mirror of
https://github.com/ansible-collections/community.mysql.git
synced 2025-07-22 21:00:23 -07:00
Fix mysql_user on_new_username IndexError (#642)
* fix tuple indexerror when no accounts are found * Fix tests for update_password not executed * Add test for case where existing user have different password * lint to prevent warning about jinja templating in when clause * Refactor get_existing_authentication to return a list of all row found Previously we were returning only the first row found. We need to be able to see if there is a difference in the existing passwords. * Refactor host option to be optional This make it possible to use the same method from mysql_user to help update_password retrieve existing password for all account with the same username independently of their hostname. And from mysql_info to get the password of a specif user using WHERE user = '' AND host = '' * Add change log fragment * Add link to the PR in the change log * lint for ansible devel * Fix templating type error could not cconvert to bool with ansible devel * Revert changes made for ansible-devel that broke tests for Ansible 2.15 * Revert changes made for ansible-devel that broke tests * Cut unnecessary set, uniqueness is ensured by the group_by in the query * Cut auth plugin from returned values when multiple existing auths exists Discussed here: https://github.com/ansible-collections/community.mysql/pull/642/files#r1649720519 * fix convertion of list(dict) to list(tuple) * Fix test for empty password on MySQL 8+
This commit is contained in:
parent
1922e7154e
commit
33e8754c4e
8 changed files with 141 additions and 74 deletions
|
@ -295,3 +295,7 @@
|
|||
- name: Mysql_user - test column case sensitive
|
||||
ansible.builtin.import_tasks:
|
||||
file: test_column_case_sensitive.yml
|
||||
|
||||
- name: Mysql_user - test update_password
|
||||
ansible.builtin.import_tasks:
|
||||
file: test_update_password.yml
|
||||
|
|
|
@ -127,3 +127,29 @@
|
|||
update_password: on_create
|
||||
- username: test3
|
||||
update_password: on_new_username
|
||||
|
||||
# another new user, another new password and multiple existing users with
|
||||
# varying passwords without providing a password
|
||||
- name: update_password | Create account with on_new_username while omit password
|
||||
community.mysql.mysql_user:
|
||||
login_user: '{{ mysql_parameters.login_user }}'
|
||||
login_password: '{{ mysql_parameters.login_password }}'
|
||||
login_host: '{{ mysql_parameters.login_host }}'
|
||||
login_port: '{{ mysql_parameters.login_port }}'
|
||||
state: present
|
||||
name: test3
|
||||
host: '10.10.10.10'
|
||||
update_password: on_new_username
|
||||
|
||||
- name: update_password | Assert create account with on_new_username while omit password produce empty auth string
|
||||
ansible.builtin.command: >-
|
||||
{{ mysql_command }} -BNe "SELECT user, host, plugin, authentication_string
|
||||
FROM mysql.user where user='test3' and host='10.10.10.10'"
|
||||
register: test3_info
|
||||
changed_when: false
|
||||
failed_when:
|
||||
# MariaDB default plugin is mysql_native_password
|
||||
- "'test3\t10.10.10.10\tmysql_native_password\t' != test3_info.stdout"
|
||||
|
||||
# MySQL 8+ default plugin is caching_sha2_password
|
||||
- "'test3\t10.10.10.10\tcaching_sha2_password\t' != test3_info.stdout"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
- name: Utils | Assert user password | Apply update_password to {{ username }}
|
||||
mysql_user:
|
||||
community.mysql.mysql_user:
|
||||
login_user: '{{ mysql_parameters.login_user }}'
|
||||
login_password: '{{ mysql_parameters.login_password }}'
|
||||
login_host: '{{ mysql_parameters.login_host }}'
|
||||
|
@ -13,16 +13,17 @@
|
|||
register: result
|
||||
|
||||
- name: Utils | Assert user password | Assert a change occurred
|
||||
assert:
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- "result.changed | bool == {{ expect_change }} | bool"
|
||||
- "result.password_changed == {{ expect_password_change }}"
|
||||
- result.changed | bool == expect_change | bool
|
||||
- result.password_changed == expect_password_change
|
||||
|
||||
- name: Utils | Assert user password | Query user {{ username }}
|
||||
command: "{{ mysql_command }} -BNe \"SELECT plugin, authentication_string FROM mysql.user where user='{{ username }}' and host='{{ host }}'\""
|
||||
- name: Utils | Assert user password | Assert expect_hash is in user stdout for {{ username }}
|
||||
ansible.builtin.command: >-
|
||||
{{ mysql_command }} -BNe "SELECT plugin, authentication_string
|
||||
FROM mysql.user where user='{{ username }}' and host='{{ host }}'"
|
||||
register: existing_user
|
||||
|
||||
- name: Utils | Assert user password | Assert expect_hash is in user stdout
|
||||
assert:
|
||||
that:
|
||||
- "'mysql_native_password\t{{ expect_password_hash }}' in existing_user.stdout_lines"
|
||||
changed_when: false
|
||||
failed_when: pattern not in existing_user.stdout_lines
|
||||
vars:
|
||||
pattern: "mysql_native_password\t{{ expect_password_hash }}"
|
||||
|
|
|
@ -1,8 +1,11 @@
|
|||
---
|
||||
- name: set fact tls_enabled
|
||||
command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
|
||||
ansible.builtin.command:
|
||||
cmd: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
|
||||
register: result
|
||||
- set_fact:
|
||||
|
||||
- name: Set tls_enabled fact
|
||||
ansible.builtin.set_fact:
|
||||
tls_enabled: "{{ 'YES' in result.stdout | bool | default('false', true) }}"
|
||||
|
||||
- vars:
|
||||
|
@ -16,21 +19,21 @@
|
|||
|
||||
# ============================================================
|
||||
- name: get server certificate
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
|
||||
dest: /tmp/cert.pem
|
||||
delegate_to: localhost
|
||||
|
||||
- name: Drop mysql user if exists
|
||||
mysql_user:
|
||||
community.mysql.mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
host_all: true
|
||||
state: absent
|
||||
ignore_errors: yes
|
||||
ignore_errors: true
|
||||
|
||||
- name: create user with ssl requirement
|
||||
mysql_user:
|
||||
community.mysql.mysql_user:
|
||||
<<: *mysql_params
|
||||
name: "{{ user_name_1 }}"
|
||||
host: '%'
|
||||
|
@ -40,7 +43,7 @@
|
|||
SSL:
|
||||
|
||||
- name: attempt connection with newly created user (expect failure)
|
||||
mysql_variables:
|
||||
community.mysql.mysql_variables:
|
||||
variable: '{{ set_name }}'
|
||||
login_user: '{{ user_name_1 }}'
|
||||
login_password: '{{ user_password_1 }}'
|
||||
|
@ -48,22 +51,24 @@
|
|||
login_port: '{{ mysql_primary_port }}'
|
||||
ca_cert: /tmp/cert.pem
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
ignore_errors: true
|
||||
|
||||
- assert:
|
||||
- name: Assert that result is failed for pymysql
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- result is failed
|
||||
when:
|
||||
- connector_name == 'pymysql'
|
||||
|
||||
- assert:
|
||||
- name: Assert that result is success for mysqlclient
|
||||
ansible.builtin.assert:
|
||||
that:
|
||||
- result is succeeded
|
||||
when:
|
||||
- connector_name != 'pymysql'
|
||||
|
||||
- name: attempt connection with newly created user ignoring hostname
|
||||
mysql_variables:
|
||||
community.mysql.mysql_variables:
|
||||
variable: '{{ set_name }}'
|
||||
login_user: '{{ user_name_1 }}'
|
||||
login_password: '{{ user_password_1 }}'
|
||||
|
@ -72,14 +77,12 @@
|
|||
ca_cert: /tmp/cert.pem
|
||||
check_hostname: no
|
||||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
|
||||
ignore_errors: true
|
||||
failed_when:
|
||||
- result is failed or 'pymysql >= 0.7.11 is required' not in result.msg
|
||||
|
||||
- name: Drop mysql user
|
||||
mysql_user:
|
||||
community.mysql.mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
host_all: true
|
||||
|
|
|
@ -47,8 +47,8 @@
|
|||
# Verify mysql_variable successfully updates a variable (issue:4568)
|
||||
#
|
||||
- set_fact:
|
||||
set_name: 'delay_key_write'
|
||||
set_value: 'ON'
|
||||
set_name: 'delay_key_write'
|
||||
set_value: 'ON'
|
||||
|
||||
- name: set mysql variable
|
||||
mysql_variables:
|
||||
|
@ -74,8 +74,8 @@
|
|||
# Verify mysql_variable successfully updates a variable using single quotes
|
||||
#
|
||||
- set_fact:
|
||||
set_name: 'wait_timeout'
|
||||
set_value: '300'
|
||||
set_name: 'wait_timeout'
|
||||
set_value: '300'
|
||||
|
||||
- name: set mysql variable to a temp value
|
||||
mysql_variables:
|
||||
|
@ -105,8 +105,8 @@
|
|||
# Verify mysql_variable successfully updates a variable using double quotes
|
||||
#
|
||||
- set_fact:
|
||||
set_name: "wait_timeout"
|
||||
set_value: "400"
|
||||
set_name: "wait_timeout"
|
||||
set_value: "400"
|
||||
|
||||
- name: set mysql variable to a temp value
|
||||
mysql_variables:
|
||||
|
@ -132,8 +132,8 @@
|
|||
# Verify mysql_variable successfully updates a variable using no quotes
|
||||
#
|
||||
- set_fact:
|
||||
set_name: wait_timeout
|
||||
set_value: 500
|
||||
set_name: wait_timeout
|
||||
set_value: 500
|
||||
|
||||
- name: set mysql variable to a temp value
|
||||
mysql_variables:
|
||||
|
@ -251,8 +251,8 @@
|
|||
# Verify mysql_variable works with the login_user and login_password parameters
|
||||
#
|
||||
- set_fact:
|
||||
set_name: wait_timeout
|
||||
set_value: 77
|
||||
set_name: wait_timeout
|
||||
set_value: 77
|
||||
|
||||
- name: query mysql_variable using login_user and password_password
|
||||
mysql_variables:
|
||||
|
@ -291,8 +291,8 @@
|
|||
# Verify mysql_variable fails with an incorrect login_password parameter
|
||||
#
|
||||
- set_fact:
|
||||
set_name: connect_timeout
|
||||
set_value: 10
|
||||
set_name: connect_timeout
|
||||
set_value: 10
|
||||
|
||||
- name: query mysql_variable using incorrect login_password
|
||||
mysql_variables:
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue