ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-07-23 05:10:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[PR #490/6970aef backport][stable-2] Integrations tests : Use containers (#519)

Browse source 
* Integrations tests : Use containers for more control and verify that versions match expectation (#490)

* Add healthcheck to MariaDB before starting the tests
This prevent the first test to fail because the db isn't ready yet.

* Add % instead of the default 'localhost' since we use remote connection

Previously, everything was on localhost. Now ansible-test is in a
venv and the db is in a container. The db see the IP address from the
podman host (10.88.0.2)

* Add mysql_client to the controller

* Prepare controller with Podman/Docker Network

We use the Podman/Docker network gateway address to communicate between
container. I haven't tested Docker. I would have preferred to use a pod
but only Podman support it and ansible-test only support the
--docker-network option.

* Generalize mysql and mariadb version based on container name

This way we can split db_engine and db_version and simplify tests.
Also this is mandatory to use the matrix.db_engine_version as the
image name for our services containers.

* Fix replication due to usage of gateway_addr instead of localhost

* Refactor setup_mysql into setup_controller

* Fix server_id in GHA

GHA lack a way to pass option to docker's command. Also server_id is
not read as a environment variable. So I'm forced to use a config file.

* Refactor test_mysql_user to work with other host than localhost

* Refactor way tests info are passed from sed to file with lookup

The idea is to avoid modifying test targets from the workflow to prevent
ansible-test to think every tests needs to be run.

* Refactor test to use the db_version from setup_controller

* Add temporary files to .gitignore

* Add back docker healthcheck on services

I saw in the GHA logs that it perform an healtcheck ! So I hope this
will work.

* Refactor the way server_id is set for replicas

The simple way is to add '--server-id 2' after the name of the image of
the container. But GHA doesn't let us do that. The idea of mount a file
from our repo doesn't work because the repo is check out later in the
workflow and I failed to find a pre-job hook. Then I realized that this
MySQL option is dynamic! So we will set that in the test target!

* Add IF NOT EXISTS to prevent misleading error on retry

* Cut python 3.11 not supported by ansible-test yet

* Add option to run only a single target

* Disable replication with channel tests entirely for MySQL 5.7

* Activate Mysql 8 and Mariadb into GitHub Action Workflow

* Document run_all_tests.py

* Fix replication settings

sh don't know 'echo -e', so we use bash instead.
Also, we need to wait for the container to be healthy before trying to
restart it. Otherwise that could corrupt it.

* Add more descriptive tests names

* Use mysql_host var name instead of gateway_addr in tests

* Refactor user@<gateway ip addr> into user@%

* Workaround for plugin role that fails with any MariaDB versions

* Ensure replicas are healthy before rebooting them

* Add a virtualenv for ansible-test used locally

* Cut column-statistics disabling

Thanks to our test-container, we now use the correspond mysql-client.
So to test mysql 5.7 we use mysql-client-5.7 and to test mysql 8 we
use mysql-client-8.

* Fix test matrix

Python version should be quoted, otherwise 3.10 become 3.1
We can skip 2.14 and devel with Python3.8
We can skip devel with Python 3.9
We can skip MariaDB 10.4 with mysql-client-10.6
Add tests for MariaDB 10.6, 10.7 and 10.8

* Fix queries for roles

* Add filter for issues resolved in newer version of mysqlclient

* Add names to tests

* Cut tests for incompatible MySQL 8 and pymysql 0.7.11

* Fix assertion for older mysqlclient than 2.0.1 with mysql (mariadb ok)

* Change docker-image workflow to work on all images using matrix

* Add support for version of mysqlclient

* Fix verify database version

Sometimes, version_full contains trailing information (-log). To prevent
issues it's best to concatenate major and minor version.

* Cut filter for tests now that the right connector is used

* Add clean up in "always" phase of the block

Because our tests use --retry-on-error, and the first thing the test
does is to try to create the database. We must cleanup otherwise if
there is a retry, it will throw a misleading "database already exists"
error.

* Disable tests using pymysql 1.0.2

Many tests are failing but this must be fixed in the plugins in a future
PR.

* Cut test MySQL 8 with incompatible pymysql 0.7.11

It fails to connect with error about cryptography unsupported

* Fix missing cffi package to connect to MySQL 8 using Python 3.9

* Split Docker image workflow to rebuild only changed Dockerfile

My goal is not to save the planet but to make it work. Currently
docker/setup-buildx-action@v2 often fails. You have to rerun the
workflow multiple times until it succeed. When you do that with the
matrix with 15 containers, you never get to the point where they all
built successfully. Having separate workflows makes rerun the failing
build easier.

* Add option to let containers alive at end of testing

* Migrate tests documentations in their own file

* Document usage of continue_on_errors

* Add support for systems with unsupported python set as default

* Add create podman network for system missing it.

We saw that on a Fedora 33 with Podman 3.3.1, an old system. I didn't
find in which release the default network changed and maybe it's
defined in the Linux distribution. So in doubt I always attempt to
create the network.

* Add full path to image to prevent podman asking which registry to use

* Add options to enforce recreate containers even if already exists

* Add deletion of anonymous volumes associated with the container

* Change shebang from python to python3 to avoid confusion with python2

This script is a python3 script.

* Add disk and RAM requirements

* Cut the 3 from python command to follow shebang recommendations

https://docs.ansible.com/ansible-core/devel/dev_guide/testing/sanity/shebang.html

* Reformat file path

Co-authored-by: Jorge Rodriguez (A.K.A. Tiriel) <jorge.rodriguez@futurice.com>

* Move utility task files in their own folder

* Add called workflow file in the GHA hooks

Without this, the containers are not rebuilt when you modify the file
built-docker-image.yml.

* Rollback to github.repository in container image name

This time I think I understood. We publish in the
github.repository_owner's namespace. In my case it's laurent-indermuehle
and in case of upstream it's ansible-collections. A proof of that:
https://github.com/orgs/ansible-collections/packages <- here there is
one attempt I did in february to push my branch to the upstream.
So, our tests containers will be visible to the whole community, not
just community.mysql.

---------

Co-authored-by: Jorge Rodriguez (A.K.A. Tiriel) <jorge.rodriguez@futurice.com>
(cherry picked from commit 6970aef8f6)

* Add changelog fragment

* Disable tests that doesn't work on stable-1

It's shameful to disable tests, but they didn't makes much sense
anyway.

* Fix error message being different on stable-1 than v3

* Disable tests against MariaDB 10.5 and 10.6

Does version have never been tested on stable-1 and many tests fails.
This commit is contained in:
Laurent Indermühle 2023-03-29 08:56:52 +02:00 committed by GitHub
commit 530e6c3d9c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
122 changed files with 3786 additions and 2639 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/integration/old_mariadb_replication/defaults/main.yml
View file

@ -1,3 +1,5 @@
---
mysql_host: "{{ gateway_addr }}"
master_port: 3306
standby_port: 3307
test_db: test_db

36
tests/integration/old_mariadb_replication/tasks/mariadb_master_use_gtid.yml
View file

@ -11,7 +11,7 @@
# Auxiliary step:
- name: Get master status
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ primary_db.port }}"
mode: getmaster
register: primary_status
@ -19,10 +19,10 @@
# Set master_use_gtid disabled:
- name: Run replication
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: changemaster
master_host: 127.0.0.1
master_host: '{{ mysql_host }}'
master_port: "{{ primary_db.port }}"
master_user: "{{ replication_user }}"
master_password: "{{ replication_pass }}"
@ -38,13 +38,13 @@
# Start standby for further tests:
- name: Start standby
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ primary_db.port }}"
mode: startslave
- name: Get standby status
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: getslave
register: slave_status
@ -56,7 +56,7 @@
# Stop standby for further tests:
- name: Stop standby
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: stopslave
@ -67,7 +67,7 @@
# Auxiliary step:
- name: Get master status
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ primary_db.port }}"
mode: getmaster
register: primary_status
@ -75,10 +75,10 @@
# Set master_use_gtid current_pos:
- name: Run replication
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: changemaster
master_host: 127.0.0.1
master_host: '{{ mysql_host }}'
master_port: "{{ primary_db.port }}"
master_user: "{{ replication_user }}"
master_password: "{{ replication_pass }}"
@ -94,13 +94,13 @@
# Start standby for further tests:
- name: Start standby
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ primary_db.port }}"
mode: startslave
- name: Get standby status
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: getslave
register: slave_status
@ -112,7 +112,7 @@
# Stop standby for further tests:
- name: Stop standby
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: stopslave
@ -123,7 +123,7 @@
# Auxiliary step:
- name: Get master status
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ primary_db.port }}"
mode: getmaster
register: primary_status
@ -131,10 +131,10 @@
# Set master_use_gtid slave_pos:
- name: Run replication
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: changemaster
master_host: 127.0.0.1
master_host: '{{ mysql_host }}'
master_port: "{{ primary_db.port }}"
master_user: "{{ replication_user }}"
master_password: "{{ replication_pass }}"
@ -150,13 +150,13 @@
# Start standby for further tests:
- name: Start standby
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ primary_db.port }}"
mode: startslave
- name: Get standby status
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: getslave
register: slave_status
@ -168,6 +168,6 @@
# Stop standby for further tests:
- name: Stop standby
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: stopslave

22
tests/integration/old_mariadb_replication/tasks/mariadb_replication_connection_name.yml
View file

@ -4,20 +4,20 @@
# Needs for further tests:
- name: Stop slave
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: stopslave
- name: Reset slave all
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: resetslaveall
# Get master log pos:
- name: Get master status
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ primary_db.port }}"
mode: getmaster
register: primary_status
@ -25,10 +25,10 @@
# Test changemaster mode:
- name: Run replication with connection_name
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: changemaster
master_host: 127.0.0.1
master_host: '{{ mysql_host }}'
master_port: "{{ primary_db.port }}"
master_user: "{{ replication_user }}"
master_password: "{{ replication_pass }}"
@ -45,7 +45,7 @@
# Test startslave mode:
- name: Start slave with connection_name
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: startslave
connection_name: "{{ conn_name }}"
@ -59,7 +59,7 @@
# Test getslave mode:
- name: Get standby statu with connection_name
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: getslave
connection_name: "{{ conn_name }}"
@ -68,7 +68,7 @@
- assert:
that:
- slave_status.Is_Slave == true
- slave_status.Master_Host == '127.0.0.1'
- slave_status.Master_Host == ''{{ mysql_host }}''
- slave_status.Exec_Master_Log_Pos == primary_status.Position
- slave_status.Master_Port == {{ primary_db.port }}
- slave_status.Last_IO_Errno == 0
@ -78,7 +78,7 @@
# Test stopslave mode:
- name: Stop slave with connection_name
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: stopslave
connection_name: "{{ conn_name }}"
@ -92,7 +92,7 @@
# Test reset
- name: Reset slave with connection_name
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: resetslave
connection_name: "{{ conn_name }}"
@ -106,7 +106,7 @@
# Test reset all
- name: Reset slave all with connection_name
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: resetslaveall
connection_name: "{{ conn_name }}"

20
tests/integration/old_mariadb_replication/tasks/mariadb_replication_initial.yml
View file

@ -3,11 +3,11 @@
# Preparation:
- name: Create user for replication
shell: "echo \"GRANT REPLICATION SLAVE ON *.* TO '{{ replication_user }}'@'localhost' IDENTIFIED BY '{{ replication_pass }}'; FLUSH PRIVILEGES;\" | mysql -P {{ primary_db.port }} -h 127.0.0.1"
shell: "echo \"GRANT REPLICATION SLAVE ON *.* TO '{{ replication_user }}'@'localhost' IDENTIFIED BY '{{ replication_pass }}'; FLUSH PRIVILEGES;\" | mysql -P {{ primary_db.port }} -h '{{ mysql_host }}'"
- name: Create test database
mysql_db:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ primary_db.port }}'
state: present
name: '{{ test_db }}'
@ -16,12 +16,12 @@
shell: 'mysqldump -P {{ primary_db.port }} -h 127.0.01 --all-databases --master-data=2 > {{ dump_path }}'
- name: Restore the dump to the replica
shell: 'mysql -P {{ replica_db.port }} -h 127.0.0.1 < {{ dump_path }}'
shell: "mysql -P {{ replica_db.port }} -h '{{ mysql_host }}' < {{ dump_path }}"
# Test getmaster mode:
- name: Get master status
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ primary_db.port }}"
mode: getmaster
register: master_status
@ -35,10 +35,10 @@
# Test changemaster mode:
- name: Run replication
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: changemaster
master_host: 127.0.0.1
master_host: '{{ mysql_host }}'
master_port: "{{ primary_db.port }}"
master_user: "{{ replication_user }}"
master_password: "{{ replication_pass }}"
@ -54,7 +54,7 @@
# Test startslave mode:
- name: Start slave
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: startslave
register: result
@ -67,7 +67,7 @@
# Test getslave mode:
- name: Get replica status
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: getslave
register: slave_status
@ -75,7 +75,7 @@
- assert:
that:
- slave_status.Is_Slave == true
- slave_status.Master_Host == '127.0.0.1'
- slave_status.Master_Host == ''{{ mysql_host }}''
- slave_status.Exec_Master_Log_Pos == master_status.Position
- slave_status.Master_Port == {{ primary_db.port }}
- slave_status.Last_IO_Errno == 0
@ -85,7 +85,7 @@
# Test stopslave mode:
- name: Stop slave
mysql_replication:
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: "{{ replica_db.port }}"
mode: stopslave
register: result

11
tests/integration/targets/setup_controller/tasks/fake_root.yml Normal file
View file

@ -0,0 +1,11 @@
---
- name: "{{ role_name }} | Fake root | Ensure folder"
ansible.builtin.file:
path: "{{ playbook_dir }}/root"
state: directory
- name: "{{ role_name }} | Fake root | Ensure default file exists"
ansible.builtin.file:
path: "{{ playbook_dir }}/root/.my.cnf"
state: touch

18
tests/integration/targets/setup_controller/tasks/main.yml Normal file
View file

@ -0,0 +1,18 @@
---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- name: Prepare the fake root folder
ansible.builtin.import_tasks:
file: fake_root.yml
# setvars.yml requires the iproute2 package installed by install.yml
- name: Set variables
ansible.builtin.import_tasks:
file: setvars.yml
- name: Verify all components version under test
ansible.builtin.import_tasks:
file: verify.yml

69
tests/integration/targets/setup_controller/tasks/setvars.yml Normal file
View file

@ -0,0 +1,69 @@
---
- name: "{{ role_name }} | Setvars | Extract Podman/Docker Network Gateway"
ansible.builtin.shell:
cmd: ip route|grep default|awk '{print $3}'
register: ip_route_output
- name: "{{ role_name }} | Setvars | Set Fact"
ansible.builtin.set_fact:
gateway_addr: "{{ ip_route_output.stdout }}"
connector_name_version: >-
{{ lookup(
'file',
'/root/ansible_collections/community/mysql/tests/integration/connector'
) }}
db_engine_version: >-
{{ lookup(
'file',
'/root/ansible_collections/community/mysql/tests/integration/db_engine_version'
) }}
python_version_lookup: >-
{{ lookup(
'file',
'/root/ansible_collections/community/mysql/tests/integration/python'
) }}
ansible_version_lookup: >-
{{ lookup(
'file',
'/root/ansible_collections/community/mysql/tests/integration/ansible'
) }}
- name: "{{ role_name }} | Setvars | Set Fact using above facts"
ansible.builtin.set_fact:
connector_name: "{{ connector_name_version.split('=')[0].strip() }}"
connector_version: "{{ connector_name_version.split('=')[2].strip() }}"
db_engine: "{{ db_engine_version.split(':')[0].strip() }}"
db_version: "{{ db_engine_version.split(':')[1].strip() }}"
python_version: "{{ python_version_lookup.strip() }}"
test_ansible_version: >-
{%- if ansible_version_lookup == 'devel' -%}
{{ ansible_version_lookup }}
{%- else -%}
{{ ansible_version_lookup.split('-')[1].strip() }}
{%- endif -%}
mysql_command: >-
mysql
-h{{ gateway_addr }}
-P{{ mysql_primary_port }}
-u{{ mysql_user }}
-p{{ mysql_password }}
--protocol=tcp
mysql_command_wo_port: >-
mysql
-h{{ gateway_addr }}
-u{{ mysql_user }}
-p{{ mysql_password }}
--protocol=tcp
- name: "{{ role_name }} | Setvars | Output test informations"
vars:
msg: |-
connector_name: {{ connector_name }}
connector_version: {{ connector_version }}
db_engine: {{ db_engine }}
db_version: {{ db_version }}
python_version: {{ python_version }}
test_ansible_version: {{ test_ansible_version }}
ansible.builtin.debug:
msg: "{{ msg.split('\n') }}"

59
tests/integration/targets/setup_controller/tasks/verify.yml Normal file
View file

@ -0,0 +1,59 @@
---
- vars:
mysql_parameters: &mysql_params
login_user: root
login_password: msandbox
login_host: "{{ gateway_addr }}"
login_port: 3307
block:
- name: Query Primary container over TCP for MySQL/MariaDB version
mysql_info:
<<: *mysql_params
filter:
- version
register: primary_info
- name: Assert that test container runs the expected MySQL/MariaDB version
assert:
that:
- "'{{ primary_info.version.major }}.{{ primary_info.version.minor }}\
.{{ primary_info.version.release }}' == '{{ db_version }}'"
- name: Assert that mysql_info module used the expected version of pymysql
assert:
that:
- primary_info.connector_name == connector_name
- primary_info.connector_version == connector_version
when:
- connector_name == 'pymysql'
- name: Assert that mysql_info module used the expected version of mysqlclient
assert:
that:
- primary_info.connector_name == 'MySQLdb'
- primary_info.connector_version == connector_version
when:
- connector_name == 'mysqlclient'
- name: Display the python version in use
command:
cmd: python{{ python_version }} -V
changed_when: false
register: python_in_use
- name: Assert that expected Python is installed
assert:
that:
- python_in_use.stdout is search(python_version)
- name: Assert that we run the expected ansible version
assert:
that:
- >
"{{ ansible_version.major }}.{{ ansible_version.minor }}"
is version(test_ansible_version, '==')
when:
- test_ansible_version != 'devel' # Devel will change overtime

18
tests/integration/targets/setup_mysql/defaults/main.yml
View file

@ -1,18 +0,0 @@
dbdeployer_version: 1.64.0
dbdeployer_home_dir: /opt/dbdeployer
home_dir: /root
mariadb_install: false
mysql_version: 8.0.22
mariadb_version: 10.5.4
mysql_base_port: 3306
percona_client_package: >-
{%- if mariadb_install -%}
mariadb-client
{%- else -%}
percona-server-client-5.7
{%- endif -%}

6
tests/integration/targets/setup_mysql/handlers/main.yml
View file

@ -1,6 +0,0 @@
---
- name: "{{ role_name }} | handler | create dbdeployer installed file"
template:
src: installed_file.j2
dest: "{{ dbdeployer_installed_file }}"
listen: create zookeeper installed file

15
tests/integration/targets/setup_mysql/tasks/config.yml
View file

@ -1,15 +0,0 @@
---
- name: "{{ role_name }} | config | download mysql tarball"
get_url:
url: "{{ install_src }}"
dest: "{{ dbdeployer_sandbox_download_dir }}/{{ install_tarball }}"
- name: "{{ role_name }} | config | run unpack tarball"
shell:
cmd: "dbdeployer unpack {{ dbdeployer_sandbox_download_dir }}/{{ install_tarball }} --flavor {{ install_type }}"
creates: "{{ dbdeployer_sandbox_binary_dir }}/{{ install_version }}"
- name: "{{ role_name }} | config | setup replication topology"
shell:
cmd: "dbdeployer deploy multiple {{ install_version }} --flavor {{ install_type }} --base-port {{ mysql_base_port }} --my-cnf-options=\"master_info_repository='TABLE'\" --my-cnf-options=\"relay_log_info_repository='TABLE'\""
creates: "{{ dbdeployer_sandbox_home_dir }}/multi_msb_{{ install_version|replace('.','_') }}"

11
tests/integration/targets/setup_mysql/tasks/dir.yml
View file

@ -1,11 +0,0 @@
---
- name: "{{ role_name }} | dir | create dbdeployer directories"
file:
state: directory
path: "{{ item }}"
loop:
- "{{ dbdeployer_home_dir }}"
- "{{ dbdeployer_install_dir }}"
- "{{ dbdeployer_sandbox_download_dir }}"
- "{{ dbdeployer_sandbox_binary_dir }}"
- "{{ dbdeployer_sandbox_home_dir }}"

90
tests/integration/targets/setup_mysql/tasks/install.yml
View file

@ -1,90 +0,0 @@
---
- name: "{{ role_name }} | install | add apt signing key for percona"
apt_key:
keyserver: keyserver.ubuntu.com
id: 4D1BB29D63D98E422B2113B19334A25F8507EFA5
state: present
when: install_type == 'mysql'
- name: "{{ role_name }} | install | add percona repositories"
apt_repository:
repo: deb http://repo.percona.com/percona/apt {{ ansible_lsb.codename }} main
state: present
when: install_type == 'mysql'
- name: "{{ role_name }} | install | add apt signing key for mariadb"
apt_key:
keyserver: keyserver.ubuntu.com
id: F1656F24C74CD1D8
state: present
when: install_type == 'mariadb'
- name: "{{ role_name }} | install | add mariadb repositories"
apt_repository:
repo: "deb [arch=amd64,arm64] https://downloads.mariadb.com/MariaDB/mariadb-{{ mysql_major_version }}/repo/ubuntu {{ ansible_lsb.codename }} main"
state: present
when: install_type == 'mariadb'
- name: "{{ role_name }} | install | install packages required by percona"
apt:
name: "{{ percona_mysql_packages }}"
state: present
environment:
DEBIAN_FRONTEND: noninteractive
- name: "{{ role_name }} | install | install packages required by mysql connector"
apt:
name: "{{ install_python_prereqs }}"
state: present
environment:
DEBIAN_FRONTEND: noninteractive
- name: "{{ role_name }} | install | install python packages"
pip:
name: "{{ python_packages }}"
register: connector
- name: Extract connector.name.0 content
set_fact:
connector_name: "{{ connector.name.0 }}"
- name: Debug connector_name content
debug:
msg: '{{ connector_name }}'
- name: Extract connector version
set_fact:
connector_ver: "{{ connector_name.split('=')[2].strip() }}"
- name: Debug connector_ver var content
debug:
msg: '{{ connector_ver }}'
- name: "{{ role_name }} | install | install packages required by mysql"
apt:
name: "{{ install_prereqs }}"
state: present
environment:
DEBIAN_FRONTEND: noninteractive
- name: "{{ role_name }} | install | download and unpack dbdeployer"
unarchive:
remote_src: true
src: "{{ dbdeployer_src }}"
dest: "{{ dbdeployer_install_dir }}"
creates: "{{ dbdeployer_installed_file }}"
register: dbdeployer_tarball_install
notify:
- create zookeeper installed file
until: dbdeployer_tarball_install is not failed
retries: 6
delay: 5
- name: "{{ role_name }} | install | create symlink"
file:
src: "{{ dbdeployer_install_dir }}/dbdeployer-{{ dbdeployer_version }}.linux"
dest: /usr/local/bin/dbdeployer
follow: false
state: link
- meta: flush_handlers

11
tests/integration/targets/setup_mysql/tasks/main.yml
View file

@ -1,11 +0,0 @@
---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
- import_tasks: setvars.yml
- import_tasks: dir.yml
- import_tasks: install.yml
- import_tasks: config.yml
- import_tasks: verify.yml

33
tests/integration/targets/setup_mysql/tasks/setvars.yml
View file

@ -1,33 +0,0 @@
---
- name: "{{ role_name }} | setvars | split mysql version in parts"
set_fact:
mysql_version_parts: >-
{%- if mariadb_install -%}
{{ mariadb_version.split('.') }}
{%- else -%}
{{ mysql_version.split('.') }}
{%- endif -%}
- name: "{{ role_name }} | setvars | get mysql major version"
set_fact:
mysql_major_version: "{{ mysql_version_parts[0] + '.' + mysql_version_parts[1] }}"
- name: "{{ role_name }} | setvars | set the appropriate extension dependent on the mysql version"
set_fact:
mysql_compression_extension: "{{ mysql_version is version('8.0.0', '<') | ternary('gz', 'xz') }}"
- name: "{{ role_name }} | setvars | set the install type"
set_fact:
install_type: "{{ mariadb_install | ternary('mariadb', 'mysql') }}"
- name: "{{ role_name }} | setvars | set install_version"
set_fact:
install_version: "{{ lookup('vars', install_type + '_version') }}"
- name: "{{ role_name }} | setvars | set install_tarball"
set_fact:
install_tarball: "{{ lookup('vars', install_type + '_tarball') }}"
- name: "{{ role_name }} | setvars | set install_src"
set_fact:
install_src: "{{ lookup('vars', install_type + '_src') }}"

27
tests/integration/targets/setup_mysql/tasks/verify.yml
View file

@ -1,27 +0,0 @@
---
- name: "{{ role_name }} | verify | confirm primary is running and get the port"
shell: "{{ dbdeployer_sandbox_home_dir }}/multi_msb_{{ install_version|replace('.','_') }}/n1 -BNe'select @@port'"
register: primary_port
- name: "{{ role_name }} | verify | confirm replica1 is running and get the port"
shell: "{{ dbdeployer_sandbox_home_dir }}/multi_msb_{{ install_version|replace('.','_') }}/n2 -BNe'select @@port'"
register: replica1_port
- name: "{{ role_name }} | verify | confirm replica2 is running and get the port"
shell: "{{ dbdeployer_sandbox_home_dir }}/multi_msb_{{ install_version|replace('.','_') }}/n3 -BNe'select @@port'"
register: replica2_port
- name: "{{ role_name }} | verify | confirm primary is running on expected port"
assert:
that:
- primary_port.stdout|int == 3307
- name: "{{ role_name }} | verify | confirm replica1 is running on expected port"
assert:
that:
- replica1_port.stdout|int == 3308
- name: "{{ role_name }} | verify | confirm replica2 is running on expected port"
assert:
that:
- replica2_port.stdout|int == 3309

1
tests/integration/targets/setup_mysql/templates/installed_file.j2
View file

@ -1 +0,0 @@
{{ dbdeployer_version }}

30
tests/integration/targets/setup_mysql/vars/main.yml
View file

@ -1,30 +0,0 @@
---
dbdeployer_install_dir: "{{ dbdeployer_home_dir }}/dbdeployer_{{ dbdeployer_version }}"
dbdeployer_src: "https://github.com/datacharmer/dbdeployer/releases/download/v{{ dbdeployer_version }}/dbdeployer-{{ dbdeployer_version }}.linux.tar.gz"
dbdeployer_installed_file: "{{ dbdeployer_home_dir }}/dbdeployer_installed"
dbdeployer_sandbox_download_dir: "{{ home_dir }}/downloads"
dbdeployer_sandbox_binary_dir: "{{ home_dir }}/opt/mysql"
dbdeployer_sandbox_home_dir: "{{ home_dir }}/sandboxes"
percona_mysql_packages:
- "{{ percona_client_package }}"
python_packages: [pymysql == 0.9.3]
install_prereqs:
- libaio1
- libnuma1
- libncurses5
install_python_prereqs:
- python3-dev
- python3-cryptography
- default-libmysqlclient-dev
- build-essential
mysql_tarball: "mysql-{{ mysql_version }}-linux-glibc2.12-x86_64.tar.{{ mysql_compression_extension }}"
mysql_src: "https://cdn.mysql.com/archives/mysql-{{ mysql_major_version }}/{{ mysql_tarball }}"
mariadb_url_subdir: "linux"
mariadb_tarball: "mariadb-{{ mariadb_version }}-{{ mariadb_url_subdir }}-x86_64.tar.gz"
mariadb_src: "https://downloads.mariadb.com/MariaDB/mariadb-{{ mariadb_version }}/bintar-{{ mariadb_url_subdir }}-x86_64/{{ mariadb_tarball }}"

1
tests/integration/targets/test_mysql_db/defaults/main.yml
View file

@ -2,6 +2,7 @@
# defaults file for test_mysql_db
mysql_user: root
mysql_password: msandbox
mysql_host: '{{ gateway_addr }}'
mysql_primary_port: 3307
# Database names

2
tests/integration/targets/test_mysql_db/meta/main.yml
View file

@ -1,2 +1,2 @@
dependencies:
- setup_mysql
- setup_controller

73
tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml
View file

@ -1,57 +1,59 @@
- set_fact:
---
- name: Config overrides | Set facts
set_fact:
db_to_create: testdb1
config_file: "/root/.my1.cnf"
config_file: "{{ playbook_dir }}/.my1.cnf"
fake_port: 9999
fake_host: "blahblah.local"
include_dir: "/root/mycnf.d"
include_dir: "{{ playbook_dir }}/mycnf.d"
- name: Create custom config file
- name: Config overrides | Create custom config file
shell: 'echo "[client]" > {{ config_file }}'
- name: Add fake port to config file
- name: Config overrides | Add fake port to config file
shell: 'echo "port = {{ fake_port }}" >> {{ config_file }}'
- name: Add blank line
- name: Config overrides | Add blank line
shell: 'echo "" >> {{ config_file }}'
when:
- >
connector_name is not search('pymysql')
connector_name != 'pymysql'
or (
connector_name is search('pymysql')
and connector_ver is version('0.9.3', '>=')
connector_name == 'pymysql'
and connector_version is version('0.9.3', '>=')
)
- name: Create include_dir
- name: Config overrides | Create include_dir
file:
path: '{{ include_dir }}'
state: directory
mode: '0777'
when:
- >
connector_name is not search('pymysql')
connector_name != 'pymysql'
or (
connector_name is search('pymysql')
and connector_ver is version('0.9.3', '>=')
connector_name == 'pymysql'
and connector_version is version('0.9.3', '>=')
)
- name: Add include_dir
- name: Config overrides | Add include_dir
lineinfile:
path: '{{ config_file }}'
line: '!includedir {{ include_dir }}'
insertafter: EOF
when:
- >
connector_name is not search('pymysql')
connector_name != 'pymysql'
or (
connector_name is search('pymysql')
and connector_ver is version('0.9.3', '>=')
connector_name == 'pymysql'
and connector_version is version('0.9.3', '>=')
)
- name: Create database using fake port to connect to, must fail
- name: Config overrides | Create database using fake port to connect to, must fail
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_to_create }}'
state: present
@ -61,17 +63,17 @@
ignore_errors: yes
register: result
- name: Must fail because login_port default has beed overriden by wrong value from config file
- name: Config overrides | Must fail because login_port default has beed overriden by wrong value from config file
assert:
that:
- result is failed
- result.msg is search("unable to connect to database")
- result is failed
- result.msg is search("unable to connect to database")
- name: Create database using default port
- name: Config overrides | Create database using default port
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_to_create }}'
state: present
@ -80,22 +82,22 @@
config_overrides_defaults: no
register: result
- name: Must not fail because of the default of login_port is correct
- name: Config overrides | Must not fail because of the default of login_port is correct
assert:
that:
- result is changed
- result is changed
- name: Reinit custom config file
- name: Config overrides | Reinit custom config file
shell: 'echo "[client]" > {{ config_file }}'
- name: Add fake host to config file
- name: Config overrides | Add fake host to config file
shell: 'echo "host = {{ fake_host }}" >> {{ config_file }}'
- name: Remove database using fake login_host
- name: Config overrides | Remove database using fake login_host
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_to_create }}'
state: absent
@ -104,18 +106,17 @@
register: result
ignore_errors: yes
- name: Must fail because login_host default has beed overriden by wrong value from config file
- name: Config overrides | Must fail because login_host default has beed overriden by wrong value from config file
assert:
that:
- result is failed
- result.msg is search("Can't connect to MySQL server on '{{ fake_host }}'") or result.msg is search("Unknown MySQL server host '{{ fake_host }}'")
- result is failed
- result.msg is search("Can't connect to MySQL server on '{{ fake_host }}'") or result.msg is search("Unknown MySQL server host '{{ fake_host }}'")
# Clean up
- name: Remove test db
- name: Config overrides | Clean up test database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_to_create }}'
state: absent

52
tests/integration/targets/test_mysql_db/tasks/encoding_dump_import.yml
View file

@ -1,45 +1,46 @@
---
- set_fact:
latin1_file1: "{{tmp_dir}}/{{file}}"
- name: Encoding | Set fact
set_fact:
latin1_file1: "{{ tmp_dir }}/{{ file }}"
- name: Deleting Latin1 encoded Database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_latin1_name }}'
state: absent
- name: create Latin1 encoded database
- name: Encoding | Create Latin1 encoded database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_latin1_name }}'
state: present
encoding: latin1
- name: create a table in Latin1 database
- name: Encoding | Create a table in Latin1 database
command: "{{ mysql_command }} {{ db_latin1_name }} -e \"create table testlatin1(id int, name varchar(100))\""
# Inserting a string in latin1 into table, , this string be tested later,
# so report any change of content in the test too
- name: inserting data into Latin1 database
- name: Encoding | Inserting data into Latin1 database
command: "{{ mysql_command }} {{ db_latin1_name }} -e \"insert into testlatin1 value(47,'Amédée Bôlüt')\""
- name: selecting table
- name: Encoding | Selecting table
command: "{{ mysql_command }} {{ db_latin1_name }} -e \"select * from testlatin1\""
register: output
- name: Dumping a table in Latin1 database
- name: Encoding | Dumping a table in Latin1 database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: "{{ db_latin1_name }}"
encoding: latin1
@ -49,30 +50,30 @@
- assert:
that:
- result is changed
- result is changed
- name: state dump - file name should exist
- name: Encoding | State dump - file name should exist (latin1_file1)
file:
name: '{{ latin1_file1 }}'
state: file
- name: od the file and check of latin1 encoded string is present
- name: od the file and check of latin1 encoded string is present
shell: grep -a 47 {{ latin1_file1 }} | od -c |grep "A m 351 d 351 e B 364\|A m 303 251 d 303 251 e B 303"
- name: Dropping {{ db_latin1_name }} database
- name: Encoding | Dropping {{ db_latin1_name }} database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_latin1_name }}'
state: absent
- name: Importing the latin1 mysql script
- name: Encoding | Importing the latin1 mysql script
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
state: import
encoding: latin1
@ -80,20 +81,25 @@
target: "{{ latin1_file1 }}"
register: result
- assert:
- name: Encoding | Assert that importing latin1 is changed
assert:
that:
- result is changed
- result is changed
- name: check encoding of table
shell: "{{ mysql_command }} {{ db_latin1_name }} -e \"SHOW FULL COLUMNS FROM testlatin1\""
- name: Encoding | Check encoding of table
ansible.builtin.command:
cmd: >
{{ mysql_command }}
{{ db_latin1_name }}
-e "SHOW FULL COLUMNS FROM {{ db_latin1_name }}.testlatin1"
register: output
failed_when: '"latin1_swedish_ci" not in output.stdout'
- name: remove database
- name: Encoding | Clean up database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_latin1_name }}'
state: absent

16
tests/integration/targets/test_mysql_db/tasks/issue-28.yml
View file

@ -9,7 +9,7 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
when: tls_enabled
block:
@ -25,6 +25,7 @@
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host_all: true
state: absent
ignore_errors: yes
@ -32,6 +33,7 @@
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
host: "%"
password: "{{ user_password_1 }}"
priv: '*.*:ALL,GRANT'
tls_requires:
@ -43,7 +45,7 @@
state: absent
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
register: result
@ -52,12 +54,14 @@
- assert:
that:
- result is failed
when: connector_name is search('pymysql')
when:
- connector_name == 'pymysql'
- assert:
that:
- result is succeeded
when: connector_name is not search('pymysql')
when:
- connector_name != 'pymysql'
- name: attempt connection with newly created user ignoring hostname
mysql_db:
@ -65,7 +69,7 @@
state: absent
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
check_hostname: no
@ -80,5 +84,5 @@
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host: 127.0.0.1
host_all: true
state: absent

5
tests/integration/targets/test_mysql_db/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
@ -21,10 +22,6 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: alias mysql command to include default options
set_fact:
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
- name: Check state present/absent
include_tasks: state_present_absent.yml
vars:

45
tests/integration/targets/test_mysql_db/tasks/multi_db_create_delete.yml
View file

@ -18,7 +18,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db1_name }}'
@ -43,7 +43,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db1_name }}'
@ -75,7 +75,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db1_name }}'
@ -107,7 +107,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db1_name }}'
@ -139,7 +139,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db1_name }}'
@ -170,7 +170,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db2_name }}'
@ -199,7 +199,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db1_name }}'
@ -231,7 +231,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db1_name }}'
@ -271,7 +271,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db1_name }}'
@ -308,7 +308,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- "{{ db1_name }}"
@ -348,7 +348,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- "{{ db4_name }}"
@ -384,11 +384,12 @@
# ==========================================================================
# Dump existing databases
- name: Dump existing databases
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db1_name }}'
@ -398,13 +399,13 @@
target: '{{ dump1_file }}'
register: dump_result
- name: assert successful completion of dump operation
- name: Assert successful completion of dump operation (existing database)
assert:
that:
- dump_result is changed
- dump_result.db_list == ['{{ db1_name }}', '{{ db2_name }}', '{{ db3_name }}']
- name: run command to list databases like specified database name
- name: Run command to list databases like specified database name
command: "{{ mysql_command }} \"-e show databases like 'database%'\""
register: mysql_result
@ -415,7 +416,7 @@
- "'{{ db2_name }}' in mysql_result.stdout"
- "'{{ db3_name }}' in mysql_result.stdout"
- name: state dump - file name should exist
- name: State dump - file name should exist (dump1_file)
file:
name: '{{ dump1_file }}'
state: file
@ -441,7 +442,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: all
state: dump
@ -466,7 +467,7 @@
- "'{{ db4_name }}' not in mysql_result.stdout"
- "'{{ db5_name }}' not in mysql_result.stdout"
- name: state dump - file name should exist
- name: state dump - file name should exist (dump2_file)
file:
name: '{{ dump2_file }}'
state: file
@ -479,7 +480,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db2_name }}'
@ -509,7 +510,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db2_name }}'
@ -539,7 +540,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db2_name }}'
@ -569,7 +570,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db2_name }}'
@ -598,7 +599,7 @@
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db1_name }}'

199
tests/integration/targets/test_mysql_db/tasks/state_dump_import.yml
View file

@ -17,113 +17,116 @@
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- set_fact:
- name: Dump and Import | Set facts
set_fact:
db_file_name: "{{ tmp_dir }}/{{ file }}"
wrong_sql_file: "{{ tmp_dir }}/wrong.sql"
dump_file1: "{{ tmp_dir }}/{{ file2 }}"
dump_file2: "{{ tmp_dir }}/{{ file3 }}"
db_user: "test"
db_user_unsafe_password: "pass!word"
config_file: "/root/.my.cnf"
config_file: "{{ playbook_dir }}/root/.my.cnf"
- name: create custom config file
- name: Dump and Import | Create custom config file
shell: 'echo "[client]" > {{ config_file }}'
- name: create user for test unsafe_login_password parameter
- name: Dump and Import | Create user for test unsafe_login_password parameter
mysql_user:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_user }}'
host: '%'
password: '{{ db_user_unsafe_password }}'
priv: '*.*:ALL'
state: present
- name: state dump/import - create database
- name: Dump and Import | State dump/import - create database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name }}'
state: present
check_implicit_admin: yes
- name: create database
- name: Dump and Import | Create database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name2 }}'
state: present
check_implicit_admin: no
- name: state dump/import - create table department
- name: Dump and Import | State dump/import - create table department
command: "{{ mysql_command }} {{ db_name }} \"-e create table department(id int, name varchar(100))\""
- name: state dump/import - create table employee
- name: Dump and Import | State dump/import - create table employee
command: "{{ mysql_command }} {{ db_name }} \"-e create table employee(id int, name varchar(100))\""
- name: state dump/import - insert data into table employee
- name: Dump and Import | State dump/import - insert data into table employee
command: "{{ mysql_command }} {{ db_name }} \"-e insert into employee value(47,'Joe Smith')\""
- name: state dump/import - insert data into table department
- name: Dump and Import | State dump/import - insert data into table department
command: "{{ mysql_command }} {{ db_name }} \"-e insert into department value(2,'Engineering')\""
- name: state dump/import - file name should not exist
- name: Dump and Import | State dump/import - file name should not exist
file:
name: '{{ db_file_name }}'
state: absent
- name: database dump file1 should not exist
- name: Dump and Import | Database dump file1 should not exist
file:
name: '{{ dump_file1 }}'
state: absent
- name: database dump file2 should not exist
- name: Dump and Import | Database dump file2 should not exist
file:
name: '{{ dump_file2 }}'
state: absent
- name: state dump without department table.
- name: Dump and Import | State dump without department table.
mysql_db:
login_user: '{{ db_user }}'
login_password: '{{ db_user_unsafe_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
unsafe_login_password: yes
name: '{{ db_name }}'
state: dump
target: '{{ db_file_name }}'
ignore_tables:
- "{{ db_name }}.department"
- "{{ db_name }}.department"
force: yes
master_data: 1
skip_lock_tables: yes
dump_extra_args: --skip-triggers
dump_extra_args: >-
--skip-triggers
config_file: '{{ config_file }}'
restrict_config_file: yes
check_implicit_admin: no
register: result
- name: assert successful completion of dump operation
- name: Dump and Import | Assert successful completion of dump operation
assert:
that:
- result is changed
- result.executed_commands[0] is search("mysqldump --defaults-file={{ config_file }} --user={{ db_user }} --password=\*\*\*\*\*\*\*\* --force --host=127.0.0.1 --port={{ mysql_primary_port }} {{ db_name }} --skip-lock-tables --quick --ignore-table={{ db_name }}.department --master-data=1 --skip-triggers")
- result.executed_commands[0] is search(".department --master-data=1 --skip-triggers")
- name: state dump/import - file name should exist
- name: Dump and Import | State dump/import - file name should exist (db_file_name)
file:
name: '{{ db_file_name }}'
state: file
- name: state dump with multiple databases in comma separated form.
- name: Dump and Import | State dump with multiple databases in comma separated form for MySQL.
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: "{{ db_name }},{{ db_name2 }}"
state: dump
@ -131,22 +134,22 @@
check_implicit_admin: yes
register: dump_result1
- name: assert successful completion of dump operation (with multiple databases in comma separated form)
- name: Dump and Import | Assert successful completion of dump operation (with multiple databases in comma separated form)
assert:
that:
- dump_result1 is changed
- dump_result1.executed_commands[0] is search(" --user=root --password=\*\*\*\*\*\*\*\*")
- name: state dump - dump file1 should exist
- name: Dump and Import | State dump - dump file1 should exist
file:
name: '{{ dump_file1 }}'
state: file
- name: state dump with multiple databases in list form via check_mode
- name: Dump and Import | State dump with multiple databases in list form via check_mode
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db_name }}'
@ -156,26 +159,26 @@
register: dump_result
check_mode: yes
- name: assert successful completion of dump operation (with multiple databases in list form) via check mode
- name: Dump and Import | Assert successful completion of dump operation (with multiple databases in list form) via check mode
assert:
that:
- dump_result is changed
- name: database dump file2 should not exist
- name: Dump and Import | Database dump file2 should not exist
stat:
path: '{{ dump_file2 }}'
register: stat_result
- name: assert that check_mode does not create dump file for databases
- name: Dump and Import | Assert that check_mode does not create dump file for databases
assert:
that:
- stat_result.stat.exists is defined and not stat_result.stat.exists
- name: state dump with multiple databases in list form.
- name: Dump and Import | State dump with multiple databases in list form.
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name:
- '{{ db_name }}'
@ -184,39 +187,39 @@
target: '{{ dump_file2 }}'
register: dump_result2
- name: assert successful completion of dump operation (with multiple databases in list form)
- name: Dump and Import | Assert successful completion of dump operation (with multiple databases in list form)
assert:
that:
- dump_result2 is changed
- name: state dump - dump file2 should exist
- name: Dump and Import | State dump - dump file2 should exist
file:
name: '{{ dump_file2 }}'
state: file
- name: state dump/import - remove database
- name: Dump and Import | State dump/import - remove database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name }}'
state: absent
- name: remove database
- name: Dump and Import | Remove database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name2 }}'
state: absent
- name: test state=import to restore the database of type {{ format_type }} (expect changed=true)
- name: Dump and Import | Test state=import to restore the database of type {{ format_type }} (expect changed=true)
mysql_db:
login_user: '{{ db_user }}'
login_password: '{{ db_user_unsafe_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
unsafe_login_password: yes
name: '{{ db_name }}'
@ -225,20 +228,20 @@
use_shell: yes
register: result
- name: show the tables
- name: Dump and Import | Show the tables
command: "{{ mysql_command }} {{ db_name }} \"-e show tables\""
register: result
- name: assert that the department table is absent.
- name: Dump and Import | Assert that the department table is absent.
assert:
that:
- "'department' not in result.stdout"
- name: test state=import to restore a database from multiple database dumped file1
- name: Dump and Import | Test state=import to restore a database from multiple database dumped file1
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name2 }}'
state: import
@ -246,34 +249,34 @@
use_shell: no
register: import_result
- name: assert output message restored a database from dump file1
- name: Dump and Import | Assert output message restored a database from dump file1
assert:
that:
- import_result is changed
- name: remove database
- name: Dump and Import | Remove database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name2 }}'
state: absent
- name: run command to list databases
- name: Dump and Import | Run command to list databases
command: "{{ mysql_command }} \"-e show databases like 'data%'\""
register: mysql_result
- name: assert that db_name2 database does not exist
- name: Dump and Import | Assert that db_name2 database does not exist
assert:
that:
- "'{{ db_name2 }}' not in mysql_result.stdout"
- name: test state=import to restore a database from dumped file2 (check mode)
- name: Dump and Import | Test state=import to restore a database from dumped file2 (check mode)
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name2 }}'
state: import
@ -281,96 +284,96 @@
register: check_import_result
check_mode: yes
- name: assert output message restored a database from dump file2 (check mode)
- name: Dump and Import | Assert output message restored a database from dump file2 (check mode)
assert:
that:
- check_import_result is changed
- name: run command to list databases
- name: Dump and Import | Run command to list databases
command: "{{ mysql_command }} \"-e show databases like 'data%'\""
register: mysql_result
- name: assert that db_name2 database does not exist (check mode)
- name: Dump and Import | Assert that db_name2 database does not exist (check mode)
assert:
that:
- "'{{ db_name2 }}' not in mysql_result.stdout"
- name: test state=import to restore a database from multiple database dumped file2
- name: Dump and Import | Test state=import to restore a database from multiple database dumped file2
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name2 }}'
state: import
target: '{{ dump_file2 }}'
register: import_result2
- name: assert output message restored a database from dump file2
- name: Dump and Import | Assert output message restored a database from dump file2
assert:
that:
- import_result2 is changed
- import_result2.db_list == ['{{ db_name2 }}']
- name: run command to list databases
- name: Dump and Import | Run command to list databases
command: "{{ mysql_command }} \"-e show databases like 'data%'\""
register: mysql_result
- name: assert that db_name2 database does exist after import
- name: Dump and Import | Assert that db_name2 database does exist after import
assert:
that:
- "'{{ db_name2 }}' in mysql_result.stdout"
- name: test state=dump to backup the database of type {{ format_type }} (expect changed=true)
- name: Dump and Import | Test state=dump to backup the database of type {{ format_type }} (expect changed=true)
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name }}'
state: dump
target: '{{ db_file_name }}'
register: result
- name: assert output message backup the database
- name: Dump and Import | Assert output message backup the database
assert:
that:
- result is changed
- "result.db =='{{ db_name }}'"
# - name: assert database was backed up successfully
# - name: Dump and Import | Assert database was backed up successfully
# command: "file {{ db_file_name }}"
# register: result
#
# - name: assert file format type
# - name: Dump and Import | Assert file format type
# assert:
# that:
# - "'{{ format_msg_type }}' in result.stdout"
- name: update database table employee
- name: Dump and Import | Update database table employee
command: "{{ mysql_command }} {{ db_name }} \"-e update employee set name='John Doe' where id=47\""
- name: test state=import to restore the database of type {{ format_type }} (expect changed=true)
- name: Dump and Import | Test state=import to restore the database of type {{ format_type }} (expect changed=true)
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name }}'
state: import
target: '{{ db_file_name }}'
register: result
- name: assert output message restore the database
- name: Dump and Import | Assert output message restore the database
assert:
that:
- result is changed
- name: select data from table employee
- name: Dump and Import | Select data from table employee
command: "{{ mysql_command }} {{ db_name }} \"-e select * from employee\""
register: result
- name: assert data in database is from the restore database
- name: Dump and Import | Assert data in database is from the restore database
assert:
that:
- "'47' in result.stdout"
@ -380,14 +383,14 @@
# Test ``force`` parameter
##########################
- name: create wrong sql file
- name: Dump and Import | Create wrong sql file
shell: echo 'CREATE TABLE hello (id int); CREATE ELBAT ehlo (int id);' >> '{{ wrong_sql_file }}'
- name: try to import without force parameter, must fail
- name: Dump and Import | Try to import without force parameter, must fail
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name }}'
state: import
@ -400,11 +403,11 @@
that:
- result is failed
- name: try to import with force parameter
- name: Dump and Import | Try to import with force parameter
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name }}'
state: import
@ -420,40 +423,24 @@
# Clean up
##########
- name: remove database name
- name: Dump and Import | Clean up databases
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name }}'
name: '{{ item }}'
state: absent
loop:
- '{{ db_name }}'
- '{{ db_name2 }}'
- name: remove database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name2 }}'
state: absent
- name: remove file name
- name: Dump and Import | Clean up files
file:
name: '{{ db_file_name }}'
state: absent
- name: remove file name
file:
name: '{{ wrong_sql_file }}'
state: absent
- name: remove dump file1
file:
name: '{{ dump_file1 }}'
state: absent
- name: remove dump file2
file:
name: '{{ dump_file2 }}'
name: '{{ item }}'
state: absent
loop:
- '{{ db_file_name }}'
- '{{ wrong_sql_file }}'
- '{{ dump_file1 }}'
- '{{ dump_file2 }}'

108
tests/integration/targets/test_mysql_db/tasks/state_present_absent.yml
View file

@ -1,3 +1,4 @@
---
# test code for mysql_db module with database name containing special chars
# This file is part of Ansible
@ -16,75 +17,75 @@
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: remove database if it exists
- name: State Present Absent | Remove database if it exists
command: >
"{{ mysql_command }} -sse 'DROP DATABASE IF EXISTS {{ db_name }}'"
ignore_errors: true
- name: make sure the test database is not there
- name: State Present Absent | Make sure the test database is not there
command: "{{ mysql_command }} {{ db_name }}"
register: mysql_db_check
failed_when: "'1049' not in mysql_db_check.stderr"
- name: test state=present for a database name (expect changed=true)
- name: State Present Absent | Test state=present for a database name (expect changed=true)
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name }}'
state: present
register: result
- name: assert output message that database exist
- name: State Present Absent | Assert output message that database exist
assert:
that:
- result is changed
- result.db == '{{ db_name }}'
- result.executed_commands == ["CREATE DATABASE `{{ db_name }}`"]
- name: run command to test state=present for a database name (expect db_name in stdout)
- name: State Present Absent | Run command to test state=present for a database name (expect db_name in stdout)
command: "{{ mysql_command }} -e \"show databases like '{{ db_name | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
register: result
- name: assert database exist
- name: State Present Absent | Assert database exist
assert:
that:
- "'{{ db_name }}' in result.stdout"
# ============================================================
- name: test state=absent for a database name (expect changed=true)
- name: State Present Absent | Test state=absent for a database name (expect changed=true)
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_name }}'
state: absent
register: result
- name: assert output message that database does not exist
- name: State Present Absent | Assert output message that database does not exist
assert:
that:
- result is changed
- result.db == '{{ db_name }}'
- result.executed_commands == ["DROP DATABASE `{{ db_name }}`"]
- name: run command to test state=absent for a database name (expect db_name not in stdout)
- name: State Present Absent | Run command to test state=absent for a database name (expect db_name not in stdout)
command: "{{ mysql_command }} -e \"show databases like '{{ db_name | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
register: result
- name: assert database does not exist
- name: State Present Absent | Assert database does not exist
assert:
that:
- "'{{ db_name }}' not in result.stdout"
# ============================================================
- name: test mysql_db encoding param not valid - issue 8075
- name: State Present Absent | Test mysql_db encoding param not valid - issue 8075
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: datanotvalid
state: present
@ -92,7 +93,7 @@
register: result
ignore_errors: true
- name: assert test mysql_db encoding param not valid - issue 8075 (failed=true)
- name: State Present Absent | Assert test mysql_db encoding param not valid - issue 8075 (failed=true)
assert:
that:
- result is failed
@ -100,201 +101,202 @@
- "'Unknown character set' in result.msg"
# ============================================================
- name: test mysql_db using a valid encoding utf8 (expect changed=true)
- name: State Present Absent | Test mysql_db using a valid encoding utf8 (expect changed=true)
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: 'en{{ db_name }}'
state: present
encoding: utf8
register: result
- name: assert output message created a database
- name: State Present Absent | Assert output message created a database
assert:
that:
- result is changed
- result.executed_commands == ["CREATE DATABASE `en{{ db_name }}` CHARACTER SET 'utf8'"]
- name: test database was created
- name: State Present Absent | Test database was created
command: "{{ mysql_command }} -e \"SHOW CREATE DATABASE `en{{ db_name }}`\""
register: result
- name: assert created database is of encoding utf8
- name: State Present Absent | Assert created database is of encoding utf8
assert:
that:
- "'utf8' in result.stdout"
- name: remove database
- name: State Present Absent | Remove database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: 'en{{ db_name }}'
state: absent
# ============================================================
- name: test mysql_db using valid encoding binary (expect changed=true)
- name: State Present Absent | Test mysql_db using valid encoding binary (expect changed=true)
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: 'en{{ db_name }}'
state: present
encoding: binary
register: result
- name: assert output message that database was created
- name: State Present Absent | Assert output message that database was created
assert:
that:
- result is changed
- result.executed_commands == ["CREATE DATABASE `en{{ db_name }}` CHARACTER SET 'binary'"]
- name: run command to test database was created
- name: State Present Absent | Run command to test database was created
command: "{{ mysql_command }} -e \"SHOW CREATE DATABASE `en{{ db_name }}`\""
register: result
- name: assert created database is of encoding binary
- name: State Present Absent | Assert created database is of encoding binary
assert:
that:
- "'binary' in result.stdout"
- name: remove database
- name: State Present Absent | Remove database
mysql_db:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: 'en{{ db_name }}'
state: absent
# ============================================================
- name: create user1 to access database dbuser1
- name: State Present Absent | Create user1 to access database dbuser1
mysql_user:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: user1
host: '%'
password: 'Hfd6fds^dfA8Ga'
priv: '*.*:ALL'
state: present
- name: create database dbuser1 using user1
- name: State Present Absent | Create database dbuser1 using user1
mysql_db:
login_user: user1
login_password: 'Hfd6fds^dfA8Ga'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_user1 }}'
state: present
register: result
- name: assert output message that database was created
- name: State Present Absent | Assert output message that database was created
assert:
that:
- result is changed
- name: run command to test database was created using user1
- name: State Present Absent | Run command to test database was created using user1
command: "{{ mysql_command }} -e \"show databases like '{{ db_user1 | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
register: result
- name: assert database exist
- name: State Present Absent | Assert database exist
assert:
that:
- "'{{ db_user1 }}' in result.stdout"
# ============================================================
- name: create user2 to access database with privilege select only
- name: State Present Absent | Create user2 to access database with privilege select only
mysql_user:
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: user2
password: 'kjsfd&F7safjad'
priv: '*.*:SELECT'
state: present
- name: create database dbuser2 using user2 with no privilege to create (expect failed=true)
- name: State Present Absent | Create database dbuser2 using user2 with no privilege to create (expect failed=true)
mysql_db:
login_user: user2
login_password: 'kjsfd&F7safjad'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_user2 }}'
state: present
register: result
ignore_errors: true
- name: assert output message that database was not created using dbuser2
- name: State Present Absent | Assert output message that database was not created using dbuser2
assert:
that:
- result is failed
- "'Access denied' in result.msg"
- name: run command to test that database was not created
- name: State Present Absent | Run command to test that database was not created
command: "{{ mysql_command }} -e \"show databases like '{{ db_user2 | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
register: result
- name: assert database does not exist
- name: State Present Absent | Assert database does not exist
assert:
that:
- "'{{ db_user2 }}' not in result.stdout"
# ============================================================
- name: delete database using user2 with no privilege to delete (expect failed=true)
- name: State Present Absent | Delete database using user2 with no privilege to delete (expect failed=true)
mysql_db:
login_user: user2
login_password: 'kjsfd&F7safjad'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_user1 }}'
state: absent
register: result
ignore_errors: true
- name: assert output message that database was not deleted using dbuser2
- name: State Present Absent | Assert output message that database was not deleted using dbuser2
assert:
that:
- result is failed
- "'Access denied' in result.msg"
- name: run command to test database was not deleted
- name: State Present Absent | Run command to test database was not deleted
command: "{{ mysql_command }} -e \"show databases like '{{ db_user1 | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
register: result
- name: assert database still exist
- name: State Present Absent | Assert database still exist
assert:
that:
- "'{{ db_user1 }}' in result.stdout"
# ============================================================
- name: delete database using user1 with all privilege to delete a database (expect changed=true)
- name: State Present Absent | Delete database using user1 with all privilege to delete a database (expect changed=true)
mysql_db:
login_user: user1
login_password: 'Hfd6fds^dfA8Ga'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: '{{ db_user1 }}'
state: absent
register: result
ignore_errors: true
- name: assert output message that database was deleted using user1
- name: State Present Absent | Assert output message that database was deleted using user1
assert:
that:
- result is changed
- result.executed_commands == ["DROP DATABASE `{{ db_user1 }}`"]
- name: run command to test database was deleted using user1
- name: State Present Absent | Run command to test database was deleted using user1
command: "{{ mysql_command }} -e \"show databases like '{{ db_name | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
register: result
- name: assert database does not exist
- name: State Present Absent | Assert database does not exist
assert:
that:
- "'{{ db_user1 }}' not in result.stdout"

2
tests/integration/targets/test_mysql_info/defaults/main.yml
View file

@ -2,7 +2,7 @@
# defaults file for test_mysql_info
mysql_user: root
mysql_password: msandbox
mysql_host: 127.0.0.1
mysql_host: '{{ gateway_addr }}'
mysql_primary_port: 3307
db_name: data

3
tests/integration/targets/test_mysql_info/meta/main.yml
View file

@ -1,3 +1,4 @@
---
dependencies:
- setup_mysql
- setup_controller
- setup_remote_tmp_dir

6
tests/integration/targets/test_mysql_info/tasks/connector_info.yml
View file

@ -2,7 +2,6 @@
# Added in 1.5.0, 2.4.0 and 3.6.0 in
# https://github.com/ansible-collections/community.mysql/pull/497
# TODO: Refactor in PR490.
- name: Connector info | Assert connector_name exists and has expected values
ansible.builtin.assert:
that:
@ -15,18 +14,17 @@
{{ result.connector_name | d('Unknown')}} which is different than expected
pymysql or MySQLdb
# TODO: Refactor in PR490.
- name: Connector info | Assert connector_version exists and has expected values
ansible.builtin.assert:
that:
- result.connector_version is defined
- >
result.connector_version == 'Unknown'
or result.connector_version is version(connector_ver, '==')
or result.connector_version is version(connector_version, '==')
success_msg: >-
Assertions passed, result.connector_version is
{{ result.connector_version }}
fail_msg: >-
Assertion failed, result.connector_version is
{{ result.connector_version }} which is different than expected
{{ connector_ver }}
{{ connector_version }}

19
tests/integration/targets/test_mysql_info/tasks/issue-28.yml
View file

@ -1,7 +1,4 @@
---
- name: alias mysql command to include default options
set_fact:
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
- name: set fact tls_enabled
command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
@ -13,7 +10,7 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
when: tls_enabled
block:
@ -29,6 +26,7 @@
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host_all: true
state: absent
ignore_errors: yes
@ -36,6 +34,7 @@
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
host: "%"
password: "{{ user_password_1 }}"
tls_requires:
SSL:
@ -45,7 +44,7 @@
filter: version
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
register: result
@ -54,19 +53,21 @@
- assert:
that:
- result is failed
when: connector_name is search('pymysql')
when:
- connector_name == 'pymysql'
- assert:
that:
- result is succeeded
when: connector_name is not search('pymysql')
when:
- connector_name != 'pymysql'
- name: attempt connection with newly created user ignoring hostname
mysql_info:
filter: version
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
check_hostname: no
@ -81,5 +82,5 @@
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host: 127.0.0.1
host_all: true
state: absent

28
tests/integration/targets/test_mysql_info/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
@ -24,14 +25,14 @@
- name: mysql_info - create default config file
template:
src: my.cnf.j2
dest: /root/.my.cnf
dest: "{{ playbook_dir }}/root/.my.cnf"
mode: '0400'
# Create non-default MySQL config file with credentials
- name: mysql_info - create non-default config file
template:
src: my.cnf.j2
dest: /root/non-default_my.cnf
dest: "{{ playbook_dir }}/root/non-default_my.cnf"
mode: '0400'
###############
@ -43,17 +44,18 @@
login_user: '{{ mysql_user }}'
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
config_file: "{{ playbook_dir }}/root/.my.cnf"
register: result
- assert:
that:
- result is not changed
- "mysql_version in result.version.full or mariadb_version in result.version.full"
- result.settings != {}
- result.global_status != {}
- result.databases != {}
- result.engines != {}
- result.users != {}
- result is not changed
- db_version in result.version.full
- result.settings != {}
- result.global_status != {}
- result.databases != {}
- result.engines != {}
- result.users != {}
- name: mysql_info - Test connector informations display
ansible.builtin.import_tasks:
@ -65,7 +67,7 @@
login_user: '{{ mysql_user }}'
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
config_file: /root/non-default_my.cnf
config_file: "{{ playbook_dir }}/root/non-default_my.cnf"
register: result
- assert:
@ -78,9 +80,9 @@
file:
path: '{{ item }}'
state: absent
with_items:
- /root/.my.cnf
- /root/non-default_my.cnf
loop:
- "{{ playbook_dir }}/.my.cnf"
- "{{ playbook_dir }}/non-default_my.cnf"
# Access with password
- name: mysql_info - check access with password

1
tests/integration/targets/test_mysql_query/defaults/main.yml
View file

@ -1,5 +1,6 @@
mysql_user: root
mysql_password: msandbox
mysql_host: '{{ gateway_addr }}'
mysql_primary_port: 3307
db_name: data

3
tests/integration/targets/test_mysql_query/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- setup_mysql
- setup_controller

19
tests/integration/targets/test_mysql_query/tasks/issue-28.yml
View file

@ -1,7 +1,4 @@
---
- name: alias mysql command to include default options
set_fact:
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
- name: set fact tls_enabled
command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
@ -13,7 +10,7 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
when: tls_enabled
block:
@ -29,6 +26,7 @@
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host_all: true
state: absent
ignore_errors: yes
@ -36,6 +34,7 @@
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
host: "%"
password: "{{ user_password_1 }}"
tls_requires:
SSL:
@ -45,7 +44,7 @@
query: 'SHOW DATABASES'
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
register: result
@ -54,19 +53,21 @@
- assert:
that:
- result is failed
when: connector_name is search('pymysql')
when:
- connector_name == 'pymysql'
- assert:
that:
- result is succeeded
when: connector_name is not search('pymysql')
when:
- connector_name != 'pymysql'
- name: attempt connection with newly created user ignoring hostname
mysql_query:
query: 'SHOW DATABASES'
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
check_hostname: no
@ -81,5 +82,5 @@
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host: 127.0.0.1
host: "%"
state: absent

99
tests/integration/targets/test_mysql_query/tasks/mysql_query_initial.yml
View file

@ -1,3 +1,4 @@
---
# Test code for mysql_query module
# Copyright: (c) 2020, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -5,7 +6,7 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
@ -16,7 +17,8 @@
query: 'CREATE DATABASE {{ test_db }}'
register: result
- assert:
- name: Assert that create db test_db is changed and returns expected query
assert:
that:
- result is changed
- result.executed_queries == ['CREATE DATABASE {{ test_db }}']
@ -28,7 +30,8 @@
query: 'CREATE TABLE {{ test_table1 }} (id int)'
register: result
- assert:
- name: Assert that create table test_table1 is changed and returns expected query
assert:
that:
- result is changed
- result.executed_queries == ['CREATE TABLE {{ test_table1 }} (id int)']
@ -38,12 +41,13 @@
<<: *mysql_params
login_db: '{{ test_db }}'
query:
- 'INSERT INTO {{ test_table1 }} VALUES (1), (2)'
- 'INSERT INTO {{ test_table1 }} VALUES (3)'
- 'INSERT INTO {{ test_table1 }} VALUES (1), (2)'
- 'INSERT INTO {{ test_table1 }} VALUES (3)'
single_transaction: yes
register: result
- assert:
- name: Assert that inserting test data is changed and returns expected query and results
assert:
that:
- result is changed
- result.rowcount == [2, 1]
@ -56,7 +60,8 @@
query: 'SELECT * FROM {{ test_table1 }}'
register: result
- assert:
- name: Assert that query data in test_table1 is not changed and returns expected query and results
assert:
that:
- result is not changed
- result.executed_queries == ['SELECT * FROM {{ test_table1 }}']
@ -74,7 +79,8 @@
- 1
register: result
- assert:
- name: Assert that query data in test_table1 using positional args is not changed and returns expected query and results
assert:
that:
- result is not changed
- result.executed_queries == ["SELECT * FROM {{ test_table1 }} WHERE id = 1"]
@ -90,7 +96,8 @@
some_id: 1
register: result
- assert:
- name: Assert that query data in test_table1 using named args is not changed and returns expected query and results
assert:
that:
- result is not changed
- result.executed_queries == ["SELECT * FROM {{ test_table1 }} WHERE id = 1"]
@ -107,7 +114,8 @@
new_id: 0
register: result
- assert:
- name: Assert that update data in test_table1 is changed and returns the expected query
assert:
that:
- result is changed
- result.executed_queries == ['UPDATE {{ test_table1 }} SET id = 0 WHERE id = 1']
@ -122,7 +130,8 @@
some_id: 1
register: result
- assert:
- name: Assert that query that check the prev update is not changed and returns the expected query with id = 1
assert:
that:
- result is not changed
- result.executed_queries == ['SELECT * FROM {{ test_table1 }} WHERE id = 1']
@ -137,7 +146,8 @@
some_id: 0
register: result
- assert:
- name: Assert that query that check the prev update is not changed and returns the expected query with id = 0
assert:
that:
- result is not changed
- result.executed_queries == ['SELECT * FROM {{ test_table1 }} WHERE id = 0']
@ -153,7 +163,8 @@
new_id: 0
register: result
- assert:
- name: Assert that update data in test_table1 again is not changed and returns expected query
assert:
that:
- result is not changed
- result.executed_queries == ['UPDATE {{ test_table1 }} SET id = 0 WHERE id = 1']
@ -168,7 +179,8 @@
- 'SELECT * FROM {{ test_table1 }} WHERE id = 0'
register: result
- assert:
- name: Assert that delete data from test_table1 is changed an returns expected query
assert:
that:
- result is changed
- result.executed_queries == ['DELETE FROM {{ test_table1 }} WHERE id = 0', 'SELECT * FROM {{ test_table1 }} WHERE id = 0']
@ -181,7 +193,8 @@
query: 'DELETE FROM {{ test_table1 }} WHERE id = 0'
register: result
- assert:
- name: Assert that delete data from test_table1 again is not changed and returns expected query
assert:
that:
- result is not changed
- result.executed_queries == ['DELETE FROM {{ test_table1 }} WHERE id = 0']
@ -192,11 +205,12 @@
<<: *mysql_params
login_db: '{{ test_db }}'
query:
- 'TRUNCATE {{ test_table1 }}'
- 'SELECT * FROM {{ test_table1 }}'
- 'TRUNCATE {{ test_table1 }}'
- 'SELECT * FROM {{ test_table1 }}'
register: result
- assert:
- name: Assert that truncate test_table1 is changed and returns expected query
assert:
that:
- result is changed
- result.executed_queries == ['TRUNCATE {{ test_table1 }}', 'SELECT * FROM {{ test_table1 }}']
@ -209,7 +223,8 @@
query: 'RENAME TABLE {{ test_table1 }} TO {{ test_table2 }}'
register: result
- assert:
- name: Assert that rename table test_table1 is changed and returns expected query
assert:
that:
- result is changed
- result.executed_queries == ['RENAME TABLE {{ test_table1 }} TO {{ test_table2 }}']
@ -223,7 +238,8 @@
register: result
ignore_errors: yes
- assert:
- name: Assert that query old table is failed
assert:
that:
- result is failed
@ -234,7 +250,8 @@
query: 'SELECT * FROM {{ test_table2 }}'
register: result
- assert:
- name: Assert that query new table succeed and returns 0 row
assert:
that:
- result.rowcount == [0]
@ -257,7 +274,8 @@
query: 'SELECT id, story FROM {{ test_table3 }}'
register: result
- assert:
- name: Assert that select from test_table3 returns 2 rows
assert:
that:
- result.rowcount == [2]
@ -269,7 +287,8 @@
register: result
ignore_errors: yes
- assert:
- name: Assert that pass wrong query type is failed
assert:
that:
- result is failed
- result.msg is search('the query option value must be a string or list')
@ -284,7 +303,8 @@
register: result
ignore_errors: yes
- assert:
- name: Assert that pass wrong query element is failed
assert:
that:
- result is failed
- result.msg is search('the elements in query list must be strings')
@ -303,7 +323,8 @@
single_transaction: yes
register: result
- assert:
- name: Assert that insert test data using replace statement is changed
assert:
that:
- result is changed
- result.rowcount == [1]
@ -339,20 +360,24 @@
register: result
# Issue https://github.com/ansible-collections/community.mysql/issues/268
- assert:
- name: Assert that create table IF NOT EXISTS is not changed with pymysql
assert:
that:
# PyMySQL driver throws a warning, so the following is correct
- result is not changed
when: connector_name is search('pymysql')
when:
- connector_name == 'pymysql'
# Issue https://github.com/ansible-collections/community.mysql/issues/268
- assert:
- name: Assert that create table IF NOT EXISTS is changed with mysqlclient
assert:
that:
# mysqlclient driver throws nothing, so it's impossible to figure out
# if the state was changed or not.
# We assume that it was for DDL queryes by default in the code
# Mysqlclient 2.0.1, driver throws nothing with mysql, so it's
# impossible to figure out if the state was changed or not.
# We assume that it was for DDL queries by default in the code
- result is changed
when: connector_name is search('mysqlclient')
when:
- connector_name == 'mysqlclient'
- name: Drop db {{ test_db }}
mysql_query:
@ -360,7 +385,15 @@
query: 'DROP DATABASE {{ test_db }}'
register: result
- assert:
- name: Assert that drop database is changed and returns expected query
assert:
that:
- result is changed
- result.executed_queries == ['DROP DATABASE {{ test_db }}']
always:
- name: Clean up test_db
mysql_query:
<<: *mysql_params
query: 'DROP DATABASE IF EXISTS {{ test_db }}'

2
tests/integration/targets/test_mysql_replication/defaults/main.yml
View file

@ -1,6 +1,6 @@
mysql_user: root
mysql_password: msandbox
mysql_host: 127.0.0.1
mysql_host: '{{ gateway_addr }}'
mysql_primary_port: 3307
mysql_replica1_port: 3308
mysql_replica2_port: 3309

2
tests/integration/targets/test_mysql_replication/meta/main.yml
View file

@ -1,3 +1,3 @@
---
dependencies:
- setup_mysql
- setup_controller

0
tests/integration/targets/test_mysql_replication/tasks/issue-265.yml Normal file
View file

18
tests/integration/targets/test_mysql_replication/tasks/issue-28.yml
View file

@ -1,7 +1,4 @@
---
- name: alias mysql command to include default options
set_fact:
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
- name: set fact tls_enabled
command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
@ -13,7 +10,7 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
when: tls_enabled
block:
@ -29,6 +26,7 @@
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host_all: true
state: absent
ignore_errors: yes
@ -46,7 +44,7 @@
mode: getprimary
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
register: result
@ -55,19 +53,21 @@
- assert:
that:
- result is failed
when: connector_name is search('pymysql')
when:
- connector_name == 'pymysql'
- assert:
that:
- result is succeeded
when: connector_name is not search('pymysql')
when:
- connector_name != 'pymysql'
- name: attempt connection with newly created user ignoring hostname
mysql_replication:
mode: getprimary
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
check_hostname: no
@ -82,5 +82,5 @@
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host: 127.0.0.1
host: '{{ gateway_addr }}'
state: absent

3
tests/integration/targets/test_mysql_replication/tasks/main.yml
View file

@ -15,7 +15,8 @@
# Tests of channel parameter:
- import_tasks: mysql_replication_channel.yml
when:
- install_type == 'mysql' # FIXME: mariadb introduces FOR CHANNEL in 10.7
- db_engine == 'mysql' # FIXME: mariadb introduces FOR CHANNEL in 10.7
- mysql8022_and_higher == true # FIXME: mysql 5.7 should work, but our tets fails, why?
# Tests of resetprimary mode:
- import_tasks: mysql_replication_resetprimary_mode.yml

3
tests/integration/targets/test_mysql_replication/tasks/mysql_replication_channel.yml
View file

@ -1,3 +1,4 @@
---
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -5,7 +6,7 @@
mysql_params: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
block:
# Get primary log file and log pos:

168
tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml
View file

@ -1,3 +1,4 @@
---
# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
@ -5,16 +6,9 @@
mysql_params: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
block:
- name: find out the database version
mysql_info:
<<: *mysql_params
login_port: '{{ mysql_primary_port }}'
filter: version
register: db
- name: Set mysql8022_and_higher
set_fact:
mysql8022_and_higher: false
@ -23,21 +17,31 @@
set_fact:
mysql8022_and_higher: true
when:
- db.version.major > 8 or (db.version.major == 8 and db.version.minor > 0) or (db.version.major == 8 and db.version.minor == 0 and db.version.release >= 22)
- install_type == 'mysql'
- db_engine == 'mysql'
- db_version is version('8.0.22', '>=')
- name: alias mysql command to include default options
set_fact:
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} --protocol=tcp"
# Preparation:
# We use iF NOT EXISTS because the GITHUB Action:
# "ansible-community/ansible-test-gh-action" uses "--retry-on-error".
# If test_mysql_replication fails, test will run again an without the IF
# NOT EXISTS, we see "Error 1396 (HY000): Operation CREATE USER failed..."
# which is misleading.
- name: Create user for mysql replication
shell: "echo \"CREATE USER '{{ replication_user }}'@'localhost' IDENTIFIED WITH mysql_native_password BY '{{ replication_pass }}'; GRANT REPLICATION SLAVE ON *.* TO '{{ replication_user }}'@'localhost';\" | {{ mysql_command }} -P{{ mysql_primary_port }}"
when: install_type == 'mysql'
shell:
"echo \"CREATE USER IF NOT EXISTS \
'{{ replication_user }}'@'{{ mysql_host }}' \
IDENTIFIED WITH mysql_native_password BY '{{ replication_pass }}'; \
GRANT REPLICATION SLAVE ON *.* TO \
'{{ replication_user }}'@'{{ mysql_host }}';\" | {{ mysql_command }}"
when: db_engine == 'mysql'
- name: Create user for mariadb replication
shell: "echo \"CREATE USER '{{ replication_user }}'@'localhost' IDENTIFIED BY '{{ replication_pass }}'; GRANT REPLICATION SLAVE ON *.* TO '{{ replication_user }}'@'localhost';\" | {{ mysql_command }} -P{{ mysql_primary_port }}"
when: install_type == 'mariadb'
shell:
"echo \"CREATE USER IF NOT EXISTS \
'{{ replication_user }}'@'{{ mysql_host }}' \
IDENTIFIED BY '{{ replication_pass }}'; \
GRANT REPLICATION SLAVE ON *.* TO \
'{{ replication_user }}'@'{{ mysql_host }}';\" | {{ mysql_command }}"
when: db_engine == 'mariadb'
- name: Create test database
mysql_db:
@ -47,13 +51,31 @@
name: '{{ test_db }}'
- name: Dump all databases from the primary
shell: 'mysqldump -u{{ mysql_user }} -p{{ mysql_password }} -h{{ mysql_host }} --protocol=tcp -P{{ mysql_primary_port }} --all-databases --ignore-table=mysql.innodb_index_stats --ignore-table=mysql.innodb_table_stats --master-data=2 > {{ dump_path }}'
shell:
cmd: >-
mysqldump
-u{{ mysql_user }}
-p{{ mysql_password }}
-h{{ mysql_host }}
-P{{ mysql_primary_port }}
--protocol=tcp
--all-databases
--ignore-table=mysql.innodb_index_stats
--ignore-table=mysql.innodb_table_stats
--master-data=2
> {{ dump_path }}
- name: Restore the dump to replica1
shell: '{{ mysql_command }} -P{{ mysql_replica1_port }} < {{ dump_path }}'
shell:
cmd: >-
{{ mysql_command_wo_port }}
-P{{ mysql_replica1_port }} < {{ dump_path }}
- name: Restore the dump to replica2
shell: '{{ mysql_command }} -P{{ mysql_replica2_port }} < {{ dump_path }}'
shell:
cmd: >-
{{ mysql_command_wo_port }}
-P{{ mysql_replica2_port }} < {{ dump_path }}
# Test getprimary mode:
- name: Get primary status
@ -63,11 +85,12 @@
mode: getprimary
register: mysql_primary_status
- assert:
- name: Assert that primary is in expected state
assert:
that:
- mysql_primary_status.Is_Primary == true
- mysql_primary_status.Position != 0
- mysql_primary_status is not changed
- mysql_primary_status.Is_Primary == true
- mysql_primary_status.Position != 0
- mysql_primary_status is not changed
# Test startreplica fails without changeprimary first. This needs fail_on_error
- name: Start replica (using deprecated startslave choice) and fail because primary is not specified; failing on error as requested
@ -79,9 +102,10 @@
register: result
ignore_errors: yes
- assert:
- name: Assert that startreplica is failed
assert:
that:
- result is failed
- result is failed
# Test startreplica doesn't fail if fail_on_error: no
- name: Start replica and fail without propagating it to ansible as we were asked not to
@ -92,9 +116,10 @@
fail_on_error: no
register: result
- assert:
- name: Assert that startreplica succeeded
assert:
that:
- result is not failed
- result is not failed
# Test startreplica doesn't fail if there is no fail_on_error.
# This is suboptimal because nothing happens, but it's the old behavior.
@ -105,9 +130,10 @@
mode: startreplica
register: result
- assert:
- name: Assert that start replica succeeded again
assert:
that:
- result is not failed
- result is not failed
# Test changeprimary mode:
# primary_ssl_ca will be set as '' to check the module's behaviour for #23976,
@ -126,10 +152,11 @@
primary_ssl_ca: ''
register: result
- assert:
- name: Assert that changeprimmary is changed and return expected query
assert:
that:
- result is changed
- result.queries == ["CHANGE MASTER TO MASTER_HOST='{{ mysql_host }}',MASTER_USER='{{ replication_user }}',MASTER_PASSWORD='********',MASTER_PORT={{ mysql_primary_port }},MASTER_LOG_FILE='{{ mysql_primary_status.File }}',MASTER_LOG_POS={{ mysql_primary_status.Position }},MASTER_SSL_CA=''"]
- result is changed
- result.queries == ["CHANGE MASTER TO MASTER_HOST='{{ mysql_host }}',MASTER_USER='{{ replication_user }}',MASTER_PASSWORD='********',MASTER_PORT={{ mysql_primary_port }},MASTER_LOG_FILE='{{ mysql_primary_status.File }}',MASTER_LOG_POS={{ mysql_primary_status.Position }},MASTER_SSL_CA=''"]
# Test startreplica mode:
- name: Start replica
@ -139,10 +166,11 @@
mode: startreplica
register: result
- assert:
- name: Assert that startreplica is changed and returns expected query
assert:
that:
- result is changed
- result.queries == ["START SLAVE"] or result.queries == ["START REPLICA"]
- result is changed
- result.queries == ["START SLAVE"] or result.queries == ["START REPLICA"]
# Test getreplica mode:
- name: Get replica status using deprecated getslave choice
@ -152,34 +180,36 @@
mode: getslave
register: replica_status
- assert:
- name: Assert that getreplica returns expected values for MySQL older than 8.0.22 and Mariadb
assert:
that:
- replica_status.Is_Replica == true
- replica_status.Master_Host == '{{ mysql_host }}'
- replica_status.Exec_Master_Log_Pos == mysql_primary_status.Position
- replica_status.Master_Port == {{ mysql_primary_port }}
- replica_status.Last_IO_Errno == 0
- replica_status.Last_IO_Error == ''
- replica_status is not changed
- replica_status.Is_Replica == true
- replica_status.Master_Host == '{{ mysql_host }}'
- replica_status.Exec_Master_Log_Pos == mysql_primary_status.Position
- replica_status.Master_Port == {{ mysql_primary_port }}
- replica_status.Last_IO_Errno == 0
- replica_status.Last_IO_Error == ''
- replica_status is not changed
when: mysql8022_and_higher == false
- assert:
- name: Assert that getreplica returns expected values for MySQL newer than 8.0.22
assert:
that:
- replica_status.Is_Slave == true
- replica_status.Source_Host == '{{ mysql_host }}'
- replica_status.Exec_Source_Log_Pos == mysql_primary_status.Position
- replica_status.Source_Port == {{ mysql_primary_port }}
- replica_status.Last_IO_Errno == 0
- replica_status.Last_IO_Error == ''
- replica_status is not changed
- replica_status.Is_Slave == true
- replica_status.Source_Host == '{{ mysql_host }}'
- replica_status.Exec_Source_Log_Pos == mysql_primary_status.Position
- replica_status.Source_Port == {{ mysql_primary_port }}
- replica_status.Last_IO_Errno == 0
- replica_status.Last_IO_Error == ''
- replica_status is not changed
when: mysql8022_and_higher == true
# Create test table and add data to it:
- name: Create test table
shell: "echo \"CREATE TABLE {{ test_table }} (id int);\" | {{ mysql_command }} -P{{ mysql_primary_port }} {{ test_db }}"
shell: "echo \"CREATE TABLE {{ test_table }} (id int);\" | {{ mysql_command_wo_port }} -P{{ mysql_primary_port }} {{ test_db }}"
- name: Insert data
shell: "echo \"INSERT INTO {{ test_table }} (id) VALUES (1), (2), (3); FLUSH LOGS;\" | {{ mysql_command }} -P{{ mysql_primary_port }} {{ test_db }}"
shell: "echo \"INSERT INTO {{ test_table }} (id) VALUES (1), (2), (3); FLUSH LOGS;\" | {{ mysql_command_wo_port }} -P{{ mysql_primary_port }} {{ test_db }}"
- name: Small pause to be sure the bin log, which was flushed previously, reached the replica
ansible.builtin.wait_for:
@ -195,19 +225,18 @@
# mysql_primary_status.Position is not actual and it has been changed by the prev step,
# so replica_status.Exec_Master_Log_Pos must be different:
- assert:
- name: Assert that getreplica Log_Pos is different for MySQL older than 8.0.22 and MariaDB
assert:
that:
- replica_status.Exec_Master_Log_Pos != mysql_primary_status.Position
- replica_status.Exec_Master_Log_Pos != mysql_primary_status.Position
when: mysql8022_and_higher == false
- assert:
- name: Assert that getreplica Log_Pos is different for MySQL newer than 8.0.22
assert:
that:
- replica_status.Exec_Source_Log_Pos != mysql_primary_status.Position
- replica_status.Exec_Source_Log_Pos != mysql_primary_status.Position
when: mysql8022_and_higher == true
- shell: pip show pymysql | awk '/Version/ {print $2}'
register: pymysql_version
- name: Start replica that is already running
mysql_replication:
<<: *mysql_params
@ -217,7 +246,8 @@
register: result
# mysqlclient 2.0.1 always return "changed"
- assert:
- name: Assert that startreplica is not changed
assert:
that:
- result is not changed
when:
@ -231,10 +261,11 @@
mode: stopslave
register: result
- assert:
- name: Assert that stopreplica is changed and returns expected query
assert:
that:
- result is changed
- result.queries == ["STOP SLAVE"] or result.queries == ["STOP REPLICA"]
- result is changed
- result.queries == ["STOP SLAVE"] or result.queries == ["STOP REPLICA"]
- name: Pause for 2 seconds to let the replication stop
ansible.builtin.wait_for:
@ -250,7 +281,8 @@
fail_on_error: true
register: result
- assert:
- name: Assert that stopreplica is not changed
assert:
that:
- result is not changed
when:

2
tests/integration/targets/test_mysql_replication/tasks/mysql_replication_primary_delay.yml
View file

@ -5,7 +5,7 @@
mysql_params: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
block:

2
tests/integration/targets/test_mysql_replication/tasks/mysql_replication_resetprimary_mode.yml
View file

@ -5,7 +5,7 @@
mysql_params: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
block:

16
tests/integration/targets/test_mysql_role/defaults/main.yml
View file

@ -1,17 +1,5 @@
---
mysql_user: root
mysql_password: msandbox
mysql_host: '{{ gateway_addr }}'
mysql_primary_port: 3307
test_db: test_db
test_table: test_table
test_db1: test_db1
test_db2: test_db2
user0: user0
user1: user1
user2: user2
nonexistent: user3
role0: role0
role1: role1
role3: role3

3
tests/integration/targets/test_mysql_role/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- setup_mysql
- setup_controller

6
tests/integration/targets/test_mysql_role/tasks/main.yml
View file

@ -4,4 +4,8 @@
####################################################################
# mysql_role module initial CI tests
- import_tasks: mysql_role_initial.yml
# TODO, many tests fails with MariaDB, debug them then remove the
# when clause and swap include_tasks for import_tasks.
- include_tasks: mysql_role_initial.yml
when:
- db_engine == 'mysql'

2194
tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
View file

File diff suppressed because it is too large Load diff

32
tests/integration/targets/test_mysql_role/tasks/test_priv_subtract.yml
View file

@ -3,7 +3,7 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
@ -11,20 +11,18 @@
- name: Create test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
name: data1
state: present
loop:
- data1
- name: Create a role with an initial set of privileges
mysql_role:
<<: *mysql_params
name: '{{ role2 }}'
name: 'role2'
priv: 'data1.*:SELECT,INSERT'
state: present
- name: Run command to show privileges for role (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR 'role2'\""
register: result
- name: Assert that the initial set of privileges matches what is expected
@ -35,7 +33,7 @@
- name: Subtract privileges that are not in the current privileges, which should be a no-op
mysql_role:
<<: *mysql_params
name: '{{ role2 }}'
name: 'role2'
priv: 'data1.*:DELETE'
subtract_privs: yes
state: present
@ -48,7 +46,7 @@
- result is not changed
- name: Run command to show privileges for role (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR 'role2'\""
register: result
- name: Assert that the permissions still match what was originally granted
@ -59,7 +57,7 @@
- name: Subtract existing and not-existing privileges, but not all
mysql_role:
<<: *mysql_params
name: '{{ role2 }}'
name: 'role2'
priv: 'data1.*:INSERT,DELETE'
subtract_privs: yes
state: present
@ -72,7 +70,7 @@
- result is changed
- name: Run command to show privileges for role (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR 'role2'\""
register: result
- name: Assert that the permissions were not changed if check_mode is set to 'yes'
@ -90,7 +88,7 @@
- name: Try to subtract invalid privileges
mysql_role:
<<: *mysql_params
name: '{{ role2 }}'
name: 'role2'
priv: 'data1.*:INVALID'
subtract_privs: yes
state: present
@ -103,7 +101,7 @@
- result is not changed
- name: Run command to show privileges for role (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR 'role2'\""
register: result
- name: Assert that the permissions were not changed with check_mode=='yes'
@ -121,7 +119,7 @@
- name: trigger failure by trying to subtract and append privileges at the same time
mysql_role:
<<: *mysql_params
name: '{{ role2 }}'
name: 'role2'
priv: 'data1.*:SELECT'
subtract_privs: yes
append_privs: yes
@ -136,7 +134,7 @@
- result is failed
- name: Run command to show privileges for role (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR 'role2'\""
register: result
- name: Assert that the permissions stayed the same, with check_mode=='yes'
@ -156,13 +154,11 @@
- name: Drop test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
name: 'data1'
state: present
loop:
- data1
- name: Drop test role
mysql_role:
<<: *mysql_params
name: '{{ role2 }}'
name: 'role2'
state: absent

2
tests/integration/targets/test_mysql_user/defaults/main.yml
View file

@ -2,7 +2,7 @@
# defaults file for test_mysql_user
mysql_user: root
mysql_password: msandbox
mysql_host: 127.0.0.1
mysql_host: '{{ gateway_addr }}'
mysql_primary_port: 3307
db_name: 'data'

3
tests/integration/targets/test_mysql_user/meta/main.yml
View file

@ -1,3 +1,4 @@
---
dependencies:
- setup_mysql
- setup_controller
- setup_remote_tmp_dir

25
tests/integration/targets/test_mysql_user/tasks/assert_no_user.yml
View file

@ -1,25 +0,0 @@
# test code to assert no mysql user
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: run command to query for mysql user
command: "{{ mysql_command }} -e \"SELECT User FROM mysql.user where user='{{ user_name }}'\""
register: result
- name: assert mysql user is not present
assert: { that: "'{{ user_name }}' not in result.stdout" }

38
tests/integration/targets/test_mysql_user/tasks/assert_user.yml
View file

@ -1,38 +0,0 @@
# test code to assert mysql user
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: run command to query for mysql user
command: "{{ mysql_command }} -e \"SELECT User FROM mysql.user where user='{{ user_name }}'\""
register: result
- name: assert mysql user is present
assert:
that:
- "'{{ user_name }}' in result.stdout"
- name: run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name }}'@'localhost'\""
register: result
when: priv is defined
- name: assert user has giving privileges
assert:
that:
- "'GRANT {{priv}} ON *.*' in result.stdout"
when: priv is defined

40
tests/integration/targets/test_mysql_user/tasks/create_user.yml
View file

@ -1,40 +0,0 @@
# test code to create mysql user
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
block:
# ============================================================
- name: create mysql user {{user_name}}
mysql_user:
<<: *mysql_params
name: '{{ user_name }}'
password: '{{ user_password }}'
state: present
register: result
- name: assert output message mysql user was created
assert:
that:
- result is changed

95
tests/integration/targets/test_mysql_user/tasks/issue-121.yml
View file

@ -1,60 +1,50 @@
---
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
# ============================================================
- name: get server certificate
- name: Issue-121 | Setup | Get server certificate
copy:
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect {{ mysql_host }}:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
dest: /tmp/cert.pem
delegate_to: localhost
- name: get server version
mysql_info:
<<: *mysql_params
filter: version
register: db_version
- set_fact:
old_user_mgmt: "{{ db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2 | bool }}"
- name: Drop mysql user if exists
- name: Issue-121 | Setup | Drop mysql user if exists
mysql_user:
<<: *mysql_params
name: '{{ item }}'
host_all: true
state: absent
ignore_errors: yes
with_items:
ignore_errors: true
loop:
- "{{ user_name_1 }}"
- "{{ user_name_2 }}"
- name: create user with REQUIRESSL privilege
- name: Issue-121 | Create user with REQUIRESSL privilege
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
password: "{{ user_password_1 }}"
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
- name: verify REQUIRESSL is assigned to the user
- name: Issue-121 | Verify REQUIRESSL is assigned to the user
mysql_query:
<<: *mysql_params
query: "SHOW {{ what }} '{{ user_name_1}}'@'localhost'"
query: "SHOW CREATE USER '{{ user_name_1}}'@'localhost'"
register: result
vars:
what: "{{ 'GRANTS FOR' if old_user_mgmt else 'CREATE USER' }}"
- assert:
- name: Issue-121 | Assert that requiressl is assigned to the user
assert:
that:
- result is succeeded and 'REQUIRE SSL' in (result.query_result | string)
- name: create user with equivalent ssl requirement in tls_requires (expect unchanged)
- name: Issue-121 | Create user with equivalent ssl requirement in tls_requires (expect unchanged)
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
@ -64,11 +54,12 @@
SSL:
register: result
- assert:
- name: Issue-121 | Assert that create user with equivalent ssl is not changed
assert:
that:
- result is not changed
- name: create the same user again, with REQUIRESSL privilege once more
- name: Issue-121 | Create the same user again, with REQUIRESSL privilege once more
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
@ -76,37 +67,45 @@
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
register: result
- assert:
- name: Issue-121 | Assert error granting privileges
assert:
that:
- result is not changed
- name: create user with both REQUIRESSL privilege and an incompatible tls_requires option
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
password: "{{ user_password_1 }}"
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
tls_requires:
X509:
# Disabled on stable-2
# This test makes no sense to me and the second task is changed making the
# assertion fails.
# - name: >-
# Issue-121 | Create user with both REQUIRESSL privilege and an incompatible
# tls_requires option
# mysql_user:
# <<: *mysql_params
# name: "{{ user_name_1 }}"
# host: '{{ gateway_addr }}'
# password: "{{ user_password_1 }}"
# priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
# tls_requires:
# X509:
- name: create same user again without REQUIRESSL privilege
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
password: "{{ user_password_1 }}"
priv: '*.*:SELECT,CREATE USER,GRANT'
tls_requires:
X509:
register: result
# - name: Issue-121 | Create same user again without REQUIRESSL privilege
# mysql_user:
# <<: *mysql_params
# name: "{{ user_name_1 }}"
# password: "{{ user_password_1 }}"
# priv: '*.*:SELECT,CREATE USER,GRANT'
# tls_requires:
# X509:
# register: result
- assert:
that: result is not changed
# - name: Issue-121 | Assert that create same user again without REQUIRESSL is not changed
# assert:
# that: result is not changed
- name: Drop mysql user
- name: Issue-121 | Teardown | Drop mysql user
mysql_user:
<<: *mysql_params
name: '{{ item }}'
host: 127.0.0.1
host_all: true
state: absent
with_items:
- "{{ user_name_1 }}"

51
tests/integration/targets/test_mysql_user/tasks/issue-28.yml
View file

@ -9,80 +9,87 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
when: tls_enabled
block:
# ============================================================
- name: get server certificate
- name: Issue-28 | Setup | Get server certificate
copy:
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect {{ mysql_host }}:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
dest: /tmp/cert.pem
delegate_to: localhost
- name: Drop mysql user if exists
- name: Issue-28 | Setup | Drop mysql user if exists
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host_all: true
state: absent
ignore_errors: yes
ignore_errors: true
- name: create user with ssl requirement
- name: Issue-28 | Create user with ssl requirement
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
host: '{{ gateway_addr }}'
password: "{{ user_password_1 }}"
priv: '*.*:ALL,GRANT'
tls_requires:
SSL:
- name: attempt connection with newly created user (expect failure)
- name: Issue-28 | Attempt connection with newly created user (expect failure)
mysql_user:
name: "{{ user_name_2 }}"
password: "{{ user_password_2 }}"
host: 127.0.0.1
host: '{{ gateway_addr }}'
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
register: result
ignore_errors: yes
ignore_errors: true
- assert:
- name: Issue-28 | Assert connection failed
assert:
that:
- result is failed
when: connector_name is search('pymysql')
when:
- connector_name == 'pymysql'
- assert:
- name: Issue-28 | Assert connection succeeded
assert:
that:
- result is succeeded
when: connector_name is not search('pymysql')
when:
- connector_name != 'pymysql'
- name: attempt connection with newly created user ignoring hostname
- name: Issue-28 | Attempt connection with newly created user ignoring hostname
mysql_user:
name: "{{ user_name_2 }}"
password: "{{ user_password_2 }}"
host: 127.0.0.1
host: '{{ gateway_addr }}'
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
check_hostname: no
check_hostname: false
register: result
ignore_errors: yes
ignore_errors: true
- assert:
- name: Issue-28 | Assert connection succeeded
assert:
that:
- result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
- name: Drop mysql user
- name: Issue-28 | Drop mysql user
mysql_user:
<<: *mysql_params
name: '{{ item }}'
host: 127.0.0.1
host: '{{ gateway_addr }}'
state: absent
with_items:
- "{{ user_name_1 }}"

30
tests/integration/targets/test_mysql_user/tasks/issue-29511.yaml
View file

@ -3,12 +3,12 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
- name: Issue test setup - drop database
- name: Issue-29511 | test setup | drop database
mysql_db:
<<: *mysql_params
name: "{{ item }}"
@ -17,7 +17,7 @@
- foo
- bar
- name: Issue test setup - create database
- name: Issue-29511 | test setup | create database
mysql_db:
<<: *mysql_params
name: "{{ item }}"
@ -26,7 +26,7 @@
- foo
- bar
- name: Copy SQL scripts to remote
- name: Issue-29511 | Copy SQL scripts to remote
copy:
src: "{{ item }}"
dest: "{{ remote_tmp_dir }}/{{ item | basename }}"
@ -34,13 +34,13 @@
- create-function.sql
- create-procedure.sql
- name: Create function for test
- name: Issue-29511 | Create function for test
shell: "{{ mysql_command }} < {{ remote_tmp_dir }}/create-function.sql"
- name: Create procedure for test
- name: Issue-29511 | Create procedure for test
shell: "{{ mysql_command }} < {{ remote_tmp_dir }}/create-procedure.sql"
- name: Create user with FUNCTION and PROCEDURE privileges
- name: Issue-29511 | Create user with FUNCTION and PROCEDURE privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
@ -49,13 +49,13 @@
priv: 'FUNCTION foo.function:EXECUTE/foo.*:SELECT/PROCEDURE bar.procedure:EXECUTE'
register: result
- name: Assert Create user with FUNCTION and PROCEDURE privileges
- name: Issue-29511 | Assert Create user with FUNCTION and PROCEDURE privileges
assert:
that:
- result is success
- result is changed
- name: Create user with FUNCTION and PROCEDURE privileges - Idempotent check
- name: Issue-29511 | Create user with FUNCTION and PROCEDURE privileges - Idempotent check
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
@ -64,19 +64,13 @@
priv: 'FUNCTION foo.function:EXECUTE/foo.*:SELECT/PROCEDURE bar.procedure:EXECUTE'
register: result
- name: Assert Create user with FUNCTION and PROCEDURE privileges
- name: Issue-29511 | Assert Create user with FUNCTION and PROCEDURE privileges
assert:
that:
- result is success
- result is not changed
- name: Remove user
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
state: absent
- name: Issue test teardown - cleanup databases
- name: Issue-29511 | Test teardown | cleanup databases
mysql_db:
<<: *mysql_params
name: "{{ item }}"
@ -84,3 +78,5 @@
loop:
- foo
- bar
- include: utils/remove_user.yml user_name="{{ user_name_2 }}"

19
tests/integration/targets/test_mysql_user/tasks/issue-64560.yaml
View file

@ -3,47 +3,50 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
- name: Set root password
- name: Issue-64560 | Set root password
mysql_user:
<<: *mysql_params
name: root
host: '%'
password: '{{ root_password }}'
check_implicit_admin: yes
register: result
- name: assert root password is changed
- name: Issue-64560 | Assert root password is changed
assert:
that:
- result is changed
- name: Set root password again
- name: Issue-64560 | Set root password again
mysql_user:
login_user: '{{ mysql_user }}'
login_password: '{{ root_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: root
host: '%'
password: '{{ root_password }}'
check_implicit_admin: yes
register: result
- name: Assert root password is not changed
- name: Issue-64560 | Assert root password is not changed
assert:
that:
- result is not changed
- name: Set root password again
- name: Issue-64560 | Set root password again
mysql_user:
login_user: '{{ mysql_user }}'
login_password: '{{ root_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
name: root
host: '%'
password: '{{ mysql_password }}'
check_implicit_admin: yes
register: result

130
tests/integration/targets/test_mysql_user/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
@ -24,15 +25,12 @@
# ============================================================
# create mysql user and verify user is added to mysql database
#
- name: alias mysql command to include default options
set_fact:
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
@ -41,109 +39,49 @@
- include: issue-28.yml
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: test_resource_limits.yml
- include: resource_limits.yml
- include: assert_user.yml user_name={{user_name_1}}
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# Create mysql user that already exist on mysql database
#
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- name: create mysql user that already exist (expect changed=false)
mysql_user:
<<: *mysql_params
name: '{{user_name_1}}'
password: '{{user_password_1}}'
state: present
register: result
- name: assert output message mysql user was not created
assert:
that:
- result is not changed
# ============================================================
# remove mysql user and verify user is removed from mysql database
#
- name: remove mysql user state=absent (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: absent
register: result
- name: assert output message mysql user was removed
assert:
that:
- result is changed
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# remove mysql user that does not exist on mysql database
#
- name: remove mysql user that does not exist state=absent (expect changed=false)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: absent
register: result
- name: assert output message mysql user that does not exist
assert:
that:
- result is not changed
- include: assert_no_user.yml user_name={{user_name_1}}
- include: test_idempotency.yml
# ============================================================
# Create user with no privileges and verify default privileges are assign
#
- name: create user with select privilege state=present (expect changed=true)
- name: create user with DEFAULT privilege state=present (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
name: "{{ user_name_1 }}"
password: "{{ user_password_1 }}"
state: present
register: result
- include: assert_user.yml user_name={{user_name_1}} priv=USAGE
- include: utils/assert_user.yml user_name={{ user_name_1 }} user_host=localhost priv=USAGE
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: utils/remove_user.yml user_name={{ user_name_1 }}
- include: assert_no_user.yml user_name={{user_name_1}}
- include: utils/assert_no_user.yml user_name={{ user_name_1 }}
# ============================================================
# Create user with select privileges and verify select privileges are assign
#
- name: create user with select privilege state=present (expect changed=true)
- name: Create user with SELECT privilege state=present (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
name: "{{ user_name_2 }}"
password: "{{ user_password_2 }}"
state: present
priv: '*.*:SELECT'
register: result
- include: assert_user.yml user_name={{user_name_2}} priv=SELECT
- include: utils/assert_user.yml user_name={{ user_name_2 }} user_host=localhost priv=SELECT
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_2 }}
- include: utils/remove_user.yml user_name={{ user_name_2 }}
- include: assert_no_user.yml user_name={{user_name_2}}
- include: utils/assert_no_user.yml user_name={{ user_name_2 }}
# ============================================================
# Assert user has access to multiple databases
#
- name: give users access to multiple databases
- name: Give users access to multiple databases
mysql_user:
<<: *mysql_params
name: '{{ item[0] }}'
@ -151,34 +89,34 @@
append_privs: yes
password: '{{ user_password_1 }}'
with_nested:
- [ '{{ user_name_1 }}', '{{ user_name_2 }}']
- ['{{ user_name_1 }}', '{{ user_name_2 }}']
- "{{db_names}}"
- name: show grants access for user1 on multiple database
- name: Show grants access for user1 on multiple database
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
register: result
- name: assert grant access for user1 on multiple database
- name: Assert grant access for user1 on multiple database
assert:
that:
- "'{{ item }}' in result.stdout"
with_items: "{{db_names}}"
with_items: "{{ db_names }}"
- name: show grants access for user2 on multiple database
- name: Show grants access for user2 on multiple database
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost'\""
register: result
- name: assert grant access for user2 on multiple database
- name: Assert grant access for user2 on multiple database
assert:
that:
- "'{{ item }}' in result.stdout"
with_items: "{{db_names}}"
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: utils/remove_user.yml user_name={{ user_name_1 }}
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
- include: utils/remove_user.yml user_name={{ user_name_2 }}
- name: give user access to database via wildcard
- name: Give user SELECT access to database via wildcard
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
@ -186,7 +124,7 @@
append_privs: yes
password: '{{ user_password_1 }}'
- name: show grants access for user1 on multiple database
- name: Show grants access for user1 on database via wildcard
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
register: result
@ -201,8 +139,8 @@
<<: *mysql_params
name: '{{ user_name_1 }}'
priv:
- unsuitable
- type
- unsuitable
- type
append_privs: yes
host_all: yes
password: '{{ user_password_1 }}'
@ -215,7 +153,7 @@
- result is failed
- result.msg is search('priv parameter must be str or dict')
- name: change user access to database via wildcard
- name: Change SELECT to INSERT for user access to database via wildcard
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
@ -224,7 +162,7 @@
host_all: yes
password: '{{ user_password_1 }}'
- name: show grants access for user1 on multiple database
- name: Show grants access for user1 on database via wildcard
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
register: result
@ -234,7 +172,7 @@
- "'%db' in result.stdout"
- "'INSERT' in result.stdout"
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: utils/remove_user.yml user_name={{user_name_1}}
# ============================================================
# Test plaintext and encrypted password scenarios.
@ -246,7 +184,7 @@
#
# FIXME: mariadb sql syntax for create/update user is not compatible
- include: test_user_plugin_auth.yml
when: install_type == 'mysql'
when: db_engine == 'mysql'
# ============================================================
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
@ -277,7 +215,7 @@
- include: test_priv_append.yml enable_check_mode=yes
# Tests for the TLS requires dictionary
- include: tls_requirements.yml
- include: test_tls_requirements.yml
- import_tasks: issue-29511.yaml
tags:

74
tests/integration/targets/test_mysql_user/tasks/remove_user.yml
View file

@ -1,74 +0,0 @@
# test code to remove mysql user
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
block:
# ============================================================
- name: remove mysql user {{user_name}}
mysql_user:
<<: *mysql_params
name: '{{user_name}}'
password: '{{user_password}}'
state: absent
register: result
- name: assert output message mysql user was removed
assert:
that:
- result is changed
# ============================================================
- name: create blank mysql user to be removed later
mysql_user:
<<: *mysql_params
name: ""
state: present
password: 'KJFDY&D*Sfuydsgf'
- name: remove blank mysql user with hosts=all (expect changed)
mysql_user:
<<: *mysql_params
user: ""
host_all: true
state: absent
register: result
- name: assert changed is true for removing all blank users
assert:
that:
- result is changed
- name: remove blank mysql user with hosts=all (expect ok)
mysql_user:
<<: *mysql_params
user: ""
host_all: true
state: absent
register: result
- name: assert changed is true for removing all blank users
assert:
that:
- result is not changed

84
tests/integration/targets/test_mysql_user/tasks/test_idempotency.yml Normal file
View file

@ -0,0 +1,84 @@
---
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
# ========================================================================
# Creation
# ========================================================================
- include: utils/create_user.yml user_name={{ user_name_1 }} user_password={{ user_password_1 }}
- name: Idempotency | Create user that already exist (expect changed=false)
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
password: "{{ user_password_1 }}"
state: present
register: result
- name: Idempotency | Assert create user task is not changed
assert: {that: [result is not changed]}
# ========================================================================
# Removal
# ========================================================================
- name: Idempotency | Remove user (expect changed=true)
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
state: absent
register: result
- name: Idempotency | Assert remove user task is changed
ansible.builtin.assert:
that:
- result is changed
- name: Idempotency | Remove user that doesn't exists (expect changed=false)
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
state: absent
register: result
- name: Idempotency | Assert remove user task is not changed
ansible.builtin.assert:
that:
- result is not changed
# ========================================================================
# Removal with host_all
# ========================================================================
# Create blank user to be removed later
- include: utils/create_user.yml user_name="" user_password='KJFDY&D*Sfuysf'
- name: Idempotency | Remove blank user with hosts=all (expect changed)
mysql_user:
<<: *mysql_params
user: ""
host_all: true
state: absent
register: result
- name: Idempotency | Assert removing all blank users is changed
ansible.builtin.assert:
that:
- result is changed
- name: Idempotency | Remove blank user with hosts=all (expect ok)
mysql_user:
<<: *mysql_params
user: ""
host_all: true
state: absent
register: result
- name: Idempotency | Assert removing all blank users is not changed
ansible.builtin.assert:
that:
- result is not changed

52
tests/integration/targets/test_mysql_user/tasks/test_priv_append.yml
View file

@ -1,45 +1,48 @@
---
# Test code to ensure that appending privileges will not result in unnecessary changes when the current privileges
# are a superset of the new privileges that have been defined.
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
- name: Create test databases
- name: Priv append | Create test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
state: present
loop:
- data1
- data2
- data1
- data2
- name: Create a user with an initial set of privileges
- name: Priv append | Create a user with an initial set of privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_4 }}'
host: '%'
password: '{{ user_password_4 }}'
priv: 'data1.*:SELECT,INSERT/data2.*:SELECT,DELETE'
state: present
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
- name: Priv append | Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'%'\""
register: result
- name: Assert that the initial set of privileges matches what is expected
- name: Priv append | Assert that the initial set of privileges matches what is expected
assert:
that:
- "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
- "'GRANT SELECT, DELETE ON `data2`.*' in result.stdout"
- name: Append privileges that are a subset of the current privileges, which should be a no-op
- name: Priv append | Append privileges that are a subset of the current privileges, which should be a no-op
mysql_user:
<<: *mysql_params
name: '{{ user_name_4 }}'
host: '%'
password: '{{ user_password_4 }}'
priv: 'data1.*:SELECT/data2.*:SELECT'
append_privs: yes
@ -47,25 +50,26 @@
check_mode: '{{ enable_check_mode }}'
register: result
- name: Assert that there wasn't a change in permissions
- name: Priv append | Assert that there wasn't a change in permissions
assert:
that:
- result is not changed
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
- name: Priv append | Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'%'\""
register: result
- name: Assert that the permissions still match what was originally granted
- name: Priv append | Assert that the permissions still match what was originally granted
assert:
that:
- "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
- "'GRANT SELECT, DELETE ON `data2`.*' in result.stdout"
- name: Append privileges that are not included in the current set of privileges to test that privileges are updated
- name: Priv append | Append privileges that are not included in the current set of privileges to test that privileges are updated
mysql_user:
<<: *mysql_params
name: '{{ user_name_4 }}'
host: '%'
password: '{{ user_password_4 }}'
priv: 'data1.*:DELETE/data2.*:SELECT'
append_privs: yes
@ -73,23 +77,23 @@
check_mode: '{{ enable_check_mode }}'
register: result
- name: Assert that there was a change because permissions were added to data1.*
- name: Priv append | Assert that there was a change because permissions were added to data1.*
assert:
that:
- result is changed
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
- name: Priv append | Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'%'\""
register: result
- name: Assert that the permissions were changed as expected if check_mode is set to 'no'
- name: Priv append | Assert that the permissions were changed as expected if check_mode is set to 'no'
assert:
that:
- "'GRANT SELECT, INSERT, DELETE ON `data1`.*' in result.stdout"
- "'GRANT SELECT, DELETE ON `data2`.*' in result.stdout"
when: enable_check_mode == 'no'
- name: Assert that the permissions were not actually changed if check_mode is set to 'yes'
- name: Priv append | Assert that the permissions were not actually changed if check_mode is set to 'yes'
assert:
that:
- "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
@ -104,11 +108,7 @@
name: '{{ item }}'
state: present
loop:
- data1
- data2
- data1
- data2
- name: Drop test user
mysql_user:
<<: *mysql_params
name: '{{ user_name_4 }}'
state: absent
- include: utils/remove_user.yml user_name={{ user_name_4 }}

80
tests/integration/targets/test_mysql_user/tasks/test_priv_dict.yml
View file

@ -1,24 +1,25 @@
---
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
# Tests for priv parameter value passed as a dict
- name: Create test databases
- name: Priv dict | Create test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
state: present
loop:
- data1
- data2
- data3
- data1
- data2
- data3
- name: Create user with privileges
- name: Priv dict | Create user with privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
@ -28,7 +29,7 @@
"data2.*": "SELECT"
state: present
- name: Run command to show privileges for user (expect privileges in stdout)
- name: Priv dict | Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
register: result
@ -39,12 +40,12 @@
- "'GRANT SELECT ON `data2`.*' in result.stdout"
# Issue https://github.com/ansible-collections/community.mysql/issues/99
- name: Create test table test_table_issue99
- name: Priv dict | Create test table test_table_issue99
mysql_query:
<<: *mysql_params
query: "CREATE TABLE IF NOT EXISTS data3.test_table_issue99 (a INT, b INT, c INT)"
- name: Grant select on a column
- name: Priv dict | Grant select on a column
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
@ -52,11 +53,12 @@
'data3.test_table_issue99': 'SELECT (a)'
register: result
- assert:
- name: Priv dict | Assert that select on a column is changed
assert:
that:
- result is changed
- result is changed
- name: Grant select on the column again
- name: Priv dict | Grant select on the column again
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
@ -64,12 +66,12 @@
'data3.test_table_issue99': 'SELECT (a)'
register: result
- assert:
- name: Priv dict | Assert that select on the column is not changed
assert:
that:
- result is not changed
- result is not changed
- name: Grant select on columns
- name: Priv dict | Grant select on columns
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
@ -77,11 +79,12 @@
'data3.test_table_issue99': 'SELECT (a, b),INSERT'
register: result
- assert:
- name: Priv dict | Assert select on columns is changed
assert:
that:
- result is changed
- result is changed
- name: Grant select on columns again
- name: Priv dict | Grant select on columns again
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
@ -89,11 +92,12 @@
'data3.test_table_issue99': 'SELECT (a, b),INSERT'
register: result
- assert:
- name: Priv dict | Assert that select on columns again is not changed
assert:
that:
- result is not changed
- result is not changed
- name: Grant privs on columns
- name: Priv dict | Grant privs on columns
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
@ -101,11 +105,12 @@
'data3.test_table_issue99': 'SELECT (a, b), INSERT (a, b), UPDATE'
register: result
- assert:
- name: Priv dict | Assert that grant privs on columns is changed
assert:
that:
- result is changed
- result is changed
- name: Grant same privs on columns again, note that the column order is different
- name: Priv dict | Grant same privs on columns again, note that the column order is different
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
@ -113,21 +118,22 @@
'data3.test_table_issue99': 'SELECT (a, b), UPDATE, INSERT (b, a)'
register: result
- assert:
- name: Priv dict | Assert that grants same privs with different order is not changed
assert:
that:
- result is not changed
- result is not changed
- name: Run command to show privileges for user (expect privileges in stdout)
- name: Priv dict | Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
register: result
- name: Assert user has giving privileges
- name: Priv dict | Assert user has giving privileges
assert:
that:
- "'GRANT SELECT (`A`, `B`), INSERT (`A`, `B`), UPDATE' in result.stdout"
when: "'(`A`, `B`)' in result.stdout"
- name: Assert user has giving privileges
- name: Priv dict | Assert user has giving privileges
assert:
that:
- "'GRANT SELECT (A, B), INSERT (A, B), UPDATE' in result.stdout"
@ -135,18 +141,14 @@
##########
# Clean up
- name: Drop test databases
- name: Priv dict | Drop test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
state: present
loop:
- data1
- data2
- data3
- data1
- data2
- data3
- name: Drop test user
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
state: absent
- include: utils/remove_user.yml user_name="{{ user_name_3 }}"

142
tests/integration/targets/test_mysql_user/tasks/test_privs.yml
View file

@ -1,3 +1,4 @@
---
# test code for privileges for mysql_user module
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
@ -20,56 +21,58 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
# ============================================================
- name: create user with basic select privileges
- name: Privs | Create user with basic select privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
host: '%'
password: '{{ user_password_2 }}'
priv: '*.*:SELECT'
state: present
when: current_append_privs == "yes"
- include: assert_user.yml user_name={{user_name_2}} priv='SELECT'
- include: utils/assert_user.yml user_name={{ user_name_2 }} user_host=% priv='SELECT'
when: current_append_privs == "yes"
- name: create user with current privileges (expect changed=true)
- name: Privs | Create user with current privileges (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
host: '%'
password: '{{ user_password_2 }}'
priv: '*.*:{{current_privilege}}'
append_privs: '{{current_append_privs}}'
priv: '*.*:{{ current_privilege }}'
append_privs: '{{ current_append_privs }}'
state: present
register: result
- name: assert output message for current privileges
- name: Privs | Assert output message for current privileges
assert:
that:
- result is changed
- name: run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{user_name_2}}'@'localhost'\""
- name: Privs | Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{user_name_2}}'@'%'\""
register: result
- name: assert user has correct privileges
- name: Privs | Assert user has correct privileges
assert:
that:
- "'GRANT {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout"
- "'GRANT {{ current_privilege | replace(',', ', ') }} ON *.*' in result.stdout"
when: current_append_privs == "no"
- name: assert user has correct privileges
- name: Privs | Assert user has correct privileges
assert:
that:
- "'GRANT SELECT, {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout"
- "'GRANT SELECT, {{ current_privilege | replace(',', ', ') }} ON *.*' in result.stdout"
when: current_append_privs == "yes"
- name: create database using user current privileges
- name: Privs | Create database using user current privileges
mysql_db:
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
@ -79,56 +82,59 @@
state: present
ignore_errors: true
- name: run command to test that database was not created
- name: Privs | Run command to test that database was not created
command: "{{ mysql_command }} -e \"show databases like '{{ db_name }}'\""
register: result
- name: assert database was not created
- name: Privs | Assert database was not created
assert:
that:
- "'{{ db_name }}' not in result.stdout"
- db_name not in result.stdout
# ============================================================
- name: Add privs to a specific table (expect changed)
- name: Privs | Add privs to a specific table (expect changed)
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
host: '%'
password: '{{ user_password_2 }}'
priv: 'jmainguy.jmainguy:ALL'
state: present
register: result
- name: Assert that priv changed
- name: Privs | Assert that priv changed
assert:
that:
- result is changed
- name: Add privs to a specific table (expect ok)
- name: Privs | Add privs to a specific table (expect ok)
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
host: '%'
password: '{{ user_password_2 }}'
priv: 'jmainguy.jmainguy:ALL'
state: present
register: result
- name: Assert that priv did not change
- name: Privs | Assert that priv did not change
assert:
that:
- result is not changed
# ============================================================
- name: update user with all privileges
- name: Privs | Grant ALL to user {{ user_name_2 }}
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
host: '%'
password: '{{ user_password_2 }}'
priv: '*.*:ALL'
state: present
# - include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
# - include: utils/assert_user.yml user_name={{user_name_2}} user_host=% priv='ALL PRIVILEGES'
- name: create database using user
- name: Privs | Create database using user {{ user_name_2 }}
mysql_db:
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
@ -137,10 +143,10 @@
name: '{{ db_name }}'
state: present
- name: run command to test database was created using user new privileges
- name: Privs | Run command to test database was created using user new privileges
command: "{{ mysql_command }} -e \"SHOW CREATE DATABASE {{ db_name }}\""
- name: drop database using user
- name: Privs | Drop database using user {{ user_name_2 }}
mysql_db:
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
@ -150,38 +156,99 @@
state: absent
# ============================================================
- name: update user with a long privileges list (mysql has a special multiline grant output)
- name: Privs | Update user with a long privileges list (mysql has a special multiline grant output)
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
host: '%'
password: '{{ user_password_2 }}'
priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
state: present
register: result
- name: Assert that priv changed
- name: Privs | Assert that priv changed
assert:
that:
- result is changed
- name: Test idempotency (expect ok)
- name: Privs | Test idempotency with a long privileges list (expect ok)
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
host: '%'
password: '{{ user_password_2 }}'
priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
state: present
register: result
# FIXME: on mariadb >=10.5.2 there's always a change because the REPLICATION CLIENT privilege was renamed to BINLOG MONITOR
- name: Assert that priv did not change
# FIXME: on mysql >=8 and mariadb >=10.5.2 there's always a change because
# the REPLICATION CLIENT privilege was renamed to BINLOG MONITOR
- name: Privs | Assert that priv did not change
assert:
that:
- result is not changed
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.2', '=='))
when:
# TODO remove this when stable-2 role append priv is fixed
- (db_engine == 'mysql' and db_version is version('5.7', '<=')
or db_engine == 'mariadb' and db_version is version('10.4', '<='))
- include: utils/remove_user.yml user_name="{{ user_name_2 }}"
# ============================================================
- name: update user with invalid privileges
- name: Privs | Grant all privileges with grant option
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:ALL,GRANT'
state: present
register: result
- name: Privs | Assert that priv changed
assert:
that:
- result is changed
- name: Privs | Collect user info by host
community.mysql.mysql_info:
<<: *mysql_params
filter: "users"
register: mysql_info_about_users
- name: Privs | Assert that 'GRANT' permission is present
assert:
that:
- mysql_info_about_users.users.localhost.{{ user_name_2 }}.Grant_priv == 'Y'
# Disabled because on stable-2 this is always changed
# - name: Privs | Test idempotency (expect ok)
# mysql_user:
# <<: *mysql_params
# name: '{{ user_name_2 }}'
# password: '{{ user_password_2 }}'
# priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
# state: present
# register: result
# # FIXME: on mysql >=8 there's always a change (ALL PRIVILEGES -> specific privileges)
# - name: Privs | Assert that priv did not change
# assert:
# that:
# - result is not changed
- name: Privs | Collect user info by host
community.mysql.mysql_info:
<<: *mysql_params
filter: "users"
register: mysql_info_about_users
- name: Privs | Assert that 'GRANT' permission is present (by host)
assert:
that:
- mysql_info_about_users.users.localhost.{{ user_name_2 }}.Grant_priv == 'Y'
# ============================================================
- name: Privs | Update user with invalid privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
@ -191,14 +258,9 @@
register: result
ignore_errors: yes
- name: Assert that priv did not change
- name: Privs | Assert that priv did not change
assert:
that:
- result is failed
- name: remove username
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
state: absent
- include: utils/remove_user.yml user_name="{{ user_name_2 }}"

0
tests/integration/targets/test_mysql_user/tasks/test_privs_issue_465.yml Normal file
View file

54
tests/integration/targets/test_mysql_user/tasks/resource_limits.yml → tests/integration/targets/test_mysql_user/tasks/test_resource_limits.yml
View file

@ -1,20 +1,22 @@
---
# test code for resource_limits parameter
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
- name: Drop mysql user {{ user_name_1 }} if exists
- name: Resource limits | Drop mysql user {{ user_name_1 }} if exists
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host_all: true
state: absent
- name: Create mysql user {{ user_name_1 }} with resource limits in check_mode
- name: Resource limits | Create mysql user {{ user_name_1 }} with resource limits in check_mode
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
@ -26,11 +28,12 @@
check_mode: yes
register: result
- assert:
- name: Resource limits | Assert that create user with resource limits is changed
assert:
that:
- result is changed
- name: Create mysql user {{ user_name_1 }} with resource limits in actual mode
- name: Resource limits | Create mysql user {{ user_name_1 }} with resource limits in actual mode
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
@ -45,19 +48,23 @@
that:
- result is changed
- name: Check
- name: Resource limits | Retrieve user
mysql_query:
<<: *mysql_params
query: >
SELECT User FROM mysql.user WHERE User = '{{ user_name_1 }}' AND Host = 'localhost'
AND max_questions = 10 AND max_connections = 5
SELECT User FROM mysql.user
WHERE User = '{{ user_name_1 }}'
AND Host = 'localhost'
AND max_questions = 10
AND max_connections = 5
register: result
- assert:
- name: Resource limits | Assert that rowcount is 1
assert:
that:
- result.rowcount[0] == 1
- result.rowcount[0] == 1
- name: Try to set the same limits again in check mode
- name: Resource limits | Try to set the same limits again in check mode
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
@ -69,11 +76,12 @@
check_mode: yes
register: result
- assert:
- name: Resource limits | Assert that set same limits again is not changed
assert:
that:
- result is not changed
- name: Try to set the same limits again in actual mode
- name: Resource limits | Try to set the same limits again in actual mode
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
@ -84,11 +92,12 @@
MAX_CONNECTIONS_PER_HOUR: 5
register: result
- assert:
- name: Resource limits | Assert that set same limits again in actual mode is not changed
assert:
that:
- result is not changed
- name: Change limits
- name: Resource limits | Change limits
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
@ -99,19 +108,24 @@
MAX_CONNECTIONS_PER_HOUR: 5
register: result
- assert:
- name: Resource limits | Assert limits changed
assert:
that:
- result is changed
- name: Check
- name: Resource limits | Get user limits
mysql_query:
<<: *mysql_params
query: >
SELECT User FROM mysql.user WHERE User = '{{ user_name_1 }}' AND Host = 'localhost'
AND max_questions = 5 AND max_connections = 5
SELECT User FROM mysql.user
WHERE User = '{{ user_name_1 }}'
AND Host = 'localhost'
AND max_questions = 5
AND max_connections = 5
register: result
- assert:
- name: Resource limits | Assert limit row count
assert:
that:
- result.rowcount[0] == 1

98
tests/integration/targets/test_mysql_user/tasks/tls_requirements.yml → tests/integration/targets/test_mysql_user/tasks/test_tls_requirements.yml
View file

@ -3,26 +3,12 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
# ============================================================
- name: find out the database version
mysql_info:
<<: *mysql_params
filter: version
register: db_version
- name: Drop mysql user {{ item }} if exists
mysql_user:
<<: *mysql_params
name: '{{ item }}'
state: absent
with_items: ['{{ user_name_1 }}', '{{ user_name_2 }}', '{{ user_name_3 }}']
- name: create user with TLS requirements in check mode (expect changed=true)
- name: Tls reqs | Create user with TLS requirements in check mode (expect changed=true)
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
@ -32,14 +18,14 @@
check_mode: yes
register: result
- name: Assert check mode user create reports changed state
- name: Tls reqs | Assert check mode user create reports changed state
assert:
that:
- result is changed
- include: assert_no_user.yml user_name={{user_name_1}}
- include: utils/assert_no_user.yml user_name={{user_name_1}}
- name: create user with TLS requirements state=present (expect changed=true)
- name: Tls reqs | Create user with TLS requirements state=present (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ item[0] }}'
@ -55,45 +41,49 @@
issuer: '/CN=org/O=MyDom, Inc./C=US/ST=Oregon/L=Portland'
- block:
- name: retrieve TLS requirements for users in old database version
- name: Tls reqs | Retrieve TLS requirements for users in old database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW GRANTS for '{{ item }}'@'localhost'\""
register: old_result
with_items: ['{{ user_name_1 }}', '{{ user_name_2 }}', '{{ user_name_3 }}']
- name: set old database separator
- name: Tls reqs | Set old database separator
set_fact:
separator: '\n'
# Semantically: when mysql version <= 5.6 or MariaDB version <= 10.1
when: db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2
when:
- (db_engine == 'mysql' and db_version is version('5.6', '<='))
or (db_engine == 'mariadb' and db_version is version('10.1', '<='))
- block:
- name: retrieve TLS requirements for users in new database version
- name: Tls reqs | Retrieve TLS requirements for users in new database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ item }}'@'localhost'\""
register: new_result
with_items: ['{{ user_name_1 }}', '{{ user_name_2 }}', '{{ user_name_3 }}']
- name: set new database separator
- name: Tls reqs | Set new database separator
set_fact:
separator: 'PASSWORD'
# Semantically: when mysql version >= 5.7 or MariaDB version >= 10.2
when: db_version.version.major == 5 and db_version.version.minor >= 7 or db_version.version.major > 5 and db_version.version.major < 10 or db_version.version.major == 10 and db_version.version.minor >= 2
when:
- (db_engine == 'mysql' and db_version is version('5.7', '>='))
or (db_engine == 'mariadb' and db_version is version('10.2', '>='))
- block:
- name: assert user1 TLS requirements
- name: Tls reqs | Assert user1 TLS requirements
assert:
that:
- "'SSL' in reqs"
vars:
- reqs: "{{((old_result.results[0] is skipped | ternary(new_result, old_result)).results | selectattr('item', 'contains', user_name_1) | first).stdout.split('REQUIRE')[1].split(separator)[0].strip()}}"
- name: assert user2 TLS requirements
- name: Tls reqs | Assert user2 TLS requirements
assert:
that:
- "'X509' in reqs"
vars:
- reqs: "{{((old_result.results[0] is skipped | ternary(new_result, old_result)).results | selectattr('item', 'contains', user_name_2) | first).stdout.split('REQUIRE')[1].split(separator)[0].strip()}}"
- name: assert user3 TLS requirements
- name: Tls reqs | Assert user3 TLS requirements
assert:
that:
- "'/CN=alice/O=MyDom, Inc./C=US/ST=Oregon/L=Portland' in (reqs | select('contains', 'SUBJECT') | first)"
@ -104,7 +94,7 @@
# CentOS 6 uses an older version of jinja that does not provide the selectattr filter.
when: ansible_distribution != 'CentOS' or ansible_distribution_major_version != '6'
- name: modify user with TLS requirements state=present in check mode (expect changed=true)
- name: Tls reqs | Modify user with TLS requirements state=present in check mode (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
@ -114,28 +104,32 @@
check_mode: yes
register: result
- name: Assert check mode user update reports changed state
- name: Tls reqs | Assert check mode user update reports changed state
assert:
that:
- result is changed
- name: retrieve TLS requirements for users in old database version
- name: Tls reqs | Retrieve TLS requirements for users in old database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW GRANTS for '{{ user_name_1 }}'@'localhost'\""
register: old_result
when: db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2
when:
- (db_engine == 'mysql' and db_version is version('5.6', '<='))
or (db_engine == 'mariadb' and db_version is version('10.2', '<'))
- name: retrieve TLS requirements for users in new database version
- name: Tls reqs | Retrieve TLS requirements for users in new database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
register: new_result
when: db_version.version.major == 5 and db_version.version.minor >= 7 or db_version.version.major > 5 and db_version.version.major < 10 or db_version.version.major == 10 and db_version.version.minor >= 2
when:
- (db_engine == 'mysql' and db_version is version('5.7', '>='))
or (db_engine == 'mariadb' and db_version is version('10.2', '>='))
- name: assert user1 TLS requirements was not changed
- name: Tls reqs | Assert user1 TLS requirements was not changed
assert:
that: "'SSL' in reqs"
vars:
- reqs: "{{(old_result is skipped | ternary(new_result, old_result)).stdout.split('REQUIRE')[1].split(separator)[0].strip()}}"
- name: modify user with TLS requirements state=present (expect changed=true)
- name: Tls reqs | Modify user with TLS requirements state=present (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
@ -143,45 +137,49 @@
tls_requires:
X509:
- name: retrieve TLS requirements for users in old database version
- name: Tls reqs | Retrieve TLS requirements for users in old database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW GRANTS for '{{ user_name_1 }}'@'localhost'\""
register: old_result
when: db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2
when:
- (db_engine == 'mysql' and db_version is version('5.6', '<='))
or (db_engine == 'mariadb' and db_version is version('10.2', '<'))
- name: retrieve TLS requirements for users in new database version
- name: Tls reqs | Retrieve TLS requirements for users in new database version
command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
register: new_result
when: db_version.version.major == 5 and db_version.version.minor >= 7 or db_version.version.major > 5 and db_version.version.major < 10 or db_version.version.major == 10 and db_version.version.minor >= 2
when:
- (db_engine == 'mysql' and db_version is version('5.7', '>='))
or (db_engine == 'mariadb' and db_version is version('10.2', '>='))
- name: assert user1 TLS requirements
- name: Tls reqs | Assert user1 TLS requirements
assert:
that: "'X509' in reqs"
vars:
- reqs: "{{(old_result is skipped | ternary(new_result, old_result)).stdout.split('REQUIRE')[1].split(separator)[0].strip()}}"
- name: remove TLS requirements from user (expect changed=true)
- name: Tls reqs | Remove TLS requirements from user (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
tls_requires:
- name: retrieve TLS requirements for users
- name: Tls reqs | Retrieve TLS requirements for users
command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
register: result
- name: assert user1 TLS requirements
- name: Tls reqs | Assert user1 TLS requirements
assert:
that: "'REQUIRE ' not in result.stdout or 'REQUIRE NONE' in result.stdout"
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: utils/remove_user.yml user_name={{user_name_1}}
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
- include: utils/remove_user.yml user_name={{user_name_2}}
- include: remove_user.yml user_name={{user_name_3}} user_password={{ user_password_1 }}
- include: utils/remove_user.yml user_name={{user_name_3}}
- include: assert_no_user.yml user_name={{user_name_1}}
- include: utils/assert_no_user.yml user_name={{user_name_1}}
- include: assert_no_user.yml user_name={{user_name_2}}
- include: utils/assert_no_user.yml user_name={{user_name_2}}
- include: assert_no_user.yml user_name={{user_name_3}}
- include: utils/assert_no_user.yml user_name={{user_name_3}}

0
tests/integration/targets/test_mysql_user/tasks/test_update_password.yml Normal file
View file

53
tests/integration/targets/test_mysql_user/tasks/test_user_grants_with_roles_applied.yml
View file

@ -1,31 +1,30 @@
---
# https://github.com/ansible-collections/community.mysql/issues/231
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
- name: Get server version
mysql_info:
<<: *mysql_params
register: srv
# Skip unsupported versions
- meta: end_play
when: srv['version']['major'] < 8
- name: User grants with roles applied | Skip unsupported versions
meta: end_play
when:
- db_engine == 'mysql'
- db_version is version('8.0.0', '<')
- name: Create test databases
- name: User grants with roles applied | Create test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
state: present
loop:
- data1
- data2
- data1
- data2
- name: Create user with privileges
- name: User grants with roles applied | Create user with privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
@ -35,7 +34,7 @@
"data2.*": "SELECT"
state: present
- name: Run command to show privileges for user (expect privileges in stdout)
- name: User grants with roles applied | Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
register: result
@ -45,14 +44,14 @@
- "'GRANT SELECT ON `data1`.*' in result.stdout"
- "'GRANT SELECT ON `data2`.*' in result.stdout"
- name: Create role
- name: User grants with roles applied | Create role
mysql_role:
<<: *mysql_params
name: test231
members:
- '{{ user_name_3 }}@localhost'
- '{{ user_name_3 }}@localhost'
- name: Try to change privs
- name: User grants with roles applied | Try to change privs
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
@ -61,11 +60,11 @@
"data2.*": "INSERT"
state: present
- name: Run command to show privileges for user (expect privileges in stdout)
- name: User grants with roles applied | Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
register: result
- name: Assert user has giving privileges
- name: User grants with roles applied | Assert user has giving privileges
assert:
that:
- "'GRANT INSERT ON `data1`.*' in result.stdout"
@ -73,22 +72,18 @@
##########
# Clean up
- name: Drop test databases
- name: User grants with roles applied | Drop test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
state: present
loop:
- data1
- data2
- name: Drop test user
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
state: absent
loop:
- data1
- data2
- name: Drop test role
- include: utils/remove_user.yml user_name={{ user_name_3 }}
- name: User grants with roles applied | Drop test role
mysql_role:
<<: *mysql_params
name: test231

110
tests/integration/targets/test_mysql_user/tasks/test_user_password.yml
View file

@ -1,10 +1,11 @@
---
# Tests scenarios for both plaintext and encrypted user passwords.
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
test_user_name: 'test_user_password'
initial_password: 'a5C8SN*DBa0%a75sGz'
@ -20,23 +21,24 @@
# Test setting plaintext password and changing it.
#
- name: Create user with initial password
- name: Password | Create user with initial password
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
password: '{{ initial_password }}'
priv: '{{ test_default_priv }}'
state: present
register: result
- name: Assert that a change occurred because the user was added
- name: Password | Assert that a change occurred because the user was added
assert:
that:
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Get the MySQL version using the newly created used creds
- name: Password | Get the MySQL version using the newly created used creds
mysql_info:
login_user: '{{ test_user_name }}'
login_password: '{{ initial_password }}'
@ -46,43 +48,45 @@
register: result
ignore_errors: true
- name: Assert that mysql_info was successful
- name: Password | Assert that mysql_info was successful
assert:
that:
- result is succeeded
- name: Run mysql_user again without any changes
- name: Password | Run mysql_user again without any changes
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
password: '{{ initial_password }}'
priv: '{{ test_default_priv }}'
name: "{{ test_user_name }}"
host: "%"
password: "{{ initial_password }}"
priv: "{{ test_default_priv }}"
state: present
register: result
- name: Assert that there weren't any changes because username/password didn't change
- name: Password | Assert that there weren't any changes because username/password didn't change
assert:
that:
- result is not changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Update the user password
- name: Password | Update the user password
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
password: '{{ new_password }}'
name: "{{ test_user_name }}"
host: "%"
password: "{{ new_password }}"
state: present
register: result
- name: Assert that a change occurred because the password was updated
- name: Password | Assert that a change occurred because the password was updated
assert:
that:
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Get the MySQL version data using the original password (should fail)
- name: Password | Get the MySQL version data using the original password (should fail)
mysql_info:
login_user: '{{ test_user_name }}'
login_password: '{{ initial_password }}'
@ -92,12 +96,12 @@
register: result
ignore_errors: true
- name: Assert that the mysql_info module failed because we used the old password
- name: Password | Assert that the mysql_info module failed because we used the old password
assert:
that:
- result is failed
- name: Get the MySQL version data using the new password (should work)
- name: Password | Get the MySQL version data using the new password (should work)
mysql_info:
login_user: '{{ test_user_name }}'
login_password: '{{ new_password }}'
@ -107,19 +111,19 @@
register: result
ignore_errors: true
- name: Assert that the mysql_info module succeeded because we used the new password
- name: Password | Assert that the mysql_info module succeeded because we used the new password
assert:
that:
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
- include: utils/remove_user.yml user_name={{ test_user_name }}
# ============================================================
# Test setting a plaintext password and then the same password encrypted to ensure there isn't a change detected.
#
- name: Create user with initial password
- name: Password | Create user with initial password
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
@ -128,14 +132,14 @@
state: present
register: result
- name: Assert that a change occurred because the user was added
- name: Password | Assert that a change occurred because the user was added
assert:
that:
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=localhost priv={{ test_default_priv_type }}
- name: Pass in the same password as before, but in the encrypted form (no change expected)
- name: Password | Pass in the same password as before, but in the encrypted form (no change expected)
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
@ -145,36 +149,37 @@
state: present
register: result
- name: Assert that there weren't any changes because username/password didn't change
- name: Password | Assert that there weren't any changes because username/password didn't change
assert:
that:
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
- include: utils/remove_user.yml user_name={{ test_user_name }}
# ============================================================
# Test setting an encrypted password and then the same password in plaintext to ensure there isn't a change.
#
- name: Create user with initial password
- name: Password | Create user with initial password
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: "%"
password: '{{ initial_password_encrypted }}'
encrypted: yes
priv: '{{ test_default_priv }}'
state: present
register: result
- name: Assert that a change occurred because the user was added
- name: Password | Assert that a change occurred because the user was added
assert:
that:
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Get the MySQL version data using the new creds
- name: Password | Get the MySQL version data using the new creds
mysql_info:
login_user: '{{ test_user_name }}'
login_password: '{{ initial_password }}'
@ -184,60 +189,62 @@
register: result
ignore_errors: true
- name: Assert that the mysql_info module succeeded because we used the new password
- name: Password | Assert that the mysql_info module succeeded because we used the new password
assert:
that:
- result is succeeded
- name: Pass in the same password as before, but in the encrypted form (no change expected)
- name: Password | Pass in the same password as before, but in the encrypted form (no change expected)
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: "%"
password: '{{ initial_password }}'
state: present
register: result
- name: Assert that there weren't any changes because username/password didn't change
- name: Password | Assert that there weren't any changes because username/password didn't change
assert:
that:
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
- include: utils/remove_user.yml user_name={{ test_user_name }}
# ============================================================
# Test setting an empty password.
#
- name: Create user with empty password
- name: Password | Create user with empty password
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
priv: '{{ test_default_priv }}'
name: "{{ test_user_name }}"
host: "%"
priv: "{{ test_default_priv }}"
state: present
register: result
- name: Assert that a change occurred because the user was added
- name: Password | Assert that a change occurred because the user was added
assert:
that:
- result is changed
- name: Get the MySQL version using an empty password for the newly created user
- name: Password | Get the MySQL version using an empty password for the newly created user
mysql_info:
login_user: '{{ test_user_name }}'
login_password: ''
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
login_user: "{{ test_user_name }}"
login_password: ""
login_host: "{{ mysql_host }}"
login_port: "{{ mysql_primary_port }}"
filter: version
register: result
ignore_errors: true
- name: Assert that mysql_info was successful
- name: Password | Assert that mysql_info was successful
assert:
that:
- result is succeeded
- name: Get the MySQL version using an non-empty password (should fail)
- name: Password | Get the MySQL version using an non-empty password (should fail)
mysql_info:
login_user: '{{ test_user_name }}'
login_password: 'some_password'
@ -247,23 +254,24 @@
register: result
ignore_errors: true
- name: Assert that mysql_info failed
- name: Password | Assert that mysql_info failed
assert:
that:
- result is failed
- name: Update the user without changing the password
- name: Password | Update the user without changing the password
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: "%"
priv: '{{ test_default_priv }}'
state: present
register: result
- name: Assert that the user wasn't changed because the password is still empty
- name: Password | Assert that the user wasn't changed because the password is still empty
assert:
that:
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password=''
- include: utils/remove_user.yml user_name={{ test_user_name }}

233
tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml
View file

@ -1,10 +1,11 @@
---
# Test user plugin auth scenarios.
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
test_user_name: 'test_user_plugin_auth'
test_plugin_type: 'mysql_native_password'
@ -21,33 +22,34 @@
# Test plugin auth initially setting a hash and then changing to a different hash.
#
- name: Create user with plugin auth (with hash string)
- name: Plugin auth | Create user with plugin auth (with hash string)
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
plugin: '{{ test_plugin_type }}'
plugin_hash_string: '{{ test_plugin_hash }}'
priv: '{{ test_default_priv }}'
register: result
- name: Get user information
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
- name: Plugin auth | Get user information (with hash string)
command: "{{ mysql_command }} -e \"SELECT user, host, plugin FROM mysql.user WHERE user = '{{ test_user_name }}' and host = '%'\""
register: show_create_user
- name: Check that the module made a change and that the expected plugin type is set
- name: Plugin auth | Check that the module made a change (with hash string)
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
- name: Plugin auth | Check that the expected plugin type is set (with hash string)
assert:
that:
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
when: db_engine == 'mysql' or (db_engine == 'mariadb' and db_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Get the MySQL version using the newly created creds
- name: Plugin auth | Get the MySQL version using the newly created creds
mysql_info:
login_user: '{{ test_user_name }}'
login_password: '{{ test_plugin_auth_string }}'
@ -56,27 +58,28 @@
filter: version
register: result
- name: Assert that mysql_info was successful
- name: Plugin auth | Assert that mysql_info was successful
assert:
that:
- result is succeeded
- name: Update the user with a different hash
- name: Plugin auth | Update the user with a different hash
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
plugin: '{{ test_plugin_type }}'
plugin_hash_string: '{{ test_plugin_new_hash }}'
register: result
- name: Check that the module makes the change because the hash changed
- name: Plugin auth | Check that the module makes the change because the hash changed
assert:
that:
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Getting the MySQL info with the new password should work
- name: Plugin auth | Getting the MySQL info with the new password should work
mysql_info:
login_user: '{{ test_user_name }}'
login_password: '{{ test_plugin_new_auth_string }}'
@ -85,45 +88,46 @@
filter: version
register: result
- name: Assert that mysql_info was successful
- name: Plugin auth | Assert that mysql_info was successful
assert:
that:
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_new_auth_string }}
- include: utils/remove_user.yml user_name={{ test_user_name }}
# ============================================================
# Test plugin auth initially setting a hash and then switching to a plaintext auth string.
#
- name: Create user with plugin auth (with hash string)
- name: Plugin auth | Create user with plugin auth (with hash string)
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
plugin: '{{ test_plugin_type }}'
plugin_hash_string: '{{ test_plugin_hash }}'
priv: '{{ test_default_priv }}'
register: result
- name: Get user information
command: "{{ mysql_command }} -e \"SELECT user, host, plugin FROM mysql.user WHERE user = '{{ test_user_name }}' and host = 'localhost'\""
- name: Plugin auth | Get user information
command: "{{ mysql_command }} -e \"SELECT user, host, plugin FROM mysql.user WHERE user = '{{ test_user_name }}' and host = '%'\""
register: show_create_user
- name: Check that the module made a change
- name: Plugin auth | Check that the module made a change (with hash string)
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
- name: Plugin auth | Check that the expected plugin type is set (with hash string)
assert:
that:
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
when: db_engine == 'mysql' or (db_engine == 'mariadb' and db_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Get the MySQL version using the newly created creds
- name: Plugin auth | Get the MySQL version using the newly created creds
mysql_info:
login_user: '{{ test_user_name }}'
login_password: '{{ test_plugin_auth_string }}'
@ -132,43 +136,45 @@
filter: version
register: result
- name: Assert that mysql_info was successful
- name: Plugin auth | Assert that mysql_info was successful
assert:
that:
- result is succeeded
- name: Update the user with the same hash (no change expected)
- name: Plugin auth | Update the user with the same hash (no change expected)
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
plugin: '{{ test_plugin_type }}'
plugin_hash_string: '{{ test_plugin_hash }}'
register: result
# FIXME: on mariadb 10.2 there's always a change
- name: Check that the module doesn't make a change when the same hash is passed in
- name: Plugin auth | Check that the module doesn't make a change when the same hash is passed in
assert:
that:
- result is not changed
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
when: db_engine == 'mysql' or (db_engine == 'mariadb' and db_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Change the user using the same plugin, but switch to the same auth string in plaintext form
- name: Plugin auth | Change the user using the same plugin, but switch to the same auth string in plaintext form
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
plugin: '{{ test_plugin_type }}'
plugin_auth_string: '{{ test_plugin_auth_string }}'
register: result
# Expecting a change is currently by design (see comment in source).
- name: Check that the module did not change the password
- name: Plugin auth | Check that the module did not change the password
assert:
that:
- result is changed
- name: Getting the MySQL info should still work
- name: Plugin auth | Getting the MySQL info should still work
mysql_info:
login_user: '{{ test_user_name }}'
login_password: '{{ test_plugin_auth_string }}'
@ -177,45 +183,46 @@
filter: version
register: result
- name: Assert that mysql_info was successful
- name: Plugin auth | Assert that mysql_info was successful
assert:
that:
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
- include: utils/remove_user.yml user_name={{ test_user_name }}
# ============================================================
# Test plugin auth initially setting a plaintext auth string and then switching to a hash.
#
- name: Create user with plugin auth (with auth string)
- name: Plugin auth | Create user with plugin auth (with auth string)
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
plugin: '{{ test_plugin_type }}'
plugin_auth_string: '{{ test_plugin_auth_string }}'
priv: '{{ test_default_priv }}'
register: result
- name: Get user information
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
- name: Plugin auth | Get user information(with auth string)
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'%'\""
register: show_create_user
- name: Check that the module made a change
- name: Plugin auth | Check that the module made a change (with auth string)
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
- name: Plugin auth | Check that the expected plugin type is set (with auth string)
assert:
that:
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- test_plugin_type in show_create_user.stdout
when: db_engine == 'mysql' or (db_engine == 'mariadb' and db_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Get the MySQL version using the newly created creds
- name: Plugin auth | Get the MySQL version using the newly created creds
mysql_info:
login_user: '{{ test_user_name }}'
login_password: '{{ test_plugin_auth_string }}'
@ -224,42 +231,44 @@
filter: version
register: result
- name: Assert that mysql_info was successful
- name: Plugin auth | Assert that mysql_info was successful
assert:
that:
- result is succeeded
- name: Update the user with the same auth string
- name: Plugin auth | Update the user with the same auth string
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
plugin: '{{ test_plugin_type }}'
plugin_auth_string: '{{ test_plugin_auth_string }}'
register: result
# This is the current expected behavior because there isn't a reliable way to hash the password in the mysql_user
# module in order to be able to compare this password with the stored hash. See the source for more info.
- name: The module should detect a change even though the password is the same
- name: Plugin auth | The module should detect a change even though the password is the same
assert:
that:
- result is changed
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Change the user using the same plugin, but switch to the same auth string in hash form
- name: Plugin auth | Change the user using the same plugin, but switch to the same auth string in hash form
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
plugin: '{{ test_plugin_type }}'
plugin_hash_string: '{{ test_plugin_hash }}'
register: result
- name: Check that the module did not change the password
- name: Plugin auth | Check that the module did not change the password
assert:
that:
- result is not changed
- name: Get the MySQL version using the newly created creds
- name: Plugin auth | Get the MySQL version using the newly created creds
mysql_info:
login_user: '{{ test_user_name }}'
login_password: '{{ test_plugin_auth_string }}'
@ -268,44 +277,45 @@
filter: version
register: result
- name: Assert that mysql_info was successful
- name: Plugin auth | Assert that mysql_info was successful
assert:
that:
- result is succeeded
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
- include: utils/remove_user.yml user_name={{ test_user_name }}
# ============================================================
# Test plugin auth with an empty auth string.
#
- name: Create user with plugin auth (empty auth string)
- name: Plugin auth | Create user with plugin auth (empty auth string)
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
plugin: '{{ test_plugin_type }}'
priv: '{{ test_default_priv }}'
register: result
- name: Get user information
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
- name: Plugin auth | Get user information (empty auth string)
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'%'\""
register: show_create_user
- name: Check that the module made a change
- name: Plugin auth | Check that the module made a change (empty auth string)
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
- name: Plugin auth | Check that the expected plugin type is set (empty auth string)
assert:
that:
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
when: db_engine == 'mysql' or (db_engine == 'mariadb' and db_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=% priv={{ test_default_priv_type }}
- name: Get the MySQL version using an empty password for the newly created user
- name: Plugin auth | Get the MySQL version using an empty password for the newly created user
mysql_info:
login_user: '{{ test_user_name }}'
login_password: ''
@ -315,12 +325,12 @@
register: result
ignore_errors: true
- name: Assert that mysql_info was successful
- name: Plugin auth | Assert that mysql_info was successful
assert:
that:
- result is succeeded
- name: Get the MySQL version using an non-empty password (should fail)
- name: Plugin auth | Get the MySQL version using an non-empty password (should fail)
mysql_info:
login_user: '{{ test_user_name }}'
login_password: 'some_password'
@ -330,91 +340,92 @@
register: result
ignore_errors: true
- name: Assert that mysql_info failed
- name: Plugin auth | Assert that mysql_info failed
assert:
that:
- result is failed
- name: Update the user without changing the auth mechanism
- name: Plugin auth | Update the user without changing the auth mechanism
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
host: '%'
plugin: '{{ test_plugin_type }}'
state: present
register: result
- name: Assert that the user wasn't changed because the auth string is still empty
- name: Plugin auth | Assert that the user wasn't changed because the auth string is still empty
assert:
that:
- result is not changed
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
- include: utils/remove_user.yml user_name={{ test_user_name }}
# ============================================================
# Test plugin auth switching from one type of plugin to another without an auth string or hash. The only other
# plugins that are loaded by default are sha2*, but these aren't compatible with pymysql < 0.9, so skip these tests
# for those versions.
#
- name: Test plugin auth switching which doesn't work on pymysql < 0.9
- name: Plugin auth | Test plugin auth switching which doesn't work on pymysql < 0.9
when:
- >
connector_name is not search('pymysql')
connector_name != 'pymysql'
or (
connector_name is search('pymysql')
and connector_ver is version('0.9', '>=')
connector_name == 'pymysql'
and connector_version is version('0.9', '>=')
)
block:
- name: Create user with plugin auth (empty auth string)
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
plugin: '{{ test_plugin_type }}'
priv: '{{ test_default_priv }}'
register: result
- name: Plugin auth | Create user with plugin auth (empty auth string)
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
plugin: '{{ test_plugin_type }}'
priv: '{{ test_default_priv }}'
register: result
- name: Get user information
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
register: show_create_user
- name: Plugin auth | Get user information (empty auth string)
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
register: show_create_user
- name: Check that the module made a change
assert:
that:
- result is changed
- name: Plugin auth | Check that the module made a change (empty auth string)
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- "'{{ test_plugin_type }}' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
- name: Plugin auth | Check that the expected plugin type is set (empty auth string)
assert:
that:
- test_plugin_type in show_create_user.stdout
when: db_engine == 'mysql' or (db_engine == 'mariadb' and db_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=localhost priv={{ test_default_priv_type }}
- name: Switch user to sha256_password auth plugin
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
plugin: sha256_password
priv: '{{ test_default_priv }}'
register: result
- name: Plugin auth | Switch user to sha256_password auth plugin
mysql_user:
<<: *mysql_params
name: '{{ test_user_name }}'
plugin: sha256_password
priv: '{{ test_default_priv }}'
register: result
- name: Get user information
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
register: show_create_user
- name: Plugin auth | Get user information (sha256_password)
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
register: show_create_user
- name: Check that the module made a change
assert:
that:
- result is changed
- name: Plugin auth | Check that the module made a change (sha256_password)
assert:
that:
- result is changed
- name: Check that the expected plugin type is set
assert:
that:
- name: Plugin auth | Check that the expected plugin type is set (sha256_password)
assert:
that:
- "'sha256_password' in show_create_user.stdout"
when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
when: db_engine == 'mysql' or (db_engine == 'mariadb' and db_version is version('10.3', '>='))
- include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
- include: utils/assert_user.yml user_name={{ test_user_name }} user_host=localhost priv={{ test_default_priv_type }}
# Cleanup
- include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
# Cleanup
- include: utils/remove_user.yml user_name={{ test_user_name }}

8
tests/integration/targets/test_mysql_user/tasks/utils/assert_no_user.yml Normal file
View file

@ -0,0 +1,8 @@
---
- name: Utils | Assert no user | Query for user {{ user_name }}
command: "{{ mysql_command }} -e \"SELECT User FROM mysql.user where user='{{ user_name }}'\""
register: result
- name: Utils | Assert no user | Assert mysql user is not present
assert:
that: user_name not in result.stdout

21
tests/integration/targets/test_mysql_user/tasks/utils/assert_user.yml Normal file
View file

@ -0,0 +1,21 @@
---
- name: Utils | Assert user | Query for user {{ user_name }}
command: "{{ mysql_command }} -e \"SELECT user FROM mysql.user where user='{{ user_name }}'\""
register: result
- name: Utils | Assert user | Assert user is present
assert:
that:
- user_name in result.stdout
- name: Utils | Assert user | Query for privileges of user {{ user_name }}
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name }}'@'{{ user_host }}'\""
register: result
when: priv is defined
- name: Utils | Assert user | Assert user has given privileges
ansible.builtin.assert:
that:
- "'GRANT {{ priv }} ON *.*' in result.stdout"
when: priv is defined

12
tests/integration/targets/test_mysql_user/tasks/assert_user_password.yml → tests/integration/targets/test_mysql_user/tasks/utils/assert_user_password.yml
View file

@ -1,4 +1,5 @@
- name: "applying user {{ username }}@{{ host }} with update_password={{ update_password }}"
---
- name: Utils | Assert user password | Apply update_password to {{ username }}
mysql_user:
login_user: '{{ mysql_parameters.login_user }}'
login_password: '{{ mysql_parameters.login_password }}'
@ -10,15 +11,18 @@
password: "{{ password }}"
update_password: "{{ update_password }}"
register: result
- name: assert a change occurred
- name: Utils | Assert user password | Assert a change occurred
assert:
that:
- "result.changed | bool == {{ expect_change }} | bool"
- "result.password_changed == {{ expect_password_change }}"
- name: query the user
- name: Utils | Assert user password | Query user {{ username }}
command: "{{ mysql_command }} -BNe \"SELECT plugin, authentication_string FROM mysql.user where user='{{ username }}' and host='{{ host }}'\""
register: existing_user
- name: assert the password is as set to expect_hash
- name: Utils | Assert user password | Assert expect_hash is in user stdout
assert:
that:
- "'mysql_native_password\t{{ expect_password_hash }}' in existing_user.stdout_lines"

12
tests/integration/targets/test_mysql_user/tasks/utils/create_user.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: Utils | Create user {{ user_name }}
mysql_user:
login_user: "{{ mysql_user }}"
login_password: "{{ mysql_password }}"
login_host: "{{ mysql_host }}"
login_port: "{{ mysql_primary_port }}"
name: "{{ user_name }}"
host: "{{ user_host | default(omit) }}"
password: "{{ user_password }}"
state: present

12
tests/integration/targets/test_mysql_user/tasks/utils/remove_user.yml Normal file
View file

@ -0,0 +1,12 @@
---
- name: Utils | Remove user {{ user_name }}
mysql_user:
login_user: "{{ mysql_user }}"
login_password: "{{ mysql_password }}"
login_host: "{{ mysql_host }}"
login_port: "{{ mysql_primary_port }}"
name: "{{ user_name }}"
host_all: true
state: absent
ignore_errors: true

1
tests/integration/targets/test_mysql_variables/defaults/main.yml
View file

@ -2,6 +2,7 @@
# defaults file for test_mysql_variables
mysql_user: root
mysql_password: msandbox
mysql_host: '{{ gateway_addr }}'
mysql_primary_port: 3307
user_name_1: 'db_user1'

3
tests/integration/targets/test_mysql_variables/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- setup_mysql
- setup_controller

7
tests/integration/targets/test_mysql_variables/tasks/assert_var.yml
View file

@ -1,3 +1,4 @@
---
# test code to assert variables in mysql_variables module
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
@ -19,16 +20,16 @@
# ============================================================
# Assert mysql variable name and value from mysql database
#
- name: assert output message changed value
- name: Assert output message changed value
assert:
that:
- "output.changed | bool == changed | bool"
- name: run mysql command to show variable
- name: Run mysql command to show variable
command: "{{ mysql_command }} \"-e show variables like '{{ var_name }}'\""
register: result
- name: assert output mysql variable name and value
- name: Assert output mysql variable name and value
assert:
that:
- result is changed

16
tests/integration/targets/test_mysql_variables/tasks/issue-28.yml
View file

@ -9,7 +9,7 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
when: tls_enabled
block:
@ -25,6 +25,7 @@
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host_all: true
state: absent
ignore_errors: yes
@ -32,6 +33,7 @@
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
host: '%'
password: "{{ user_password_1 }}"
priv: '*.*:ALL,GRANT'
tls_requires:
@ -42,7 +44,7 @@
variable: '{{ set_name }}'
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
register: result
@ -51,19 +53,21 @@
- assert:
that:
- result is failed
when: connector_name is search('pymysql')
when:
- connector_name == 'pymysql'
- assert:
that:
- result is succeeded
when: connector_name is not search('pymysql')
when:
- connector_name != 'pymysql'
- name: attempt connection with newly created user ignoring hostname
mysql_variables:
variable: '{{ set_name }}'
login_user: '{{ user_name_1 }}'
login_password: '{{ user_password_1 }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
ca_cert: /tmp/cert.pem
check_hostname: no
@ -78,5 +82,5 @@
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
host: 127.0.0.1
host_all: true
state: absent

23
tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml
View file

@ -23,15 +23,11 @@
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
block:
- name: alias mysql command to include default options
set_fact:
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
- set_fact:
set_name: 'version'
@ -151,7 +147,7 @@
# ============================================================
# Verify mysql_variable fails when setting an incorrect value (out of range)
#
- name: set mysql variable value to a number out of range
- name: Set mysql variable value to a number out of range
mysql_variables:
<<: *mysql_params
variable: max_connect_errors
@ -160,10 +156,13 @@
ignore_errors: true
- include: assert_var.yml changed=true output={{ oor_result }} var_name=max_connect_errors var_value=1
when: connector_name is not search('pymysql')
when:
- connector_name == 'mysqlclient'
- db_engine == 'mysql' # mysqlclient returns "changed" with MariaDB
- include: assert_fail_msg.yml output={{ oor_result }} msg='Truncated incorrect'
when: connector_name is search('pymysql')
when:
- connector_name == 'pymsql'
# ============================================================
# Verify mysql_variable fails when setting an incorrect value (incorrect type)
@ -246,7 +245,7 @@
mysql_variables:
login_user: '{{ mysql_user }}'
login_password: 'wrongpassword'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
variable: '{{ set_name }}'
register: result
@ -258,7 +257,7 @@
mysql_variables:
login_user: '{{ mysql_user }}'
login_password: 'wrongpassword'
login_host: 127.0.0.1
login_host: '{{ mysql_host }}'
login_port: '{{ mysql_primary_port }}'
variable: '{{ set_name }}'
value: '{{ set_value }}'
@ -360,8 +359,8 @@
- include: assert_var.yml changed=true output={{ result }} var_name={{ set_name }} var_value='{{ def_val }}'
when:
- mysql_version is version('8.0', '>=')
- install_type == 'mysql'
- db_engine == 'mysql'
- db_version is version('8.0', '>=')
# Bugfix of https://github.com/ansible/ansible/issues/54239
# - name: set variable containing dot