mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-22 12:50:22 -07:00
Fix mysql authentication errors
The mysql-server package on Ubuntu16.04 was recently updated to disallow unauthenticated root user login over tcp/ip. This, coupled with pymysql using tcp/ip whenever host and port is specified causes us to fail to connect to the database when testing Python3 on Ubuntu16.04. The fix is to use the unix socket instead.
This commit is contained in:
Toshio Kuratomi
parent
74ce8ce935
commit
748ea39ecd
9 changed files with 378 additions and 83 deletions
|
|
@ -18,7 +18,11 @@
|
|||
|
||||
# ============================================================
|
||||
- name: create mysql user {{user_name}}
|
||||
mysql_user: name={{user_name}} password={{user_password}} state=present
|
||||
mysql_user:
|
||||
name: '{{user_name}}'
|
||||
password: '{{user_password}}'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- name: assert output message mysql user was created
|
||||
|
|
|
|||
|
|
@ -33,7 +33,11 @@
|
|||
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
||||
|
||||
- name: create mysql user that already exist (expect changed=false)
|
||||
mysql_user: name={{user_name_1}} password={{user_password_1}} state=present
|
||||
mysql_user:
|
||||
name: '{{user_name_1}}'
|
||||
password: '{{user_password_1}}'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- name: assert output message mysql user was not created
|
||||
|
|
@ -43,7 +47,11 @@
|
|||
# remove mysql user and verify user is removed from mysql database
|
||||
#
|
||||
- name: remove mysql user state=absent (expect changed=true)
|
||||
mysql_user: name={{ user_name_1 }} password={{ user_password_1 }} state=absent
|
||||
mysql_user:
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: absent
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- name: assert output message mysql user was removed
|
||||
|
|
@ -55,7 +63,11 @@
|
|||
# remove mysql user that does not exist on mysql database
|
||||
#
|
||||
- name: remove mysql user that does not exist state=absent (expect changed=false)
|
||||
mysql_user: name={{ user_name_1 }} password={{ user_password_1 }} state=absent
|
||||
mysql_user:
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: absent
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- name: assert output message mysql user that does not exist
|
||||
|
|
@ -67,7 +79,11 @@
|
|||
# Create user with no privileges and verify default privileges are assign
|
||||
#
|
||||
- name: create user with select privilege state=present (expect changed=true)
|
||||
mysql_user: name={{ user_name_1 }} password={{ user_password_1 }} state=present
|
||||
mysql_user:
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_1}} priv=USAGE
|
||||
|
|
@ -80,7 +96,12 @@
|
|||
# Create user with select privileges and verify select privileges are assign
|
||||
#
|
||||
- name: create user with select privilege state=present (expect changed=true)
|
||||
mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} state=present priv=*.*:SELECT
|
||||
mysql_user:
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
state: present
|
||||
priv: '*.*:SELECT'
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_2}} priv=SELECT
|
||||
|
|
@ -93,7 +114,12 @@
|
|||
# Assert user has access to multiple databases
|
||||
#
|
||||
- name: give users access to multiple databases
|
||||
mysql_user: name={{ item[0] }} priv={{ item[1] }}.*:ALL append_privs=yes password={{ user_password_1 }}
|
||||
mysql_user:
|
||||
name: '{{ item[0] }}'
|
||||
priv: '{{ item[1] }}.*:ALL'
|
||||
append_privs: yes
|
||||
password: '{{ user_password_1 }}'
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
with_nested:
|
||||
- [ '{{ user_name_1 }}', '{{ user_name_2 }}']
|
||||
- "{{db_names}}"
|
||||
|
|
@ -119,7 +145,12 @@
|
|||
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
|
||||
|
||||
- name: give user access to database via wildcard
|
||||
mysql_user: name={{ user_name_1 }} priv=%db.*:SELECT append_privs=yes password={{ user_password_1 }}
|
||||
mysql_user:
|
||||
name: '{{ user_name_1 }}'
|
||||
priv: '%db.*:SELECT'
|
||||
append_privs: yes
|
||||
password: '{{ user_password_1 }}'
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
|
||||
- name: show grants access for user1 on multiple database
|
||||
command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
|
||||
|
|
@ -132,7 +163,12 @@
|
|||
- "'SELECT' in result.stdout"
|
||||
|
||||
- name: change user access to database via wildcard
|
||||
mysql_user: name={{ user_name_1 }} priv=%db.*:INSERT append_privs=yes password={{ user_password_1 }}
|
||||
mysql_user:
|
||||
name: '{{ user_name_1 }}'
|
||||
priv: '%db.*:INSERT'
|
||||
append_privs: yes
|
||||
password: '{{ user_password_1 }}'
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
|
||||
- name: show grants access for user1 on multiple database
|
||||
command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
|
||||
|
|
|
|||
|
|
@ -18,7 +18,11 @@
|
|||
|
||||
# ============================================================
|
||||
- name: remove mysql user {{user_name}}
|
||||
mysql_user: name={{user_name}} password={{user_password}} state=absent
|
||||
mysql_user:
|
||||
name: '{{user_name}}'
|
||||
password: '{{user_password}}'
|
||||
state: absent
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- name: assert output message mysql user was removed
|
||||
|
|
@ -26,17 +30,29 @@
|
|||
|
||||
# ============================================================
|
||||
- name: create blank mysql user to be removed later
|
||||
mysql_user: name="" state=present password='KJFDY&D*Sfuydsgf'
|
||||
mysql_user:
|
||||
name: ""
|
||||
state: present
|
||||
password: 'KJFDY&D*Sfuydsgf'
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
|
||||
- name: remove blank mysql user with hosts=all (expect changed)
|
||||
mysql_user: user="" host_all=true state=absent
|
||||
mysql_user:
|
||||
user: ""
|
||||
host_all: true
|
||||
state: absent
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- name: assert changed is true for removing all blank users
|
||||
assert: { that: "result.changed == true" }
|
||||
|
||||
- name: remove blank mysql user with hosts=all (expect ok)
|
||||
mysql_user: user="" host_all=true state=absent
|
||||
mysql_user:
|
||||
user: ""
|
||||
host_all: true
|
||||
state: absent
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- name: assert changed is true for removing all blank users
|
||||
|
|
|
|||
|
|
@ -18,14 +18,25 @@
|
|||
|
||||
# ============================================================
|
||||
- name: create user with basic select privileges
|
||||
mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=*.*:SELECT state=present
|
||||
mysql_user:
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:SELECT'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
when: current_append_privs == "yes"
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_2}} priv='SELECT'
|
||||
when: current_append_privs == "yes"
|
||||
|
||||
- name: create user with current privileges (expect changed=true)
|
||||
mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=*.*:{{current_privilege}} append_privs={{current_append_privs}} state=present
|
||||
mysql_user:
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:{{current_privilege}}'
|
||||
append_privs: '{{current_append_privs}}'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- name: assert output message for current privileges
|
||||
|
|
@ -44,7 +55,11 @@
|
|||
when: current_append_privs == "yes"
|
||||
|
||||
- name: create database using user current privileges
|
||||
mysql_db: name={{ db_name }} state=present login_user={{ user_name_2 }} login_password={{ user_password_2 }}
|
||||
mysql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: present
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
ignore_errors: true
|
||||
|
||||
- name: run command to test that database was not created
|
||||
|
|
@ -56,14 +71,24 @@
|
|||
|
||||
# ============================================================
|
||||
- name: Add privs to a specific table (expect changed)
|
||||
mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=jmainguy.jmainguy:ALL state=present
|
||||
mysql_user:
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: 'jmainguy.jmainguy:ALL'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- name: Assert that priv changed
|
||||
assert: { that: "result.changed == true" }
|
||||
|
||||
- name: Add privs to a specific table (expect ok)
|
||||
mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=jmainguy.jmainguy:ALL state=present
|
||||
mysql_user:
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: 'jmainguy.jmainguy:ALL'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- name: Assert that priv did not change
|
||||
|
|
@ -71,18 +96,35 @@
|
|||
|
||||
# ============================================================
|
||||
- name: update user with all privileges
|
||||
mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=*.*:ALL state=present
|
||||
mysql_user:
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:ALL'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
|
||||
|
||||
- name: create database using user
|
||||
mysql_db: name={{ db_name }} state=present login_user={{ user_name_2 }} login_password={{ user_password_2 }}
|
||||
mysql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: present
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
|
||||
- name: run command to test database was created using user new privileges
|
||||
command: mysql "-e SHOW CREATE DATABASE {{ db_name }};"
|
||||
|
||||
- name: drop database using user
|
||||
mysql_db: name={{ db_name }} state=absent login_user={{ user_name_2 }} login_password={{ user_password_2 }}
|
||||
mysql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: absent
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
|
||||
- name: remove username
|
||||
mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} state=absent
|
||||
mysql_user:
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
state: absent
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
|
|
|
|||
|
|
@ -21,10 +21,20 @@
|
|||
# Assert the user password is updated and old password can no longer be used.
|
||||
#
|
||||
- name: create user1 state=present with a password
|
||||
mysql_user: name={{ user_name_1 }} password={{ user_password_1 }} priv=*.*:ALL state=present
|
||||
mysql_user:
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
priv: '*.*:ALL'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
|
||||
- name: create user2 state=present with a password
|
||||
mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=*.*:ALL state=present
|
||||
mysql_user:
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:ALL'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
|
||||
- name: store user2 grants with old password (mysql 5.7.6 and newer)
|
||||
command: mysql "-e SHOW CREATE USER '{{ user_name_2 }}'@'localhost';"
|
||||
|
|
@ -38,16 +48,25 @@
|
|||
|
||||
# FIXME: not sure why this is failing, but it looks like it should expect changed=true
|
||||
#- name: update user2 state=present with same password (expect changed=false)
|
||||
# mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=*.*:ALL state=present
|
||||
# mysql_user:
|
||||
# name: '{{ user_name_2 }}'
|
||||
# password: '{{ user_password_2 }}'
|
||||
# priv: '*.*:ALL'
|
||||
# state: present
|
||||
# login_unix_socket: '{{ mysql_socket }}'
|
||||
# register: result
|
||||
#
|
||||
#- name: assert output user2 was not updated
|
||||
# assert: { that: "result.changed == false" }
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
|
||||
|
||||
|
||||
- name: update user2 state=present with a new password (expect changed=true)
|
||||
mysql_user: name={{ user_name_2 }} password={{ user_password_1 }} state=present
|
||||
mysql_user:
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: present
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: result
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
|
||||
|
|
@ -71,7 +90,11 @@
|
|||
when: user_password_new_create is failed
|
||||
|
||||
- name: create database using user2 and old password
|
||||
mysql_db: name={{ db_name }} state=present login_user={{ user_name_2 }} login_password={{ user_password_2 }}
|
||||
mysql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: present
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
|
|
@ -82,21 +105,32 @@
|
|||
- "result.failed == true"
|
||||
|
||||
- name: create database using user2 and new password
|
||||
mysql_db: name={{ db_name }} state=present login_user={{ user_name_2 }} login_password={{ user_password_1 }}
|
||||
mysql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: present
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_1 }}'
|
||||
register: result
|
||||
|
||||
- name: assert output message that database is created with new password
|
||||
assert: { that: "result.changed == true" }
|
||||
|
||||
- name: remove database
|
||||
mysql_db: name={{ db_name }} state=absent
|
||||
mysql_db:
|
||||
name: '{{ db_name }}'
|
||||
state: absent
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
|
||||
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
||||
|
||||
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
|
||||
|
||||
- name: Create user with Fdt8fd^34ds using hash. (expect changed=true)
|
||||
mysql_user: name=jmainguy password='*0cb5b86f23fdc24db19a29b8854eb860cbc47793' encrypted=yes
|
||||
mysql_user:
|
||||
name: jmainguy
|
||||
password: '*0cb5b86f23fdc24db19a29b8854eb860cbc47793'
|
||||
encrypted: yes
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: encrypt_result
|
||||
|
||||
- name: Check that the module made a change
|
||||
|
|
@ -105,7 +139,10 @@
|
|||
- "encrypt_result.changed == True"
|
||||
|
||||
- name: See if the password needs to be updated. (expect changed=false)
|
||||
mysql_user: name=jmainguy password='Fdt8fd^34ds'
|
||||
mysql_user:
|
||||
name: jmainguy
|
||||
password: 'Fdt8fd^34ds'
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
register: plain_result
|
||||
|
||||
- name: Check that the module did not change the password
|
||||
|
|
@ -114,4 +151,6 @@
|
|||
- "plain_result.changed == False"
|
||||
|
||||
- name: Remove user (cleanup)
|
||||
mysql_user: name=jmainguy state=absent
|
||||
mysql_user:
|
||||
name: jmainguy
|
||||
state: absent
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue