_fail_open_pes_check_pass
    * privacy_configerator_policy_response_attrs_contain_policy_status_pes_check_fail
    * privacy_configerator_policy_response_attrs_contain_policy_status_pes_check_pass
3. Configerator policy tests:
    * privacy_di_policy_bypass_on_always_false_off
    * privacy_di_policy_bypass_on_always_false_on
    * privacy_di_policy_debug_dump
    * privacy_di_policy_fail_close_pes_check_fail
    * privacy_di_policy_fail_close_pes_check_pass
    * privacy_di_policy_fail_open_pes_check_fail
    * privacy_di_policy_fail_open_pes_check_pass
    * privacy_di_policy_response_attrs_contain_policy_status_pes_check_fail
    * privacy_di_policy_response_attrs_contain_policy_status_pes_check_pass

Note that:
1. This test suite uses my.cnf to load the privacy plugin once for all the test cases under the suite (same approach as rpl_raft does). We cannot load and unload the pluging for each test case because folly::init cannot be executed twice from the same thread (see experiment D28626431)

Reviewed By: satya-valluri, aditya-jalan

Differential Revision: D28435743

fbshipit-source-id: 36dd01cbc29

mysql-test/suite/privacy/include/have_privacy_plugin.inc

@@ -0,0 +1,18 @@
+disable_query_log;
+let $privacy_plugin_installed= `SELECT COUNT(*) = 1
+FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME = 'privacy_plugin'`;
+if (!$privacy_plugin_installed)
+{
+  skip privacy_plugin plugin not installed.
+  Please check mysql_privacy_plugin.so is loaded;
+}
+
+let $sql_privacy_log_installed= `SELECT COUNT(*) = 1
+FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME = 'SQL_PRIVACY_LOG'`;
+if (!$privacy_plugin_installed)
+{
+  skip SQL_PRIVACY_LOG plugin not installed.
+  Please check mysql_privacy_plugin.so is loaded;
+}
+
+enable_query_log;

mysql-test/suite/privacy/include/privacy_end.inc

@@ -0,0 +1,21 @@
+# Uninstall plugin
+let $privacy_plugin_was_early_installed = `SELECT COUNT(*) = 0
+FROM mysql.plugin WHERE NAME = 'privacy_plugin'`;
+let $sql_privacy_log_was_early_installed = `SELECT COUNT(*) = 0
+FROM mysql.plugin WHERE NAME = 'SQL_PRIVACY_LOG'`;
+
+disable_query_log;
+disable_warnings;
+# $privacy_plugin_was_early_installed = 1 means the privacy plugin was
+# installed at the startup time instead of being installed dynamically.
+# If so, we don't want to uninstall them.
+if (!$privacy_plugin_was_early_installed)
+{
+  UNINSTALL PLUGIN privacy_plugin;
+}
+if (!$sql_privacy_log_was_early_installed)
+{
+  UNINSTALL PLUGIN SQL_PRIVACY_LOG;
+}
+enable_warnings;
+enable_query_log;

mysql-test/suite/privacy/include/privacy_init.inc

@@ -0,0 +1,19 @@
+# Check if the plugin binary exists in the plugin dir
+--let $plugin_dir= `SELECT @@GLOBAL.PLUGIN_DIR`
+--file_exists $plugin_dir/mysql_privacy_plugin.so
+let $privacy_plugin_early_installed= `SELECT COUNT(*) = 1
+FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME = 'privacy_plugin'`;
+let $sql_privacy_log_early_installed= `SELECT COUNT(*) = 1
+FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME = 'SQL_PRIVACY_LOG'`;
+
+# Install plugin
+disable_query_log;
+if (!$privacy_plugin_early_installed)
+{
+  INSTALL PLUGIN privacy_plugin SONAME 'mysql_privacy_plugin.so';
+}
+if (!$sql_privacy_log_early_installed)
+{
+  INSTALL PLUGIN SQL_PRIVACY_LOG SONAME 'mysql_privacy_plugin.so';
+}
+enable_query_log;

mysql-test/suite/privacy/my.cnf

@@ -0,0 +1,10 @@
+!include include/default_mysqld.cnf
+!include include/default_client.cnf
+
+[mysqld.1]
+#!run-master-sh
+plugin-load=mysql_privacy_plugin.so
+
+[ENV]
+MASTER_MYPORT=@mysqld.1.port
+MASTER_MYSOCK=@mysqld.1.socket

mysql-test/suite/privacy/r/privacy_configerator_policy_bypass_on_always_false_off.result

@@ -0,0 +1,28 @@
+CREATE TABLE privacy_blood_donation_table (
+id int NOT NULL,
+name VARCHAR(30)   NOT NULL DEFAULT '',
+PRIMARY KEY (`id`)
+);
+INSERT INTO privacy_blood_donation_table VALUES(1, "User1");
+set @original_privacy_plugin_purpose_policy_check_bypass_evaluator=@@session.privacy_plugin_purpose_policy_check_bypass_evaluator;
+set @original_privacy_plugin_purpose_policy_check=@@session.privacy_plugin_purpose_policy_check;
+set session privacy_plugin_purpose_policy_check_bypass_evaluator=on;
+set session privacy_plugin_purpose_policy_check=fail_open;
+select * from privacy_blood_donation_table;
+id	name
+1	User1
+select * from privacy_blood_donation_table;
+id	name
+1	User1
+select * from privacy_blood_donation_table where id>= 1;
+id	name
+1	User1
+select name, count(id) from privacy_blood_donation_table group by name;
+name	count(id)
+User1	1
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+name	count(id)
+User1	1
+set session privacy_plugin_purpose_policy_check_bypass_evaluator=@original_privacy_plugin_purpose_policy_check_bypass_evaluator;
+set session privacy_plugin_purpose_policy_check=@original_privacy_plugin_purpose_policy_check;
+drop table privacy_blood_donation_table;

mysql-test/suite/privacy/r/privacy_configerator_policy_bypass_on_always_false_on.result

@@ -0,0 +1,57 @@
+CREATE TABLE privacy_blood_donation_table (
+id int NOT NULL,
+name VARCHAR(30)   NOT NULL DEFAULT '',
+PRIMARY KEY (`id`)
+);
+INSERT INTO privacy_blood_donation_table VALUES(1, "User1");
+set @original_privacy_plugin_purpose_policy_check_bypass_evaluator=@@session.privacy_plugin_purpose_policy_check_bypass_evaluator;
+set @original_privacy_plugin_purpose_policy_check_always_false=@@session.privacy_plugin_purpose_policy_check_always_false;
+set @original_privacy_plugin_purpose_policy_check=@@session.privacy_plugin_purpose_policy_check;
+set session privacy_plugin_purpose_policy_check_bypass_evaluator=on;
+set session privacy_plugin_purpose_policy_check_always_false=on;
+set session privacy_plugin_purpose_policy_check=fail_open;
+select * from privacy_blood_donation_table;
+id	name
+1	User1
+Warnings:
+Warning	50302	Purpose policy check 'dummy_result_policy' (query policy: 'blood_donor') failed in FAIL_OPEN mode
+show warnings;
+Level	Code	Message
+Warning	50302	Purpose policy check 'dummy_result_policy' (query policy: 'blood_donor') failed in FAIL_OPEN mode
+select * from privacy_blood_donation_table where id>= 1;
+id	name
+1	User1
+Warnings:
+Warning	50302	Purpose policy check 'dummy_result_policy' (query policy: 'blood_donor') failed in FAIL_OPEN mode
+show warnings;
+Level	Code	Message
+Warning	50302	Purpose policy check 'dummy_result_policy' (query policy: 'blood_donor') failed in FAIL_OPEN mode
+select name, count(id) from privacy_blood_donation_table group by name;
+name	count(id)
+User1	1
+Warnings:
+Warning	50302	Purpose policy check 'dummy_result_policy' (query policy: 'blood_donor') failed in FAIL_OPEN mode
+show warnings;
+Level	Code	Message
+Warning	50302	Purpose policy check 'dummy_result_policy' (query policy: 'blood_donor') failed in FAIL_OPEN mode
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+name	count(id)
+User1	1
+Warnings:
+Warning	50302	Purpose policy check 'dummy_result_policy' (query policy: 'blood_donor') failed in FAIL_OPEN mode
+show warnings;
+Level	Code	Message
+Warning	50302	Purpose policy check 'dummy_result_policy' (query policy: 'blood_donor') failed in FAIL_OPEN mode
+set session privacy_plugin_purpose_policy_check=fail_close;
+select * from privacy_blood_donation_table;
+ERROR HY000: Purpose policy check `dummy_result_policy` (query policy: `blood_donor`) failed in FAIL_CLOSE mode
+select * from privacy_blood_donation_table where id>= 1;
+ERROR HY000: Purpose policy check `dummy_result_policy` (query policy: `blood_donor`) failed in FAIL_CLOSE mode
+select name, count(id) from privacy_blood_donation_table group by name;
+ERROR HY000: Purpose policy check `dummy_result_policy` (query policy: `blood_donor`) failed in FAIL_CLOSE mode
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+ERROR HY000: Purpose policy check `dummy_result_policy` (query policy: `blood_donor`) failed in FAIL_CLOSE mode
+set session privacy_plugin_purpose_policy_check_bypass_evaluator=@original_privacy_plugin_purpose_policy_check_bypass_evaluator;
+set session privacy_plugin_purpose_policy_check_always_false=@original_privacy_plugin_purpose_policy_check_always_false;
+set session privacy_plugin_purpose_policy_check=@original_privacy_plugin_purpose_policy_check;
+drop table privacy_blood_donation_table;

mysql-test/suite/privacy/r/privacy_configerator_policy_debug_dump.result

@@ -0,0 +1,25 @@
+CREATE TABLE privacy_blood_donation_table (
+id int NOT NULL,
+name VARCHAR(30)   NOT NULL DEFAULT '',
+PRIMARY KEY (`id`)
+);
+INSERT INTO privacy_blood_donation_table VALUES(1, "User1");
+set @original_privacy_plugin_purpose_policy_check_debug_dump=@@session.privacy_plugin_purpose_policy_check_debug_dump;
+set @original_privacy_plugin_purpose_policy_check=@@session.privacy_plugin_purpose_policy_check;
+set session privacy_plugin_purpose_policy_check_debug_dump=on;
+set session privacy_plugin_purpose_policy_check=fail_open;
+select * from privacy_blood_donation_table;
+id	name
+1	User1
+select * from privacy_blood_donation_table where id>= 1;
+id	name
+1	User1
+select name, count(id) from privacy_blood_donation_table group by name;
+name	count(id)
+User1	1
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+name	count(id)
+User1	1
+set session privacy_plugin_purpose_policy_check_debug_dump=@original_privacy_plugin_purpose_policy_check_debug_dump;
+set session privacy_plugin_purpose_policy_check=@original_privacy_plugin_purpose_policy_check;
+drop table privacy_blood_donation_table;

mysql-test/suite/privacy/r/privacy_configerator_policy_fail_close_pes_check_fail.result

@@ -0,0 +1,26 @@
+CREATE TABLE privacy_blood_donation_table (
+id int NOT NULL,
+name VARCHAR(30)   NOT NULL DEFAULT '',
+PRIMARY KEY (`id`)
+);
+INSERT INTO privacy_blood_donation_table VALUES(1, "User1");
+set @original_privacy_plugin_purpose_policy_check=@@session.privacy_plugin_purpose_policy_check;
+set session privacy_plugin_purpose_policy_check=fail_close;
+select * from privacy_blood_donation_table;
+ERROR HY000: Purpose policy check `fbig::consumer_products::core_products::blood_donation` (query policy: `safety_security_integrity`) failed in FAIL_CLOSE mode
+select * from privacy_blood_donation_table;
+ERROR HY000: Purpose policy check `fbig::consumer_products::core_products::blood_donation` (query policy: `safety_security_integrity`) failed in FAIL_CLOSE mode
+select * from privacy_blood_donation_table where id>= 1;
+ERROR HY000: Purpose policy check `fbig::consumer_products::core_products::blood_donation` (query policy: `safety_security_integrity`) failed in FAIL_CLOSE mode
+select * from privacy_blood_donation_table where id>= 1;
+ERROR HY000: Purpose policy check `fbig::consumer_products::core_products::blood_donation` (query policy: `safety_security_integrity`) failed in FAIL_CLOSE mode
+select name, count(id) from privacy_blood_donation_table group by name;
+ERROR HY000: Purpose policy check `fbig::consumer_products::core_products::blood_donation` (query policy: `safety_security_integrity`) failed in FAIL_CLOSE mode
+select name, count(id) from privacy_blood_donation_table group by name;
+ERROR HY000: Purpose policy check `fbig::consumer_products::core_products::blood_donation` (query policy: `safety_security_integrity`) failed in FAIL_CLOSE mode
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+ERROR HY000: Purpose policy check `fbig::consumer_products::core_products::blood_donation` (query policy: `safety_security_integrity`) failed in FAIL_CLOSE mode
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+ERROR HY000: Purpose policy check `fbig::consumer_products::core_products::blood_donation` (query policy: `safety_security_integrity`) failed in FAIL_CLOSE mode
+set session privacy_plugin_purpose_policy_check=@original_privacy_plugin_purpose_policy_check;
+drop table privacy_blood_donation_table;

mysql-test/suite/privacy/r/privacy_configerator_policy_fail_close_pes_check_pass.result

@@ -0,0 +1,34 @@
+CREATE TABLE privacy_blood_donation_table (
+id int NOT NULL,
+name VARCHAR(30)   NOT NULL DEFAULT '',
+PRIMARY KEY (`id`)
+);
+INSERT INTO privacy_blood_donation_table VALUES(1, "User1");
+set @original_privacy_plugin_purpose_policy_check=@@session.privacy_plugin_purpose_policy_check;
+set session privacy_plugin_purpose_policy_check=fail_close;
+select * from privacy_blood_donation_table;
+id	name
+1	User1
+select * from privacy_blood_donation_table;
+id	name
+1	User1
+select * from privacy_blood_donation_table where id>= 1;
+id	name
+1	User1
+select * from privacy_blood_donation_table where id>= 1;
+id	name
+1	User1
+select name, count(id) from privacy_blood_donation_table group by name;
+name	count(id)
+User1	1
+select name, count(id) from privacy_blood_donation_table group by name;
+name	count(id)
+User1	1
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+name	count(id)
+User1	1
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+name	count(id)
+User1	1
+set session privacy_plugin_purpose_policy_check=@original_privacy_plugin_purpose_policy_check;
+drop table privacy_blood_donation_table;

mysql-test/suite/privacy/r/privacy_configerator_policy_fail_open_pes_check_fail.result

@@ -0,0 +1,42 @@
+CREATE TABLE privacy_blood_donation_table (
+id int NOT NULL,
+name VARCHAR(30)   NOT NULL DEFAULT '',
+PRIMARY KEY (`id`)
+);
+INSERT INTO privacy_blood_donation_table VALUES(1, "User1");
+set @original_privacy_plugin_purpose_policy_check=@@session.privacy_plugin_purpose_policy_check;
+set session privacy_plugin_purpose_policy_check=fail_open;
+select * from privacy_blood_donation_table;
+id	name
+1	User1
+Warnings:
+Warning	50302	Purpose policy check 'fbig::consumer_products::core_products::blood_donation' (query policy: 'safety_security_integrity') failed in FAIL_OPEN mode
+show warnings;
+Level	Code	Message
+Warning	50302	Purpose policy check 'fbig::consumer_products::core_products::blood_donation' (query policy: 'safety_security_integrity') failed in FAIL_OPEN mode
+select * from privacy_blood_donation_table where id>= 1;
+id	name
+1	User1
+Warnings:
+Warning	50302	Purpose policy check 'fbig::consumer_products::core_products::blood_donation' (query policy: 'safety_security_integrity') failed in FAIL_OPEN mode
+show warnings;
+Level	Code	Message
+Warning	50302	Purpose policy check 'fbig::consumer_products::core_products::blood_donation' (query policy: 'safety_security_integrity') failed in FAIL_OPEN mode
+select name, count(id) from privacy_blood_donation_table group by name;
+name	count(id)
+User1	1
+Warnings:
+Warning	50302	Purpose policy check 'fbig::consumer_products::core_products::blood_donation' (query policy: 'safety_security_integrity') failed in FAIL_OPEN mode
+show warnings;
+Level	Code	Message
+Warning	50302	Purpose policy check 'fbig::consumer_products::core_products::blood_donation' (query policy: 'safety_security_integrity') failed in FAIL_OPEN mode
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+name	count(id)
+User1	1
+Warnings:
+Warning	50302	Purpose policy check 'fbig::consumer_products::core_products::blood_donation' (query policy: 'safety_security_integrity') failed in FAIL_OPEN mode
+show warnings;
+Level	Code	Message
+Warning	50302	Purpose policy check 'fbig::consumer_products::core_products::blood_donation' (query policy: 'safety_security_integrity') failed in FAIL_OPEN mode
+set session privacy_plugin_purpose_policy_check=@original_privacy_plugin_purpose_policy_check;
+drop table privacy_blood_donation_table;

mysql-test/suite/privacy/r/privacy_configerator_policy_fail_open_pes_check_pass.result

@@ -0,0 +1,64 @@
+CREATE TABLE privacy_blood_donation_table (
+id int NOT NULL,
+name VARCHAR(30)   NOT NULL DEFAULT '',
+PRIMARY KEY (`id`)
+);
+INSERT INTO privacy_blood_donation_table VALUES(1, "User1");
+set @original_privacy_plugin_purpose_policy_check=@@session.privacy_plugin_purpose_policy_check;
+set session privacy_plugin_purpose_policy_check=fail_open;
+show variables like 'privacy_plugin_%';
+Variable_name	Value
+privacy_plugin_purpose_policy_cache_control	OFF
+privacy_plugin_purpose_policy_cache_retention	0
+privacy_plugin_purpose_policy_check	FAIL_OPEN
+privacy_plugin_purpose_policy_check_always_false	OFF
+privacy_plugin_purpose_policy_check_bypass_evaluator	OFF
+privacy_plugin_purpose_policy_check_debug_dump	OFF
+privacy_plugin_response_attrs_contain_policy_status	OFF
+select * from privacy_blood_donation_table;
+id	name
+1	User1
+Warnings:
+Warning	50302	Purpose policy check '' (query policy: '') failed in FAIL_OPEN mode
+select * from privacy_blood_donation_table;
+id	name
+1	User1
+Warnings:
+Warning	50302	Purpose policy check '' (query policy: '') failed in FAIL_OPEN mode
+select * from privacy_blood_donation_table where id>= 1;
+id	name
+1	User1
+Warnings:
+Warning	50302	Purpose policy check '' (query policy: '') failed in FAIL_OPEN mode
+select * from privacy_blood_donation_table where id>= 1;
+id	name
+1	User1
+Warnings:
+Warning	50302	Purpose policy check '' (query policy: '') failed in FAIL_OPEN mode
+select * from privacy_blood_donation_table where id>= 1;
+id	name
+1	User1
+Warnings:
+Warning	50302	Purpose policy check '' (query policy: '') failed in FAIL_OPEN mode
+select name, count(id) from privacy_blood_donation_table group by name;
+name	count(id)
+User1	1
+Warnings:
+Warning	50302	Purpose policy check '' (query policy: '') failed in FAIL_OPEN mode
+select name, count(id) from privacy_blood_donation_table group by name;
+name	count(id)
+User1	1
+Warnings:
+Warning	50302	Purpose policy check '' (query policy: '') failed in FAIL_OPEN mode
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+name	count(id)
+User1	1
+Warnings:
+Warning	50302	Purpose policy check '' (query policy: '') failed in FAIL_OPEN mode
+select name, count(id) from privacy_blood_donation_table group by name order by 1;
+name	count(id)
+User1	1
+Warnings:
+Warning	50302	Purpose policy check '' (query policy: '') failed in FAIL_OPEN mode
+set session privacy_plugin_purpose_policy_check=@original_privacy_plugin_purpose_policy_check;
+drop table privacy_blood_donation_table;