Fix mysql_user on_new_username IndexError (#642)

* fix tuple indexerror when no accounts are found

* Fix tests for update_password not executed

* Add test for case where existing user have different password

* lint to prevent warning about jinja templating in when clause

* Refactor get_existing_authentication to return a list of all row found

Previously we were returning only the first row found. We need to be
able to see if there is a difference in the existing passwords.

* Refactor host option to be optional

This make it possible to use the same method from mysql_user to help
update_password retrieve existing password for all account with the same
username independently of their hostname. And from mysql_info to get
the password of a specif user using WHERE user = '' AND host = ''

* Add change log fragment

* Add link to the PR in the change log

* lint for ansible devel

* Fix templating type error could not cconvert to bool with ansible devel

* Revert changes made for ansible-devel that broke tests for Ansible 2.15

* Revert changes made for ansible-devel that broke tests

* Cut unnecessary set, uniqueness is ensured by the group_by in the query

* Cut auth plugin from returned values when multiple existing auths exists

Discussed here:
https://github.com/ansible-collections/community.mysql/pull/642/files#r1649720519

* fix convertion of list(dict) to list(tuple)

* Fix test for empty password on MySQL 8+
This commit is contained in:
Laurent Indermühle 2024-06-27 22:12:01 +02:00 committed by GitHub
commit 33e8754c4e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 141 additions and 74 deletions

View file

@ -1,6 +1,6 @@
---
- name: Utils | Assert user password | Apply update_password to {{ username }}
mysql_user:
community.mysql.mysql_user:
login_user: '{{ mysql_parameters.login_user }}'
login_password: '{{ mysql_parameters.login_password }}'
login_host: '{{ mysql_parameters.login_host }}'
@ -13,16 +13,17 @@
register: result
- name: Utils | Assert user password | Assert a change occurred
assert:
ansible.builtin.assert:
that:
- "result.changed | bool == {{ expect_change }} | bool"
- "result.password_changed == {{ expect_password_change }}"
- result.changed | bool == expect_change | bool
- result.password_changed == expect_password_change
- name: Utils | Assert user password | Query user {{ username }}
command: "{{ mysql_command }} -BNe \"SELECT plugin, authentication_string FROM mysql.user where user='{{ username }}' and host='{{ host }}'\""
- name: Utils | Assert user password | Assert expect_hash is in user stdout for {{ username }}
ansible.builtin.command: >-
{{ mysql_command }} -BNe "SELECT plugin, authentication_string
FROM mysql.user where user='{{ username }}' and host='{{ host }}'"
register: existing_user
- name: Utils | Assert user password | Assert expect_hash is in user stdout
assert:
that:
- "'mysql_native_password\t{{ expect_password_hash }}' in existing_user.stdout_lines"
changed_when: false
failed_when: pattern not in existing_user.stdout_lines
vars:
pattern: "mysql_native_password\t{{ expect_password_hash }}"