ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-05-24 01:49:09 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat[mysql_info]: add 'users_info' filter (#580)

Browse source 
* add documentation for new mysql_info users_info filter

* Add integration tests for mysql_info users_info

* fix list parsing when cursor come from mysql_info

Mysql_info use a DictCursor and mysql_user a normal cursor.

* fix case when an account as same user but different host and password

* document why certain authentications plugins cause issues

* add version_added for users_info to the documentation

* Add 'users' description to differentiate it from 'users_info'

---------

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
This commit is contained in:
Laurent Indermühle 2023-10-23 11:26:46 +02:00 committed by GitHub
parent 6b7cc14989
commit 3ef9bda95f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 492 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

280
tests/integration/targets/test_mysql_info/tasks/filter_users_info.yml Normal file
View file

@ -0,0 +1,280 @@
---
- module_defaults:
community.mysql.mysql_db: &mysql_defaults
login_user: "{{ mysql_user }}"
login_password: "{{ mysql_password }}"
login_host: "{{ mysql_host }}"
login_port: "{{ mysql_primary_port }}"
community.mysql.mysql_query: *mysql_defaults
community.mysql.mysql_info: *mysql_defaults
community.mysql.mysql_user: *mysql_defaults
block:
# ================================ Prepare ==============================
- name: Mysql_info users_info | Create databases
community.mysql.mysql_db:
name:
- users_info_db
- users_info_db2
- users_info_db3
state: present
- name: Mysql_info users_info | Create tables
community.mysql.mysql_query:
query:
- >-
CREATE TABLE IF NOT EXISTS users_info_db.t1
(id int, name varchar(9))
- >-
CREATE TABLE IF NOT EXISTS users_info_db.T_UPPER
(id int, name1 varchar(9), NAME2 varchar(9), Name3 varchar(9))
# I failed to create a procedure using community.mysql.mysql_query.
# Maybe it's because we must changed the delimiter.
- name: Mysql_info users_info | Create procedure SQL file
ansible.builtin.template:
src: files/users_info_create_procedure.sql
dest: /root/create_procedure.sql
owner: root
group: root
mode: '0700'
- name: Mysql_info users_info | Create a procedure
community.mysql.mysql_db:
name: all
state: import
target: /root/create_procedure.sql
# Use a query instead of mysql_user, because we want to caches differences
# at the end and a bug in mysql_user would be invisible to this tests
- name: Mysql_info users_info | Prepare common tests users
community.mysql.mysql_query:
query:
- >-
CREATE USER users_info_adm@'users_info.com' IDENTIFIED WITH
mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
- >
GRANT ALL ON *.* to users_info_adm@'users_info.com' WITH GRANT
OPTION
- >-
CREATE USER users_info_schema@'users_info.com' IDENTIFIED WITH
mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
- >-
GRANT SELECT, INSERT, UPDATE, DELETE ON users_info_db.* TO
users_info_schema@'users_info.com'
- >-
CREATE USER users_info_table@'users_info.com' IDENTIFIED WITH
mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
- >-
GRANT SELECT, INSERT, UPDATE ON users_info_db.t1 TO
users_info_table@'users_info.com'
- >-
CREATE USER users_info_col@'users_info.com' IDENTIFIED WITH
mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
WITH MAX_USER_CONNECTIONS 100
- >-
GRANT SELECT (id) ON users_info_db.t1 TO
users_info_col@'users_info.com'
- >-
CREATE USER users_info_proc@'users_info.com' IDENTIFIED WITH
mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
WITH MAX_USER_CONNECTIONS 2 MAX_CONNECTIONS_PER_HOUR 60
- >-
GRANT EXECUTE ON PROCEDURE users_info_db.get_all_items TO
users_info_proc@'users_info.com'
- >-
CREATE USER users_info_multi@'users_info.com' IDENTIFIED WITH
mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
- >-
GRANT SELECT ON mysql.* TO
users_info_multi@'users_info.com'
- >-
GRANT ALL ON users_info_db.* TO
users_info_multi@'users_info.com'
- >-
GRANT ALL ON users_info_db2.* TO
users_info_multi@'users_info.com'
- >-
GRANT ALL ON users_info_db3.* TO
users_info_multi@'users_info.com'
- >-
CREATE USER users_info_usage_only@'users_info.com' IDENTIFIED WITH
mysql_native_password AS '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
- >-
GRANT USAGE ON *.* TO
users_info_usage_only@'users_info.com'
- >-
CREATE USER users_info_columns_uppercase@'users_info.com'
IDENTIFIED WITH mysql_native_password AS
'*6C387FC3893DBA1E3BA155E74754DA6682D04747'
- >-
GRANT SELECT,UPDATE(name1,NAME2,Name3) ON users_info_db.T_UPPER TO
users_info_columns_uppercase@'users_info.com'
- >-
CREATE USER users_info_multi_hosts@'%'
IDENTIFIED WITH mysql_native_password AS
'*6C387FC3893DBA1E3BA155E74754DA6682D04747'
- GRANT SELECT ON users_info_db.* TO users_info_multi_hosts@'%'
- >-
CREATE USER users_info_multi_hosts@'localhost'
IDENTIFIED WITH mysql_native_password AS
'*6C387FC3893DBA1E3BA155E74754DA6682D04747'
- >-
GRANT SELECT ON users_info_db.* TO
users_info_multi_hosts@'localhost'
- >-
CREATE USER users_info_multi_hosts@'host1'
IDENTIFIED WITH mysql_native_password AS
'*6C387FC3893DBA1E3BA155E74754DA6682D04747'
- GRANT SELECT ON users_info_db.* TO users_info_multi_hosts@'host1'
# Different password than the others users_info_multi_hosts
- >-
CREATE USER users_info_multi_hosts@'host2'
IDENTIFIED WITH mysql_native_password AS
'*CB3326D5279DE7915FE5D743232165EE887883CA'
- GRANT SELECT ON users_info_db.* TO users_info_multi_hosts@'host2'
- name: Mysql_info users_info | Prepare tests users for MariaDB
community.mysql.mysql_user:
name: "{{ item.name }}"
host: "users_info.com"
plugin: "{{ item.plugin | default(omit) }}"
plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}"
plugin_hash_string: "{{ item.plugin_hash_string | default(omit) }}"
tls_require: "{{ item.tls_require | default(omit) }}"
priv: "{{ item.priv }}"
resource_limits: "{{ item.resource_limits | default(omit) }}"
column_case_sensitive: true
state: present
loop:
- name: users_info_socket # Only for MariaDB
priv:
'*.*': 'ALL'
plugin: 'unix_socket'
when:
- db_engine == 'mariadb'
- name: Mysql_info users_info | Prepare tests users for MySQL
community.mysql.mysql_user:
name: "{{ item.name }}"
host: "users_info.com"
plugin: "{{ item.plugin | default(omit) }}"
plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}"
plugin_hash_string: "{{ item.plugin_hash_string | default(omit) }}"
tls_require: "{{ item.tls_require | default(omit) }}"
priv: "{{ item.priv }}"
resource_limits: "{{ item.resource_limits | default(omit) }}"
column_case_sensitive: true
state: present
loop:
- name: users_info_sha256 # Only for MySQL
priv:
'*.*': 'ALL'
plugin_auth_string:
'$5$/<w*D`L4\"F$WQiI1Pev.7atAh8udYs3wqlzgdfV8LXoy7rqSEC7NF2'
plugin: 'sha256_password'
when:
- db_engine == 'mysql'
- name: Mysql_info users_info | Prepare tests users for MySQL 8+
community.mysql.mysql_user:
name: "{{ item.name }}"
host: "users_info.com"
plugin: "{{ item.plugin | default(omit) }}"
plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}"
plugin_hash_string: "{{ item.plugin_hash_string | default(omit) }}"
tls_require: "{{ item.tls_require | default(omit) }}"
priv: "{{ item.priv }}"
resource_limits: "{{ item.resource_limits | default(omit) }}"
column_case_sensitive: true
state: present
loop:
- name: users_info_caching_sha2 # Only for MySQL 8+
priv:
'*.*': 'ALL'
plugin_auth_string:
'$A$005$61j/uF%Qb4-=O2xkeO82u2HNkF.lxDq0liO4U3xqi7bDUCbWM6HayRXWn1'
plugin: 'caching_sha2_password'
when:
- db_engine == 'mysql'
- db_version is version('8.0', '>=')
# ================================== Tests ==============================
- name: Mysql_info users_info | Collect users_info
community.mysql.mysql_info:
filter:
- users_info
register: result
- name: Recreate users from mysql_info users_info result
community.mysql.mysql_user:
name: "{{ item.name }}"
host: "{{ item.host }}"
plugin: "{{ item.plugin | default(omit) }}"
plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}"
plugin_hash_string: "{{ item.plugin_hash_string | default(omit) }}"
tls_require: "{{ item.tls_require | default(omit) }}"
priv: "{{ item.priv | default(omit) }}"
resource_limits: "{{ item.resource_limits | default(omit) }}"
column_case_sensitive: true
state: present
loop: "{{ result.users_info }}"
loop_control:
label: "{{ item.name }}@{{ item.host }}"
register: recreate_users_result
failed_when:
- recreate_users_result is changed
when:
- item.name != 'root'
- item.name != 'mysql'
- item.name != 'mariadb.sys'
- item.name != 'mysql.sys'
- item.name != 'mysql.infoschema'
# ================================== Cleanup ============================
- name: Mysql_info users_info | Cleanup users_info
community.mysql.mysql_user:
name: "{{ item }}"
host_all: true
column_case_sensitive: true
state: absent
loop:
- users_info_adm
- users_info_schema
- users_info_table
- users_info_col
- users_info_proc
- users_info_multi
- users_info_db
- users_info_usage_only
- users_info_columns_uppercase
- users_info_multi_hosts
- name: Mysql_info users_info | Cleanup databases
community.mysql.mysql_db:
name:
- users_info_db
- users_info_db2
- users_info_db3
state: absent
- name: Mysql_info users_info | Cleanup sql file for the procedure
ansible.builtin.file:
path: /root/create_procedure.sql
state: absent

4
tests/integration/targets/test_mysql_info/tasks/main.yml
View file

@ -219,3 +219,7 @@
assert:
that:
- result.databases.allviews.size == 0
- name: Import tasks file to tests users_info filter
ansible.builtin.import_tasks:
file: filter_users_info.yml