diff --git a/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml b/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml index 8fab718..37e237e 100644 --- a/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml +++ b/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml @@ -28,10 +28,10 @@ - name: Must fail when meet unsupported version assert: that: - - result is failed - - result is search('Roles are not supported by the server') + - result is failed + - result is search('Roles are not supported by the server') when: - - srv['version']['major'] < 8 + - srv['version']['major'] < 8 - name: Skip unsupported versions meta: end_play @@ -67,9 +67,9 @@ host: '{{ gateway_addr }}' password: '{{ mysql_password }}' loop: - - '{{ user0 }}' - - '{{ user1 }}' - - '{{ user2 }}' + - '{{ user0 }}' + - '{{ user1 }}' + - '{{ user2 }}' ########### # Run tests @@ -262,10 +262,10 @@ query: "SHOW GRANTS FOR {{ user0 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that query for the role0 is succeeded for mysql assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - name: Check in DB (mariadb) @@ -275,40 +275,40 @@ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query for the role0 is succeeded for mariadb assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - #======================== + # ======================== - - name: Create role {{ role0 }} again + - name: Create role0 again <<: *task_params mysql_role: <<: *mysql_params name: '{{ role0 }}' state: present - - name: Check + - name: Assert that create role0 again is not changed assert: that: - - result is not changed + - result is not changed - - name: Check in DB + - name: Query role0 <<: *task_params mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'" - - name: Check + - name: Assert that role0 is in DB assert: that: - - result.rowcount.0 == 1 + - result.rowcount.0 == 1 - #======================== + # ======================== - - name: Drop role {{ role0 }} in check_mode + - name: Drop role0 in check_mode <<: *task_params mysql_role: <<: *mysql_params @@ -316,21 +316,21 @@ state: absent check_mode: yes - - name: Check + - name: Assert that drop role0 in check_mode is changed assert: that: - - result is changed + - result is changed - - name: Check in DB + - name: Query role0 <<: *task_params mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'" - - name: Check + - name: Assert that role0 is in DB assert: that: - - result.rowcount.0 == 1 + - result.rowcount.0 == 1 # Must pass because of check_mode - name: Check in DB, if not granted, the query will fail @@ -340,52 +340,52 @@ query: "SHOW GRANTS FOR {{ user0 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that role0 is still in mysql after drop in check_mode assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' # Must pass because of check_mode - - name: Check in DB (mariadb) + - name: Query count for user0 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that role0 is still in mariadb after drop in check_mode assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - #======================== + # ======================== - - name: Drop role {{ role0 }} + - name: Drop role0 <<: *task_params mysql_role: <<: *mysql_params name: '{{ role0 }}' state: absent - - name: Check + - name: Assert that drop role0 is changed assert: that: - - result is changed + - result is changed - - name: Check in DB + - name: Query role0 <<: *task_params mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'" - - name: Check + - name: Assert that role0 is absent from db assert: that: - result.rowcount.0 == 0 - - name: Check in DB, if not granted, the query will fail + - name: Query grants for role0, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params @@ -393,13 +393,13 @@ ignore_errors: yes when: db_engine == 'mysql' - - name: Check + - name: Assert that query for role0 in mysql is failed assert: that: - result is failed when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count for user0 and role0 in mariadb <<: *task_params mysql_query: <<: *mysql_params @@ -407,7 +407,7 @@ ignore_errors: yes when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count for user0 and role0 in mariadb returns 0 rows assert: that: - result.query_result.0.0['user_roles'] == 0 @@ -415,7 +415,7 @@ # ======================== - - name: Drop role {{ role0 }} again in check_mode + - name: Drop role0 again in check_mode <<: *task_params mysql_role: <<: *mysql_params @@ -423,26 +423,26 @@ state: absent check_mode: yes - - name: Check + - name: Assert that drop role0 again in check_mode is not changed assert: that: - result is not changed - - name: Drop role {{ role0 }} again + - name: Drop role0 again <<: *task_params mysql_role: <<: *mysql_params name: '{{ role0 }}' state: absent - - name: Assert that droping the role again is not changed + - name: Assert that drop role0 again is not changed assert: that: - result is not changed # ================== - - name: Create role {{ role0 }} in check_mode + - name: Create role0 in check_mode <<: *task_params mysql_role: <<: *mysql_params @@ -455,96 +455,96 @@ 'mysql.*': 'UPDATE' check_mode: yes - - name: Assert that create role in check_mode is changed + - name: Assert that create role0 in check_mode is changed assert: that: - result is changed - - name: Check in DB + - name: Query role0 <<: *task_params mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'" - - name: Assert that create role in check_mode is not in the database + - name: Assert that role0 created in check_mode is not in the database assert: that: - result.rowcount.0 == 0 # ======================== - - name: Create role {{ role0 }} + - name: Create role0 <<: *task_params mysql_role: <<: *mysql_params name: '{{ role0 }}' state: present members: - - '{{ user0 }}@{{ gateway_addr }}' + - '{{ user0 }}@{{ gateway_addr }}' priv: '*.*': 'SELECT,INSERT' 'mysql.*': 'UPDATE' - - name: Check + - name: Assert that create role0 is changed assert: that: - - result is changed + - result is changed - - name: Check in DB + - name: Query role0 <<: *task_params mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'" - - name: Check + - name: Assert that role0 is in the database assert: that: - - result.rowcount.0 == 1 + - result.rowcount.0 == 1 - #======================== + # ======================== - - name: Create role {{ role0 }} in check_mode again + - name: Create role0 in check_mode again <<: *task_params mysql_role: <<: *mysql_params name: '{{ role0 }}' state: present members: - - '{{ user0 }}@{{ gateway_addr }}' + - '{{ user0 }}@{{ gateway_addr }}' priv: '*.*': 'SELECT,INSERT' 'mysql.*': 'UPDATE' check_mode: yes - - name: Check + - name: Assert that create role0 in check_mode again is not changed assert: that: - - result is not changed + - result is not changed - #======================== + # ======================== - - name: Create role {{ role0 }} again + - name: Create role0 again (2) <<: *task_params mysql_role: <<: *mysql_params name: '{{ role0 }}' state: present members: - - '{{ user0 }}@{{ gateway_addr }}' + - '{{ user0 }}@{{ gateway_addr }}' priv: '*.*': 'SELECT,INSERT' 'mysql.*': 'UPDATE' - - name: Check + - name: Assert that create role0 again is not changed (2) assert: that: - - result is not changed + - result is not changed # ############################################## # Test rewriting / appending / detaching members # ############################################## - - name: Create role {{ role1 }} + - name: Create role1 <<: *task_params mysql_role: <<: *mysql_params @@ -559,46 +559,46 @@ name: '{{ role0 }}' state: present members: - - '{{ user1 }}@{{ gateway_addr }}' - - '{{ user2 }}@{{ gateway_addr }}' - - '{{ role1 }}' + - '{{ user1 }}@{{ gateway_addr }}' + - '{{ user2 }}@{{ gateway_addr }}' + - '{{ role1 }}' check_mode: yes - - name: Check + - name: Assert that rewrite members in check_mode is changed assert: that: - - result is changed + - result is changed # user0 is still a member because of check_mode - - name: Check in DB, if not granted, the query will fail + - name: Query user0, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that show grants for user0 in mysql is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' # user0 is still a member because of check_mode - - name: Check in DB (mariadb) + - name: Query user0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that show grants for user0 in mariadb returns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' # user1, user2, and role1 are not members because of check_mode - - name: Check in DB, if not granted, the query will fail + - name: Query user1, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params @@ -606,26 +606,26 @@ ignore_errors: yes when: db_engine == 'mysql' - - name: Check + - name: Assert that query for user1 in mysql is failed due to check_mode assert: that: - - result is failed + - result is failed when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query user1 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query for user1 in mariadb is failed due to check_mode assert: that: - - result.query_result.0.0['user_roles'] == 0 + - result.query_result.0.0['user_roles'] == 0 when: db_engine == 'mariadb' - - name: Check in DB, if not granted, the query will fail + - name: Query user2, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params @@ -633,26 +633,26 @@ ignore_errors: yes when: db_engine == 'mysql' - - name: Check + - name: Assert that query for user2 in mysql is failed assert: that: - - result is failed + - result is failed when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query user2 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query user2 in mariadb returns 0 row assert: that: - - result.query_result.0.0['user_roles'] == 0 + - result.query_result.0.0['user_roles'] == 0 when: db_engine == 'mariadb' - - name: Check in DB, if not granted, the query will fail + - name: Query role1, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params @@ -660,26 +660,26 @@ ignore_errors: yes when: db_engine == 'mysql' - - name: Check + - name: Assert that query role1 in mysql is failed assert: that: - - result is failed + - result is failed when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query role1 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ role1 }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query role0 in mariadb returns 0 row assert: that: - - result.query_result.0.0['user_roles'] == 0 + - result.query_result.0.0['user_roles'] == 0 when: db_engine == 'mariadb' - #======================== + # ======================== - name: Rewrite members <<: *task_params @@ -688,17 +688,17 @@ name: '{{ role0 }}' state: present members: - - '{{ user1 }}@{{ gateway_addr }}' - - '{{ user2 }}@{{ gateway_addr }}' - - '{{ role1 }}' + - '{{ user1 }}@{{ gateway_addr }}' + - '{{ user2 }}@{{ gateway_addr }}' + - '{{ role1 }}' - - name: Check + - name: Assert that rewrite members is changed assert: that: - - result is changed + - result is changed # user0 is not a member any more - - name: Check in DB, if not granted, the query will fail + - name: Query user0, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params @@ -706,79 +706,79 @@ ignore_errors: yes when: db_engine == 'mysql' - - name: Check + - name: Assert that query user0 in mysql is failed assert: that: - - result is failed + - result is failed when: db_engine == 'mysql' # user0 is not a member any more - - name: Check in DB (mariadb) + - name: Query user0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@{{ gateway_addr }}" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query user0 in mariadb doesn't returns role0 assert: that: - - "'{{ role0 }}' not in result.query_result.0.0['Grants for user0@{{ gateway_addr }}']" + - "'{{ role0 }}' not in result.query_result.0.0['Grants for user0@{{ gateway_addr }}']" when: db_engine == 'mariadb' - - name: Check in DB, if not granted, the query will fail + - name: Query user1, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user1 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that query user1 in mysql is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query user1 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query user1 in mariadb returns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - - name: Check in DB, if not granted, the query will fail + - name: Query user2, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user2 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that query user2 in mysql is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query user2 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query user2 in mariadb returns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - - name: Check in DB, if not granted, the query will fail + - name: Query role0, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params @@ -786,27 +786,27 @@ ignore_errors: yes when: db_engine == 'mysql' - - name: Check + - name: Assert that query role0 in mysql is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count user is role1 and role is role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ role1 }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count user is role1 and role is role0 returns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - #========================== + # ========================== - name: Rewrite members again in check_mode <<: *task_params @@ -815,17 +815,17 @@ name: '{{ role0 }}' state: present members: - - '{{ user1 }}@{{ gateway_addr }}' - - '{{ user2 }}@{{ gateway_addr }}' - - '{{ role1 }}' + - '{{ user1 }}@{{ gateway_addr }}' + - '{{ user2 }}@{{ gateway_addr }}' + - '{{ role1 }}' check_mode: yes - - name: Check + - name: Assert that rewrite members again in check_mode is not changed assert: that: - - result is not changed + - result is not changed - #========================== + # ========================== - name: Rewrite members again <<: *task_params @@ -834,16 +834,16 @@ name: '{{ role0 }}' state: present members: - - '{{ user1 }}@{{ gateway_addr }}' - - '{{ user2 }}@{{ gateway_addr }}' - - '{{ role1 }}' + - '{{ user1 }}@{{ gateway_addr }}' + - '{{ user2 }}@{{ gateway_addr }}' + - '{{ role1 }}' - - name: Check + - name: Assert that rewrite members again is not changed assert: that: - - result is not changed + - result is not changed - #========================== + # ========================== # Append members - name: Append a member in check_mode @@ -854,15 +854,15 @@ state: present append_members: yes members: - - '{{ user0 }}@{{ gateway_addr }}' + - '{{ user0 }}@{{ gateway_addr }}' check_mode: yes - - name: Check + - name: Assert that append a member in check_mode is changed assert: that: - - result is changed + - result is changed - - name: Check in DB, if not granted, the query will fail + - name: Query user0, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params @@ -870,25 +870,25 @@ ignore_errors: yes when: db_engine == 'mysql' - - name: Check + - name: Assert that query user0 is failed assert: that: - - result is failed + - result is failed when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count for user0 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count for user0 and role0 in mariadb resturns 0 row assert: that: - - result.query_result.0.0['user_roles'] == 0 + - result.query_result.0.0['user_roles'] == 0 when: db_engine == 'mariadb' - #===================== + # ===================== - name: Append a member <<: *task_params @@ -898,93 +898,93 @@ state: present append_members: yes members: - - '{{ user0 }}@{{ gateway_addr }}' + - '{{ user0 }}@{{ gateway_addr }}' - - name: Check + - name: Assert that append a member is changed assert: that: - - result is changed + - result is changed - - name: Check in DB, if not granted, the query will fail + - name: Query user0, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that query user0 in mysql is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count for user0 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count for user0 and role0 in mariadb resturns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' # user1 and user2 must still be in DB because we are appending - - name: Check in DB, if not granted, the query will fail + - name: Query user1, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user1 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that query for user1 in mysql is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count for user1 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count for user1 and role0 in mariadb returns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - - name: Check in DB, if not granted, the query will fail + - name: Query user2, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user2 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that query user2 in mysql is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count for user2 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count for user2 and role0 in mariadb returns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - #======================== + # ======================== - name: Append a member again in check_mode <<: *task_params @@ -994,15 +994,15 @@ state: present append_members: yes members: - - '{{ user0 }}@{{ gateway_addr }}' + - '{{ user0 }}@{{ gateway_addr }}' check_mode: yes - - name: Check + - name: Assert that append a member again in check_mode is not changed assert: that: - - result is not changed + - result is not changed - #======================== + # ======================== - name: Append a member again <<: *task_params @@ -1012,12 +1012,12 @@ state: present append_members: yes members: - - '{{ user0 }}@{{ gateway_addr }}' + - '{{ user0 }}@{{ gateway_addr }}' - - name: Check + - name: Assert that append a member again is not changed assert: that: - - result is not changed + - result is not changed ############## # Detach users @@ -1029,95 +1029,95 @@ state: present detach_members: yes members: - - '{{ user1 }}@{{ gateway_addr }}' - - '{{ user2 }}@{{ gateway_addr }}' + - '{{ user1 }}@{{ gateway_addr }}' + - '{{ user2 }}@{{ gateway_addr }}' check_mode: yes - - name: Check + - name: Assert that detach users in check_mode is changed assert: that: - - result is changed + - result is changed # They must be there because of check_mode - - name: Check in DB, if not granted, the query will fail + - name: Query user0, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that query user0 is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count for user0 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count for user0 and role0 in mariadb resturns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - - name: Check in DB, if not granted, the query will fail + - name: Query user1, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user1 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that query user1 in mysql is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count for user1 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count for user1 and role0 in mariadb returns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - - name: Check in DB, if not granted, the query will fail + - name: Query user2, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user2 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that query user2 in mysql is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count user2 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count user2 and role0 in mariadb returns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - #======================== + # ======================== - name: Detach users <<: *task_params @@ -1127,41 +1127,41 @@ state: present detach_members: yes members: - - '{{ user1 }}@{{ gateway_addr }}' - - '{{ user2 }}@{{ gateway_addr }}' + - '{{ user1 }}@{{ gateway_addr }}' + - '{{ user2 }}@{{ gateway_addr }}' - - name: Check + - name: Assert that detach users is changed assert: that: - - result is changed + - result is changed - - name: Check in DB, if not granted, the query will fail + - name: Query user0, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@{{ gateway_addr }} USING '{{ role0 }}'" when: db_engine == 'mysql' - - name: Check + - name: Assert that query user0 in mysql is succeeded assert: that: - - result is succeeded + - result is succeeded when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count for user0 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count for user0 and role0 returns 1 row assert: that: - - result.query_result.0.0['user_roles'] == 1 + - result.query_result.0.0['user_roles'] == 1 when: db_engine == 'mariadb' - - name: Check in DB, if not granted, the query will fail + - name: Query user1, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params @@ -1169,26 +1169,26 @@ ignore_errors: yes when: db_engine == 'mysql' - - name: Check + - name: Assert that query user1 in mysql is failed assert: that: - - result is failed + - result is failed when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count for user1 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count for user1 and role0 in mariadb returns 0 row assert: that: - - result.query_result.0.0['user_roles'] == 0 + - result.query_result.0.0['user_roles'] == 0 when: db_engine == 'mariadb' - - name: Check in DB, if not granted, the query will fail + - name: Query user2, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params @@ -1196,26 +1196,26 @@ ignore_errors: yes when: db_engine == 'mysql' - - name: Check + - name: Assert that query user2 in mysql is failed assert: that: - - result is failed + - result is failed when: db_engine == 'mysql' - - name: Check in DB (mariadb) + - name: Query count for user2 and role0 (mariadb) <<: *task_params mysql_query: <<: *mysql_params query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = '{{ gateway_addr }}' AND Role = '{{ role0 }}'" when: db_engine == 'mariadb' - - name: Check (mariadb) + - name: Assert that query count for user2 and role0 returns 0 row assert: that: - - result.query_result.0.0['user_roles'] == 0 + - result.query_result.0.0['user_roles'] == 0 when: db_engine == 'mariadb' - #===================== + # ===================== - name: Detach users in check_mode again <<: *task_params @@ -1225,14 +1225,14 @@ state: present detach_members: yes members: - - '{{ user1 }}@{{ gateway_addr }}' - - '{{ user2 }}@{{ gateway_addr }}' + - '{{ user1 }}@{{ gateway_addr }}' + - '{{ user2 }}@{{ gateway_addr }}' check_mode: yes - - name: Check + - name: Assert that detach users in check_mode again is not changed assert: that: - - result is not changed + - result is not changed - name: Detach users again <<: *task_params @@ -1242,13 +1242,13 @@ state: present detach_members: yes members: - - '{{ user1 }}@{{ gateway_addr }}' - - '{{ user2 }}@{{ gateway_addr }}' + - '{{ user1 }}@{{ gateway_addr }}' + - '{{ user2 }}@{{ gateway_addr }}' - - name: Check + - name: Assert that detach users again is not changed assert: that: - - result is not changed + - result is not changed - name: '"detach" users when creating a new role' <<: *task_params @@ -1260,24 +1260,24 @@ members: - '{{ user1 }}@{{ gateway_addr }}' - - name: Check the role was created + - name: Assert that creating a role while detach users is changed assert: that: - result is changed - - name: Check grants + - name: Query grants for user1 <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user1 }}@'{{ gateway_addr }}'" - - name: asssert detach_members did not add a user to the role + - name: Assert detach_members did not add a user to the role assert: that: - "'{{ role3 }}' not in result.query_result.0.0" # test members_must_exist - - name: try failing on not-existing user in check-mode + - name: Try failing on not-existing user in check-mode <<: *task_params mysql_role: <<: *mysql_params @@ -1289,12 +1289,13 @@ - 'not_existent@{{ gateway_addr }}' ignore_errors: yes check_mode: yes - - name: assert failure + + - name: Assert nonexistent user in check-mode is failed assert: that: - result is failed - - name: try failing on not-existing user in check-mode + - name: Try failing on not-existing user in check-mode <<: *task_params mysql_role: <<: *mysql_params @@ -1305,12 +1306,13 @@ members: - 'not_existent@{{ gateway_addr }}' check_mode: yes + - name: Check for lack of change assert: that: - result is not changed - - name: try failing on not-existing user + - name: Try failing on not-existing user <<: *task_params mysql_role: <<: *mysql_params @@ -1321,12 +1323,13 @@ members: - 'not_existent@{{ gateway_addr }}' ignore_errors: yes - - name: assert failure + + - name: Assert nonexistent user with members_must_exist is failed assert: that: - result is failed - - name: try failing on not-existing user + - name: Try failing on not-existing user <<: *task_params mysql_role: <<: *mysql_params @@ -1336,7 +1339,8 @@ append_members: yes members: - 'not_existent@{{ gateway_addr }}' - - name: Check for lack of change + + - name: Assert nonexistent user with members_must_exist=no is not changed assert: that: - result is not changed @@ -1351,8 +1355,8 @@ <<: *mysql_params query: 'CREATE DATABASE {{ item }}' loop: - - '{{ test_db1 }}' - - '{{ test_db2 }}' + - '{{ test_db1 }}' + - '{{ test_db2 }}' - name: Create table {{ test_table }} <<: *task_params @@ -1361,29 +1365,29 @@ login_db: '{{ item }}' query: 'CREATE TABLE {{ test_table }} (id int)' loop: - - '{{ test_db1 }}' - - '{{ test_db2 }}' + - '{{ test_db1 }}' + - '{{ test_db2 }}' - - name: Check grants + - name: Query grants for role0 <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ role0 }}" - - name: Check + - name: Assert grants for role0 in mysql assert: that: - - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`" - - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`" - - result.rowcount.0 == 2 + - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`" + - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`" + - result.rowcount.0 == 2 when: db_engine == 'mysql' - - name: Check (mariadb) + - name: Assert grants for role0 in mariadb assert: that: - - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`" - - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`" - - result.rowcount.0 == 2 + - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`" + - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`" + - result.rowcount.0 == 2 when: db_engine == 'mariadb' - name: Append privs in check_mode @@ -1396,31 +1400,31 @@ append_privs: yes check_mode: yes - - name: Check + - name: Assert append privs in check_mode is changed assert: that: - - result is changed + - result is changed - - name: Check grants + - name: Query grants for role0 <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ role0 }}" - - name: Check + - name: Assert grants for role0 in mysql assert: that: - - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`" - - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`" - - result.rowcount.0 == 2 + - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`" + - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`" + - result.rowcount.0 == 2 when: db_engine == 'mysql' - - name: Check (mariadb) + - name: Assert grants for role0 in mariadb assert: that: - - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`" - - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`" - - result.rowcount.0 == 2 + - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`" + - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`" + - result.rowcount.0 == 2 when: db_engine == 'mariadb' - name: Append privs @@ -1432,35 +1436,35 @@ priv: '{{ test_db1 }}.{{ test_table }}:SELECT,INSERT/{{ test_db2 }}.{{ test_table }}:DELETE' append_privs: yes - - name: Check + - name: Assert that append privs is changed assert: that: - - result is changed + - result is changed - - name: Check grants + - name: Query grants for role0 <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ role0 }}" - - name: Check + - name: Assert grants for role0 in mysql assert: that: - - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`" - - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`" - - result.query_result.0.2["Grants for role0@%"] == "GRANT SELECT, INSERT ON `test_db1`.`test_table` TO `role0`@`%`" - - result.query_result.0.3["Grants for role0@%"] == "GRANT DELETE ON `test_db2`.`test_table` TO `role0`@`%`" - - result.rowcount.0 == 4 + - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`" + - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`" + - result.query_result.0.2["Grants for role0@%"] == "GRANT SELECT, INSERT ON `test_db1`.`test_table` TO `role0`@`%`" + - result.query_result.0.3["Grants for role0@%"] == "GRANT DELETE ON `test_db2`.`test_table` TO `role0`@`%`" + - result.rowcount.0 == 4 when: db_engine == 'mysql' - - name: Check (mariadb) + - name: Assert grants for role0 in mariadb assert: that: - - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`" - - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`" - - result.query_result.0.2["Grants for role0"] == "GRANT SELECT, INSERT ON `test_db1`.`test_table` TO `role0`" - - result.query_result.0.3["Grants for role0"] == "GRANT DELETE ON `test_db2`.`test_table` TO `role0`" - - result.rowcount.0 == 4 + - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`" + - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`" + - result.query_result.0.2["Grants for role0"] == "GRANT SELECT, INSERT ON `test_db1`.`test_table` TO `role0`" + - result.query_result.0.3["Grants for role0"] == "GRANT DELETE ON `test_db2`.`test_table` TO `role0`" + - result.rowcount.0 == 4 when: db_engine == 'mariadb' - name: Append privs again in check_mode @@ -1479,10 +1483,10 @@ # https://github.com/ansible-collections/community.mysql/issues/50#issuecomment-871216825 # and it's also failed. Create an issue after the module is merged to avoid conflicts. # TODO Fix this after user_mod is fixed. - - name: Check + - name: Assert that append privs again in check_mode is changed assert: that: - - result is changed + - result is changed - name: Append privs again <<: *task_params @@ -1493,10 +1497,10 @@ priv: '{{ test_db1 }}.{{ test_table }}:SELECT,INSERT/{{ test_db2 }}.{{ test_table }}:DELETE' append_privs: yes - - name: Check that there's no change + - name: Assert that append privs again is not changed assert: that: - - result is not changed + - result is not changed - name: Rewrite privs <<: *task_params @@ -1507,43 +1511,43 @@ priv: '*.*': 'SELECT' - - name: Check + - name: Assert that rewrite privs is changed assert: that: - - result is changed + - result is changed - - name: Check grants + - name: Query grants for role0 <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ role0 }}" - - name: Check + - name: Assert grants for role0 in mysql assert: that: - - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT ON *.* TO `role0`@`%`" - - result.rowcount.0 == 1 + - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT ON *.* TO `role0`@`%`" + - result.rowcount.0 == 1 when: db_engine == 'mysql' - - name: Check (mariadb) + - name: Assert grants for role0 in mariadb assert: that: - - result.query_result.0.0["Grants for role0"] == "GRANT SELECT ON *.* TO `role0`" - - result.rowcount.0 == 1 + - result.query_result.0.0["Grants for role0"] == "GRANT SELECT ON *.* TO `role0`" + - result.rowcount.0 == 1 when: db_engine == 'mariadb' # ################# # Test admin option # ################# - - name: Drop role + - name: Drop role0 <<: *task_params mysql_role: <<: *mysql_params name: '{{ role0 }}' state: absent - - name: Create role with admin + - name: Create role0 with admin <<: *task_params mysql_role: <<: *mysql_params @@ -1552,33 +1556,33 @@ admin: '{{ user0 }}@{{ gateway_addr }}' ignore_errors: yes - - name: Check with MySQL + - name: Assert expected error message for mysql assert: that: - - result is failed - - result.msg is search('option can be used only with MariaDB') + - result is failed + - result.msg is search('option can be used only with MariaDB') when: db_engine == 'mysql' - - name: Check with MariaDB + - name: Assert create role0 in mariadb is changed assert: that: - - result is changed + - result is changed when: db_engine == 'mariadb' - - name: Check in DB + - name: Query role0 in mariadb <<: *task_params mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = ''" when: db_engine == 'mariadb' - - name: Check + - name: Assert that query role0 in mariadb returns 1 row assert: that: - - result.rowcount.0 == 1 + - result.rowcount.0 == 1 when: db_engine == 'mariadb' - - name: Create role with admin again + - name: Create role0 with admin again <<: *task_params mysql_role: <<: *mysql_params @@ -1587,65 +1591,66 @@ admin: '{{ user0 }}@{{ gateway_addr }}' ignore_errors: yes - - name: Check with MySQL + - name: Assert expected error message in mysql again assert: that: - - result is failed - - result.msg is search('option can be used only with MariaDB') + - result is failed + - result.msg is search('option can be used only with MariaDB') when: db_engine == 'mysql' - - name: Check with MariaDB + - name: Assert create role0 in mariadb is not changed assert: that: - - result is not changed + - result is not changed when: db_engine == 'mariadb' # Try to grant a role to a user who does not exist - - name: Create role with admin again + - name: Create role0 with admin again <<: *task_params mysql_role: <<: *mysql_params name: '{{ role0 }}' state: present members: - - '{{ nonexistent }}@{{ gateway_addr }}' + - '{{ nonexistent }}@{{ gateway_addr }}' ignore_errors: yes - - name: Check + - name: Assert that create role0 with admin again is failed assert: that: - - result is failed - - result.msg is search('does not exist') + - result is failed + - result.msg is search('does not exist') always: - # Clean up - - name: Drop DBs - mysql_query: - <<: *mysql_params - query: 'DROP DATABASE IF EXISTS {{ item }}' - loop: - - '{{ test_db }}' - - '{{ test_db1 }}' - - '{{ test_db2 }}' - - name: Drop users - <<: *task_params - mysql_user: - <<: *mysql_params - name: '{{ item }}' - state: absent - loop: - - '{{ user0 }}' - - '{{ user1 }}' - - '{{ user2 }}' + # Clean up + - name: Drop DBs + mysql_query: + <<: *mysql_params + query: 'DROP DATABASE IF EXISTS {{ item }}' + loop: + - '{{ test_db }}' + - '{{ test_db1 }}' + - '{{ test_db2 }}' - - name: Drop roles - <<: *task_params - mysql_role: - <<: *mysql_params - name: '{{ item }}' - state: absent - loop: - - '{{ role0 }}' - - test - - '{{ role3 }}' + - name: Drop users + <<: *task_params + mysql_user: + <<: *mysql_params + name: '{{ item }}' + state: absent + loop: + - '{{ user0 }}' + - '{{ user1 }}' + - '{{ user2 }}' + + - name: Drop roles + <<: *task_params + mysql_role: + <<: *mysql_params + name: '{{ item }}' + state: absent + loop: + - '{{ role0 }}' + - test + - '{{ role3 }}'