mirror of
				https://github.com/ansible-collections/community.mysql.git
				synced 2025-10-25 13:34:03 -07:00 
			
		
		
		
	feat[mysql_user]: add support for mysql user attributes (#604)
* add support for mysql user attributes * fix CI * write integration tests * requested changes pt. 1 * requested changes pt. 2 * fix changelog fragment --------- Co-authored-by: n-cc <ncc@github.com>
This commit is contained in:
		
					parent
					
						
							
								81ab18d56c
							
						
					
				
			
			
				commit
				
					
						051aa48d8d
					
				
			
		
					 6 changed files with 644 additions and 59 deletions
				
			
		
							
								
								
									
										2
									
								
								changelogs/fragments/604-user-attributes.yaml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								changelogs/fragments/604-user-attributes.yaml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,2 @@ | |||
| minor_changes: | ||||
|   - "mysql_user - add user attribute support via the ``attributes`` parameter and return value (https://github.com/ansible-collections/community.mysql/pull/604)." | ||||
|  | @ -10,6 +10,7 @@ __metaclass__ = type | |||
| # Simplified BSD License (see simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) | ||||
| 
 | ||||
| import string | ||||
| import json | ||||
| import re | ||||
| 
 | ||||
| from ansible.module_utils.six import iteritems | ||||
|  | @ -151,13 +152,17 @@ def get_existing_authentication(cursor, user, host): | |||
| 
 | ||||
| def user_add(cursor, user, host, host_all, password, encrypted, | ||||
|              plugin, plugin_hash_string, plugin_auth_string, new_priv, | ||||
|              tls_requires, check_mode, reuse_existing_password): | ||||
|              attributes, tls_requires, reuse_existing_password, module): | ||||
|     # If attributes are set, perform a sanity check to ensure server supports user attributes before creating user | ||||
|     if attributes and not get_attribute_support(cursor): | ||||
|         module.fail_json(msg="user attributes were specified but the server does not support user attributes") | ||||
| 
 | ||||
|     # we cannot create users without a proper hostname | ||||
|     if host_all: | ||||
|         return {'changed': False, 'password_changed': False} | ||||
|         return {'changed': False, 'password_changed': False, 'attributes': attributes} | ||||
| 
 | ||||
|     if check_mode: | ||||
|         return {'changed': True, 'password_changed': None} | ||||
|     if module.check_mode: | ||||
|         return {'changed': True, 'password_changed': None, 'attributes': attributes} | ||||
| 
 | ||||
|     # Determine what user management method server uses | ||||
|     old_user_mgmt = impl.use_old_user_mgmt(cursor) | ||||
|  | @ -205,7 +210,14 @@ def user_add(cursor, user, host, host_all, password, encrypted, | |||
|             privileges_grant(cursor, user, host, db_table, priv, tls_requires) | ||||
|     if tls_requires is not None: | ||||
|         privileges_grant(cursor, user, host, "*.*", get_grants(cursor, user, host), tls_requires) | ||||
|     return {'changed': True, 'password_changed': not used_existing_password} | ||||
| 
 | ||||
|     final_attributes = None | ||||
| 
 | ||||
|     if attributes: | ||||
|         cursor.execute("ALTER USER %s@%s ATTRIBUTE %s", (user, host, json.dumps(attributes))) | ||||
|         final_attributes = attributes_get(cursor, user, host) | ||||
| 
 | ||||
|     return {'changed': True, 'password_changed': not used_existing_password, 'attributes': final_attributes} | ||||
| 
 | ||||
| 
 | ||||
| def is_hash(password): | ||||
|  | @ -218,7 +230,7 @@ def is_hash(password): | |||
| 
 | ||||
| def user_mod(cursor, user, host, host_all, password, encrypted, | ||||
|              plugin, plugin_hash_string, plugin_auth_string, new_priv, | ||||
|              append_privs, subtract_privs, tls_requires, module, role=False, maria_role=False): | ||||
|              append_privs, subtract_privs, attributes, tls_requires, module, role=False, maria_role=False): | ||||
|     changed = False | ||||
|     msg = "User unchanged" | ||||
|     grant_option = False | ||||
|  | @ -278,8 +290,7 @@ def user_mod(cursor, user, host, host_all, password, encrypted, | |||
|                 if current_pass_hash != encrypted_password: | ||||
|                     password_changed = True | ||||
|                     msg = "Password updated" | ||||
|                     if module.check_mode: | ||||
|                         return {'changed': True, 'msg': msg, 'password_changed': password_changed} | ||||
|                     if not module.check_mode: | ||||
|                         if old_user_mgmt: | ||||
|                             cursor.execute("SET PASSWORD FOR %s@%s = %s", (user, host, encrypted_password)) | ||||
|                             msg = "Password updated (old style)" | ||||
|  | @ -352,8 +363,7 @@ def user_mod(cursor, user, host, host_all, password, encrypted, | |||
|                     if db_table not in new_priv: | ||||
|                         if user != "root" and "PROXY" not in priv: | ||||
|                             msg = "Privileges updated" | ||||
|                             if module.check_mode: | ||||
|                                 return {'changed': True, 'msg': msg, 'password_changed': password_changed} | ||||
|                             if not module.check_mode: | ||||
|                                 privileges_revoke(cursor, user, host, db_table, priv, grant_option, maria_role) | ||||
|                             changed = True | ||||
| 
 | ||||
|  | @ -363,8 +373,7 @@ def user_mod(cursor, user, host, host_all, password, encrypted, | |||
|                 for db_table, priv in iteritems(new_priv): | ||||
|                     if db_table not in curr_priv: | ||||
|                         msg = "New privileges granted" | ||||
|                         if module.check_mode: | ||||
|                             return {'changed': True, 'msg': msg, 'password_changed': password_changed} | ||||
|                         if not module.check_mode: | ||||
|                             privileges_grant(cursor, user, host, db_table, priv, tls_requires, maria_role) | ||||
|                         changed = True | ||||
| 
 | ||||
|  | @ -404,17 +413,58 @@ def user_mod(cursor, user, host, host_all, password, encrypted, | |||
| 
 | ||||
|                 if len(grant_privs) + len(revoke_privs) > 0: | ||||
|                     msg = "Privileges updated: granted %s, revoked %s" % (grant_privs, revoke_privs) | ||||
|                     if module.check_mode: | ||||
|                         return {'changed': True, 'msg': msg, 'password_changed': password_changed} | ||||
|                     if not module.check_mode: | ||||
|                         if len(revoke_privs) > 0: | ||||
|                             privileges_revoke(cursor, user, host, db_table, revoke_privs, grant_option, maria_role) | ||||
|                         if len(grant_privs) > 0: | ||||
|                             privileges_grant(cursor, user, host, db_table, grant_privs, tls_requires, maria_role) | ||||
|                     else: | ||||
|                         changed = True | ||||
| 
 | ||||
|             # after privilege manipulation, compare privileges from before and now | ||||
|             after_priv = privileges_get(cursor, user, host, maria_role) | ||||
|             changed = changed or (curr_priv != after_priv) | ||||
| 
 | ||||
|         # Handle attributes | ||||
|         attribute_support = get_attribute_support(cursor) | ||||
|         final_attributes = {} | ||||
| 
 | ||||
|         if attributes: | ||||
|             if not attribute_support: | ||||
|                 module.fail_json(msg="user attributes were specified but the server does not support user attributes") | ||||
|             else: | ||||
|                 current_attributes = attributes_get(cursor, user, host) | ||||
| 
 | ||||
|                 if current_attributes is None: | ||||
|                     current_attributes = {} | ||||
| 
 | ||||
|                 attributes_to_change = {} | ||||
| 
 | ||||
|                 for key, value in attributes.items(): | ||||
|                     if key not in current_attributes or current_attributes[key] != value: | ||||
|                         attributes_to_change[key] = value | ||||
| 
 | ||||
|                 if attributes_to_change: | ||||
|                     msg = "Attributes updated: %s" % (", ".join(["%s: %s" % (key, value) for key, value in attributes_to_change.items()])) | ||||
| 
 | ||||
|                     # Calculate final attributes by re-running attributes_get when not in check mode, and merge dictionaries when in check mode | ||||
|                     if not module.check_mode: | ||||
|                         cursor.execute("ALTER USER %s@%s ATTRIBUTE %s", (user, host, json.dumps(attributes_to_change))) | ||||
|                         final_attributes = attributes_get(cursor, user, host) | ||||
|                     else: | ||||
|                         # Final if statements excludes items whose values are None in attributes_to_change, i.e. attributes that will be deleted | ||||
|                         final_attributes = {k: v for d in (current_attributes, attributes_to_change) for k, v in d.items() if k not in attributes_to_change or | ||||
|                                             attributes_to_change[k] is not None} | ||||
| 
 | ||||
|                         # Convert empty dict to None per return value requirements | ||||
|                         final_attributes = final_attributes if final_attributes else None | ||||
|                     changed = True | ||||
|                 else: | ||||
|                     final_attributes = current_attributes | ||||
|         else: | ||||
|             if attribute_support: | ||||
|                 final_attributes = attributes_get(cursor, user, host) | ||||
| 
 | ||||
|         if role: | ||||
|             continue | ||||
| 
 | ||||
|  | @ -422,8 +472,7 @@ def user_mod(cursor, user, host, host_all, password, encrypted, | |||
|         current_requires = get_tls_requires(cursor, user, host) | ||||
|         if current_requires != tls_requires: | ||||
|             msg = "TLS requires updated" | ||||
|             if module.check_mode: | ||||
|                 return {'changed': True, 'msg': msg, 'password_changed': password_changed} | ||||
|             if not module.check_mode: | ||||
|                 if not old_user_mgmt: | ||||
|                     pre_query = "ALTER USER" | ||||
|                 else: | ||||
|  | @ -439,7 +488,7 @@ def user_mod(cursor, user, host, host_all, password, encrypted, | |||
|                 cursor.execute(*query_with_args) | ||||
|             changed = True | ||||
| 
 | ||||
|     return {'changed': changed, 'msg': msg, 'password_changed': password_changed} | ||||
|     return {'changed': changed, 'msg': msg, 'password_changed': password_changed, 'attributes': final_attributes} | ||||
| 
 | ||||
| 
 | ||||
| def user_delete(cursor, user, host, host_all, check_mode): | ||||
|  | @ -924,6 +973,45 @@ def limit_resources(module, cursor, user, host, resource_limits, check_mode): | |||
|     return True | ||||
| 
 | ||||
| 
 | ||||
| def get_attribute_support(cursor): | ||||
|     """Checks if the MySQL server supports user attributes. | ||||
| 
 | ||||
|     Args: | ||||
|         cursor (cursor): DB driver cursor object. | ||||
|     Returns: | ||||
|         True if attributes are supported, False if they are not. | ||||
|     """ | ||||
|     try: | ||||
|         # information_schema.tables does not hold the tables within information_schema itself | ||||
|         cursor.execute("SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES LIMIT 0") | ||||
|         cursor.fetchone() | ||||
|     except mysql_driver.Error: | ||||
|         return False | ||||
| 
 | ||||
|     return True | ||||
| 
 | ||||
| 
 | ||||
| def attributes_get(cursor, user, host): | ||||
|     """Get attributes for a given user. | ||||
| 
 | ||||
|     Args: | ||||
|         cursor (cursor): DB driver cursor object. | ||||
|         user (str): User name. | ||||
|         host (str): User host name. | ||||
| 
 | ||||
|     Returns: | ||||
|         None if the user does not exist or the user has no attributes set, otherwise a dict of attributes set on the user | ||||
|     """ | ||||
|     cursor.execute("SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = %s AND host = %s", (user, host)) | ||||
| 
 | ||||
|     r = cursor.fetchone() | ||||
|     # convert JSON string stored in row into a dict - mysql enforces that user_attributes entires are in JSON format | ||||
|     j = json.loads(r[0]) if r and r[0] else None | ||||
| 
 | ||||
|     # if the attributes dict is empty, return None instead | ||||
|     return j if j else None | ||||
| 
 | ||||
| 
 | ||||
| def get_impl(cursor): | ||||
|     global impl | ||||
|     cursor.execute("SELECT VERSION()") | ||||
|  |  | |||
|  | @ -931,7 +931,7 @@ class Role(): | |||
|         if privs: | ||||
|             result = user_mod(self.cursor, self.name, self.host, | ||||
|                               None, None, None, None, None, None, | ||||
|                               privs, append_privs, subtract_privs, None, | ||||
|                               privs, append_privs, subtract_privs, None, None, | ||||
|                               self.module, role=True, maria_role=self.is_mariadb) | ||||
|             changed = result['changed'] | ||||
| 
 | ||||
|  |  | |||
|  | @ -155,7 +155,6 @@ options: | |||
|       - Cannot be used to set global variables, use the M(community.mysql.mysql_variables) module instead. | ||||
|     type: dict | ||||
|     version_added: '3.6.0' | ||||
| 
 | ||||
|   column_case_sensitive: | ||||
|     description: | ||||
|       - The default is C(false). | ||||
|  | @ -165,6 +164,13 @@ options: | |||
|         fields names in privileges. | ||||
|     type: bool | ||||
|     version_added: '3.8.0' | ||||
|   attributes: | ||||
|     description: | ||||
|       - "Create, update, or delete user attributes (arbitrary 'key: value' comments) for the user." | ||||
|       - MySQL server must support the INFORMATION_SCHEMA.USER_ATTRIBUTES table. Provided since MySQL 8.0. | ||||
|       - To delete an existing attribute, set its value to null. | ||||
|     type: dict | ||||
|     version_added: '3.9.0' | ||||
| 
 | ||||
| notes: | ||||
|    - "MySQL server installs with default I(login_user) of C(root) and no password. | ||||
|  | @ -257,6 +263,13 @@ EXAMPLES = r''' | |||
|       FUNCTION my_db.my_function: EXECUTE | ||||
|     state: present | ||||
| 
 | ||||
| - name: Modify user attributes, creating the attribute 'foo' and removing the attribute 'bar' | ||||
|   community.mysql.mysql_user: | ||||
|     name: bob | ||||
|     attributes: | ||||
|       foo: "foo" | ||||
|       bar: null | ||||
| 
 | ||||
| - name: Modify user to require TLS connection with a valid client certificate | ||||
|   community.mysql.mysql_user: | ||||
|     name: bob | ||||
|  | @ -405,6 +418,7 @@ def main(): | |||
|         tls_requires=dict(type='dict'), | ||||
|         append_privs=dict(type='bool', default=False), | ||||
|         subtract_privs=dict(type='bool', default=False), | ||||
|         attributes=dict(type='dict'), | ||||
|         check_implicit_admin=dict(type='bool', default=False), | ||||
|         update_password=dict(type='str', default='always', choices=['always', 'on_create', 'on_new_username'], no_log=False), | ||||
|         sql_log_bin=dict(type='bool', default=True), | ||||
|  | @ -437,6 +451,7 @@ def main(): | |||
|     append_privs = module.boolean(module.params["append_privs"]) | ||||
|     subtract_privs = module.boolean(module.params['subtract_privs']) | ||||
|     update_password = module.params['update_password'] | ||||
|     attributes = module.params['attributes'] | ||||
|     ssl_cert = module.params["client_cert"] | ||||
|     ssl_key = module.params["client_key"] | ||||
|     ssl_ca = module.params["ca_cert"] | ||||
|  | @ -500,21 +515,23 @@ def main(): | |||
| 
 | ||||
|         priv = privileges_unpack(priv, mode, column_case_sensitive, ensure_usage=not subtract_privs) | ||||
|     password_changed = False | ||||
|     final_attributes = None | ||||
|     if state == "present": | ||||
|         if user_exists(cursor, user, host, host_all): | ||||
|             try: | ||||
|                 if update_password == "always": | ||||
|                     result = user_mod(cursor, user, host, host_all, password, encrypted, | ||||
|                                       plugin, plugin_hash_string, plugin_auth_string, | ||||
|                                       priv, append_privs, subtract_privs, tls_requires, module) | ||||
|                                       priv, append_privs, subtract_privs, attributes, tls_requires, module) | ||||
| 
 | ||||
|                 else: | ||||
|                     result = user_mod(cursor, user, host, host_all, None, encrypted, | ||||
|                                       None, None, None, | ||||
|                                       priv, append_privs, subtract_privs, tls_requires, module) | ||||
|                                       priv, append_privs, subtract_privs, attributes, tls_requires, module) | ||||
|                 changed = result['changed'] | ||||
|                 msg = result['msg'] | ||||
|                 password_changed = result['password_changed'] | ||||
|                 final_attributes = result['attributes'] | ||||
| 
 | ||||
|             except (SQLParseError, InvalidPrivsError, mysql_driver.Error) as e: | ||||
|                 module.fail_json(msg=to_native(e)) | ||||
|  | @ -527,9 +544,10 @@ def main(): | |||
|                 reuse_existing_password = update_password == 'on_new_username' | ||||
|                 result = user_add(cursor, user, host, host_all, password, encrypted, | ||||
|                                   plugin, plugin_hash_string, plugin_auth_string, | ||||
|                                   priv, tls_requires, module.check_mode, reuse_existing_password) | ||||
|                                   priv, attributes, tls_requires, reuse_existing_password, module) | ||||
|                 changed = result['changed'] | ||||
|                 password_changed = result['password_changed'] | ||||
|                 final_attributes = result['attributes'] | ||||
|                 if changed: | ||||
|                     msg = "User added" | ||||
| 
 | ||||
|  | @ -546,7 +564,7 @@ def main(): | |||
|         else: | ||||
|             changed = False | ||||
|             msg = "User doesn't exist" | ||||
|     module.exit_json(changed=changed, user=user, msg=msg, password_changed=password_changed) | ||||
|     module.exit_json(changed=changed, user=user, msg=msg, password_changed=password_changed, attributes=final_attributes) | ||||
| 
 | ||||
| 
 | ||||
| if __name__ == '__main__': | ||||
|  |  | |||
|  | @ -267,6 +267,9 @@ | |||
|       tags: | ||||
|         - issue_465 | ||||
| 
 | ||||
|     # Tests for user attributes | ||||
|     - include_tasks: test_user_attributes.yml | ||||
| 
 | ||||
|     # Tests for the TLS requires dictionary | ||||
|     - include_tasks: test_tls_requirements.yml | ||||
| 
 | ||||
|  |  | |||
|  | @ -0,0 +1,474 @@ | |||
| --- | ||||
| - vars: | ||||
|     mysql_parameters: &mysql_params | ||||
|       login_user: '{{ mysql_user }}' | ||||
|       login_password: '{{ mysql_password }}' | ||||
|       login_host: '{{ mysql_host }}' | ||||
|       login_port: '{{ mysql_primary_port }}' | ||||
| 
 | ||||
|   block: | ||||
| 
 | ||||
|     - when: db_engine == 'mariadb' | ||||
|       block: | ||||
| 
 | ||||
|       # ============================================================ | ||||
|       # Fail creating a user with mariadb | ||||
|       # | ||||
| 
 | ||||
|       # Check mode | ||||
|       - name: Attributes | Attempt to create user with attributes with mariadb in check mode | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           password: '{{ user_password_2 }}' | ||||
|           attributes: | ||||
|             key1: "value1" | ||||
|         ignore_errors: yes | ||||
|         register: result_module | ||||
|         check_mode: yes | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify user creation with attributes fails with mariadb in check mode | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT user FROM mysql.user WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         ignore_errors: yes | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that creating user with attributes fails with mariadb in check mode | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is failed | ||||
|             - not result_query.query_result[0] | ||||
| 
 | ||||
|       # Real mode | ||||
|       - name: Attributes | Attempt to create user with attributes with mariadb | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           password: '{{ user_password_2 }}' | ||||
|           attributes: | ||||
|             key1: "value1" | ||||
|         ignore_errors: yes | ||||
|         register: result_module | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify user creation with attributes fails with mariadb | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT user FROM mysql.user WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that creating user with attributes fails with mariadb | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is failed | ||||
|             - not result_query.query_result[0] | ||||
| 
 | ||||
|     - when: db_engine == 'mysql' | ||||
|       block: | ||||
| 
 | ||||
|       # ============================================================ | ||||
|       # Create user with no attributes (test attributes return type) | ||||
|       # | ||||
| 
 | ||||
|       # Check mode | ||||
|       - name: Attributes | Test creating a user with no attributes in check mode | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           password: '{{ user_password_2 }}' | ||||
|         register: result_module | ||||
|         check_mode: yes | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify user creation with no attributes did not take place in check mode | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT user FROM mysql.user WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that user would have been created without attributes | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - result_module.attributes is none | ||||
|             - not result_query.query_result[0] | ||||
| 
 | ||||
|       # Real mode | ||||
|       - name: Attributes | Test creating a user with no attributes | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           password: '{{ user_password_2 }}' | ||||
|         register: result_module | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify created user without attributes | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that user was created without attributes | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - result_module.attributes is none | ||||
|             - result_query.query_result[0][0]['ATTRIBUTE'] is none | ||||
| 
 | ||||
|       # Clean up user to allow it to be recreated with attributes | ||||
|       - include_tasks: utils/remove_user.yml | ||||
|         vars: | ||||
|           user_name: "{{ user_name_2 }}" | ||||
| 
 | ||||
|       # ============================================================ | ||||
|       # Create user with attributes | ||||
|       # | ||||
| 
 | ||||
|       # Check mode | ||||
|       - name: Attributes | Test creating a user with attributes in check mode | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           password: '{{ user_password_2 }}' | ||||
|           attributes: | ||||
|             key1: "value1" | ||||
|         register: result_module | ||||
|         check_mode: yes | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify user creation did not take place in check mode | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT user FROM mysql.user WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that user would have been created with attributes | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - result_module.attributes.key1 == "value1" | ||||
|             - not result_query.query_result[0] | ||||
| 
 | ||||
|       # Real mode | ||||
|       - name: Attributes | Test creating a user with attributes | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           password: '{{ user_password_2 }}' | ||||
|           attributes: | ||||
|             key1: "value1" | ||||
|         register: result_module | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify created user attributes | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that user was created with attributes | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - result_module.attributes.key1 == "value1" | ||||
|             - (result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml)['key1'] == "value1" | ||||
| 
 | ||||
|       # ============================================================ | ||||
|       # Append attributes on an existing user | ||||
|       # | ||||
| 
 | ||||
|       # Check mode | ||||
|       - name: Attributes | Test appending attributes to an existing user in check mode | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           attributes: | ||||
|             key2: "value2" | ||||
|         register: result_module | ||||
|         check_mode: yes | ||||
| 
 | ||||
|       - name: Attributes | Run query to check appended attributes in check mode | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that attribute would have been appended and existing attribute stays | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - result_module.attributes.key1 == "value1" | ||||
|             - result_module.attributes.key2 == "value2" | ||||
|             - "'key2' not in result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml" | ||||
| 
 | ||||
|       # Real mode | ||||
|       - name: Attributes | Test appending attributes to an existing user | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           attributes: | ||||
|             key2: "value2" | ||||
|         register: result_module | ||||
| 
 | ||||
|       - name: Attributes | Run query to check appended attributes | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that new attribute was appended and existing attribute stays | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - result_module.attributes.key1 == "value1" | ||||
|             - result_module.attributes.key2 == "value2" | ||||
|             - (result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml)['key1'] == "value1" | ||||
|             - (result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml)['key2'] == "value2" | ||||
| 
 | ||||
|       # ============================================================ | ||||
|       # Test updating existing attributes | ||||
|       # | ||||
| 
 | ||||
|       # Check mode | ||||
|       - name: Attributes | Test updating attributes on an existing user in check mode | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           attributes: | ||||
|             key2: "new_value2" | ||||
|         check_mode: yes | ||||
|         register: result_module | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify updated attribute in check mode | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that attribute would have been updated | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - result_module.attributes.key2 == "new_value2" | ||||
|             - (result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml)['key2'] == "value2" | ||||
| 
 | ||||
|       # Real mode | ||||
|       - name: Attributes | Test updating attributes on an existing user | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           attributes: | ||||
|             key2: "new_value2" | ||||
|         register: result_module | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify updated attribute | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that attribute was updated | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - result_module.attributes.key2 == "new_value2" | ||||
|             - (result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml)['key2'] == "new_value2" | ||||
| 
 | ||||
|       # ============================================================ | ||||
|       # Test attribute idempotency when specifying attributes | ||||
|       # | ||||
| 
 | ||||
|       # Check mode | ||||
|       - name: Attributes | Test attribute idempotency by trying to change an already correct attribute in check mode | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           attributes: | ||||
|             key1: "value1" | ||||
|         register: result_module | ||||
|         check_mode: yes | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify idempotency of already correct attribute in check mode | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that attribute would not have been updated | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is not changed | ||||
|             - result_module.attributes.key1 == "value1" | ||||
|             - (result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml)['key1'] == "value1" | ||||
| 
 | ||||
|       # Real mode | ||||
|       - name: Attributes | Test attribute idempotency by trying to change an already correct attribute | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           attributes: | ||||
|             key1: "value1" | ||||
|         register: result_module | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify idempotency of already correct attribute | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that attribute was not updated | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is not changed | ||||
|             - result_module.attributes.key1 == "value1" | ||||
|             - (result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml)['key1'] == "value1" | ||||
| 
 | ||||
|       # ============================================================ | ||||
|       # Test attribute idempotency when not specifying attribute parameter | ||||
|       # | ||||
| 
 | ||||
|       # Check mode | ||||
|       - name: Attributes | Test attribute idempotency by not specifying attribute parameter in check mode | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|         register: result_module | ||||
|         check_mode: yes | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify idempotency when not specifying attribute parameter in check mode | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that attribute is returned in check mode | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is not changed | ||||
|             - result_module.attributes.key1 == "value1" | ||||
|             - (result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml)['key1'] == "value1" | ||||
| 
 | ||||
|       # Real mode | ||||
|       - name: Attributes | Test attribute idempotency by not specifying attribute parameter | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|         register: result_module | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify idempotency when not specifying attribute parameter | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that attribute is returned | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is not changed | ||||
|             - result_module.attributes.key1 == "value1" | ||||
|             - (result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml)['key1'] == "value1" | ||||
| 
 | ||||
|       # ============================================================ | ||||
|       # Test deleting attributes | ||||
|       # | ||||
| 
 | ||||
|       # Check mode | ||||
|       - name: Attributes | Test deleting attributes on an existing user in check mode | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           attributes: | ||||
|             key2: null | ||||
|         register: result_module | ||||
|         check_mode: yes | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify deleted attribute in check mode | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that attribute would have been deleted | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - "'key2' not in result_module.attributes" | ||||
|             - (result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml)['key2'] == "new_value2" | ||||
| 
 | ||||
|       # Real mode | ||||
|       - name: Attributes | Test deleting attributes on an existing user | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           attributes: | ||||
|             key2: null | ||||
|         register: result_module | ||||
| 
 | ||||
|       - name: Attributes | Run query to verify deleted attribute | ||||
|         mysql_query: | ||||
|           <<: *mysql_params | ||||
|           query: 'SELECT attribute FROM INFORMATION_SCHEMA.USER_ATTRIBUTES WHERE user = "{{ user_name_2 }}" AND host = "%"' | ||||
|         register: result_query | ||||
| 
 | ||||
|       - name: Attributes | Assert that attribute was deleted | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - "'key2' not in result_module.attributes" | ||||
|             - "'key2' not in result_query.query_result[0][0]['ATTRIBUTE'] | from_yaml" | ||||
| 
 | ||||
|       # ============================================================ | ||||
|       # Test attribute return value when no attributes exist | ||||
|       # | ||||
| 
 | ||||
|       # Check mode | ||||
|       - name: Attributes | Test attributes return value when no attributes exist in check mode | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           attributes: | ||||
|             key1: null | ||||
|         register: result_module | ||||
|         check_mode: yes | ||||
| 
 | ||||
|       - name: Attributes | Assert attributes return value when no attributes exist in check mode | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - result_module.attributes is none | ||||
| 
 | ||||
|       # Real mode | ||||
|       - name: Attributes | Test attributes return value when no attributes exist | ||||
|         mysql_user: | ||||
|           <<: *mysql_params | ||||
|           name: '{{ user_name_2 }}' | ||||
|           host: '%' | ||||
|           attributes: | ||||
|             key1: null | ||||
|         register: result_module | ||||
| 
 | ||||
|       - name: Attributes | Assert attributes return value when no attributes exist | ||||
|         assert: | ||||
|           that: | ||||
|             - result_module is changed | ||||
|             - result_module.attributes is none | ||||
| 
 | ||||
|       # ============================================================ | ||||
|       # Cleanup | ||||
|       # | ||||
|       - include_tasks: utils/remove_user.yml | ||||
|         vars: | ||||
|           user_name: "{{ user_name_2 }}" | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue