mysql_user: add integration tests for update_password argument

tests/integration/targets/test_mysql_user/tasks/assert_user_password.yml

@@ -0,0 +1,24 @@
+- name: "applying user {{ username }}@{{ host }} with update_password={{ update_password }}"
+  mysql_user:
+    login_user: '{{ mysql_parameters.login_user }}'
+    login_password: '{{ mysql_parameters.login_password }}'
+    login_host: '{{ mysql_parameters.login_host }}'
+    login_port: '{{ mysql_parameters.login_port }}'
+    state: present
+    name: "{{ username }}"
+    host: "{{ host }}"
+    password: "{{ password }}"
+    update_password: "{{ update_password }}"
+  register: result
+- name: assert a change occurred
+  assert:
+    that:
+      - "result.changed == {{ expect_change }}"
+      - "result.password_changed == {{ expect_password_change }}"
+- name: query the user
+  command: "{{ mysql_command }} -BNe \"SELECT plugin, authentication_string FROM mysql.user where user='{{ username }}' and host='{{ host }}'\""
+  register: existing_user
+- name: assert the password is as set to expect_hash
+  assert:
+    that:
+      - "'mysql_native_password\t{{ expect_password_hash }}' in existing_user.stdout_lines"

tests/integration/targets/test_mysql_user/tasks/test_update_password.yml

@@ -0,0 +1,128 @@
+# Tests scenarios for both plaintext and encrypted user passwords.
+
+- vars:
+    mysql_parameters:
+      login_user: '{{ mysql_user }}'
+      login_password: '{{ mysql_password }}'
+      login_host: 127.0.0.1
+      login_port: '{{ mysql_primary_port }}'
+    test_password1: kbB9tcx5WOGVGfzV
+    test_password1_hash: '*AF6A7F9D038475C17EE46564F154104877EE5037'
+    test_password2: XBYjpHmjIctMxl1y
+    test_password2_hash: '*9E22D1B35C68BDDF398B8F28AE482E5A865BAC0A'
+    test_password3: tem33JfR5Yx98BB
+    test_password3_hash: '*C7E7C2710702F20336F8D93BC0670C8FB66BDBC7'
+
+
+  block:
+    - include_tasks: assert_user_password.yml
+      vars:
+        username: "{{ item.username }}"
+        host: '127.0.0.1'
+        update_password: "{{ item.update_password }}"
+        password: "{{ test_password1 }}"
+        expect_change: "{{ item.expect_change }}"
+        expect_password_change: "{{ item.expect_change }}"
+        expect_password_hash: "{{ test_password1_hash }}"
+      loop:
+        # all variants set the password when nothing exists
+        - username: test1
+          update_password: always
+          expect_change: true
+        - username: test2
+          update_password: on_create
+          expect_change: true
+        - username: test3
+          update_password: on_new_username
+          expect_change: true
+
+        # assert idempotency
+        - username: test1
+          update_password: always
+          expect_change: false
+        - username: test2
+          update_password: on_create
+          expect_change: false
+        - username: test3
+          update_password: on_new_username
+          expect_change: false
+
+    # same user, new password
+    - include_tasks: assert_user_password.yml
+      vars:
+        username: "{{ item.username }}"
+        host: '127.0.0.1'
+        update_password: "{{ item.update_password }}"
+        password: "{{ test_password2 }}"
+        expect_change: "{{ item.expect_change }}"
+        expect_password_change: "{{ item.expect_change }}"
+        expect_password_hash: "{{ item.expect_password_hash }}"
+      loop:
+        - username: test1
+          update_password: always
+          expect_change: true
+          expect_password_hash: "{{ test_password2_hash }}"
+        - username: test2
+          update_password: on_create
+          expect_change: false
+          expect_password_hash: "{{ test_password1_hash }}"
+        - username: test3
+          update_password: on_new_username
+          expect_change: false
+          expect_password_hash: "{{ test_password1_hash }}"
+
+    # new user, new password
+    - include_tasks: assert_user_password.yml
+      vars:
+        username: "{{ item.username }}"
+        host: '::1'
+        update_password: "{{ item.update_password }}"
+        password: "{{ item.password }}"
+        expect_change: "{{ item.expect_change }}"
+        expect_password_change: "{{ item.expect_password_change }}"
+        expect_password_hash: "{{ item.expect_password_hash }}"
+      loop:
+        - username: test1
+          update_password: always
+          expect_change: true
+          expect_password_change: true
+          password: "{{ test_password1 }}"
+          expect_password_hash: "{{ test_password1_hash }}"
+        - username: test2
+          update_password: on_create
+          expect_change: true
+          expect_password_change: true
+          password: "{{ test_password2 }}"
+          expect_password_hash: "{{ test_password2_hash }}"
+        - username: test3
+          update_password: on_new_username
+          expect_change: true
+          expect_password_change: false
+          password: "{{ test_password2 }}"
+          expect_password_hash: "{{ test_password1_hash }}"
+
+        # prepare for next test: ensure all users have varying passwords
+        - username: test3
+          update_password: always
+          expect_change: true
+          expect_password_change: true
+          password: "{{ test_password2 }}"
+          expect_password_hash: "{{ test_password2_hash }}"
+
+    # another new user, another new password and multiple existing users with varying passwords
+    - include_tasks: assert_user_password.yml
+      vars:
+        username: "{{ item.username }}"
+        host: '2001:db8::1'
+        update_password: "{{ item.update_password }}"
+        password: "{{ test_password3 }}"
+        expect_change: true
+        expect_password_change: true
+        expect_password_hash: "{{ test_password3_hash }}"
+      loop:
+        - username: test1
+          update_password: always
+        - username: test2
+          update_password: on_create
+        - username: test3
+          update_password: on_new_username