From 1886753dfaa8b75395450f76d2fc8deaa81d5124 Mon Sep 17 00:00:00 2001 From: Laurent Indermuehle Date: Thu, 12 Oct 2023 10:11:54 +0200 Subject: [PATCH] Add integration tests for mysql_info users_privs --- .../tasks/filter_users_privs.yml | 250 ++++++++++++++++++ .../targets/test_mysql_info/tasks/main.yml | 4 + 2 files changed, 254 insertions(+) create mode 100644 tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml diff --git a/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml b/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml new file mode 100644 index 0000000..08e4191 --- /dev/null +++ b/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml @@ -0,0 +1,250 @@ +--- + +- module_defaults: + community.mysql.mysql_db: &mysql_defaults + login_user: "{{ mysql_user }}" + login_password: "{{ mysql_password }}" + login_host: "{{ mysql_host }}" + login_port: "{{ mysql_primary_port }}" + community.mysql.mysql_query: *mysql_defaults + community.mysql.mysql_info: *mysql_defaults + community.mysql.mysql_user: *mysql_defaults + + block: + + # ================================ Prepare ============================== + - name: Mysql_info users_privs | Create databases + community.mysql.mysql_db: + name: + - users_privs_db + - users_privs_db2 + - users_privs_db3 + state: present + + - name: Mysql_info users_privs | Create tables + community.mysql.mysql_query: + query: + - >- + CREATE TABLE IF NOT EXISTS users_privs_db.t1 + (id int, name varchar(9)) + - >- + CREATE TABLE IF NOT EXISTS users_privs_db.T_UPPER + (id int, name1 varchar(9), NAME2 varchar(9), Name3 varchar(9)) + + # I failed to create a procedure using community.mysql.mysql_query. + # Maybe it's because we must changed the delimiter. + - name: Mysql_info users_privs | Create procedure SQL file + ansible.builtin.template: + src: files/users_privs_create_procedure.sql + dest: /root/create_procedure.sql + owner: root + group: root + mode: '0700' + + - name: Mysql_info users_privs | Create a procedure + community.mysql.mysql_db: + name: all + state: import + target: /root/create_procedure.sql + + # Use a query instead of mysql_user, because we want to caches differences + # at the end and a bug in mysql_user would be invisible to this tests + - name: Mysql_info users_privs | Prepare common tests users + community.mysql.mysql_query: + query: + - >- + CREATE USER users_privs_adm@'users_privs.com' IDENTIFIED WITH + mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + - > + GRANT ALL ON *.* to users_privs_adm@'users_privs.com' WITH GRANT + OPTION + + - >- + CREATE USER users_privs_schema@'users_privs.com' IDENTIFIED WITH + mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + - >- + GRANT SELECT, INSERT, UPDATE, DELETE ON users_privs_db.* TO + users_privs_schema@'users_privs.com' + + - >- + CREATE USER users_privs_table@'users_privs.com' IDENTIFIED WITH + mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + - >- + GRANT SELECT, INSERT, UPDATE ON users_privs_db.t1 TO + users_privs_table@'users_privs.com' + + - >- + CREATE USER users_privs_col@'users_privs.com' IDENTIFIED WITH + mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + WITH MAX_USER_CONNECTIONS 100 + - >- + GRANT SELECT (id) ON users_privs_db.t1 TO + users_privs_col@'users_privs.com' + + - >- + CREATE USER users_privs_proc@'users_privs.com' IDENTIFIED WITH + mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + WITH MAX_USER_CONNECTIONS 2 MAX_CONNECTIONS_PER_HOUR 60 + - >- + GRANT EXECUTE ON PROCEDURE users_privs_db.get_all_items TO + users_privs_proc@'users_privs.com' + + - >- + CREATE USER users_privs_multi@'users_privs.com' IDENTIFIED WITH + mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + - >- + GRANT SELECT ON mysql.* TO + users_privs_multi@'users_privs.com' + - >- + GRANT ALL ON users_privs_db.* TO + users_privs_multi@'users_privs.com' + - >- + GRANT ALL ON users_privs_db2.* TO + users_privs_multi@'users_privs.com' + - >- + GRANT ALL ON users_privs_db3.* TO + users_privs_multi@'users_privs.com' + + - >- + CREATE USER users_privs_usage_only@'users_privs.com' IDENTIFIED WITH + mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + - >- + GRANT USAGE ON *.* TO + users_privs_usage_only@'users_privs.com' + + - >- + CREATE USER users_privs_columns_uppercase@'users_privs.com' + IDENTIFIED WITH mysql_native_password AS + '*6C387FC3893DBA1E3BA155E74754DA6682D04747' + - >- + GRANT SELECT,UPDATE(name1,NAME2,Name3) ON users_privs_db.T_UPPER TO + users_privs_columns_uppercase@'users_privs.com' + + - name: Mysql_info users_privs | Prepare tests users for MariaDB + community.mysql.mysql_user: + name: "{{ item.name }}" + host: "users_privs.com" + plugin: "{{ item.plugin | default(omit) }}" + plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}" + plugin_hash_string: "{{ item.plugin_hash_string | default(omit) }}" + tls_require: "{{ item.tls_require | default(omit) }}" + priv: "{{ item.priv }}" + resource_limits: "{{ item.resource_limits | default(omit) }}" + column_case_sensitive: true + state: present + loop: + - name: users_privs_socket # Only for MariaDB + priv: + '*.*': 'ALL' + plugin: 'unix_socket' + when: + - db_engine == 'mariadb' + + - name: Mysql_info users_privs | Prepare tests users for MySQL + community.mysql.mysql_user: + name: "{{ item.name }}" + host: "users_privs.com" + plugin: "{{ item.plugin | default(omit) }}" + plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}" + plugin_hash_string: "{{ item.plugin_hash_string | default(omit) }}" + tls_require: "{{ item.tls_require | default(omit) }}" + priv: "{{ item.priv }}" + resource_limits: "{{ item.resource_limits | default(omit) }}" + column_case_sensitive: true + state: present + loop: + - name: users_privs_sha256 # Only for MySQL + priv: + '*.*': 'ALL' + plugin_auth_string: + '$5$/=') + + # ================================== Tests ============================== + + - name: Mysql_info users_privs | Collect users_privs + community.mysql.mysql_info: + filter: + - users_privs + register: result + + - name: Recreate users from mysql_info users_privs result + community.mysql.mysql_user: + name: "{{ item.name }}" + host: "{{ item.host }}" + plugin: "{{ item.plugin | default(omit) }}" + plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}" + plugin_hash_string: "{{ item.plugin_hash_string | default(omit) }}" + tls_require: "{{ item.tls_require | default(omit) }}" + priv: "{{ item.priv | default(omit) }}" + resource_limits: "{{ item.resource_limits | default(omit) }}" + column_case_sensitive: true + state: present + loop: "{{ result.users_privs }}" + loop_control: + label: "{{ item.name }}@{{ item.host }}" + register: recreate_users_result + failed_when: + - recreate_users_result is changed + when: + - item.name != 'root' + - item.name != 'mysql' + - item.name != 'mariadb.sys' + - item.name != 'mysql.sys' + - item.name != 'mysql.infoschema' + + + # ================================== Cleanup ============================ + + - name: Mysql_info users_privs | Cleanup users_privs + community.mysql.mysql_user: + name: "{{ item }}" + host: "users_privs.com" + column_case_sensitive: true + state: absent + loop: + - users_privs_adm + - users_privs_schema + - users_privs_table + - users_privs_col + - users_privs_proc + - users_privs_usage_only + - users_privs_columns_uppercase + + - name: Mysql_info users_privs | Cleanup databases + community.mysql.mysql_db: + name: + - users_privs_db + - users_privs_db2 + - users_privs_db3 + state: absent + + - name: Mysql_info users_privs | Cleanup sql file for the procedure + ansible.builtin.file: + path: /root/create_procedure.sql + state: absent diff --git a/tests/integration/targets/test_mysql_info/tasks/main.yml b/tests/integration/targets/test_mysql_info/tasks/main.yml index be367f0..10e1917 100644 --- a/tests/integration/targets/test_mysql_info/tasks/main.yml +++ b/tests/integration/targets/test_mysql_info/tasks/main.yml @@ -219,3 +219,7 @@ assert: that: - result.databases.allviews.size == 0 + + - name: Import tasks file to tests users_privs filter + ansible.builtin.import_tasks: + file: filter_users_privs.yml