diff --git a/CHANGELOG.rst b/CHANGELOG.rst index cb5e2cd..720ea41 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -6,6 +6,33 @@ Community MySQL Collection Release Notes This changelog describes changes after version 2.0.0. +v3.6.0 +====== + +Release Summary +--------------- + +This is the minor release of the ``community.mysql`` collection. +This changelog contains all changes to the modules and plugins in this collection +that have been made after the previous release. + +Minor Changes +------------- + +- mysql_info - add ``connector_name`` and ``connector_version`` to returned values (https://github.com/ansible-collections/community.mysql/pull/497). +- mysql_role - enable auto_commit to avoid MySQL metadata table lock (https://github.com/ansible-collections/community.mysql/issues/479). +- mysql_user - add plugin_auth_string as optional parameter to use a specific pam service if pam/auth_pam plugin is used (https://github.com/ansible-collections/community.mysql/pull/445). +- mysql_user - add the ``session_vars`` argument to set session variables at the beginning of module execution (https://github.com/ansible-collections/community.mysql/issues/478). +- mysql_user - display a more informative invalid privilege exception. Changes the exception handling of the granting permission logic to show the query executed , params and the exception message granting privileges fails` (https://github.com/ansible-collections/community.mysql/issues/465). +- mysql_user - enable auto_commit to avoid MySQL metadata table lock (https://github.com/ansible-collections/community.mysql/issues/479). +- setup_mysql - update MySQL tarball URL (https://github.com/ansible-collections/community.mysql/pull/491). + +Bugfixes +-------- + +- mysql_user - when revoke privs consists only of ``GRANT``, a 2nd revoke query is executed with empty privs to revoke that ended in an SQL exception (https://github.com/ansible-collections/community.mysql/pull/503). +- mysql_variables - add uppercase character pattern to regex to allow GLOBAL variables containing uppercase characters. This recognizes variable names used in Galera, for example, ``wsrep_OSU_method``, which breaks the normal pattern of all lowercase characters (https://github.com/ansible-collections/community.mysql/pull/501). + v3.5.1 ====== @@ -216,7 +243,7 @@ that have been added after the release of ``community.mysql`` 2.3.2. Breaking Changes / Porting Guide -------------------------------- -- mysql_replication - remove ``Is_Slave`` and ``Is_Master`` return values (were replaced with ``Is_Primary`` and ``Is_Replica`` (https://github.com/ansible-collections /community.mysql/issues/145). +- mysql_replication - remove ``Is_Slave`` and ``Is_Master`` return values (were replaced with ``Is_Primary`` and ``Is_Replica`` (https://github.com/ansible-collections/community.mysql/issues/145). - mysql_replication - remove the mode options values containing ``master``/``slave`` and the master_use_gtid option ``slave_pos`` (were replaced with corresponding ``primary``/``replica`` values) (https://github.com/ansible-collections/community.mysql/issues/145). - mysql_user - remove support for the `REQUIRESSL` special privilege as it has ben superseded by the `tls_requires` option (https://github.com/ansible-collections/community.mysql/discussions/121). - mysql_user - validate privileges using database engine directly (https://github.com/ansible-collections/community.mysql/issues/234 https://github.com/ansible-collections/community.mysql/pull/243). Do not validate privileges in this module anymore. diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index ce080f8..e272941 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -261,3 +261,42 @@ releases: - 3.5.1.yml - 438-fix-privilege-changing-everytime.yml release_date: '2022-09-09' + 3.6.0: + changes: + bugfixes: + - mysql_user - when revoke privs consists only of ``GRANT``, a 2nd revoke query + is executed with empty privs to revoke that ended in an SQL exception (https://github.com/ansible-collections/community.mysql/pull/503). + - mysql_variables - add uppercase character pattern to regex to allow GLOBAL + variables containing uppercase characters. This recognizes variable names + used in Galera, for example, ``wsrep_OSU_method``, which breaks the normal + pattern of all lowercase characters (https://github.com/ansible-collections/community.mysql/pull/501). + minor_changes: + - mysql_info - add ``connector_name`` and ``connector_version`` to returned + values (https://github.com/ansible-collections/community.mysql/pull/497). + - mysql_role - enable auto_commit to avoid MySQL metadata table lock (https://github.com/ansible-collections/community.mysql/issues/479). + - mysql_user - add plugin_auth_string as optional parameter to use a specific + pam service if pam/auth_pam plugin is used (https://github.com/ansible-collections/community.mysql/pull/445). + - mysql_user - add the ``session_vars`` argument to set session variables at + the beginning of module execution (https://github.com/ansible-collections/community.mysql/issues/478). + - mysql_user - display a more informative invalid privilege exception. Changes + the exception handling of the granting permission logic to show the query + executed , params and the exception message granting privileges fails` (https://github.com/ansible-collections/community.mysql/issues/465). + - mysql_user - enable auto_commit to avoid MySQL metadata table lock (https://github.com/ansible-collections/community.mysql/issues/479). + - setup_mysql - update MySQL tarball URL (https://github.com/ansible-collections/community.mysql/pull/491). + release_summary: 'This is the minor release of the ``community.mysql`` collection. + + This changelog contains all changes to the modules and plugins in this collection + + that have been made after the previous release.' + fragments: + - 0_mysql_user_session_vars.yml + - 3.6.0.yml + - 445_add_service_name_to_plugin_pam_auth_pam_usage.yml + - 465-display_more_informative_invalid_priv_exceptiion.yml + - 479_enable_auto_commit.yml + - 479_enable_auto_commit_part2.yml + - 491_fix_download_url.yaml + - 497_mysql_info_returns_connector_name_and_version.yml + - 503-fix-revoke-grant-only.yml + - mysql_variables_allow_uppercase_identifiers.yml + release_date: '2023-02-08' diff --git a/changelogs/fragments/0_mysql_user_session_vars.yml b/changelogs/fragments/0_mysql_user_session_vars.yml deleted file mode 100644 index 55bcd6c..0000000 --- a/changelogs/fragments/0_mysql_user_session_vars.yml +++ /dev/null @@ -1,2 +0,0 @@ -minor_changes: -- mysql_user - add the ``session_vars`` argument to set session variables at the beginning of module execution (https://github.com/ansible-collections/community.mysql/issues/478). diff --git a/changelogs/fragments/177-change_deprecated_connection_parameters.yml b/changelogs/fragments/177-change_deprecated_connection_parameters.yml new file mode 100644 index 0000000..3c9e088 --- /dev/null +++ b/changelogs/fragments/177-change_deprecated_connection_parameters.yml @@ -0,0 +1,2 @@ +minor_changes: +- mysql module utils - change deprecated connection parameters ``passwd`` and ``db`` to ``password`` and ``database`` (https://github.com/ansible-collections/community.mysql/pull/177). \ No newline at end of file diff --git a/changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml b/changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml deleted file mode 100644 index 2b9a523..0000000 --- a/changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - mysql_user - add plugin_auth_string as optional parameter to use a specific pam service if pam/auth_pam plugin is used (https://github.com/ansible-collections/community.mysql/pull/445). diff --git a/changelogs/fragments/465-display_more_informative_invalid_priv_exceptiion.yml b/changelogs/fragments/465-display_more_informative_invalid_priv_exceptiion.yml deleted file mode 100644 index fc47d37..0000000 --- a/changelogs/fragments/465-display_more_informative_invalid_priv_exceptiion.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -minor_changes: - - mysql_user - display a more informative invalid privilege exception. - Changes the exception handling of the granting permission logic to show the query executed , params - and the exception message granting privileges fails` (https://github.com/ansible-collections/community.mysql/issues/465). \ No newline at end of file diff --git a/changelogs/fragments/479_enable_auto_commit.yml b/changelogs/fragments/479_enable_auto_commit.yml deleted file mode 100644 index 5701f30..0000000 --- a/changelogs/fragments/479_enable_auto_commit.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - mysql_user - enable auto_commit to avoid MySQL metadata table lock (https://github.com/ansible-collections/community.mysql/issues/479). diff --git a/changelogs/fragments/491_fix_download_url.yaml b/changelogs/fragments/491_fix_download_url.yaml deleted file mode 100644 index 27628bb..0000000 --- a/changelogs/fragments/491_fix_download_url.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - setup_mysql - update MySQL tarball URL (https://github.com/ansible-collections/community.mysql/pull/491). diff --git a/changelogs/fragments/497_mysql_info_returns_connector_name_and_version.yml b/changelogs/fragments/497_mysql_info_returns_connector_name_and_version.yml deleted file mode 100644 index 11fc4f5..0000000 --- a/changelogs/fragments/497_mysql_info_returns_connector_name_and_version.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -minor_changes: - - mysql_info - add ``connector_name`` and ``connector_version`` to returned values (https://github.com/ansible-collections/community.mysql/pull/497). diff --git a/galaxy.yml b/galaxy.yml index 733762d..bb7e2be 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,6 +1,6 @@ namespace: community name: mysql -version: 3.5.1 +version: 3.6.0 readme: README.md authors: - Ansible community diff --git a/plugins/module_utils/mysql.py b/plugins/module_utils/mysql.py index 2cafcb6..6aeebe5 100644 --- a/plugins/module_utils/mysql.py +++ b/plugins/module_utils/mysql.py @@ -122,7 +122,7 @@ def mysql_connect(module, login_user=None, login_password=None, config_file='', if login_user is not None: config['user'] = login_user if login_password is not None: - config['passwd'] = login_password + config['password'] = login_password if ssl_cert is not None: config['ssl']['cert'] = ssl_cert if ssl_key is not None: @@ -130,7 +130,7 @@ def mysql_connect(module, login_user=None, login_password=None, config_file='', if ssl_ca is not None: config['ssl']['ca'] = ssl_ca if db is not None: - config['db'] = db + config['database'] = db if connect_timeout is not None: config['connect_timeout'] = connect_timeout if check_hostname is not None: diff --git a/plugins/module_utils/user.py b/plugins/module_utils/user.py index e36aa57..fc4c40e 100644 --- a/plugins/module_utils/user.py +++ b/plugins/module_utils/user.py @@ -692,17 +692,19 @@ def privileges_revoke(cursor, user, host, db_table, priv, grant_option, maria_ro query = ' '.join(query) cursor.execute(query, (user, host)) priv_string = ",".join([p for p in priv if p not in ('GRANT', )]) - query = ["REVOKE %s ON %s" % (priv_string, db_table)] - if not maria_role: - query.append("FROM %s@%s") - params = (user, host) - else: - query.append("FROM %s") - params = (user,) + if priv_string != "": + query = ["REVOKE %s ON %s" % (priv_string, db_table)] - query = ' '.join(query) - cursor.execute(query, params) + if not maria_role: + query.append("FROM %s@%s") + params = (user, host) + else: + query.append("FROM %s") + params = (user,) + + query = ' '.join(query) + cursor.execute(query, params) cursor.execute("FLUSH PRIVILEGES") diff --git a/plugins/modules/mysql_replication.py b/plugins/modules/mysql_replication.py index 5d1a0e5..33e14bc 100644 --- a/plugins/modules/mysql_replication.py +++ b/plugins/modules/mysql_replication.py @@ -292,7 +292,6 @@ from ansible_collections.community.mysql.plugins.module_utils.mysql import ( mysql_common_argument_spec, ) from ansible.module_utils._text import to_native -from ansible_collections.community.mysql.plugins.module_utils.version import LooseVersion executed_queries = [] diff --git a/plugins/modules/mysql_role.py b/plugins/modules/mysql_role.py index 01cb625..070d793 100644 --- a/plugins/modules/mysql_role.py +++ b/plugins/modules/mysql_role.py @@ -1008,7 +1008,8 @@ def main(): cursor, db_conn = mysql_connect(module, 'root', '', config_file, ssl_cert, ssl_key, ssl_ca, db, connect_timeout=connect_timeout, - check_hostname=check_hostname) + check_hostname=check_hostname, + autocommit=True) except Exception: pass @@ -1016,7 +1017,8 @@ def main(): cursor, db_conn = mysql_connect(module, login_user, login_password, config_file, ssl_cert, ssl_key, ssl_ca, db, connect_timeout=connect_timeout, - check_hostname=check_hostname) + check_hostname=check_hostname, + autocommit=True) except Exception as e: module.fail_json(msg='unable to connect to database, ' diff --git a/plugins/modules/mysql_variables.py b/plugins/modules/mysql_variables.py index dc54c82..f404d5a 100644 --- a/plugins/modules/mysql_variables.py +++ b/plugins/modules/mysql_variables.py @@ -199,7 +199,7 @@ def main(): if mysqlvar is None: module.fail_json(msg="Cannot run without variable to operate with") - if match('^[0-9a-z_.]+$', mysqlvar) is None: + if match('^[0-9A-Za-z_.]+$', mysqlvar) is None: module.fail_json(msg="invalid variable name \"%s\"" % mysqlvar) if mysql_driver is None: module.fail_json(msg=mysql_driver_fail_msg) diff --git a/tests/integration/targets/test_mysql_user/tasks/main.yml b/tests/integration/targets/test_mysql_user/tasks/main.yml index 95972a3..06424f5 100644 --- a/tests/integration/targets/test_mysql_user/tasks/main.yml +++ b/tests/integration/targets/test_mysql_user/tasks/main.yml @@ -240,3 +240,5 @@ # https://github.com/ansible-collections/community.mysql/issues/231 - include: test_user_grants_with_roles_applied.yml + + - include: revoke_only_grant.yml \ No newline at end of file diff --git a/tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml b/tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml new file mode 100644 index 0000000..19b9b6a --- /dev/null +++ b/tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml @@ -0,0 +1,58 @@ +--- +- vars: + mysql_parameters: &mysql_params + login_user: '{{ mysql_user }}' + login_password: '{{ mysql_password }}' + login_host: 127.0.0.1 + login_port: '{{ mysql_primary_port }}' + block: + - name: Drop mysql user if exists + mysql_user: + <<: *mysql_params + name: '{{ user_name_1 }}' + state: absent + ignore_errors: true + + - name: create user with two grants + mysql_user: + <<: *mysql_params + name: "{{ user_name_1 }}" + password: "{{ user_password_1 }}" + update_password: on_create + priv: '*.*:SELECT,GRANT' + + - name: user must have only on priv, grant priv must be dropped + register: result + mysql_user: + <<: *mysql_params + name: "{{ user_name_1 }}" + password: "{{ user_password_1 }}" + update_password: on_create + priv: '*.*:SELECT' + + - assert: + that: + - result is not failed + - result is changed + + - name: immutable - user must have only on priv, grant priv must be dropped + register: result + mysql_user: + <<: *mysql_params + name: "{{ user_name_1 }}" + password: "{{ user_password_1 }}" + update_password: on_create + priv: '*.*:SELECT' + + - assert: + that: + - result is not failed + - result is not changed + + always: + - name: drop user + mysql_user: + <<: *mysql_params + name: '{{ user_name_1 }}' + state: absent + ignore_errors: true diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt deleted file mode 100644 index c0323af..0000000 --- a/tests/sanity/ignore-2.10.txt +++ /dev/null @@ -1,8 +0,0 @@ -plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch -plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements -plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen -plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch -plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements -plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements -plugins/modules/mysql_user.py validate-modules:undocumented-parameter -plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt deleted file mode 100644 index c0323af..0000000 --- a/tests/sanity/ignore-2.11.txt +++ /dev/null @@ -1,8 +0,0 @@ -plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch -plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements -plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen -plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch -plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements -plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements -plugins/modules/mysql_user.py validate-modules:undocumented-parameter -plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt index c0323af..da0354c 100644 --- a/tests/sanity/ignore-2.15.txt +++ b/tests/sanity/ignore-2.15.txt @@ -6,3 +6,5 @@ plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements plugins/modules/mysql_user.py validate-modules:undocumented-parameter plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch +plugins/module_utils/mysql.py pylint:unused-import +plugins/module_utils/version.py pylint:unused-import diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt deleted file mode 100644 index dabd55d..0000000 --- a/tests/sanity/ignore-2.9.txt +++ /dev/null @@ -1,3 +0,0 @@ -plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen -plugins/modules/mysql_user.py validate-modules:parameter-type-not-in-doc -plugins/modules/mysql_user.py validate-modules:undocumented-parameter diff --git a/tests/unit/plugins/module_utils/test_mysql_user.py b/tests/unit/plugins/module_utils/test_mysql_user.py index f0a7b32..46b3b8e 100644 --- a/tests/unit/plugins/module_utils/test_mysql_user.py +++ b/tests/unit/plugins/module_utils/test_mysql_user.py @@ -4,10 +4,6 @@ from __future__ import (absolute_import, division, print_function) __metaclass__ = type import pytest -try: - from unittest.mock import MagicMock -except ImportError: - from mock import MagicMock from ansible_collections.community.mysql.plugins.module_utils.user import ( handle_grant_on_col, @@ -15,7 +11,6 @@ from ansible_collections.community.mysql.plugins.module_utils.user import ( normalize_col_grants, sort_column_order ) -from ..utils import dummy_cursor_class @pytest.mark.parametrize(