Initial commit

tests/integration/targets/mysql_user/tasks/assert_no_user.yml

@@ -0,0 +1,25 @@
+# test code to assert no mysql user
+# (c) 2014,  Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+- name: run command to query for mysql user
+  command: mysql "-e SELECT User FROM mysql.user where user='{{ user_name }}';"
+  register: result
+
+- name: assert mysql user is not present
+  assert: { that: "'{{ user_name }}' not in result.stdout" }

tests/integration/targets/mysql_user/tasks/assert_user.yml

@@ -0,0 +1,34 @@
+# test code to assert mysql user
+# (c) 2014,  Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+- name: run command to query for mysql user
+  command: mysql "-e SELECT User FROM mysql.user where user='{{ user_name }}';"
+  register: result
+
+- name: assert mysql user is present
+  assert: { that: "'{{ user_name }}' in result.stdout" }
+
+- name: run command to show privileges for user (expect privileges in stdout)
+  command: mysql "-e SHOW GRANTS FOR '{{ user_name }}'@'localhost';"
+  register: result
+  when: priv is defined
+
+- name: assert user has giving privileges
+  assert: { that: "'GRANT {{priv}} ON *.*' in result.stdout" }
+  when: priv is defined

tests/integration/targets/mysql_user/tasks/create_user.yml

@@ -0,0 +1,29 @@
+# test code to create mysql user
+# (c) 2014,  Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+- name: create mysql user {{user_name}}
+  mysql_user:
+    name: '{{user_name}}'
+    password: '{{user_password}}'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: assert output message mysql user was created
+  assert: { that: "result.changed == true" }

tests/integration/targets/mysql_user/tasks/issue-29511.yaml

@@ -0,0 +1,78 @@
+---
+
+- name: Issue test setup - drop database
+  mysql_db:
+    name: "{{ item }}"
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'
+  loop:
+    - foo
+    - bar
+
+- name: Issue test setup - create database
+  mysql_db:
+    name: "{{ item }}"
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  loop:
+    - foo
+    - bar
+
+- name: Copy SQL scripts to remote
+  copy:
+    src: "{{ item }}"
+    dest: "{{ remote_tmp_dir }}/{{ item | basename }}"
+  with_items:
+    - create-function.sql
+    - create-procedure.sql
+
+- name: Create function for test
+  shell: "mysql < {{ remote_tmp_dir }}/create-function.sql"
+
+- name: Create procedure for test
+  shell: "mysql < {{ remote_tmp_dir }}/create-procedure.sql"
+
+- name: Create user with FUNCTION and PROCEDURE privileges
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    state: present
+    priv: 'FUNCTION foo.function:EXECUTE/foo.*:SELECT/PROCEDURE bar.procedure:EXECUTE'
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: Assert Create user with FUNCTION and PROCEDURE privileges
+  assert:
+    that:
+      - result is success
+      - result is changed
+
+- name: Create user with FUNCTION and PROCEDURE privileges - Idempotent check
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    state: present
+    priv: 'FUNCTION foo.function:EXECUTE/foo.*:SELECT/PROCEDURE bar.procedure:EXECUTE'
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: Assert Create user with FUNCTION and PROCEDURE privileges
+  assert:
+    that:
+      - result is success
+      - result is not changed
+
+- name: Remove user
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'
+
+- name: Issue test teardown - cleanup databases
+  mysql_db:
+    name: "{{ item }}"
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'
+  loop:
+    - foo
+    - bar

tests/integration/targets/mysql_user/tasks/issue-64560.yaml

@@ -0,0 +1,27 @@
+---
+
+- name: Set root password
+  mysql_user:
+    name: root
+    password: '{{ root_password }}'
+    login_user: root
+    login_password: '{{ root_password }}'
+    check_implicit_admin: yes
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: assert root password is changed
+  assert: { that: "result.changed == true" }
+
+- name: Set root password again
+  mysql_user:
+    name: root
+    password: '{{ root_password }}'
+    login_user: root
+    login_password: '{{ root_password }}'
+    check_implicit_admin: yes
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: Assert root password is not changed
+  assert: { that: "result.changed == false" }

tests/integration/targets/mysql_user/tasks/main.yml

@@ -0,0 +1,220 @@
+# test code for the mysql_user module
+# (c) 2014,  Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 dof the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+# create mysql user and verify user is added to mysql database
+#
+- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+- include: assert_user.yml user_name={{user_name_1}}
+
+- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+- include: assert_no_user.yml user_name={{user_name_1}}
+
+# ============================================================
+# Create mysql user that already exist on mysql database
+#
+- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+- name: create mysql user that already exist (expect changed=false)
+  mysql_user:
+    name: '{{user_name_1}}'
+    password: '{{user_password_1}}'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: assert output message mysql user was not created
+  assert: { that: "result.changed == false" }
+
+# ============================================================
+# remove mysql user and verify user is removed from mysql database
+#
+- name: remove mysql user state=absent (expect changed=true)
+  mysql_user:
+    name: '{{ user_name_1 }}'
+    password: '{{ user_password_1 }}'
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: assert output message mysql user was removed
+  assert: { that: "result.changed == true" }
+
+- include: assert_no_user.yml user_name={{user_name_1}}
+
+# ============================================================
+# remove mysql user that does not exist on mysql database
+#
+- name: remove mysql user that does not exist state=absent (expect changed=false)
+  mysql_user:
+    name: '{{ user_name_1 }}'
+    password: '{{ user_password_1 }}'
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: assert output message mysql user that does not exist
+  assert: { that: "result.changed == false" }
+
+- include: assert_no_user.yml user_name={{user_name_1}}
+
+# ============================================================
+# Create user with no privileges and verify default privileges are assign
+#
+- name: create user with select privilege state=present (expect changed=true)
+  mysql_user:
+    name: '{{ user_name_1 }}'
+    password: '{{ user_password_1 }}'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- include: assert_user.yml user_name={{user_name_1}} priv=USAGE
+
+- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+- include: assert_no_user.yml user_name={{user_name_1}}
+
+# ============================================================
+# Create user with select privileges and verify select privileges are assign
+#
+- name: create user with select privilege state=present (expect changed=true)
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    state: present
+    priv: '*.*:SELECT'
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- include: assert_user.yml user_name={{user_name_2}} priv=SELECT
+
+- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_2 }}
+
+- include: assert_no_user.yml user_name={{user_name_2}}
+
+# ============================================================
+# Assert user has access to multiple databases
+#
+- name: give users access to multiple databases
+  mysql_user:
+    name: '{{ item[0] }}'
+    priv: '{{ item[1] }}.*:ALL'
+    append_privs: yes
+    password: '{{ user_password_1 }}'
+    login_unix_socket: '{{ mysql_socket }}'
+  with_nested:
+    - [ '{{ user_name_1 }}', '{{ user_name_2 }}']
+    - "{{db_names}}"
+
+- name: show grants access for user1 on multiple database
+  command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
+  register: result
+
+- name: assert grant access for user1 on multiple database
+  assert: { that: "'{{ item }}' in result.stdout" }
+  with_items: "{{db_names}}"
+
+- name: show grants access for user2 on multiple database
+  command: mysql "-e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost';"
+  register: result
+
+- name: assert grant access for user2 on multiple database
+  assert: { that: "'{{ item }}' in result.stdout" }
+  with_items: "{{db_names}}"
+
+- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
+
+- name: give user access to database via wildcard
+  mysql_user:
+    name: '{{ user_name_1 }}'
+    priv: '%db.*:SELECT'
+    append_privs: yes
+    password: '{{ user_password_1 }}'
+    login_unix_socket: '{{ mysql_socket }}'
+
+- name: show grants access for user1 on multiple database
+  command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
+  register: result
+
+- name: assert grant access for user1 on multiple database
+  assert:
+    that:
+      - "'%db' in result.stdout"
+      - "'SELECT' in result.stdout"
+
+- name: change user access to database via wildcard
+  mysql_user:
+    name: '{{ user_name_1 }}'
+    priv: '%db.*:INSERT'
+    append_privs: yes
+    password: '{{ user_password_1 }}'
+    login_unix_socket: '{{ mysql_socket }}'
+
+- name: show grants access for user1 on multiple database
+  command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
+  register: result
+
+- name: assert grant access for user1 on multiple database
+  assert:
+    that:
+      - "'%db' in result.stdout"
+      - "'INSERT' in result.stdout"
+
+- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+# ============================================================
+# Update user password for a user.
+# Assert the user password is updated and old password can no longer be used.
+#
+#- include: user_password_update_test.yml
+
+# ============================================================
+# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
+#
+- include: test_privs.yml current_privilege=SELECT current_append_privs=no
+
+# ============================================================
+# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
+#
+- include: test_privs.yml current_privilege=DROP current_append_privs=yes
+
+# ============================================================
+# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
+#
+- include: test_privs.yml current_privilege='UPDATE,ALTER' current_append_privs=no
+
+# ============================================================
+# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
+#
+- include: test_privs.yml current_privilege='INSERT,DELETE' current_append_privs=yes
+
+# Tests for the priv parameter with dict value (https://github.com/ansible/ansible/issues/57533)
+- include: test_priv_dict.yml
+
+- import_tasks: issue-29511.yaml
+  tags:
+    - issue-29511
+
+- import_tasks: issue-64560.yaml
+  tags:
+    - issue-64560

tests/integration/targets/mysql_user/tasks/remove_user.yml

@@ -0,0 +1,59 @@
+# test code to remove mysql user
+# (c) 2014,  Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+- name: remove mysql user {{user_name}}
+  mysql_user:
+    name: '{{user_name}}'
+    password: '{{user_password}}'
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: assert output message mysql user was removed
+  assert: { that: "result.changed == true" }
+
+# ============================================================
+- name: create blank mysql user to be removed later
+  mysql_user:
+    name: ""
+    state: present
+    password: 'KJFDY&D*Sfuydsgf'
+    login_unix_socket: '{{ mysql_socket }}'
+
+- name: remove blank mysql user with hosts=all (expect changed)
+  mysql_user:
+    user: ""
+    host_all: true
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: assert changed is true for removing all blank users
+  assert: { that: "result.changed == true" }
+
+- name: remove blank mysql user with hosts=all (expect ok)
+  mysql_user:
+    user: ""
+    host_all: true
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: assert changed is true for removing all blank users
+  assert: { that: "result.changed == false" }

tests/integration/targets/mysql_user/tasks/test_priv_dict.yml

@@ -0,0 +1,46 @@
+# Tests for priv parameter value passed as a dict
+- name: Create test databases
+  mysql_db:
+    name: '{{ item }}'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  loop:
+  - data1
+  - data2
+
+- name: Create user with privileges
+  mysql_user:
+    name: '{{ user_name_3 }}'
+    password: '{{ user_password_3 }}'
+    priv:
+      "data1.*": "SELECT"
+      "data2.*": "SELECT"
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+
+- name: Run command to show privileges for user (expect privileges in stdout)
+  command: mysql "-e SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost';"
+  register: result
+
+- name: Assert user has giving privileges
+  assert:
+    that:
+    - "'GRANT SELECT ON `data1`.*' in result.stdout"
+    - "'GRANT SELECT ON `data2`.*' in result.stdout"
+
+##########
+# Clean up
+- name: Drop test databases
+  mysql_db:
+    name: '{{ item }}'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  loop:
+  - data1
+  - data2
+
+- name: Drop test user
+  mysql_user:
+    name: '{{ user_name_3 }}'
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'

tests/integration/targets/mysql_user/tasks/test_privs.yml

@@ -0,0 +1,130 @@
+# test code for privileges for mysql_user module
+# (c) 2014,  Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+- name: create user with basic select privileges
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    priv: '*.*:SELECT'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  when: current_append_privs ==  "yes"
+
+- include: assert_user.yml user_name={{user_name_2}} priv='SELECT'
+  when: current_append_privs ==  "yes"
+ 
+- name: create user with current privileges (expect changed=true)
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    priv: '*.*:{{current_privilege}}'
+    append_privs: '{{current_append_privs}}'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: assert output message for current privileges 
+  assert: { that: "result.changed == true" }
+
+- name: run command to show privileges for user (expect privileges in stdout)
+  command: mysql "-e SHOW GRANTS FOR '{{user_name_2}}'@'localhost';"
+  register: result
+
+- name: assert user has correct privileges 
+  assert: { that: "'GRANT {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout" }
+  when: current_append_privs ==  "no"
+
+- name: assert user has correct privileges 
+  assert: { that: "'GRANT SELECT, {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout" }
+  when: current_append_privs ==  "yes"
+
+- name: create database using user current privileges
+  mysql_db:
+    name: '{{ db_name }}'
+    state: present
+    login_user: '{{ user_name_2 }}'
+    login_password: '{{ user_password_2 }}'
+  ignore_errors: true 
+
+- name: run command to test that database was not created
+  command: mysql "-e show databases like '{{ db_name }}';"
+  register: result
+
+- name: assert database was not created
+  assert: { that: "'{{ db_name }}' not in result.stdout" }
+
+# ============================================================
+- name: Add privs to a specific table (expect changed)
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    priv: 'jmainguy.jmainguy:ALL'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: Assert that priv changed
+  assert: { that: "result.changed == true" }
+
+- name: Add privs to a specific table (expect ok)
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    priv: 'jmainguy.jmainguy:ALL'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: Assert that priv did not change
+  assert: { that: "result.changed == false" }
+
+# ============================================================
+- name: update user with all privileges 
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    priv: '*.*:ALL'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+
+- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
+
+- name: create database using user
+  mysql_db:
+    name: '{{ db_name }}'
+    state: present
+    login_user: '{{ user_name_2 }}'
+    login_password: '{{ user_password_2 }}'
+
+- name: run command to test database was created using user new privileges
+  command: mysql "-e SHOW CREATE DATABASE {{ db_name }};" 
+
+- name: drop database using user
+  mysql_db:
+    name: '{{ db_name }}'
+    state: absent
+    login_user: '{{ user_name_2 }}'
+    login_password: '{{ user_password_2 }}'
+
+- name: remove username
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'

tests/integration/targets/mysql_user/tasks/user_password_update_test.yml

@@ -0,0 +1,156 @@
+# test code update password for the mysql_user module
+# (c) 2014,  Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 dof the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+# Update user password for a user.
+# Assert the user password is updated and old password can no longer be used.
+#
+- name: create user1 state=present with a password 
+  mysql_user:
+    name: '{{ user_name_1 }}'
+    password: '{{ user_password_1 }}'
+    priv: '*.*:ALL'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+
+- name: create user2 state=present with a password 
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    priv: '*.*:ALL'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+
+- name: store user2 grants with old password (mysql 5.7.6 and newer)
+  command: mysql "-e SHOW CREATE USER '{{ user_name_2 }}'@'localhost';"
+  register: user_password_old_create
+  ignore_errors: yes
+
+- name: store user2 grants with old password  (mysql 5.7.5 and older)
+  command: mysql "-e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost';"
+  register: user_password_old  
+  when: user_password_old_create is failed
+
+# FIXME: not sure why this is failing, but it looks like it should expect changed=true
+#- name: update user2 state=present with same password (expect changed=false)
+#  mysql_user:
+#    name: '{{ user_name_2 }}'
+#    password: '{{ user_password_2 }}'
+#    priv: '*.*:ALL'
+#    state: present
+#    login_unix_socket: '{{ mysql_socket }}'
+#  register: result
+#
+#- name: assert output user2 was not updated 
+#  assert: { that: "result.changed == false" }
+
+- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
+
+- name: update user2 state=present with a new password (expect changed=true)
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_1 }}'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
+
+- name: store user2 grants with old password (mysql 5.7.6 and newer)
+  command: mysql "-e SHOW CREATE USER '{{ user_name_2 }}'@'localhost';"
+  register: user_password_new_create 
+  ignore_errors: yes
+
+- name: store user2 grants with new password 
+  command: mysql "-e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost';"
+  register: user_password_new 
+  when: user_password_new_create is failed
+
+- name: assert output message password was update for user2 (mysql 5.7.6 and newer)
+  assert: { that: "user_password_old_create.stdout != user_password_new_create.stdout" }
+  when: user_password_new_create is not failed
+
+- name: assert output message password was update for user2 (mysql 5.7.5 and older)
+  assert: { that: "user_password_old.stdout != user_password_new.stdout" }
+  when: user_password_new_create is failed
+
+- name: create database using user2 and old password
+  mysql_db:
+    name: '{{ db_name }}'
+    state: present
+    login_user: '{{ user_name_2 }}'
+    login_password: '{{ user_password_2 }}'
+  ignore_errors: true 
+  register: result
+
+- debug: var=result.msg
+- name: assert output message that database not create with old password 
+  assert:
+    that:
+       - "result.failed == true"
+
+- name: create database using user2 and new password
+  mysql_db:
+    name: '{{ db_name }}'
+    state: present
+    login_user: '{{ user_name_2 }}'
+    login_password: '{{ user_password_1 }}'
+  register: result
+
+- name: assert output message that database is created with new password
+  assert: { that: "result.changed == true" }
+
+- name: remove database
+  mysql_db:
+    name: '{{ db_name }}'
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'
+
+- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
+
+- name: Create user with Fdt8fd^34ds using hash. (expect changed=true)
+  mysql_user:
+    name: jmainguy
+    password: '*0cb5b86f23fdc24db19a29b8854eb860cbc47793'
+    encrypted: yes
+    login_unix_socket: '{{ mysql_socket }}'
+  register: encrypt_result
+
+- name: Check that the module made a change
+  assert:
+    that:
+      - "encrypt_result.changed == True"
+
+- name: See if the password needs to be updated. (expect changed=false)
+  mysql_user:
+    name: jmainguy
+    password: 'Fdt8fd^34ds'
+    login_unix_socket: '{{ mysql_socket }}'
+  register: plain_result
+
+- name: Check that the module did not change the password
+  assert:
+    that:
+      - "plain_result.changed == False"
+
+- name: Remove user (cleanup)
+  mysql_user:
+    name: jmainguy
+    state: absent