This is an automated email from the ASF dual-hosted git repository.
duanzhengqiang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new a06d032ad04 Add xa transaction data source privilege checker (#25147)
a06d032ad04 is described below
commit a06d032ad040d8f1a97d7144233cc1371b381acc
Author: ZhangCheng <[email protected]>
AuthorDate: Fri Apr 14 13:10:08 2023 +0800
Add xa transaction data source privilege checker (#25147)
* Add xa transaction data source privilege checker
* fix
* fix
* fix
* fix
* fix
---
docs/document/content/dev-manual/transaction.cn.md | 17 ++++
docs/document/content/dev-manual/transaction.en.md | 17 ++++
.../user-manual/error-code/sql-error-code.cn.md | 3 +-
.../user-manual/error-code/sql-error-code.en.md | 2 +
.../xa/XAShardingSphereTransactionManager.java | 2 +
.../checker/DataSourcePrivilegeChecker.java | 35 ++++++++
.../checker/DefaultDataSourcePrivilegeChecker.java | 35 ++++++++
.../dialect/MySQLDataSourcePrivilegeChecker.java | 82 ++++++++++++++++++
...XATransactionCheckPrivilegeFailedException.java | 35 ++++++++
.../exception/XATransactionPrivilegeException.java | 33 ++++++++
...a.datasource.checker.DataSourcePrivilegeChecker | 19 +++++
.../MySQLDataSourcePrivilegeCheckerTest.java | 99 ++++++++++++++++++++++
12 files changed, 378 insertions(+), 1 deletion(-)
diff --git a/docs/document/content/dev-manual/transaction.cn.md
b/docs/document/content/dev-manual/transaction.cn.md
index 748ad11e273..2fa01bcbb90 100644
--- a/docs/document/content/dev-manual/transaction.cn.md
+++ b/docs/document/content/dev-manual/transaction.cn.md
@@ -76,3 +76,20 @@ XA 分布式事务管理器
| *配置标识* | *详细说明* | *全限定类名*
|
|------------------------------------|------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| com.zaxxer.hikari.HikariDataSource | 用于获取 HikariCP 连接池的标准属性 |
[`org.apache.shardingsphere.transaction.xa.jta.datasource.swapper.impl.HikariCPPropertyProvider`](https://github.com/apache/shardingsphere/blob/master/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/swapper/impl/HikariCPPropertyProvider.java)
| |
+
+## DataSourcePrivilegeChecker
+
+### 全限定类名
+
+[`org.apache.shardingsphere.transaction.xa.jta.datasource.checker.DataSourcePrivilegeChecker`](https://github.com/apache/shardingsphere/blob/master/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/DataSourcePrivilegeChecker.java)
+
+### 定义
+
+用于通过数据源校验事务所需的权限
+
+### 已知实现
+
+| *配置标识* | *详细说明* | *全限定类名*
|
+|---------|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| MySQL | 校验 MySQL XA 事务所需的权限 |
[`org.apache.shardingsphere.transaction.xa.jta.datasource.checker.dialect.MySQLDataSourcePrivilegeChecker`](https://github.com/apache/shardingsphere/blob/master/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/dialect/MySQLDataSourcePrivilegeChecker.java)
| |
+| Default | 默认不校验事务所需的权限 |
[`org.apache.shardingsphere.transaction.xa.jta.datasource.checker.DefaultDataSourcePrivilegeChecker`](https://github.com/apache/shardingsphere/blob/master/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/DefaultDataSourcePrivilegeChecker.java)
| |
diff --git a/docs/document/content/dev-manual/transaction.en.md
b/docs/document/content/dev-manual/transaction.en.md
index ebd90c3a51b..4fce0ffefa6 100644
--- a/docs/document/content/dev-manual/transaction.en.md
+++ b/docs/document/content/dev-manual/transaction.en.md
@@ -76,3 +76,20 @@ Data source property provider service definition
| *Configuration Type* | *Description*
| *Fully-qualified class name*
|
|------------------------------------|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| com.zaxxer.hikari.HikariDataSource | Used to get standard properties of
HikariCP |
[`org.apache.shardingsphere.transaction.xa.jta.datasource.swapper.impl.HikariCPPropertyProvider`](https://github.com/apache/shardingsphere/blob/master/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/swapper/impl/HikariCPPropertyProvider.java)
|
+
+## DataSourcePrivilegeChecker
+
+### Fully-qualified class name
+
+[`org.apache.shardingsphere.transaction.xa.jta.datasource.checker.DataSourcePrivilegeChecker`](https://github.com/apache/shardingsphere/blob/master/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/DataSourcePrivilegeChecker.java)
+
+### Definition
+
+Check transaction privilege through the data source
+
+### Implementation classes
+
+| *配置标识* | *详细说明* | *全限定类名*
|
+|---------|---------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| MySQL | Verify MySQL XA transaction privilege |
[`org.apache.shardingsphere.transaction.xa.jta.datasource.checker.dialect.MySQLDataSourcePrivilegeChecker`](https://github.com/apache/shardingsphere/blob/master/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/dialect/MySQLDataSourcePrivilegeChecker.java)
| |
+| Default | Not verify transaction privilege by default |
[`org.apache.shardingsphere.transaction.xa.jta.datasource.checker.DefaultDataSourcePrivilegeChecker`](https://github.com/apache/shardingsphere/blob/master/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/DefaultDataSourcePrivilegeChecker.java)
| |
diff --git a/docs/document/content/user-manual/error-code/sql-error-code.cn.md
b/docs/document/content/user-manual/error-code/sql-error-code.cn.md
index 2b00b54068b..0d9623d6214 100644
--- a/docs/document/content/user-manual/error-code/sql-error-code.cn.md
+++ b/docs/document/content/user-manual/error-code/sql-error-code.cn.md
@@ -70,6 +70,8 @@ SQL 错误码以标准的 SQL State,Vendor Code 和详细错误信息提供,
| 25000 | 14200 | Can not start new XA transaction in a active
transaction. |
| 25000 | 14201 | Failed to create \`%s\` XA data source.
|
| 25000 | 14202 | Max length of xa unique resource name \`%s\`
exceeded: should be less than 45. |
+| 25000 | 14203 | Check privileges failed on data source, reason is:
\`%s\` |
+| 25000 | 14204 | Failed to create XA transaction manager, requires
\`%s\` privileges |
| 25000 | 14301 | ShardingSphere Seata-AT transaction has been
disabled. |
| 25000 | 14302 | Please config application id within seata.conf
file. |
@@ -226,7 +228,6 @@ SQL 错误码以标准的 SQL State,Vendor Code 和详细错误信息提供,
| 42S02 | 20296 | Not found load balance type in database \`%s\.`
|
| 44000 | 20297 | Weight load balancer datasource name config does
not match data sources in database \`%s\.` |
-
### 数据库高可用
| SQL State | Vendor Code | 错误信息
|
diff --git a/docs/document/content/user-manual/error-code/sql-error-code.en.md
b/docs/document/content/user-manual/error-code/sql-error-code.en.md
index 0ed3450df9b..62c465f7b56 100644
--- a/docs/document/content/user-manual/error-code/sql-error-code.en.md
+++ b/docs/document/content/user-manual/error-code/sql-error-code.en.md
@@ -70,6 +70,8 @@ SQL error codes provide by standard `SQL State`, `Vendor
Code` and `Reason`, whi
| 25000 | 14200 | Can not start new XA transaction in a active
transaction. |
| 25000 | 14201 | Failed to create \`%s\` XA data source.
|
| 25000 | 14202 | Max length of xa unique resource name \`%s\`
exceeded: should be less than 45. |
+| 25000 | 14203 | Check privileges failed on data source, reason is:
\`%s\` |
+| 25000 | 14204 | Failed to create XA transaction manager, requires
\`%s\` privileges |
| 25000 | 14301 | ShardingSphere Seata-AT transaction has been
disabled. |
| 25000 | 14302 | Please config application id within seata.conf
file. |
diff --git
a/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/XAShardingSphereTransactionManager.java
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/XAShardingSphereTransactionManager.java
index 35308dcff28..c038767f1b3 100644
---
a/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/XAShardingSphereTransactionManager.java
+++
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/XAShardingSphereTransactionManager.java
@@ -26,6 +26,7 @@ import
org.apache.shardingsphere.transaction.core.ResourceDataSource;
import
org.apache.shardingsphere.transaction.exception.TransactionTimeoutException;
import
org.apache.shardingsphere.transaction.spi.ShardingSphereTransactionManager;
import
org.apache.shardingsphere.transaction.xa.jta.datasource.XATransactionDataSource;
+import
org.apache.shardingsphere.transaction.xa.jta.datasource.checker.DataSourcePrivilegeChecker;
import
org.apache.shardingsphere.transaction.xa.spi.XATransactionManagerProvider;
import javax.sql.DataSource;
@@ -54,6 +55,7 @@ public final class XAShardingSphereTransactionManager
implements ShardingSphereT
@Override
public void init(final Map<String, DatabaseType> databaseTypes, final
Map<String, DataSource> dataSources, final String providerType) {
+ dataSources.forEach((key, value) ->
TypedSPILoader.getService(DataSourcePrivilegeChecker.class,
databaseTypes.get(key).getType()).checkPrivilege(value));
xaTransactionManagerProvider =
TypedSPILoader.getService(XATransactionManagerProvider.class, providerType);
xaTransactionManagerProvider.init();
Map<String, ResourceDataSource> resourceDataSources =
getResourceDataSources(dataSources);
diff --git
a/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/DataSourcePrivilegeChecker.java
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/DataSourcePrivilegeChecker.java
new file mode 100644
index 00000000000..64f754cbfa0
--- /dev/null
+++
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/DataSourcePrivilegeChecker.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.transaction.xa.jta.datasource.checker;
+
+import org.apache.shardingsphere.infra.util.spi.type.typed.TypedSPI;
+
+import javax.sql.DataSource;
+
+/**
+ * Data source privilege checker.
+ */
+public interface DataSourcePrivilegeChecker extends TypedSPI {
+
+ /**
+ * Check privilege.
+ *
+ * @param dataSource data source
+ */
+ void checkPrivilege(DataSource dataSource);
+}
diff --git
a/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/DefaultDataSourcePrivilegeChecker.java
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/DefaultDataSourcePrivilegeChecker.java
new file mode 100644
index 00000000000..f6ad1b80d1e
--- /dev/null
+++
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/DefaultDataSourcePrivilegeChecker.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.transaction.xa.jta.datasource.checker;
+
+import javax.sql.DataSource;
+
+/**
+ * Default data source privilege checker.
+ */
+public final class DefaultDataSourcePrivilegeChecker implements
DataSourcePrivilegeChecker {
+
+ @Override
+ public void checkPrivilege(final DataSource dataSource) {
+ }
+
+ @Override
+ public boolean isDefault() {
+ return true;
+ }
+}
diff --git
a/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/dialect/MySQLDataSourcePrivilegeChecker.java
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/dialect/MySQLDataSourcePrivilegeChecker.java
new file mode 100644
index 00000000000..e380dfc870f
--- /dev/null
+++
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/dialect/MySQLDataSourcePrivilegeChecker.java
@@ -0,0 +1,82 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package
org.apache.shardingsphere.transaction.xa.jta.datasource.checker.dialect;
+
+import
org.apache.shardingsphere.transaction.xa.jta.datasource.checker.DataSourcePrivilegeChecker;
+import
org.apache.shardingsphere.transaction.xa.jta.exception.XATransactionCheckPrivilegeFailedException;
+import
org.apache.shardingsphere.transaction.xa.jta.exception.XATransactionPrivilegeException;
+
+import javax.sql.DataSource;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.Arrays;
+
+/**
+ * MySQL data source privilege checker.
+ */
+public final class MySQLDataSourcePrivilegeChecker implements
DataSourcePrivilegeChecker {
+
+ private static final String SHOW_GRANTS_SQL = "SHOW GRANTS";
+
+ private static final String[][] REQUIRED_PRIVILEGES = {{"ALL PRIVILEGES",
"ON *.*"}, {"XA_RECOVER_ADMIN", "ON *.*"}};
+
+ private static final int MYSQL_MAJOR_VERSION_8 = 8;
+
+ /**
+ * Check privilege.
+ *
+ * @param dataSource data source
+ * @throws XATransactionCheckPrivilegeFailedException XA transaction check
privilege failed exception
+ */
+ public void checkPrivilege(final DataSource dataSource) {
+ try (Connection connection = dataSource.getConnection()) {
+ if (MYSQL_MAJOR_VERSION_8 ==
connection.getMetaData().getDatabaseMajorVersion()) {
+ checkPrivilege(connection);
+ }
+ } catch (final SQLException ex) {
+ throw new XATransactionCheckPrivilegeFailedException(ex);
+ }
+ }
+
+ private void checkPrivilege(final Connection connection) {
+ try (
+ PreparedStatement preparedStatement =
connection.prepareStatement(SHOW_GRANTS_SQL);
+ ResultSet resultSet = preparedStatement.executeQuery()) {
+ while (resultSet.next()) {
+ String privilege = resultSet.getString(1).toUpperCase();
+ if (matchPrivileges(privilege)) {
+ return;
+ }
+ }
+ } catch (final SQLException ex) {
+ throw new XATransactionCheckPrivilegeFailedException(ex);
+ }
+ throw new XATransactionPrivilegeException("XA_RECOVER_ADMIN");
+ }
+
+ private boolean matchPrivileges(final String privilege) {
+ return Arrays.stream(REQUIRED_PRIVILEGES).anyMatch(each ->
Arrays.stream(each).allMatch(privilege::contains));
+ }
+
+ @Override
+ public String getType() {
+ return "MySQL";
+ }
+}
diff --git
a/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/exception/XATransactionCheckPrivilegeFailedException.java
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/exception/XATransactionCheckPrivilegeFailedException.java
new file mode 100644
index 00000000000..dc48dd2c671
--- /dev/null
+++
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/exception/XATransactionCheckPrivilegeFailedException.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.transaction.xa.jta.exception;
+
+import
org.apache.shardingsphere.infra.util.exception.external.sql.sqlstate.XOpenSQLState;
+import org.apache.shardingsphere.transaction.exception.TransactionSQLException;
+
+import java.sql.SQLException;
+
+/**
+ * XA transaction check privilege failed exception.
+ */
+public final class XATransactionCheckPrivilegeFailedException extends
TransactionSQLException {
+
+ private static final long serialVersionUID = 6073175429050058508L;
+
+ public XATransactionCheckPrivilegeFailedException(final SQLException
cause) {
+ super(XOpenSQLState.INVALID_TRANSACTION_STATE, 203,
String.format("Check privileges failed on data source, reason is: %s",
cause.getMessage()), cause);
+ }
+}
diff --git
a/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/exception/XATransactionPrivilegeException.java
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/exception/XATransactionPrivilegeException.java
new file mode 100644
index 00000000000..bc796df5eee
--- /dev/null
+++
b/kernel/transaction/type/xa/core/src/main/java/org/apache/shardingsphere/transaction/xa/jta/exception/XATransactionPrivilegeException.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.transaction.xa.jta.exception;
+
+import
org.apache.shardingsphere.infra.util.exception.external.sql.sqlstate.XOpenSQLState;
+import org.apache.shardingsphere.transaction.exception.TransactionSQLException;
+
+/**
+ * XA transaction privilege exception.
+ */
+public final class XATransactionPrivilegeException extends
TransactionSQLException {
+
+ private static final long serialVersionUID = -1565168229743080642L;
+
+ public XATransactionPrivilegeException(final String errorMessage) {
+ super(XOpenSQLState.INVALID_TRANSACTION_STATE, 204, "Failed to create
XA transaction manager, requires `%s` privileges", errorMessage);
+ }
+}
diff --git
a/kernel/transaction/type/xa/core/src/main/resources/META-INF/services/org.apache.shardingsphere.transaction.xa.jta.datasource.checker.DataSourcePrivilegeChecker
b/kernel/transaction/type/xa/core/src/main/resources/META-INF/services/org.apache.shardingsphere.transaction.xa.jta.datasource.checker.DataSourcePrivilegeChecker
new file mode 100644
index 00000000000..d67dbc8ae46
--- /dev/null
+++
b/kernel/transaction/type/xa/core/src/main/resources/META-INF/services/org.apache.shardingsphere.transaction.xa.jta.datasource.checker.DataSourcePrivilegeChecker
@@ -0,0 +1,19 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+org.apache.shardingsphere.transaction.xa.jta.datasource.checker.DefaultDataSourcePrivilegeChecker
+org.apache.shardingsphere.transaction.xa.jta.datasource.checker.dialect.MySQLDataSourcePrivilegeChecker
diff --git
a/kernel/transaction/type/xa/core/src/test/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/MySQLDataSourcePrivilegeCheckerTest.java
b/kernel/transaction/type/xa/core/src/test/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/MySQLDataSourcePrivilegeCheckerTest.java
new file mode 100644
index 00000000000..0050bfcd8f9
--- /dev/null
+++
b/kernel/transaction/type/xa/core/src/test/java/org/apache/shardingsphere/transaction/xa/jta/datasource/checker/MySQLDataSourcePrivilegeCheckerTest.java
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.shardingsphere.transaction.xa.jta.datasource.checker;
+
+import
org.apache.shardingsphere.transaction.xa.jta.datasource.checker.dialect.MySQLDataSourcePrivilegeChecker;
+import
org.apache.shardingsphere.transaction.xa.jta.exception.XATransactionCheckPrivilegeFailedException;
+import
org.apache.shardingsphere.transaction.xa.jta.exception.XATransactionPrivilegeException;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Answers;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+
+import javax.sql.DataSource;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+@ExtendWith(MockitoExtension.class)
+class MySQLDataSourcePrivilegeCheckerTest {
+
+ @Mock
+ private PreparedStatement preparedStatement;
+
+ @Mock
+ private ResultSet resultSet;
+
+ @Mock(answer = Answers.RETURNS_DEEP_STUBS)
+ private DataSource dataSource;
+
+ @BeforeEach
+ void setUp() throws SQLException {
+
when(dataSource.getConnection().prepareStatement(anyString())).thenReturn(preparedStatement);
+ }
+
+ @Test
+ void assertCheckPrivilegeWithParticularSuccessInMySQL8() throws
SQLException {
+ when(preparedStatement.executeQuery()).thenReturn(resultSet);
+
when(dataSource.getConnection().getMetaData().getDatabaseMajorVersion()).thenReturn(8);
+ when(resultSet.next()).thenReturn(true);
+ when(resultSet.getString(1)).thenReturn("GRANT XA_RECOVER_ADMIN ON *.*
TO '%'@'%'");
+ new MySQLDataSourcePrivilegeChecker().checkPrivilege(dataSource);
+ verify(preparedStatement).executeQuery();
+ }
+
+ @Test
+ void assertUnCheckPrivilegeInMySQL5() throws SQLException {
+
when(dataSource.getConnection().getMetaData().getDatabaseMajorVersion()).thenReturn(5);
+ new MySQLDataSourcePrivilegeChecker().checkPrivilege(dataSource);
+ verify(preparedStatement, times(0)).executeQuery();
+ }
+
+ @Test
+ void assertCheckPrivilegeWithAllSuccessInMySQL8() throws SQLException {
+ when(preparedStatement.executeQuery()).thenReturn(resultSet);
+
when(dataSource.getConnection().getMetaData().getDatabaseMajorVersion()).thenReturn(8);
+ when(resultSet.next()).thenReturn(true);
+ when(resultSet.getString(1)).thenReturn("GRANT ALL PRIVILEGES ON *.*
TO '%'@'%'");
+ new MySQLDataSourcePrivilegeChecker().checkPrivilege(dataSource);
+ verify(preparedStatement).executeQuery();
+ }
+
+ @Test
+ void assertCheckPrivilegeLackPrivilegesInMySQL8() throws SQLException {
+ when(preparedStatement.executeQuery()).thenReturn(resultSet);
+
when(dataSource.getConnection().getMetaData().getDatabaseMajorVersion()).thenReturn(8);
+ assertThrows(XATransactionPrivilegeException.class, () -> new
MySQLDataSourcePrivilegeChecker().checkPrivilege(dataSource));
+ }
+
+ @Test
+ void assertCheckPrivilegeFailureInMySQL8() throws SQLException {
+ when(preparedStatement.executeQuery()).thenReturn(resultSet);
+
when(dataSource.getConnection().getMetaData().getDatabaseMajorVersion()).thenReturn(8);
+ when(resultSet.next()).thenThrow(new SQLException(""));
+ assertThrows(XATransactionCheckPrivilegeFailedException.class, () ->
new MySQLDataSourcePrivilegeChecker().checkPrivilege(dataSource));
+ }
+}
