password_expire support for mysql_user (#598)

* initial commit for password_expire support * sanity check and default values * add one more if block for version check * some changes and integration tests * docs and sanity and integration test fix * make integration tests work * make integration tests work * fix unneeded commits * fix verify as well * Update plugins/modules/mysql_user.py Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me> * Update tests/integration/targets/test_mysql_user/tasks/test_password_expire.yml Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me> * Apply suggestions from code review Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me> * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/module_utils/user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/module_utils/user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/module_utils/user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * typo and no_log remove for password_expire* vars * add change log fragment * move one if statement to module initialiazation * fix merge conflicts * fix order * some fixes * set no_log to true for password word containing keys * fix sanity error * Update changelogs/fragments/598-password_expire-support-for-mysql_user.yml Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> --------- Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2025-07-22 12:50:24 -07:00 · 2024-02-22 11:31:01 +02:00 · 2024-02-22 11:31:01 +02:00 · 40af258d86
commit 40af258d86
parent 21fe52d8f1
9 changed files with 375 additions and 6 deletions
--- a/tests/integration/targets/test_mysql_user/tasks/utils/assert_user_password_expire.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/utils/assert_user_password_expire.yml
@ -0,0 +1,56 @@
+---
+- name: Utils | Assert user password_expire | Create modify {{ username }} with password_expire
+  community.mysql.mysql_user:
+    login_user: "{{ mysql_parameters.login_user }}"
+    login_password: "{{ mysql_parameters.login_password }}"
+    login_host: "{{ mysql_parameters.login_host }}"
+    login_port: "{{ mysql_parameters.login_port }}"
+    state: present
+    name: "{{ username }}"
+    host: "{{ host }}"
+    password: "{{ password }}"
+    password_expire: "{{ password_expire }}"
+    password_expire_interval: "{{ password_expire_interval | default(omit) }}"
+  register: result
+  check_mode: "{{ check_mode | default(false) }}"
+  failed_when: result.changed != expect_change_value
+  vars:
+    expect_change_value: "{{ expect_change }}"
+
+- name: Utils | Assert user password_lifetime | Query user '{{ username }}'
+  ansible.builtin.command:
+    cmd: >
+      {{ mysql_command }} -BNe "SELECT IFNULL(password_lifetime, -1)
+      FROM mysql.user where user='{{ username }}' and host='{{ host }}'"
+  register: password_lifetime
+  when:
+    - db_engine == 'mysql'
+    - db_version is version('5.7.0', '>=')
+  failed_when: expected_password_lifetime_value not in password_lifetime.stdout_lines
+  vars:
+    expected_password_lifetime_value: "{{ expected_password_lifetime }}"
+
+- name: Utils | Assert user password_lifetime | Query user '{{ username }}'
+  ansible.builtin.command:
+    "{{ mysql_command }} -BNe \"SELECT JSON_EXTRACT(Priv, '$.password_lifetime') AS password_lifetime \
+    FROM mysql.global_priv \
+    WHERE user='{{ username }}' and host='{{ host }}'\""
+  register: password_lifetime
+  when:
+    - db_engine == 'mariadb'
+    - db_version is version('10.4.3', '>=')
+  failed_when: expected_password_lifetime_value not in password_lifetime.stdout_lines
+  vars:
+    expected_password_lifetime_value: "{{ expected_password_lifetime }}"
+
+- name: Utils | Assert user password_expired | Query user '{{ username }}'
+  ansible.builtin.command:
+    cmd: >
+      {{ mysql_command }} -BNe "SELECT password_expired FROM mysql.user 
+      WHERE user='{{ username }}' and host='{{ host }}'"
+  register: password_expired
+  when: (db_engine == 'mysql' and db_version is version('5.7.0', '>=')) or
+    (db_engine == 'mariadb' and db_version is version('10.4.3', '>='))
+  failed_when: expected_password_expired_value not in password_expired.stdout_lines
+  vars:
+    expected_password_expired_value: "{{ expected_password_expired }}"