ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-07-28 07:31:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[PR #427/0a68bb27 backport][stable-1] CI is changed (#428)

Browse source 
* Is changed (#427)

* Refactor tests to use "is" and "is not" changed

* Refactor tests to use is succeeded or is failed

* Reformat indentation

* Add filter "bool" to prevent issues

(cherry picked from commit 0a68bb270f)

* Fix error message verification

I don't know why this works on main, but in stable-1, the error message
is "invalid privileges string: Invalid privileges specified:
frozenset({'INVALID'})"

* Add filter for test that won't work with mariadb

* Refactor test in their own file instead of main

* Add db_names dict

* Fix registered variable name

* Add missing fact

* Add test databases cleanup

* Cut tests for unsupported db name (%)

* Add missing default vars to tests db_formats

* Backport small diff from main
This commit is contained in:
Laurent Indermühle 2022-08-29 10:19:31 +02:00 committed by GitHub
commit 275d85067a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 631 additions and 493 deletions
Download patch file Download diff file Expand all files Collapse all files

24
tests/integration/targets/test_mysql_user/tasks/assert_user_password.yml Normal file
View file

@ -0,0 +1,24 @@
- name: "applying user {{ username }}@{{ host }} with update_password={{ update_password }}"
mysql_user:
login_user: '{{ mysql_parameters.login_user }}'
login_password: '{{ mysql_parameters.login_password }}'
login_host: '{{ mysql_parameters.login_host }}'
login_port: '{{ mysql_parameters.login_port }}'
state: present
name: "{{ username }}"
host: "{{ host }}"
password: "{{ password }}"
update_password: "{{ update_password }}"
register: result
- name: assert a change occurred
assert:
that:
- "result.changed | bool == {{ expect_change }} | bool"
- "result.password_changed == {{ expect_password_change }}"
- name: query the user
command: "{{ mysql_command }} -BNe \"SELECT plugin, authentication_string FROM mysql.user where user='{{ username }}' and host='{{ host }}'\""
register: existing_user
- name: assert the password is as set to expect_hash
assert:
that:
- "'mysql_native_password\t{{ expect_password_hash }}' in existing_user.stdout_lines"

2
tests/integration/targets/test_mysql_user/tasks/create_user.yml
View file

@ -37,4 +37,4 @@
- name: assert output message mysql user was created
assert:
that:
- "result.changed == true"
- result is changed

8
tests/integration/targets/test_mysql_user/tasks/issue-64560.yaml
View file

@ -17,7 +17,9 @@
register: result
- name: assert root password is changed
assert: { that: "result.changed == true" }
assert:
that:
- result is changed
- name: Set root password again
mysql_user:
@ -31,7 +33,9 @@
register: result
- name: Assert root password is not changed
assert: { that: "result.changed == false" }
assert:
that:
- result is not changed
- name: Set root password again
mysql_user:

10
tests/integration/targets/test_mysql_user/tasks/main.yml
View file

@ -65,7 +65,9 @@
register: result
- name: assert output message mysql user was not created
assert: { that: "result.changed == false" }
assert:
that:
- result is not changed
# ============================================================
# remove mysql user and verify user is removed from mysql database
@ -81,7 +83,7 @@
- name: assert output message mysql user was removed
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_no_user.yml user_name={{user_name_1}}
@ -99,7 +101,7 @@
- name: assert output message mysql user that does not exist
assert:
that:
- "result.changed == false"
- result is not changed
- include: assert_no_user.yml user_name={{user_name_1}}
@ -242,7 +244,9 @@
# ============================================================
# Test plugin authentication scenarios.
#
# FIXME: mariadb sql syntax for create/update user is not compatible
- include: test_user_plugin_auth.yml
when: install_type == 'mysql'
# ============================================================
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database

6
tests/integration/targets/test_mysql_user/tasks/remove_user.yml
View file

@ -37,7 +37,7 @@
- name: assert output message mysql user was removed
assert:
that:
- "result.changed == true"
- result is changed
# ============================================================
- name: create blank mysql user to be removed later
@ -58,7 +58,7 @@
- name: assert changed is true for removing all blank users
assert:
that:
- "result.changed == true"
- result is changed
- name: remove blank mysql user with hosts=all (expect ok)
mysql_user:
@ -71,4 +71,4 @@
- name: assert changed is true for removing all blank users
assert:
that:
- "result.changed == false"
- result is not changed

4
tests/integration/targets/test_mysql_user/tasks/test_priv_append.yml
View file

@ -50,7 +50,7 @@
- name: Assert that there wasn't a change in permissions
assert:
that:
- "result.changed == false"
- result is not changed
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
@ -76,7 +76,7 @@
- name: Assert that there was a change because permissions were added to data1.*
assert:
that:
- "result.changed == true"
- result is changed
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""

27
tests/integration/targets/test_mysql_user/tasks/test_privs.yml
View file

@ -51,7 +51,7 @@
- name: assert output message for current privileges
assert:
that:
- "result.changed == true"
- result is changed
- name: run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{user_name_2}}'@'localhost'\""
@ -101,7 +101,7 @@
- name: Assert that priv changed
assert:
that:
- "result.changed == true"
- result is changed
- name: Add privs to a specific table (expect ok)
mysql_user:
@ -115,7 +115,7 @@
- name: Assert that priv did not change
assert:
that:
- "result.changed == false"
- result is not changed
# ============================================================
- name: update user with all privileges
@ -162,7 +162,7 @@
- name: Assert that priv changed
assert:
that:
- "result.changed == true"
- result is changed
- name: Test idempotency (expect ok)
mysql_user:
@ -176,7 +176,24 @@
- name: Assert that priv did not change
assert:
that:
- "result.changed == false"
- result is not changed
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.2', '=='))
# ============================================================
- name: update user with invalid privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:INVALID'
state: present
register: result
ignore_errors: yes
- name: Assert that priv did not change
assert:
that:
- result is failed
- name: remove username
mysql_user:

30
tests/integration/targets/test_mysql_user/tasks/test_user_password.yml
View file

@ -32,7 +32,7 @@
- name: Assert that a change occurred because the user was added
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -49,7 +49,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Run mysql_user again without any changes
mysql_user:
@ -63,7 +63,7 @@
- name: Assert that there weren't any changes because username/password didn't change
assert:
that:
- "result.changed == false"
- result is not changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -78,7 +78,7 @@
- name: Assert that a change occurred because the password was updated
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -95,7 +95,7 @@
- name: Assert that the mysql_info module failed because we used the old password
assert:
that:
- "result.failed == true"
- result is failed
- name: Get the MySQL version data using the new password (should work)
mysql_info:
@ -110,7 +110,7 @@
- name: Assert that the mysql_info module succeeded because we used the new password
assert:
that:
- "result.failed == false"
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
@ -131,7 +131,7 @@
- name: Assert that a change occurred because the user was added
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -148,7 +148,7 @@
- name: Assert that there weren't any changes because username/password didn't change
assert:
that:
- "result.changed == false"
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
@ -170,7 +170,7 @@
- name: Assert that a change occurred because the user was added
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -187,7 +187,7 @@
- name: Assert that the mysql_info module succeeded because we used the new password
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Pass in the same password as before, but in the encrypted form (no change expected)
mysql_user:
@ -200,7 +200,7 @@
- name: Assert that there weren't any changes because username/password didn't change
assert:
that:
- "result.changed == false"
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
@ -220,7 +220,7 @@
- name: Assert that a change occurred because the user was added
assert:
that:
- "result.changed == true"
- result is changed
- name: Get the MySQL version using an empty password for the newly created user
mysql_info:
@ -235,7 +235,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Get the MySQL version using an non-empty password (should fail)
mysql_info:
@ -250,7 +250,7 @@
- name: Assert that mysql_info failed
assert:
that:
- "result.failed == true"
- result is failed
- name: Update the user without changing the password
mysql_user:
@ -263,7 +263,7 @@
- name: Assert that the user wasn't changed because the password is still empty
assert:
that:
- "result.changed == false"
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password=''

90
tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml
View file

@ -31,14 +31,19 @@
register: result
- name: Get user information
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
command: "{{ mysql_command }} -e \"SELECT user, host, plugin FROM mysql.user WHERE user = '{{ test_user_name }}' and host = 'localhost'\""
register: show_create_user
- name: Check that the module made a change and that the expected plugin type is set
- name: Check that the module made a change
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "result.changed == true"
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -54,7 +59,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Update the user with a different hash
mysql_user:
@ -67,7 +72,7 @@
- name: Check that the module makes the change because the hash changed
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -83,7 +88,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_new_auth_string }}
@ -102,14 +107,19 @@
register: result
- name: Get user information
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
command: "{{ mysql_command }} -e \"SELECT user, host, plugin FROM mysql.user WHERE user = '{{ test_user_name }}' and host = 'localhost'\""
register: show_create_user
- name: Check that the module made a change and that the expected plugin type is set
- name: Check that the module made a change
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "result.changed == true"
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -125,7 +135,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Update the user with the same hash (no change expected)
mysql_user:
@ -135,10 +145,12 @@
plugin_hash_string: '{{ test_plugin_hash }}'
register: result
# FIXME: on mariadb 10.2 there's always a change
- name: Check that the module doesn't make a change when the same hash is passed in
assert:
that:
- "result.changed == false"
- result is not changed
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -154,7 +166,7 @@
- name: Check that the module did not change the password
assert:
that:
- "result.changed == true"
- result is changed
- name: Getting the MySQL info should still work
mysql_info:
@ -168,7 +180,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
@ -190,11 +202,16 @@
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
register: show_create_user
- name: Check that the module made a change and that the expected plugin type is set
- name: Check that the module made a change
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "result.changed == true"
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -210,7 +227,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Update the user with the same auth string
mysql_user:
@ -225,7 +242,7 @@
- name: The module should detect a change even though the password is the same
assert:
that:
- "result.changed == true"
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -240,7 +257,7 @@
- name: Check that the module did not change the password
assert:
that:
- "result.changed == false"
- result is not changed
- name: Get the MySQL version using the newly created creds
mysql_info:
@ -254,7 +271,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
@ -275,11 +292,16 @@
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
register: show_create_user
- name: Check that the module made a change and that the expected plugin type is set
- name: Check that the module made a change
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "result.changed == true"
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -296,7 +318,7 @@
- name: Assert that mysql_info was successful
assert:
that:
- "result.failed == false"
- result is succeeded
- name: Get the MySQL version using an non-empty password (should fail)
mysql_info:
@ -311,7 +333,7 @@
- name: Assert that mysql_info failed
assert:
that:
- "result.failed == true"
- result is failed
- name: Update the user without changing the auth mechanism
mysql_user:
@ -324,7 +346,7 @@
- name: Assert that the user wasn't changed because the auth string is still empty
assert:
that:
- "result.changed == false"
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
@ -356,11 +378,16 @@
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
register: show_create_user
- name: Check that the module made a change and that the expected plugin type is set
- name: Check that the module made a change
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "result.changed == true"
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
@ -376,11 +403,16 @@
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
register: show_create_user
- name: Check that the module made a change and that the expected plugin type is set
- name: Check that the module made a change
assert:
that:
- "result.changed == true"
- "'sha256_password' in show_create_user.stdout"
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "'sha256_password' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}

27
tests/integration/targets/test_mysql_user/tasks/tls_requirements.yml
View file

@ -55,7 +55,7 @@
issuer: '/CN=org/O=MyDom, Inc./C=US/ST=Oregon/L=Portland'
- block:
- name: retrieve TLS requiremets for users in old database version
- name: retrieve TLS requirements for users in old database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW GRANTS for '{{ item }}'@'localhost'\""
register: old_result
with_items: ['{{ user_name_1 }}', '{{ user_name_2 }}', '{{ user_name_3 }}']
@ -67,7 +67,7 @@
when: db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2
- block:
- name: retrieve TLS requiremets for users in new database version
- name: retrieve TLS requirements for users in new database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ item }}'@'localhost'\""
register: new_result
with_items: ['{{ user_name_1 }}', '{{ user_name_2 }}', '{{ user_name_3 }}']
@ -119,12 +119,12 @@
that:
- result is changed
- name: retrieve TLS requiremets for users in old database version
- name: retrieve TLS requirements for users in old database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW GRANTS for '{{ user_name_1 }}'@'localhost'\""
register: old_result
when: db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2
- name: retrieve TLS requiremets for users in new database version
- name: retrieve TLS requirements for users in new database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
register: new_result
when: db_version.version.major == 5 and db_version.version.minor >= 7 or db_version.version.major > 5 and db_version.version.major < 10 or db_version.version.major == 10 and db_version.version.minor >= 2
@ -143,12 +143,12 @@
tls_requires:
X509:
- name: retrieve TLS requiremets for users in old database version
- name: retrieve TLS requirements for users in old database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW GRANTS for '{{ user_name_1 }}'@'localhost'\""
register: old_result
when: db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2
- name: retrieve TLS requiremets for users in new database version
- name: retrieve TLS requirements for users in new database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
register: new_result
when: db_version.version.major == 5 and db_version.version.minor >= 7 or db_version.version.major > 5 and db_version.version.major < 10 or db_version.version.major == 10 and db_version.version.minor >= 2
@ -159,28 +159,21 @@
vars:
- reqs: "{{(old_result is skipped | ternary(new_result, old_result)).stdout.split('REQUIRE')[1].split(separator)[0].strip()}}"
- name: remove TLS requiremets from user (expect changed=true)
- name: remove TLS requirements from user (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
tls_requires:
- name: retrieve TLS requiremets for users in old database version
- name: retrieve TLS requirements for users
command: "{{ mysql_command }} -L -N -s -e \"SHOW GRANTS for '{{ user_name_1 }}'@'localhost'\""
register: old_result
when: db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2
register: result
- name: retrieve TLS requiremets for users in new database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
register: new_result
when: db_version.version.major == 5 and db_version.version.minor >= 7 or db_version.version.major > 5 and db_version.version.major < 10 or db_version.version.major == 10 and db_version.version.minor >= 2
- name: assert user1 TLS requirements
assert:
that: "'NONE' in reqs"
vars:
- reqs: "{{(old_result is skipped | ternary(new_result, old_result)).stdout.split('REQUIRE')[1].split(separator)[0].strip() | default('NONE') }}"
that: "'REQUIRE ' not in result.stdout or 'REQUIRE NONE' in result.stdout"
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}