ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-08-25 23:41:44 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Is changed (#427)

Browse source 
* Refactor tests to use "is" and "is not" changed

* Refactor tests to use is succeeded or is failed

* Reformat indentation

* Add filter "bool" to prevent issues

(cherry picked from commit 0a68bb270f)
This commit is contained in:
Laurent Indermühle 2022-08-23 09:11:55 +02:00 committed by Laurent Indermuehle
commit 2272343f11
No known key found for this signature in database
GPG key ID: 93FA944C9F34DD09
20 changed files with 763 additions and 175 deletions
Download patch file Download diff file Expand all files Collapse all files

24
tests/integration/targets/test_mysql_user/tasks/assert_user_password.yml Normal file
View file

@ -0,0 +1,24 @@
- name: "applying user {{ username }}@{{ host }} with update_password={{ update_password }}"
mysql_user:
login_user: '{{ mysql_parameters.login_user }}'
login_password: '{{ mysql_parameters.login_password }}'
login_host: '{{ mysql_parameters.login_host }}'
login_port: '{{ mysql_parameters.login_port }}'
state: present
name: "{{ username }}"
host: "{{ host }}"
password: "{{ password }}"
update_password: "{{ update_password }}"
register: result
- name: assert a change occurred
assert:
that:
- "result.changed | bool == {{ expect_change }} | bool"
- "result.password_changed == {{ expect_password_change }}"
- name: query the user
command: "{{ mysql_command }} -BNe \"SELECT plugin, authentication_string FROM mysql.user where user='{{ username }}' and host='{{ host }}'\""
register: existing_user
- name: assert the password is as set to expect_hash
assert:
that:
- "'mysql_native_password\t{{ expect_password_hash }}' in existing_user.stdout_lines"

2
tests/integration/targets/test_mysql_user/tasks/create_user.yml
View file

@ -37,4 +37,4 @@
- name: assert output message mysql user was created
assert:
that:
- "result.changed == true"
- result is changed

168
tests/integration/targets/test_mysql_user/tasks/issue-265.yml Normal file
View file

@ -0,0 +1,168 @@
---
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
block:
- name: Drop mysql user if exists
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
state: absent
ignore_errors: yes
# Tests with force_context: yes
# Test user creation
- name: create mysql user {{user_name_1}}
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: present
force_context: yes
register: result
- name: assert output message mysql user was created
assert:
that:
- result is changed
- include: assert_user.yml user_name={{user_name_1}}
# Test user removal
- name: remove mysql user {{user_name_1}}
mysql_user:
<<: *mysql_params
name: '{{user_name_1}}'
password: '{{user_password_1}}'
state: absent
force_context: yes
register: result
- name: assert output message mysql user was removed
assert:
that:
- result is changed
# Test blank user removal
- name: create blank mysql user to be removed later
mysql_user:
<<: *mysql_params
name: ""
state: present
force_context: yes
password: 'KJFDY&D*Sfuydsgf'
- name: remove blank mysql user with hosts=all (expect changed)
mysql_user:
<<: *mysql_params
user: ""
host_all: true
state: absent
force_context: yes
register: result
- name: assert changed is true for removing all blank users
assert:
that:
- result is changed
- name: remove blank mysql user with hosts=all (expect ok)
mysql_user:
<<: *mysql_params
user: ""
host_all: true
force_context: yes
state: absent
register: result
- name: assert changed is true for removing all blank users
assert:
that:
- result is not changed
- include: assert_no_user.yml user_name={{user_name_1}}
# Tests with force_context: no
# Test user creation
- name: Drop mysql user if exists
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
state: absent
ignore_errors: yes
# Tests with force_context: yes
# Test user creation
- name: create mysql user {{user_name_1}}
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: present
force_context: yes
register: result
- name: assert output message mysql user was created
assert:
that:
- result is changed
- include: assert_user.yml user_name={{user_name_1}}
# Test user removal
- name: remove mysql user {{user_name_1}}
mysql_user:
<<: *mysql_params
name: '{{user_name_1}}'
password: '{{user_password_1}}'
state: absent
force_context: no
register: result
- name: assert output message mysql user was removed
assert:
that:
- result is changed
# Test blank user removal
- name: create blank mysql user to be removed later
mysql_user:
<<: *mysql_params
name: ""
state: present
force_context: no
password: 'KJFDY&D*Sfuydsgf'
- name: remove blank mysql user with hosts=all (expect changed)
mysql_user:
<<: *mysql_params
user: ""
host_all: true
state: absent
force_context: no
register: result
- name: assert changed is true for removing all blank users
assert:
that:
- result is changed
- name: remove blank mysql user with hosts=all (expect ok)
mysql_user:
<<: *mysql_params
user: ""
host_all: true
force_context: no
state: absent
register: result
- name: assert changed is true for removing all blank users
assert:
that:
- result is not changed
- include: assert_no_user.yml user_name={{user_name_1}}

8
tests/integration/targets/test_mysql_user/tasks/issue-64560.yaml
View file

@ -17,7 +17,9 @@
register: result
- name: assert root password is changed
assert: { that: "result.changed == true" }
assert:
that:
- result is changed
- name: Set root password again
mysql_user:
@ -31,7 +33,9 @@
register: result
- name: Assert root password is not changed
assert: { that: "result.changed == false" }
assert:
that:
- result is not changed
- name: Set root password again
mysql_user:

8
tests/integration/targets/test_mysql_user/tasks/main.yml
View file

@ -65,7 +65,9 @@
register: result
- name: assert output message mysql user was not created
assert: { that: "result.changed == false" }
assert:
that:
- result is not changed
# ============================================================
# remove mysql user and verify user is removed from mysql database
@ -81,7 +83,7 @@
- name: assert output message mysql user was removed
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_no_user.yml user_name={{user_name_1}}
@ -99,7 +101,7 @@
- name: assert output message mysql user that does not exist
assert:
that:
- "result.changed == false"
- result is not changed
- include: assert_no_user.yml user_name={{user_name_1}}

6
tests/integration/targets/test_mysql_user/tasks/remove_user.yml
View file

@ -37,7 +37,7 @@
- name: assert output message mysql user was removed
assert:
that:
- "result.changed == true"
- result is changed
# ============================================================
- name: create blank mysql user to be removed later
@ -58,7 +58,7 @@
- name: assert changed is true for removing all blank users
assert:
that:
- "result.changed == true"
- result is changed
- name: remove blank mysql user with hosts=all (expect ok)
mysql_user:
@ -71,4 +71,4 @@
- name: assert changed is true for removing all blank users
assert:
that:
- "result.changed == false"
- result is not changed

4
tests/integration/targets/test_mysql_user/tasks/test_priv_append.yml
View file

@ -50,7 +50,7 @@
- name: Assert that there wasn't a change in permissions
assert:
that:
- "result.changed == false"
- result is not changed
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
@ -76,7 +76,7 @@
- name: Assert that there was a change because permissions were added to data1.*
assert:
that:
- "result.changed == true"
- result is changed
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""

173
tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml Normal file
View file

@ -0,0 +1,173 @@
# Test code to ensure that subtracting privileges will not result in unnecessary changes.
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
block:
- name: Create test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
state: present
loop:
- data1
- name: Create a user with an initial set of privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_4 }}'
password: '{{ user_password_4 }}'
priv: 'data1.*:SELECT,INSERT'
state: present
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
register: result
- name: Assert that the initial set of privileges matches what is expected
assert:
that:
- "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
- name: Subtract privileges that are not in the current privileges, which should be a no-op
mysql_user:
<<: *mysql_params
name: '{{ user_name_4 }}'
password: '{{ user_password_4 }}'
priv: 'data1.*:DELETE'
subtract_privs: yes
state: present
check_mode: '{{ enable_check_mode }}'
register: result
- name: Assert that there wasn't a change in permissions
assert:
that:
- result is not changed
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
register: result
- name: Assert that the permissions still match what was originally granted
assert:
that:
- "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
- name: Subtract existing and not-existing privileges, but not all
mysql_user:
<<: *mysql_params
name: '{{ user_name_4 }}'
password: '{{ user_password_4 }}'
priv: 'data1.*:INSERT,DELETE'
subtract_privs: yes
state: present
check_mode: '{{ enable_check_mode }}'
register: result
- name: Assert that there was a change because permissions were/would be revoked on data1.*
assert:
that:
- result is changed
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
register: result
- name: Assert that the permissions were not changed if check_mode is set to 'yes'
assert:
that:
- "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
when: enable_check_mode == 'yes'
- name: Assert that only DELETE was revoked if check_mode is set to 'no'
assert:
that:
- "'GRANT SELECT ON `data1`.*' in result.stdout"
when: enable_check_mode == 'no'
- name: Try to subtract invalid privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_4 }}'
password: '{{ user_password_4 }}'
priv: 'data1.*:INVALID'
subtract_privs: yes
state: present
check_mode: '{{ enable_check_mode }}'
register: result
- name: Assert that there was no change because invalid permissions are ignored
assert:
that:
- result is not changed
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
register: result
- name: Assert that the permissions were not changed with check_mode=='yes'
assert:
that:
- "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
when: enable_check_mode == 'yes'
- name: Assert that the permissions were not changed with check_mode=='no'
assert:
that:
- "'GRANT SELECT ON `data1`.*' in result.stdout"
when: enable_check_mode == 'no'
- name: trigger failure by trying to subtract and append privileges at the same time
mysql_user:
<<: *mysql_params
name: '{{ user_name_4 }}'
password: '{{ user_password_4 }}'
priv: 'data1.*:SELECT'
subtract_privs: yes
append_privs: yes
state: present
check_mode: '{{ enable_check_mode }}'
register: result
ignore_errors: true
- name: Assert the previous execution failed
assert:
that:
- result is failed
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
register: result
- name: Assert that the permissions stayed the same, with check_mode=='yes'
assert:
that:
- "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
when: enable_check_mode == 'yes'
- name: Assert that the permissions stayed the same, with check_mode=='no'
assert:
that:
- "'GRANT SELECT ON `data1`.*' in result.stdout"
when: enable_check_mode == 'no'
##########
# Clean up
- name: Drop test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
state: present
loop:
- data1
- name: Drop test user
mysql_user:
<<: *mysql_params
name: '{{ user_name_4 }}'
state: absent

29
tests/integration/targets/test_mysql_user/tasks/test_privs.yml
View file

@ -51,7 +51,7 @@
- name: assert output message for current privileges
assert:
that:
- "result.changed == true"
- result is changed
- name: run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{user_name_2}}'@'localhost'\""
@ -101,7 +101,7 @@
- name: Assert that priv changed
assert:
that:
- "result.changed == true"
- result is changed
- name: Add privs to a specific table (expect ok)
mysql_user:
@ -115,7 +115,7 @@
- name: Assert that priv did not change
assert:
that:
- "result.changed == false"
- result is not changed
# ============================================================
- name: update user with all privileges
@ -162,7 +162,7 @@
- name: Assert that priv changed
assert:
that:
- "result.changed == true"
- result is changed
- name: Test idempotency (expect ok)
mysql_user:
@ -173,10 +173,29 @@
state: present
register: result
# FIXME: on mariadb >=10.5.2 there's always a change because the REPLICATION CLIENT privilege was renamed to BINLOG MONITOR
- name: Assert that priv did not change
assert:
that:
- "result.changed == false"
- result is not changed
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.2', '=='))
# ============================================================
- name: update user with invalid privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:INVALID'
state: present
register: result
ignore_errors: yes
- name: Assert that priv did not change
assert:
that:
- result is failed
- "'Error granting privileges' in result.msg"
- name: remove username
mysql_user:

30
tests/integration/targets/test_mysql_user/tasks/test_user_password.yml
View file

@ -32,7 +32,7 @@
- name: Assert that a change occurred because the user was added
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -49,7 +49,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Run mysql_user again without any changes
mysql_user:
@ -63,7 +63,7 @@
- name: Assert that there weren't any changes because username/password didn't change
assert:
that:
- "result.changed == false"
- result is not changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -78,7 +78,7 @@
- name: Assert that a change occurred because the password was updated
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -95,7 +95,7 @@
- name: Assert that the mysql_info module failed because we used the old password
assert:
that:
- "result.failed == true"
- result is failed
- name: Get the MySQL version data using the new password (should work)
mysql_info:
@ -110,7 +110,7 @@
- name: Assert that the mysql_info module succeeded because we used the new password
assert:
that:
- "result.failed == false"
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
@ -131,7 +131,7 @@
- name: Assert that a change occurred because the user was added
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -148,7 +148,7 @@
- name: Assert that there weren't any changes because username/password didn't change
assert:
that:
- "result.changed == false"
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
@ -170,7 +170,7 @@
- name: Assert that a change occurred because the user was added
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -187,7 +187,7 @@
- name: Assert that the mysql_info module succeeded because we used the new password
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Pass in the same password as before, but in the encrypted form (no change expected)
mysql_user:
@ -200,7 +200,7 @@
- name: Assert that there weren't any changes because username/password didn't change
assert:
that:
- "result.changed == false"
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
@ -220,7 +220,7 @@
- name: Assert that a change occurred because the user was added
assert:
that:
- "result.changed == true"
- result is changed
- name: Get the MySQL version using an empty password for the newly created user
mysql_info:
@ -235,7 +235,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Get the MySQL version using an non-empty password (should fail)
mysql_info:
@ -250,7 +250,7 @@
- name: Assert that mysql_info failed
assert:
that:
- "result.failed == true"
- result is failed
- name: Update the user without changing the password
mysql_user:
@ -263,7 +263,7 @@
- name: Assert that the user wasn't changed because the password is still empty
assert:
that:
- "result.changed == false"
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password=''

72
tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml
View file

@ -37,8 +37,13 @@
- name: Check that the module made a change and that the expected plugin type is set
assert:
that:
- "result.changed == true"
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -54,7 +59,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Update the user with a different hash
mysql_user:
@ -67,7 +72,7 @@
- name: Check that the module makes the change because the hash changed
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -83,7 +88,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_new_auth_string }}
@ -108,8 +113,13 @@
- name: Check that the module made a change and that the expected plugin type is set
assert:
that:
- "result.changed == true"
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -125,7 +135,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Update the user with the same hash (no change expected)
mysql_user:
@ -138,7 +148,8 @@
- name: Check that the module doesn't make a change when the same hash is passed in
assert:
that:
- "result.changed == false"
- result is not changed
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -154,7 +165,7 @@
- name: Check that the module did not change the password
assert:
that:
- "result.changed == true"
- result is changed
- name: Getting the MySQL info should still work
mysql_info:
@ -168,7 +179,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
@ -193,7 +204,11 @@
- name: Check that the module made a change and that the expected plugin type is set
assert:
that:
- "result.changed == true"
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "'{{ test_plugin_type }}' in show_create_user.stdout"
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -210,7 +225,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Update the user with the same auth string
mysql_user:
@ -225,7 +240,7 @@
- name: The module should detect a change even though the password is the same
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -240,7 +255,7 @@
- name: Check that the module did not change the password
assert:
that:
- "result.changed == false"
- result is not changed
- name: Get the MySQL version using the newly created creds
mysql_info:
@ -254,7 +269,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
@ -278,8 +293,13 @@
- name: Check that the module made a change and that the expected plugin type is set
assert:
that:
- "result.changed == true"
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -296,7 +316,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Get the MySQL version using an non-empty password (should fail)
mysql_info:
@ -311,7 +331,7 @@
- name: Assert that mysql_info failed
assert:
that:
- "result.failed == true"
- result is failed
- name: Update the user without changing the auth mechanism
mysql_user:
@ -324,7 +344,7 @@
- name: Assert that the user wasn't changed because the auth string is still empty
assert:
that:
- "result.changed == false"
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
@ -359,8 +379,13 @@
- name: Check that the module made a change and that the expected plugin type is set
assert:
that:
- "result.changed == true"
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -379,8 +404,13 @@
- name: Check that the module made a change and that the expected plugin type is set
assert:
that:
- "result.changed == true"
- "'sha256_password' in show_create_user.stdout"
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "'sha256_password' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}