Fix mysql_user on_new_username IndexError (#642)

* fix tuple indexerror when no accounts are found

* Fix tests for update_password not executed

* Add test for case where existing user have different password

* lint to prevent warning about jinja templating in when clause

* Refactor get_existing_authentication to return a list of all row found

Previously we were returning only the first row found. We need to be
able to see if there is a difference in the existing passwords.

* Refactor host option to be optional

This make it possible to use the same method from mysql_user to help
update_password retrieve existing password for all account with the same
username independently of their hostname. And from mysql_info to get
the password of a specif user using WHERE user = '' AND host = ''

* Add change log fragment

* Add link to the PR in the change log

* lint for ansible devel

* Fix templating type error could not cconvert to bool with ansible devel

* Revert changes made for ansible-devel that broke tests for Ansible 2.15

* Revert changes made for ansible-devel that broke tests

* Cut unnecessary set, uniqueness is ensured by the group_by in the query

* Cut auth plugin from returned values when multiple existing auths exists

Discussed here:
https://github.com/ansible-collections/community.mysql/pull/642/files#r1649720519

* fix convertion of list(dict) to list(tuple)

* Fix test for empty password on MySQL 8+

tests/integration/targets/test_mysql_user/tasks/main.yml

@@ -295,3 +295,7 @@
     - name: Mysql_user - test column case sensitive
       ansible.builtin.import_tasks:
         file: test_column_case_sensitive.yml
+
+    - name: Mysql_user - test update_password
+      ansible.builtin.import_tasks:
+        file: test_update_password.yml

tests/integration/targets/test_mysql_user/tasks/test_update_password.yml

@@ -127,3 +127,29 @@
           update_password: on_create
         - username: test3
           update_password: on_new_username
+
+    # another new user, another new password and multiple existing users with
+    # varying passwords without providing a password
+    - name: update_password | Create account with on_new_username while omit password
+      community.mysql.mysql_user:
+        login_user: '{{ mysql_parameters.login_user }}'
+        login_password: '{{ mysql_parameters.login_password }}'
+        login_host: '{{ mysql_parameters.login_host }}'
+        login_port: '{{ mysql_parameters.login_port }}'
+        state: present
+        name: test3
+        host: '10.10.10.10'
+        update_password: on_new_username
+
+    - name: update_password | Assert create account with on_new_username while omit password produce empty auth string
+      ansible.builtin.command: >-
+        {{ mysql_command }} -BNe "SELECT user, host, plugin, authentication_string
+        FROM mysql.user where user='test3' and host='10.10.10.10'"
+      register: test3_info
+      changed_when: false
+      failed_when:
+        # MariaDB default plugin is mysql_native_password
+        - "'test3\t10.10.10.10\tmysql_native_password\t' != test3_info.stdout"
+
+        # MySQL 8+ default plugin is caching_sha2_password
+        - "'test3\t10.10.10.10\tcaching_sha2_password\t' != test3_info.stdout"

tests/integration/targets/test_mysql_user/tasks/utils/assert_user_password.yml

@@ -1,6 +1,6 @@
 ---
 - name: Utils | Assert user password | Apply update_password to {{ username }}
-  mysql_user:
+  community.mysql.mysql_user:
     login_user: '{{ mysql_parameters.login_user }}'
     login_password: '{{ mysql_parameters.login_password }}'
     login_host: '{{ mysql_parameters.login_host }}'
@@ -13,16 +13,17 @@
   register: result
 
 - name: Utils | Assert user password | Assert a change occurred
-  assert:
+  ansible.builtin.assert:
     that:
-      - "result.changed | bool == {{ expect_change }} | bool"
-      - "result.password_changed == {{ expect_password_change }}"
+      - result.changed | bool == expect_change | bool
+      - result.password_changed == expect_password_change
 
-- name: Utils | Assert user password | Query user {{ username }}
-  command: "{{ mysql_command }} -BNe \"SELECT plugin, authentication_string FROM mysql.user where user='{{ username }}' and host='{{ host }}'\""
+- name: Utils | Assert user password | Assert expect_hash is in user stdout for {{ username }}
+  ansible.builtin.command: >-
+    {{ mysql_command }} -BNe "SELECT plugin, authentication_string
+    FROM mysql.user where user='{{ username }}' and host='{{ host }}'"
   register: existing_user
-
-- name: Utils | Assert user password | Assert expect_hash is in user stdout
-  assert:
-    that:
-      - "'mysql_native_password\t{{ expect_password_hash }}' in existing_user.stdout_lines"
+  changed_when: false
+  failed_when: pattern not in existing_user.stdout_lines
+  vars:
+    pattern: "mysql_native_password\t{{ expect_password_hash }}"

tests/integration/targets/test_mysql_variables/tasks/issue-28.yml

@@ -1,8 +1,11 @@
 ---
 - name: set fact tls_enabled
-  command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
+  ansible.builtin.command:
+    cmd: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
   register: result
-- set_fact:
+
+- name: Set tls_enabled fact
+  ansible.builtin.set_fact:
     tls_enabled: "{{ 'YES' in result.stdout | bool | default('false', true) }}"
 
 - vars:
@@ -16,21 +19,21 @@
 
     # ============================================================
     - name: get server certificate
-      copy:
+      ansible.builtin.copy:
         content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
         dest: /tmp/cert.pem
       delegate_to: localhost
 
     - name: Drop mysql user if exists
-      mysql_user:
+      community.mysql.mysql_user:
         <<: *mysql_params
         name: '{{ user_name_1 }}'
         host_all: true
         state: absent
-      ignore_errors: yes
+      ignore_errors: true
 
     - name: create user with ssl requirement
-      mysql_user:
+      community.mysql.mysql_user:
         <<: *mysql_params
         name: "{{ user_name_1 }}"
         host: '%'
@@ -40,7 +43,7 @@
           SSL:
 
     - name: attempt connection with newly created user (expect failure)
-      mysql_variables:
+      community.mysql.mysql_variables:
         variable: '{{ set_name }}'
         login_user: '{{ user_name_1 }}'
         login_password: '{{ user_password_1 }}'
@@ -48,22 +51,24 @@
         login_port: '{{ mysql_primary_port }}'
         ca_cert: /tmp/cert.pem
       register: result
-      ignore_errors: yes
+      ignore_errors: true
 
-    - assert:
+    - name: Assert that result is failed for pymysql
+      ansible.builtin.assert:
         that:
           - result is failed
       when:
         - connector_name == 'pymysql'
 
-    - assert:
+    - name: Assert that result is success for mysqlclient
+      ansible.builtin.assert:
         that:
           - result is succeeded
       when:
         - connector_name != 'pymysql'
 
     - name: attempt connection with newly created user ignoring hostname
-      mysql_variables:
+      community.mysql.mysql_variables:
         variable: '{{ set_name }}'
         login_user: '{{ user_name_1 }}'
         login_password: '{{ user_password_1 }}'
@@ -72,14 +77,12 @@
         ca_cert: /tmp/cert.pem
         check_hostname: no
       register: result
-      ignore_errors: yes
-
-    - assert:
-        that:
-          - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+      ignore_errors: true
+      failed_when:
+        - result is failed or 'pymysql >= 0.7.11 is required' not in result.msg
 
     - name: Drop mysql user
-      mysql_user:
+      community.mysql.mysql_user:
         <<: *mysql_params
         name: '{{ user_name_1 }}'
         host_all: true

tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml

@@ -47,8 +47,8 @@
     # Verify mysql_variable successfully updates a variable (issue:4568)
     #
     - set_fact:
-         set_name: 'delay_key_write'
-         set_value: 'ON'
+        set_name: 'delay_key_write'
+        set_value: 'ON'
 
     - name: set mysql variable
       mysql_variables:
@@ -74,8 +74,8 @@
     # Verify mysql_variable successfully updates a variable using single quotes
     #
     - set_fact:
-         set_name: 'wait_timeout'
-         set_value: '300'
+        set_name: 'wait_timeout'
+        set_value: '300'
 
     - name: set mysql variable to a temp value
       mysql_variables:
@@ -105,8 +105,8 @@
     # Verify mysql_variable successfully updates a variable using double quotes
     #
     - set_fact:
-         set_name: "wait_timeout"
-         set_value: "400"
+        set_name: "wait_timeout"
+        set_value: "400"
 
     - name: set mysql variable to a temp value
       mysql_variables:
@@ -132,8 +132,8 @@
     # Verify mysql_variable successfully updates a variable using no quotes
     #
     - set_fact:
-         set_name: wait_timeout
-         set_value: 500
+        set_name: wait_timeout
+        set_value: 500
 
     - name: set mysql variable to a temp value
       mysql_variables:
@@ -251,8 +251,8 @@
     # Verify mysql_variable works with the login_user and login_password parameters
     #
     - set_fact:
-         set_name: wait_timeout
-         set_value: 77
+        set_name: wait_timeout
+        set_value: 77
 
     - name: query mysql_variable using login_user and password_password
       mysql_variables:
@@ -291,8 +291,8 @@
     # Verify mysql_variable fails with an incorrect login_password parameter
     #
     - set_fact:
-         set_name: connect_timeout
-         set_value: 10
+        set_name: connect_timeout
+        set_value: 10
 
     - name: query mysql_variable using incorrect login_password
       mysql_variables: