From 73ecbdf250578ecf612261100607c3ac2a86957c Mon Sep 17 00:00:00 2001
From: Carl Henrik Lunde <chlunde@ifi.uio.no>
Date: Mon, 16 Feb 2026 22:58:10 +0100
Subject: [PATCH 1/3] chore: use build/makelib/local.xpkg.mk for e2e cluster

Simplify e2e setup by using the shared code here. This code will
support crossplane 2.2.0, which changes the cache paths again.

When CROSSPLANE_HELM_CHART_VERSION contains rc we enable --devel for
helm to find the appropriate chart.

Related: https://github.com/crossplane/build/pull/52

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
---
 Makefile                           |   9 +-
 cluster/local/integration_tests.sh | 136 +++++------------------------
 2 files changed, 29 insertions(+), 116 deletions(-)

diff --git a/Makefile b/Makefile
index 427f4845..691e214f 100644
--- a/Makefile
+++ b/Makefile
@@ -53,6 +53,7 @@ XPKG_REG_ORGS ?= xpkg.upbound.io/crossplane-contrib
 XPKG_REG_ORGS_NO_PROMOTE ?= xpkg.upbound.io/crossplane-contrib
 XPKGS = provider-sql
 -include build/makelib/xpkg.mk
+-include build/makelib/local.xpkg.mk
 
 # NOTE(hasheddan): we force image building to happen prior to xpkg build so that
 # we ensure image is present in daemon.
@@ -83,10 +84,16 @@ generate: crds.clean
 # integration tests
 e2e.run: test-integration
 
+CROSSPLANE_HELM_CHANNEL ?= stable
+CROSSPLANE_HELM_CHART_VERSION ?=
+
 # Run integration tests.
 test-integration: $(KIND) $(KUBECTL) $(CROSSPLANE_CLI) $(HELM)
 	@$(INFO) running integration tests using kind $(KIND_VERSION)
-	@KIND_NODE_IMAGE_TAG=${KIND_NODE_IMAGE_TAG} $(ROOT_DIR)/cluster/local/integration_tests.sh || $(FAIL)
+	@KIND_NODE_IMAGE_TAG=${KIND_NODE_IMAGE_TAG} \
+	  CROSSPLANE_HELM_CHANNEL=${CROSSPLANE_HELM_CHANNEL} \
+	  CROSSPLANE_HELM_CHART_VERSION=${CROSSPLANE_HELM_CHART_VERSION} \
+	  $(ROOT_DIR)/cluster/local/integration_tests.sh || $(FAIL)
 	@$(OK) integration tests passed
 
 # Update the submodules, such as the common build scripts.
diff --git a/cluster/local/integration_tests.sh b/cluster/local/integration_tests.sh
index 38365ccb..06c81f29 100755
--- a/cluster/local/integration_tests.sh
+++ b/cluster/local/integration_tests.sh
@@ -44,8 +44,6 @@ eval $(make --no-print-directory -C ${projectdir} build.vars)
 SAFEHOSTARCH="${SAFEHOSTARCH:-amd64}"
 CONTROLLER_IMAGE="${BUILD_REGISTRY}/${PROJECT_NAME}-${SAFEHOSTARCH}"
 
-version_tag="$(cat ${projectdir}/_output/version)"
-# tag as latest version to load into kind cluster
 K8S_CLUSTER="${K8S_CLUSTER:-${BUILD_REGISTRY}-inttests}"
 
 PACKAGE_NAME="provider-sql"
@@ -89,80 +87,10 @@ integration_tests_end() {
 }
 
 setup_cluster() {
-  echo_step "setting up local package cache"
-
-  local cache_path="${projectdir}/.work/inttest-package-cache"
-  mkdir -p "${cache_path}/xpkg.crossplane.io"
-  echo "created cache dir at ${cache_path}"
-  "${CROSSPLANE_CLI}" xpkg extract --from-xpkg "${OUTPUT_DIR}"/xpkg/linux_"${SAFEHOSTARCH}"/"${PACKAGE_NAME}"-"${VERSION}".xpkg -o "${cache_path}/xpkg.crossplane.io/${PACKAGE_NAME}:latest.gz"
-  chmod 644 "${cache_path}/xpkg.crossplane.io/${PACKAGE_NAME}:latest.gz"
-
   local node_image="kindest/node:${KIND_NODE_IMAGE_TAG}"
   echo_step "creating k8s cluster using kind ${KIND_VERSION} and node image ${node_image}"
 
-  local config="$( cat <<EOF
-kind: Cluster
-apiVersion: kind.x-k8s.io/v1alpha4
-nodes:
-- role: control-plane
-  extraMounts:
-  - hostPath: "${cache_path}/"
-    containerPath: /cache
-EOF
-  )"
-  echo "${config}" | "${KIND}" create cluster --name="${K8S_CLUSTER}" --wait=5m --image="${node_image}" --config=-
-
-  echo_step "tag controller image and load it into kind cluster"
-
-  docker tag "${CONTROLLER_IMAGE}" "xpkg.crossplane.io/${PACKAGE_NAME}"
-  "${KIND}" load docker-image "xpkg.crossplane.io/${PACKAGE_NAME}" --name="${K8S_CLUSTER}"
-
-  echo_step "create crossplane-system namespace"
-
-  "${KUBECTL}" create ns crossplane-system
-
-  echo_step "create persistent volume for mounting package-cache"
-
-  local pv_yaml="$( cat <<EOF
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: package-cache
-  labels:
-    type: local
-spec:
-  storageClassName: manual
-  capacity:
-    storage: 5Mi
-  accessModes:
-    - ReadWriteOnce
-  hostPath:
-    path: "/cache"
-EOF
-  )"
-
-  echo "${pv_yaml}" | "${KUBECTL}" create -f -
-
-  echo_step "create persistent volume claim for mounting package-cache"
-
-  local pvc_yaml="$( cat <<EOF
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: package-cache
-  namespace: crossplane-system
-spec:
-  accessModes:
-    - ReadWriteOnce
-  volumeName: package-cache
-  storageClassName: manual
-  resources:
-    requests:
-      storage: 1Mi
-EOF
-  )"
-
-  echo "${pvc_yaml}" | "${KUBECTL}" create -f -
+  "${KIND}" create cluster --name="${K8S_CLUSTER}" --wait=5m --image="${node_image}"
 }
 
 cleanup_cluster() {
@@ -170,53 +98,26 @@ cleanup_cluster() {
 }
 
 setup_crossplane() {
-  echo_step "installing crossplane from stable channel"
+  local channel="${CROSSPLANE_HELM_CHANNEL:-stable}"
+  echo_step "installing crossplane from ${channel} channel"
 
-  "${HELM}" repo add crossplane-stable https://charts.crossplane.io/stable/ --force-update
-  local chart_version="$("${HELM}" search repo crossplane-stable/crossplane | awk 'FNR == 2 {print $2}')"
+  "${HELM}" repo add crossplane-channel "https://charts.crossplane.io/${channel}/" --force-update
+
+  local chart_version="${CROSSPLANE_HELM_CHART_VERSION:-}"
+  if [ -z "${chart_version}" ]; then
+    chart_version="$("${HELM}" search repo crossplane-channel/crossplane | awk 'FNR == 2 {print $2}')"
+  fi
   echo_info "using crossplane version ${chart_version}"
   echo
-  # we replace empty dir with our PVC so that the /cache dir in the kind node
-  # container is exposed to the crossplane pod
-  "${HELM}" install crossplane --namespace crossplane-system crossplane-stable/crossplane --version ${chart_version} --wait --set packageCache.pvc=package-cache
+
+  "${HELM}" install crossplane --namespace crossplane-system --create-namespace \
+    crossplane-channel/crossplane \
+    --version "${chart_version}" --wait
 }
 
 setup_provider() {
-  echo_step "installing provider"
-
-  local yaml="$( cat <<EOF
-apiVersion: pkg.crossplane.io/v1beta1
-kind: DeploymentRuntimeConfig
-metadata:
-  name: debug-config
-spec:
-  deploymentTemplate:
-    spec:
-      selector: {}
-      template:
-        spec:
-          containers:
-            - name: package-runtime
-              args:
-                - --debug
----
-apiVersion: pkg.crossplane.io/v1
-kind: Provider
-metadata:
-  name: "${PACKAGE_NAME}"
-spec:
-  runtimeConfigRef:
-    name: debug-config
-  package: "xpkg.crossplane.io/${PACKAGE_NAME}:latest"
-  packagePullPolicy: Never
-EOF
-  )"
-
-  echo "${yaml}" | "${KUBECTL}" apply -f -
-
-  # printing the cache dir contents can be useful for troubleshooting failures
-  echo_step "check kind node cache dir contents"
-  docker exec "${K8S_CLUSTER}-control-plane" ls -la /cache
+  echo_step "deploying provider via local.xpkg.deploy"
+  make -C "${projectdir}" local.xpkg.deploy.provider.${PACKAGE_NAME} KIND_CLUSTER_NAME="${K8S_CLUSTER}"
 
   echo_step "waiting for provider to be installed"
   "${KUBECTL}" wait "provider.pkg.crossplane.io/${PACKAGE_NAME}" --for=condition=healthy --timeout=60s
@@ -226,7 +127,7 @@ cleanup_provider() {
   echo_step "uninstalling provider"
 
   "${KUBECTL}" delete provider.pkg.crossplane.io "${PACKAGE_NAME}"
-  "${KUBECTL}" delete deploymentruntimeconfig.pkg.crossplane.io debug-config
+  "${KUBECTL}" delete deploymentruntimeconfig.pkg.crossplane.io runtimeconfig-${PACKAGE_NAME}
 
   echo_step "waiting for provider pods to be deleted"
   timeout=60
@@ -501,6 +402,11 @@ setup_cluster
 setup_crossplane
 setup_provider
 
+if [ "${QUICK_TEST:-}" == "true" ]; then
+  echo_success "Quick test passed: provider is healthy and running."
+  exit 0
+fi
+
 integration_tests_mariadb() {
   if [[ "${TLS}" == "true" ]]; then
     setup_tls_certs

From 94fec6ef24c220e433297831e15d75436b0087ad Mon Sep 17 00:00:00 2001
From: Carl Henrik Lunde <chlunde@ifi.uio.no>
Date: Mon, 23 Feb 2026 11:45:59 +0100
Subject: [PATCH 2/3] Update build submodule for crossplane 2.2 support

Signed-off-by: Carl Henrik Lunde <chlunde@ifi.uio.no>
---
 build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build b/build
index 99c79f0c..907604dd 160000
--- a/build
+++ b/build
@@ -1 +1 @@
-Subproject commit 99c79f0c310d02157495f457f99b95370200c389
+Subproject commit 907604dd4d57eba8bcf94699d7834f68389b4f96

From 9c8f9748fd370f8d12283db918e49eb79a19c089 Mon Sep 17 00:00:00 2001
From: ymaniukevich <yauheni.maniukevich@gmail.com>
Date: Mon, 23 Feb 2026 08:19:55 +0100
Subject: [PATCH 3/3] feat(mysql): Allow to Grant permissions on specific
 columns in table mysql: add e2e tests to cover granting permission on table

Signed-off-by: ymaniukevich <yauheni.maniukevich@gmail.com>
---
 apis/cluster/mysql/v1alpha1/grant_types.go         | 2 +-
 apis/namespaced/mysql/v1alpha1/grant_types.go      | 2 +-
 cluster/local/integration_tests.sh                 | 6 ++++++
 examples/cluster/mysql/grant_table.yaml            | 3 ++-
 examples/namespaced/mysql/grant_table.yaml         | 4 ++++
 package/crds/mysql.sql.crossplane.io_grants.yaml   | 2 +-
 package/crds/mysql.sql.m.crossplane.io_grants.yaml | 2 +-
 7 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/apis/cluster/mysql/v1alpha1/grant_types.go b/apis/cluster/mysql/v1alpha1/grant_types.go
index 01f02691..1ba40436 100644
--- a/apis/cluster/mysql/v1alpha1/grant_types.go
+++ b/apis/cluster/mysql/v1alpha1/grant_types.go
@@ -29,7 +29,7 @@ type GrantSpec struct {
 }
 
 // GrantPrivilege represents a privilege to be granted
-// +kubebuilder:validation:Pattern:=^[A-Z_ ]+$
+// +kubebuilder:validation:Pattern:="^[A-Za-z0-9_,() ]+$"
 type GrantPrivilege string
 
 // If Privileges are specified, we should have at least one
diff --git a/apis/namespaced/mysql/v1alpha1/grant_types.go b/apis/namespaced/mysql/v1alpha1/grant_types.go
index 2e0f88a6..7ae2279b 100644
--- a/apis/namespaced/mysql/v1alpha1/grant_types.go
+++ b/apis/namespaced/mysql/v1alpha1/grant_types.go
@@ -31,7 +31,7 @@ type GrantSpec struct {
 }
 
 // GrantPrivilege represents a privilege to be granted
-// +kubebuilder:validation:Pattern:=^[A-Z_ ]+$
+// +kubebuilder:validation:Pattern:="^[A-Za-z0-9_,() ]+$"
 type GrantPrivilege string
 
 // If Privileges are specified, we should have at least one
diff --git a/cluster/local/integration_tests.sh b/cluster/local/integration_tests.sh
index 06c81f29..5a2cce29 100755
--- a/cluster/local/integration_tests.sh
+++ b/cluster/local/integration_tests.sh
@@ -373,10 +373,15 @@ test_update_user_password() {
 
 test_create_grant() {
   echo_step "test creating MySQL Grant resource"
+  "${KUBECTL}" exec mariadb-0 -- bash -c \
+  'mariadb -uroot -p${MARIADB_ROOT_PASSWORD} -N -e "CREATE TABLE \`example-db\`.\`example-table\` (id INT, status VARCHAR(50), updated_at TIMESTAMP);"'
+
   "${KUBECTL}" apply -f ${projectdir}/examples/${API_TYPE}/mysql/grant_database.yaml
+  "${KUBECTL}" apply -f ${projectdir}/examples/${API_TYPE}/mysql/grant_table.yaml
 
   echo_info "check if is ready"
   "${KUBECTL}" wait --timeout 2m --for condition=Ready -f ${projectdir}/examples/${API_TYPE}/mysql/grant_database.yaml
+  "${KUBECTL}" wait --timeout 2m --for condition=Ready -f ${projectdir}/examples/${API_TYPE}/mysql/grant_table.yaml
   echo_step_completed
 }
 
@@ -393,6 +398,7 @@ test_all() {
 cleanup_test_resources() {
   echo_step "cleaning up test resources"
   "${KUBECTL}" delete -f ${projectdir}/examples/${API_TYPE}/mysql/grant_database.yaml
+  "${KUBECTL}" delete -f ${projectdir}/examples/${API_TYPE}/mysql/grant_table.yaml
   "${KUBECTL}" delete -f ${projectdir}/examples/${API_TYPE}/mysql/database.yaml
   "${KUBECTL}" delete -f ${projectdir}/examples/${API_TYPE}/mysql/user.yaml
   "${KUBECTL}" delete secret example-pw
diff --git a/examples/cluster/mysql/grant_table.yaml b/examples/cluster/mysql/grant_table.yaml
index 371fac3d..17c6874d 100644
--- a/examples/cluster/mysql/grant_table.yaml
+++ b/examples/cluster/mysql/grant_table.yaml
@@ -8,8 +8,9 @@ spec:
       - DROP
       - INSERT
       - SELECT
+      - UPDATE (status, updated_at)
     table: example-table
     userRef:
       name: example-user
     databaseRef:
-      name: example-db
+      name: example-db
\ No newline at end of file
diff --git a/examples/namespaced/mysql/grant_table.yaml b/examples/namespaced/mysql/grant_table.yaml
index 1563e2f0..ff7b6648 100644
--- a/examples/namespaced/mysql/grant_table.yaml
+++ b/examples/namespaced/mysql/grant_table.yaml
@@ -9,8 +9,12 @@ spec:
       - DROP
       - INSERT
       - SELECT
+      - UPDATE (status, updated_at)
     table: example-table
     userRef:
       name: example-user
     databaseRef:
       name: example-db
+  providerConfigRef:
+    kind: ProviderConfig
+    name: default
\ No newline at end of file
diff --git a/package/crds/mysql.sql.crossplane.io_grants.yaml b/package/crds/mysql.sql.crossplane.io_grants.yaml
index f3e24e06..5229fc4b 100644
--- a/package/crds/mysql.sql.crossplane.io_grants.yaml
+++ b/package/crds/mysql.sql.crossplane.io_grants.yaml
@@ -170,7 +170,7 @@ spec:
                       See https://mariadb.com/kb/en/grant/#database-privileges for available privileges.
                     items:
                       description: GrantPrivilege represents a privilege to be granted
-                      pattern: ^[A-Z_ ]+$
+                      pattern: ^[A-Za-z0-9_,() ]+$
                       type: string
                     minItems: 1
                     type: array
diff --git a/package/crds/mysql.sql.m.crossplane.io_grants.yaml b/package/crds/mysql.sql.m.crossplane.io_grants.yaml
index ed4d99cf..7302aee2 100644
--- a/package/crds/mysql.sql.m.crossplane.io_grants.yaml
+++ b/package/crds/mysql.sql.m.crossplane.io_grants.yaml
@@ -162,7 +162,7 @@ spec:
                       See https://mariadb.com/kb/en/grant/#database-privileges for available privileges.
                     items:
                       description: GrantPrivilege represents a privilege to be granted
-                      pattern: ^[A-Z_ ]+$
+                      pattern: ^[A-Za-z0-9_,() ]+$
                       type: string
                     minItems: 1
                     type: array