Initial commit

This commit is contained in:
Ansible Core Team 2020-03-09 09:11:07 +00:00
commit aebc1b03fd
4861 changed files with 812621 additions and 0 deletions

View file

@ -0,0 +1,25 @@
# test code to assert no mysql user
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: run command to query for mysql user
command: mysql "-e SELECT User FROM mysql.user where user='{{ user_name }}';"
register: result
- name: assert mysql user is not present
assert: { that: "'{{ user_name }}' not in result.stdout" }

View file

@ -0,0 +1,34 @@
# test code to assert mysql user
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: run command to query for mysql user
command: mysql "-e SELECT User FROM mysql.user where user='{{ user_name }}';"
register: result
- name: assert mysql user is present
assert: { that: "'{{ user_name }}' in result.stdout" }
- name: run command to show privileges for user (expect privileges in stdout)
command: mysql "-e SHOW GRANTS FOR '{{ user_name }}'@'localhost';"
register: result
when: priv is defined
- name: assert user has giving privileges
assert: { that: "'GRANT {{priv}} ON *.*' in result.stdout" }
when: priv is defined

View file

@ -0,0 +1,29 @@
# test code to create mysql user
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: create mysql user {{user_name}}
mysql_user:
name: '{{user_name}}'
password: '{{user_password}}'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert output message mysql user was created
assert: { that: "result.changed == true" }

View file

@ -0,0 +1,78 @@
---
- name: Issue test setup - drop database
mysql_db:
name: "{{ item }}"
state: absent
login_unix_socket: '{{ mysql_socket }}'
loop:
- foo
- bar
- name: Issue test setup - create database
mysql_db:
name: "{{ item }}"
state: present
login_unix_socket: '{{ mysql_socket }}'
loop:
- foo
- bar
- name: Copy SQL scripts to remote
copy:
src: "{{ item }}"
dest: "{{ remote_tmp_dir }}/{{ item | basename }}"
with_items:
- create-function.sql
- create-procedure.sql
- name: Create function for test
shell: "mysql < {{ remote_tmp_dir }}/create-function.sql"
- name: Create procedure for test
shell: "mysql < {{ remote_tmp_dir }}/create-procedure.sql"
- name: Create user with FUNCTION and PROCEDURE privileges
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
state: present
priv: 'FUNCTION foo.function:EXECUTE/foo.*:SELECT/PROCEDURE bar.procedure:EXECUTE'
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert Create user with FUNCTION and PROCEDURE privileges
assert:
that:
- result is success
- result is changed
- name: Create user with FUNCTION and PROCEDURE privileges - Idempotent check
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
state: present
priv: 'FUNCTION foo.function:EXECUTE/foo.*:SELECT/PROCEDURE bar.procedure:EXECUTE'
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert Create user with FUNCTION and PROCEDURE privileges
assert:
that:
- result is success
- result is not changed
- name: Remove user
mysql_user:
name: '{{ user_name_2 }}'
state: absent
login_unix_socket: '{{ mysql_socket }}'
- name: Issue test teardown - cleanup databases
mysql_db:
name: "{{ item }}"
state: absent
login_unix_socket: '{{ mysql_socket }}'
loop:
- foo
- bar

View file

@ -0,0 +1,27 @@
---
- name: Set root password
mysql_user:
name: root
password: '{{ root_password }}'
login_user: root
login_password: '{{ root_password }}'
check_implicit_admin: yes
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert root password is changed
assert: { that: "result.changed == true" }
- name: Set root password again
mysql_user:
name: root
password: '{{ root_password }}'
login_user: root
login_password: '{{ root_password }}'
check_implicit_admin: yes
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert root password is not changed
assert: { that: "result.changed == false" }

View file

@ -0,0 +1,220 @@
# test code for the mysql_user module
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 dof the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
# create mysql user and verify user is added to mysql database
#
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: assert_user.yml user_name={{user_name_1}}
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# Create mysql user that already exist on mysql database
#
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- name: create mysql user that already exist (expect changed=false)
mysql_user:
name: '{{user_name_1}}'
password: '{{user_password_1}}'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert output message mysql user was not created
assert: { that: "result.changed == false" }
# ============================================================
# remove mysql user and verify user is removed from mysql database
#
- name: remove mysql user state=absent (expect changed=true)
mysql_user:
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: absent
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert output message mysql user was removed
assert: { that: "result.changed == true" }
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# remove mysql user that does not exist on mysql database
#
- name: remove mysql user that does not exist state=absent (expect changed=false)
mysql_user:
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: absent
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert output message mysql user that does not exist
assert: { that: "result.changed == false" }
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# Create user with no privileges and verify default privileges are assign
#
- name: create user with select privilege state=present (expect changed=true)
mysql_user:
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- include: assert_user.yml user_name={{user_name_1}} priv=USAGE
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# Create user with select privileges and verify select privileges are assign
#
- name: create user with select privilege state=present (expect changed=true)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
state: present
priv: '*.*:SELECT'
login_unix_socket: '{{ mysql_socket }}'
register: result
- include: assert_user.yml user_name={{user_name_2}} priv=SELECT
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_2 }}
- include: assert_no_user.yml user_name={{user_name_2}}
# ============================================================
# Assert user has access to multiple databases
#
- name: give users access to multiple databases
mysql_user:
name: '{{ item[0] }}'
priv: '{{ item[1] }}.*:ALL'
append_privs: yes
password: '{{ user_password_1 }}'
login_unix_socket: '{{ mysql_socket }}'
with_nested:
- [ '{{ user_name_1 }}', '{{ user_name_2 }}']
- "{{db_names}}"
- name: show grants access for user1 on multiple database
command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
register: result
- name: assert grant access for user1 on multiple database
assert: { that: "'{{ item }}' in result.stdout" }
with_items: "{{db_names}}"
- name: show grants access for user2 on multiple database
command: mysql "-e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost';"
register: result
- name: assert grant access for user2 on multiple database
assert: { that: "'{{ item }}' in result.stdout" }
with_items: "{{db_names}}"
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
- name: give user access to database via wildcard
mysql_user:
name: '{{ user_name_1 }}'
priv: '%db.*:SELECT'
append_privs: yes
password: '{{ user_password_1 }}'
login_unix_socket: '{{ mysql_socket }}'
- name: show grants access for user1 on multiple database
command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
register: result
- name: assert grant access for user1 on multiple database
assert:
that:
- "'%db' in result.stdout"
- "'SELECT' in result.stdout"
- name: change user access to database via wildcard
mysql_user:
name: '{{ user_name_1 }}'
priv: '%db.*:INSERT'
append_privs: yes
password: '{{ user_password_1 }}'
login_unix_socket: '{{ mysql_socket }}'
- name: show grants access for user1 on multiple database
command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
register: result
- name: assert grant access for user1 on multiple database
assert:
that:
- "'%db' in result.stdout"
- "'INSERT' in result.stdout"
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
# ============================================================
# Update user password for a user.
# Assert the user password is updated and old password can no longer be used.
#
#- include: user_password_update_test.yml
# ============================================================
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
#
- include: test_privs.yml current_privilege=SELECT current_append_privs=no
# ============================================================
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
#
- include: test_privs.yml current_privilege=DROP current_append_privs=yes
# ============================================================
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
#
- include: test_privs.yml current_privilege='UPDATE,ALTER' current_append_privs=no
# ============================================================
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
#
- include: test_privs.yml current_privilege='INSERT,DELETE' current_append_privs=yes
# Tests for the priv parameter with dict value (https://github.com/ansible/ansible/issues/57533)
- include: test_priv_dict.yml
- import_tasks: issue-29511.yaml
tags:
- issue-29511
- import_tasks: issue-64560.yaml
tags:
- issue-64560

View file

@ -0,0 +1,59 @@
# test code to remove mysql user
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: remove mysql user {{user_name}}
mysql_user:
name: '{{user_name}}'
password: '{{user_password}}'
state: absent
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert output message mysql user was removed
assert: { that: "result.changed == true" }
# ============================================================
- name: create blank mysql user to be removed later
mysql_user:
name: ""
state: present
password: 'KJFDY&D*Sfuydsgf'
login_unix_socket: '{{ mysql_socket }}'
- name: remove blank mysql user with hosts=all (expect changed)
mysql_user:
user: ""
host_all: true
state: absent
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert changed is true for removing all blank users
assert: { that: "result.changed == true" }
- name: remove blank mysql user with hosts=all (expect ok)
mysql_user:
user: ""
host_all: true
state: absent
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert changed is true for removing all blank users
assert: { that: "result.changed == false" }

View file

@ -0,0 +1,46 @@
# Tests for priv parameter value passed as a dict
- name: Create test databases
mysql_db:
name: '{{ item }}'
state: present
login_unix_socket: '{{ mysql_socket }}'
loop:
- data1
- data2
- name: Create user with privileges
mysql_user:
name: '{{ user_name_3 }}'
password: '{{ user_password_3 }}'
priv:
"data1.*": "SELECT"
"data2.*": "SELECT"
state: present
login_unix_socket: '{{ mysql_socket }}'
- name: Run command to show privileges for user (expect privileges in stdout)
command: mysql "-e SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost';"
register: result
- name: Assert user has giving privileges
assert:
that:
- "'GRANT SELECT ON `data1`.*' in result.stdout"
- "'GRANT SELECT ON `data2`.*' in result.stdout"
##########
# Clean up
- name: Drop test databases
mysql_db:
name: '{{ item }}'
state: present
login_unix_socket: '{{ mysql_socket }}'
loop:
- data1
- data2
- name: Drop test user
mysql_user:
name: '{{ user_name_3 }}'
state: absent
login_unix_socket: '{{ mysql_socket }}'

View file

@ -0,0 +1,130 @@
# test code for privileges for mysql_user module
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: create user with basic select privileges
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:SELECT'
state: present
login_unix_socket: '{{ mysql_socket }}'
when: current_append_privs == "yes"
- include: assert_user.yml user_name={{user_name_2}} priv='SELECT'
when: current_append_privs == "yes"
- name: create user with current privileges (expect changed=true)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:{{current_privilege}}'
append_privs: '{{current_append_privs}}'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert output message for current privileges
assert: { that: "result.changed == true" }
- name: run command to show privileges for user (expect privileges in stdout)
command: mysql "-e SHOW GRANTS FOR '{{user_name_2}}'@'localhost';"
register: result
- name: assert user has correct privileges
assert: { that: "'GRANT {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout" }
when: current_append_privs == "no"
- name: assert user has correct privileges
assert: { that: "'GRANT SELECT, {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout" }
when: current_append_privs == "yes"
- name: create database using user current privileges
mysql_db:
name: '{{ db_name }}'
state: present
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
ignore_errors: true
- name: run command to test that database was not created
command: mysql "-e show databases like '{{ db_name }}';"
register: result
- name: assert database was not created
assert: { that: "'{{ db_name }}' not in result.stdout" }
# ============================================================
- name: Add privs to a specific table (expect changed)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: 'jmainguy.jmainguy:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert that priv changed
assert: { that: "result.changed == true" }
- name: Add privs to a specific table (expect ok)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: 'jmainguy.jmainguy:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert that priv did not change
assert: { that: "result.changed == false" }
# ============================================================
- name: update user with all privileges
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
- name: create database using user
mysql_db:
name: '{{ db_name }}'
state: present
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
- name: run command to test database was created using user new privileges
command: mysql "-e SHOW CREATE DATABASE {{ db_name }};"
- name: drop database using user
mysql_db:
name: '{{ db_name }}'
state: absent
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
- name: remove username
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
state: absent
login_unix_socket: '{{ mysql_socket }}'

View file

@ -0,0 +1,156 @@
# test code update password for the mysql_user module
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 dof the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
# Update user password for a user.
# Assert the user password is updated and old password can no longer be used.
#
- name: create user1 state=present with a password
mysql_user:
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
priv: '*.*:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
- name: create user2 state=present with a password
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
- name: store user2 grants with old password (mysql 5.7.6 and newer)
command: mysql "-e SHOW CREATE USER '{{ user_name_2 }}'@'localhost';"
register: user_password_old_create
ignore_errors: yes
- name: store user2 grants with old password (mysql 5.7.5 and older)
command: mysql "-e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost';"
register: user_password_old
when: user_password_old_create is failed
# FIXME: not sure why this is failing, but it looks like it should expect changed=true
#- name: update user2 state=present with same password (expect changed=false)
# mysql_user:
# name: '{{ user_name_2 }}'
# password: '{{ user_password_2 }}'
# priv: '*.*:ALL'
# state: present
# login_unix_socket: '{{ mysql_socket }}'
# register: result
#
#- name: assert output user2 was not updated
# assert: { that: "result.changed == false" }
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
- name: update user2 state=present with a new password (expect changed=true)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_1 }}'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
- name: store user2 grants with old password (mysql 5.7.6 and newer)
command: mysql "-e SHOW CREATE USER '{{ user_name_2 }}'@'localhost';"
register: user_password_new_create
ignore_errors: yes
- name: store user2 grants with new password
command: mysql "-e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost';"
register: user_password_new
when: user_password_new_create is failed
- name: assert output message password was update for user2 (mysql 5.7.6 and newer)
assert: { that: "user_password_old_create.stdout != user_password_new_create.stdout" }
when: user_password_new_create is not failed
- name: assert output message password was update for user2 (mysql 5.7.5 and older)
assert: { that: "user_password_old.stdout != user_password_new.stdout" }
when: user_password_new_create is failed
- name: create database using user2 and old password
mysql_db:
name: '{{ db_name }}'
state: present
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
ignore_errors: true
register: result
- debug: var=result.msg
- name: assert output message that database not create with old password
assert:
that:
- "result.failed == true"
- name: create database using user2 and new password
mysql_db:
name: '{{ db_name }}'
state: present
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_1 }}'
register: result
- name: assert output message that database is created with new password
assert: { that: "result.changed == true" }
- name: remove database
mysql_db:
name: '{{ db_name }}'
state: absent
login_unix_socket: '{{ mysql_socket }}'
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
- name: Create user with Fdt8fd^34ds using hash. (expect changed=true)
mysql_user:
name: jmainguy
password: '*0cb5b86f23fdc24db19a29b8854eb860cbc47793'
encrypted: yes
login_unix_socket: '{{ mysql_socket }}'
register: encrypt_result
- name: Check that the module made a change
assert:
that:
- "encrypt_result.changed == True"
- name: See if the password needs to be updated. (expect changed=false)
mysql_user:
name: jmainguy
password: 'Fdt8fd^34ds'
login_unix_socket: '{{ mysql_socket }}'
register: plain_result
- name: Check that the module did not change the password
assert:
that:
- "plain_result.changed == False"
- name: Remove user (cleanup)
mysql_user:
name: jmainguy
state: absent