Fix mysql_user on_new_username IndexError (#642)

* fix tuple indexerror when no accounts are found * Fix tests for update_password not executed * Add test for case where existing user have different password * lint to prevent warning about jinja templating in when clause * Refactor get_existing_authentication to return a list of all row found Previously we were returning only the first row found. We need to be able to see if there is a difference in the existing passwords. * Refactor host option to be optional This make it possible to use the same method from mysql_user to help update_password retrieve existing password for all account with the same username independently of their hostname. And from mysql_info to get the password of a specif user using WHERE user = '' AND host = '' * Add change log fragment * Add link to the PR in the change log * lint for ansible devel * Fix templating type error could not cconvert to bool with ansible devel * Revert changes made for ansible-devel that broke tests for Ansible 2.15 * Revert changes made for ansible-devel that broke tests * Cut unnecessary set, uniqueness is ensured by the group_by in the query * Cut auth plugin from returned values when multiple existing auths exists Discussed here: https://github.com/ansible-collections/community.mysql/pull/642/files#r1649720519 * fix convertion of list(dict) to list(tuple) * Fix test for empty password on MySQL 8+
2025-07-23 05:10:24 -07:00 · 2024-06-27 22:12:01 +02:00 · 2024-06-27 22:12:01 +02:00 · 33e8754c4e
commit 33e8754c4e
parent 1922e7154e
8 changed files with 141 additions and 74 deletions
--- a/tests/integration/targets/test_mysql_user/tasks/main.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/main.yml
@ -295,3 +295,7 @@
    - name: Mysql_user - test column case sensitive
      ansible.builtin.import_tasks:
        file: test_column_case_sensitive.yml
+
+    - name: Mysql_user - test update_password
+      ansible.builtin.import_tasks:
+        file: test_update_password.yml
--- a/tests/integration/targets/test_mysql_user/tasks/test_update_password.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/test_update_password.yml
@ -127,3 +127,29 @@
          update_password: on_create
        - username: test3
          update_password: on_new_username
+
+    # another new user, another new password and multiple existing users with
+    # varying passwords without providing a password
+    - name: update_password | Create account with on_new_username while omit password
+      community.mysql.mysql_user:
+        login_user: '{{ mysql_parameters.login_user }}'
+        login_password: '{{ mysql_parameters.login_password }}'
+        login_host: '{{ mysql_parameters.login_host }}'
+        login_port: '{{ mysql_parameters.login_port }}'
+        state: present
+        name: test3
+        host: '10.10.10.10'
+        update_password: on_new_username
+
+    - name: update_password | Assert create account with on_new_username while omit password produce empty auth string
+      ansible.builtin.command: >-
+        {{ mysql_command }} -BNe "SELECT user, host, plugin, authentication_string
+        FROM mysql.user where user='test3' and host='10.10.10.10'"
+      register: test3_info
+      changed_when: false
+      failed_when:
+        # MariaDB default plugin is mysql_native_password
+        - "'test3\t10.10.10.10\tmysql_native_password\t' != test3_info.stdout"
+
+        # MySQL 8+ default plugin is caching_sha2_password
+        - "'test3\t10.10.10.10\tcaching_sha2_password\t' != test3_info.stdout"
--- a/tests/integration/targets/test_mysql_user/tasks/utils/assert_user_password.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/utils/assert_user_password.yml
@ -1,6 +1,6 @@
 ---
 - name: Utils | Assert user password | Apply update_password to {{ username }}
-  mysql_user:
+  community.mysql.mysql_user:
    login_user: '{{ mysql_parameters.login_user }}'
    login_password: '{{ mysql_parameters.login_password }}'
    login_host: '{{ mysql_parameters.login_host }}'
@ -13,16 +13,17 @@
  register: result

 - name: Utils | Assert user password | Assert a change occurred
-  assert:
+  ansible.builtin.assert:
    that:
-      - "result.changed | bool == {{ expect_change }} | bool"
-      - "result.password_changed == {{ expect_password_change }}"
+      - result.changed | bool == expect_change | bool
+      - result.password_changed == expect_password_change

- name: Utils | Assert user password | Query user {{ username }}
-  command: "{{ mysql_command }} -BNe \"SELECT plugin, authentication_string FROM mysql.user where user='{{ username }}' and host='{{ host }}'\""
+- name: Utils | Assert user password | Assert expect_hash is in user stdout for {{ username }}
+  ansible.builtin.command: >-
+    {{ mysql_command }} -BNe "SELECT plugin, authentication_string
+    FROM mysql.user where user='{{ username }}' and host='{{ host }}'"
  register: existing_user
-
- name: Utils | Assert user password | Assert expect_hash is in user stdout
-  assert:
-    that:
-      - "'mysql_native_password\t{{ expect_password_hash }}' in existing_user.stdout_lines"
+  changed_when: false
+  failed_when: pattern not in existing_user.stdout_lines
+  vars:
+    pattern: "mysql_native_password\t{{ expect_password_hash }}"