Add MAX_STATEMENT_TIME to resource_limits

2025-04-07 03:00:34 -07:00 · 2023-03-31 09:24:54 +02:00 · 2023-03-31 09:24:54 +02:00 · 424b33d1f8
commit 424b33d1f8
parent e2aa655762
4 changed files with 164 additions and 1 deletions
--- a/changelogs/fragments/523-add-max_statement_time_resource-limit.yml
+++ b/changelogs/fragments/523-add-max_statement_time_resource-limit.yml
@ -0,0 +1,2 @@
+minor_changes:
+  - mysql_user - add ``MAX_STATEMENT_TIME`` support for mariadb to the ``resource_limits`` argument (https://github.com/ansible-collections/community.mysql/issues/211).
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@ -808,6 +808,15 @@ def get_resource_limits(cursor, user, host):
        'MAX_CONNECTIONS_PER_HOUR': res[2],
        'MAX_USER_CONNECTIONS': res[3],
    }
+
+    cursor.execute("SELECT VERSION()")
+    if 'mariadb' in cursor.fetchone()[0].lower():
+        query = ('SELECT max_statement_time AS MAX_STATEMENT_TIME '
+                 'FROM mysql.user WHERE User = %s AND Host = %s')
+        cursor.execute(query, (user, host))
+        res_max_statement_time = cursor.fetchone()
+        current_limits['MAX_STATEMENT_TIME'] = res_max_statement_time[0]
+
    return current_limits


@ -864,6 +873,11 @@ def limit_resources(module, cursor, user, host, resource_limits, check_mode):
        module.fail_json(msg="The server version does not match the requirements "
                             "for resource_limits parameter. See module's documentation.")

+    cursor.execute("SELECT VERSION()")
+    if 'mariadb' not in cursor.fetchone()[0].lower():
+        if 'MAX_STATEMENT_TIME' in resource_limits:
+            module.fail_json(msg="MAX_STATEMENT_TIME resource limit is only supported by MariaDB.")
+
    current_limits = get_resource_limits(cursor, user, host)

    needs_to_change = match_resource_limits(module, current_limits, resource_limits)
--- a/plugins/modules/mysql_user.py
+++ b/plugins/modules/mysql_user.py
@ -145,7 +145,7 @@ options:
    description:
      - Limit the user for certain server resources. Provided since MySQL 5.6 / MariaDB 10.2.
      - "Available options are C(MAX_QUERIES_PER_HOUR: num), C(MAX_UPDATES_PER_HOUR: num),
-        C(MAX_CONNECTIONS_PER_HOUR: num), C(MAX_USER_CONNECTIONS: num)."
+        C(MAX_CONNECTIONS_PER_HOUR: num), C(MAX_USER_CONNECTIONS: num), C(MAX_STATEMENT_TIME: num) (supported only for MariaDB since collection version 3.7.0)."
      - Used when I(state=present), ignored otherwise.
    type: dict
    version_added: '0.1.0'
--- a/tests/integration/targets/test_mysql_user/tasks/test_resource_limits.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/test_resource_limits.yml
@ -129,4 +129,151 @@
        that:
          - result.rowcount[0] == 1

+    - name: Resource limits | Drop mysql user {{ user_name_1 }} if exists
+      community.mysql.mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        host_all: true
+        state: absent
+
+    - name: Resource limits | Create mysql user {{ user_name_1 }} with MAX_STATEMENT_TIME in check_mode
+      community.mysql.mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        state: present
+        resource_limits:
+          MAX_QUERIES_PER_HOUR: 10
+          MAX_STATEMENT_TIME: 1
+      check_mode: true
+      register: result
+      ignore_errors: true
+
+    - name: Resource limits | Assert that create user with MAX_STATEMENT_TIME is changed for mariadb
+      ansible.builtin.assert:
+        that:
+          - result is changed
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Assert that create user with MAX_STATEMENT_TIME is failed for mysql
+      ansible.builtin.assert:
+        that:
+          - result is failed
+      when: db_engine == 'mysql'
+
+    - name: Resource limits | Create mysql user {{ user_name_1 }} with MAX_STATEMENT_TIME in actual mode
+      community.mysql.mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        state: present
+        resource_limits:
+          MAX_QUERIES_PER_HOUR: 10
+          MAX_STATEMENT_TIME: 1
+      register: result
+      ignore_errors: true
+
+    - name: Resource limits | Assert that create user with MAX_STATEMENT_TIME is changed for MariaDB
+      ansible.builtin.assert:
+        that:
+          - result is changed
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Assert that create user with MAX_STATEMENT_TIME is failed for MySQL
+      ansible.builtin.assert:
+        that:
+          - result is failed
+      when: db_engine == 'mysql'
+
+    - name: Resource limits | Retrieve user with MAX_STATEMENT_TIME
+      community.mysql.mysql_query:
+        <<: *mysql_params
+        query: >
+          SELECT User FROM mysql.user
+          WHERE User = '{{ user_name_1 }}'
+          AND Host = 'localhost'
+          AND max_questions = 10
+          AND max_statement_time = 1
+      register: result
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Assert that rowcount is 1 with MAX_STATEMENT_TIME
+      ansible.builtin.assert:
+        that:
+          - result.rowcount[0] == 1
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Try to set the same limits with MAX_STATEMENT_TIME again in check mode
+      community.mysql.mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        state: present
+        resource_limits:
+          MAX_QUERIES_PER_HOUR: 10
+          MAX_STATEMENT_TIME: 1
+      check_mode: true
+      register: result
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Assert that set same limits with MAX_STATEMENT_TIME again is not changed
+      ansible.builtin.assert:
+        that:
+          - result is not changed
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Try to set the same limits with MAX_STATEMENT_TIME again in actual mode
+      community.mysql.mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        state: present
+        resource_limits:
+          MAX_QUERIES_PER_HOUR: 10
+          MAX_STATEMENT_TIME: 1
+      register: result
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Assert that set same limits with MAX_STATEMENT_TIME again in actual mode is not changed
+      ansible.builtin.assert:
+        that:
+          - result is not changed
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Change limits with MAX_STATEMENT_TIME
+      community.mysql.mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        state: present
+        resource_limits:
+          MAX_QUERIES_PER_HOUR: 5
+          MAX_STATEMENT_TIME: 2
+      register: result
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Assert limits with MAX_STATEMENT_TIME changed
+      ansible.builtin.assert:
+        that:
+          - result is changed
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Get user limits with MAX_STATEMENT_TIME
+      community.mysql.mysql_query:
+        <<: *mysql_params
+        query: >
+          SELECT User FROM mysql.user
+          WHERE User = '{{ user_name_1 }}'
+          AND Host = 'localhost'
+          AND max_questions = 5
+          AND max_statement_time = 2
+      register: result
+      when: db_engine == 'mariadb'
+
+    - name: Resource limits | Assert limit with MAX_STATEMENT_TIME row count
+      ansible.builtin.assert:
+        that:
+          - result.rowcount[0] == 1
+      when: db_engine == 'mariadb'
+
  when: (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18') or (ansible_distribution == 'CentOS' and ansible_distribution_major_version >= '8')