ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-25 20:01:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'ansible-collections:main' into lie_tests_using_containers

Browse source
This commit is contained in:
Laurent Indermühle 2023-01-23 15:41:21 +01:00 committed by GitHub
commit 5538e17d75
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 75 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -1,5 +1,5 @@
# MySQL collection for Ansible
[![Plugins CI](https://github.com/ansible-collections/community.mysql/workflows/Plugins%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.mysql/actions?query=workflow%3A"Plugins+CI") [![Roles CI](https://github.com/ansible-collections/community.mysql/workflows/Roles%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.mysql/actions?query=workflow%3A"Roles+CI") [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.mysql)](https://codecov.io/gh/ansible-collections/community.mysql) [![](https://img.shields.io/matrix/mysql:ansible.com.svg?server_fqdn=ansible-accounts.ems.host&label=Discuss%20at%20%23mysql:ansible.com&logo=matrix)]
[![Plugins CI](https://github.com/ansible-collections/community.mysql/workflows/Plugins%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.mysql/actions?query=workflow%3A"Plugins+CI") [![Roles CI](https://github.com/ansible-collections/community.mysql/workflows/Roles%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.mysql/actions?query=workflow%3A"Roles+CI") [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.mysql)](https://codecov.io/gh/ansible-collections/community.mysql) ![](https://img.shields.io/matrix/mysql:ansible.com.svg?server_fqdn=ansible-accounts.ems.host&label=Discuss%20on%20Matrix%20%23mysql:ansible.com&logo=matrix)
This collection is a part of the Ansible package.

3
changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml Normal file
View file

@ -0,0 +1,3 @@
---
minor_changes:
- mysql_user - add plugin_auth_string as optional parameter to use a specific pam service if pam/auth_pam plugin is used (https://github.com/ansible-collections/community.mysql/pull/445).

3
changelogs/fragments/479_enable_auto_commit.yml Normal file
View file

@ -0,0 +1,3 @@
---
minor_changes:
- mysql_user - enable auto_commit to avoid MySQL metadata table lock (https://github.com/ansible-collections/community.mysql/issues/479).

12
plugins/module_utils/user.py
View file

@ -170,7 +170,11 @@ def user_add(cursor, user, host, host_all, password, encrypted,
elif plugin and plugin_hash_string:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
elif plugin and plugin_auth_string:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
# Mysql and MariaDB differ in naming pam plugin and Syntax to set it
if plugin == 'pam': # Used by MariaDB which requires the USING keyword, not BY
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
else:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
elif plugin:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)
else:
@ -305,7 +309,11 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
if plugin_hash_string:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
elif plugin_auth_string:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
# Mysql and MariaDB differ in naming pam plugin and syntax to set it
if plugin == 'pam':
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
else:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
else:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)

26
plugins/modules/mysql_db.py
View file

@ -53,12 +53,12 @@ options:
description:
- Execute the dump in a single transaction.
type: bool
default: no
default: false
quick:
description:
- Option used for dumping large tables.
type: bool
default: yes
default: true
ignore_tables:
description:
- A list of table names that will be ignored in the dump
@ -70,14 +70,14 @@ options:
description:
- Dump binary columns using hexadecimal notation.
type: bool
default: no
default: false
version_added: '0.1.0'
force:
description:
- Continue dump or import even if we get an SQL error.
- Used only when I(state) is C(dump) or C(import).
type: bool
default: no
default: false
version_added: '0.1.0'
master_data:
description:
@ -96,7 +96,7 @@ options:
description:
- Skip locking tables for read. Used when I(state=dump), ignored otherwise.
type: bool
default: no
default: false
version_added: '0.1.0'
dump_extra_args:
description:
@ -110,7 +110,7 @@ options:
- If C(yes), the module will internally execute commands via a shell.
- Used when I(state=import), ignored otherwise.
type: bool
default: no
default: false
version_added: '0.1.0'
unsafe_login_password:
description:
@ -121,7 +121,7 @@ options:
- Used only when I(state) is C(import) or C(dump) and
I(login_password) is passed, ignored otherwise.
type: bool
default: no
default: false
version_added: '0.1.0'
restrict_config_file:
description:
@ -132,14 +132,14 @@ options:
under the hood that read named option file in addition to usual option files.
- If this behavior is undesirable, use C(yes) to read only named option file.
type: bool
default: no
default: false
version_added: '0.1.0'
check_implicit_admin:
description:
- Check if mysql allows login as root/nopassword before trying supplied credentials.
- If success, passed I(login_user)/I(login_password) will be ignored.
type: bool
default: no
default: false
version_added: '0.1.0'
config_overrides_defaults:
description:
@ -148,7 +148,7 @@ options:
- Used when I(stat) is C(present) or C(absent), ignored otherwise.
- It needs Python 3.5+ as the default interpreter on a target host.
type: bool
default: no
default: false
version_added: '0.1.0'
chdir:
description:
@ -163,7 +163,7 @@ options:
- The default is C(no) to prevent issues on systems without bash as a default interpreter.
- The default will change to C(yes) in community.mysql 4.0.0.
type: bool
default: no
default: false
version_added: '3.4.0'
seealso:
@ -230,7 +230,7 @@ EXAMPLES = r'''
name: my_db
state: import
target: /tmp/dump.sql.bz2
force: yes
force: true
- name: Dump multiple databases
community.mysql.mysql_db:
@ -302,7 +302,7 @@ EXAMPLES = r'''
- name: Try to create database as root/nopassword first. If not allowed, pass the credentials
community.mysql.mysql_db:
check_implicit_admin: yes
check_implicit_admin: true
login_user: bob
login_password: 123456
name: bobdata

10
plugins/modules/mysql_info.py
View file

@ -42,7 +42,7 @@ options:
description:
- Includes names of empty databases to returned dictionary.
type: bool
default: no
default: false
notes:
- Calculating the size of a database might be slow, depending on the number and size of tables in it.
@ -96,14 +96,14 @@ EXAMPLES = r'''
filter: "!settings,!users"
- name: Collect info about databases and version using ~/.my.cnf as a credential file
become: yes
become: true
community.mysql.mysql_info:
filter:
- databases
- version
- name: Collect info about databases and version using ~alice/.my.cnf as a credential file
become: yes
become: true
community.mysql.mysql_info:
config_file: /home/alice/.my.cnf
filter:
@ -111,13 +111,13 @@ EXAMPLES = r'''
- version
- name: Collect info about databases including empty and excluding their sizes
become: yes
become: true
community.mysql.mysql_info:
config_file: /home/alice/.my.cnf
filter:
- databases
exclude_fields: db_size
return_empty_dbs: yes
return_empty_dbs: true
'''
RETURN = r'''

6
plugins/modules/mysql_query.py
View file

@ -27,7 +27,7 @@ options:
the state has been changed even if it has not. If it is important in your
workflow, use the C(PyMySQL) connector instead.
type: raw
required: yes
required: true
positional_args:
description:
- List of values to be passed as positional arguments to the query.
@ -46,7 +46,7 @@ options:
description:
- Where passed queries run in a single transaction (C(yes)) or commit them one-by-one (C(no)).
type: bool
default: no
default: false
seealso:
- module: community.mysql.mysql_db
author:
@ -87,7 +87,7 @@ EXAMPLES = r'''
query:
- INSERT INTO articles (id, story) VALUES (2, 'my_long_story')
- INSERT INTO prices (id, price) VALUES (123, '100.00')
single_transaction: yes
single_transaction: true
'''
RETURN = r'''

6
plugins/modules/mysql_replication.py
View file

@ -184,7 +184,7 @@ options:
description:
- Fails on error when calling mysql.
type: bool
default: False
default: false
version_added: '0.1.0'
notes:
@ -263,12 +263,12 @@ EXAMPLES = r'''
community.mysql.mysql_replication:
mode: startreplica
connection_name: primary-1
fail_on_error: yes
fail_on_error: true
- name: Change primary and fail on error (like when replica thread is running)
community.mysql.mysql_replication:
mode: changeprimary
fail_on_error: yes
fail_on_error: true
'''

32
plugins/modules/mysql_role.py
View file

@ -53,7 +53,7 @@ options:
- Append the privileges defined by the I(priv) option to the existing ones
for this role instead of overwriting them. Mutually exclusive with I(subtract_privs).
type: bool
default: no
default: false
subtract_privs:
description:
@ -62,7 +62,7 @@ options:
Mutually exclusive with I(append_privs).
version_added: '3.2.0'
type: bool
default: no
default: false
members:
description:
@ -80,7 +80,7 @@ options:
for this role instead of overwriting them.
- Mutually exclusive with the I(detach_members) and I(admin) option.
type: bool
default: no
default: false
detach_members:
description:
@ -88,7 +88,7 @@ options:
instead of overwriting all the current members.
- Mutually exclusive with the I(append_members) and I(admin) option.
type: bool
default: no
default: false
set_default_role_all:
description:
@ -96,7 +96,7 @@ options:
- If C(yes), runs B(SET DEFAULT ROLE ALL TO) each of the I(members) when changed.
- If you want to avoid this behavior, set this option to C(no) explicitly.
type: bool
default: yes
default: true
state:
description:
@ -112,14 +112,14 @@ options:
- Check if mysql allows login as root/nopassword before trying supplied credentials.
- If success, passed I(login_user)/I(login_password) will be ignored.
type: bool
default: no
default: false
members_must_exist:
description:
- When C(yes), the module fails if any user in I(members) does not exist.
- When C(no), users in I(members) which don't exist are simply skipped.
type: bool
default: yes
default: true
notes:
- Pay attention that the module runs C(SET DEFAULT ROLE ALL TO)
@ -181,7 +181,7 @@ EXAMPLES = r'''
members:
- 'alice@%'
- 'bob@%'
set_default_role_all: no
set_default_role_all: false
# Assuming that the role developers exists,
# add john to the current members
@ -189,7 +189,7 @@ EXAMPLES = r'''
community.mysql.mysql_role:
name: developers
state: present
append_members: yes
append_members: true
members:
- 'joe@localhost'
@ -208,7 +208,7 @@ EXAMPLES = r'''
name: readers
state: present
priv: 'fiction.*:UPDATE'
append_privs: yes
append_privs: true
- name: Create role with the 'SELECT' and 'UPDATE' privileges in db1 and db2
community.mysql.mysql_role:
@ -224,7 +224,7 @@ EXAMPLES = r'''
name: readers
members:
- 'joe@localhost'
detach_members: yes
detach_members: true
- name: Remove the role readers if exists
community.mysql.mysql_role:
@ -258,7 +258,7 @@ EXAMPLES = r'''
community.mysql.mysql_role:
state: present
name: foo
subtract_privs: yes
subtract_privs: true
priv:
'db1.*': DELETE
@ -266,8 +266,8 @@ EXAMPLES = r'''
community.mysql.mysql_role:
state: present
name: foo
append_members: yes
members_must_exist: no
append_members: true
members_must_exist: false
members:
- 'existing_user@localhost'
- 'not_existing_user@localhost'
@ -276,8 +276,8 @@ EXAMPLES = r'''
community.mysql.mysql_role:
state: present
name: foo
detach_members: yes
members_must_exist: no
detach_members: true
members_must_exist: false
members:
- 'existing_user@localhost'
- 'not_existing_user@localhost'

33
plugins/modules/mysql_user.py
View file

@ -29,7 +29,7 @@ options:
description:
- Indicate that the 'password' field is a `mysql_native_password` hash.
type: bool
default: no
default: false
host:
description:
- The 'host' part of the MySQL username.
@ -41,7 +41,7 @@ options:
to all hostnames for a given user.
- This option cannot be used when creating users.
type: bool
default: no
default: false
priv:
description:
- "MySQL privileges string in the format: C(db.table:priv1,priv2)."
@ -66,7 +66,7 @@ options:
- Append the privileges defined by priv to the existing ones for this
user instead of overwriting existing ones. Mutually exclusive with I(subtract_privs).
type: bool
default: no
default: false
subtract_privs:
description:
- Revoke the privileges defined by the I(priv) option and keep other existing privileges.
@ -74,7 +74,7 @@ options:
Mutually exclusive with I(append_privs).
version_added: '3.2.0'
type: bool
default: no
default: false
tls_requires:
description:
- Set requirement for secure transport as a dictionary of requirements (see the examples).
@ -87,7 +87,7 @@ options:
description:
- Whether binary logging should be enabled or disabled for the connection.
type: bool
default: yes
default: true
force_context:
description:
- Sets the С(mysql) system database as context for the executed statements (it will be used
@ -99,7 +99,7 @@ options:
- See U(https://dev.mysql.com/doc/refman/8.0/en/replication-options-replica.html#option_mysqld_replicate-ignore-db)
for a description on how replication filters work (filtering on the replica).
type: bool
default: no
default: false
version_added: '3.1.0'
state:
description:
@ -113,11 +113,11 @@ options:
- Check if mysql allows login as root/nopassword before trying supplied credentials.
- If success, passed I(login_user)/I(login_password) will be ignored.
type: bool
default: no
default: false
update_password:
description:
- C(always) will update passwords if they differ. This affects I(password) and the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string).
- C(on_create) will only set the password or the combination of plugin, plugin_hash_string, plugin_auth_string for newly created users.
- C(on_create) will only set the password or the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string) for newly created users.
- "C(on_new_username) works like C(on_create), but it tries to reuse an existing password: If one different user
with the same username exists, or multiple different users with the same username and equal C(plugin) and
C(authentication_string) attribute, the existing C(plugin) and C(authentication_string) are used for the
@ -138,6 +138,7 @@ options:
plugin_auth_string:
description:
- User's plugin auth_string (``CREATE USER user IDENTIFIED WITH plugin BY plugin_auth_string``).
- If I(plugin) is ``pam`` (MariaDB) or ``auth_pam`` (MySQL) an optional I(plugin_auth_string) can be used to choose a specific PAM service.
type: str
version_added: '0.1.0'
resource_limits:
@ -189,7 +190,7 @@ EXAMPLES = r'''
- name: Removes all anonymous user accounts
community.mysql.mysql_user:
name: ''
host_all: yes
host_all: true
state: absent
- name: Create database user with name 'bob' and password '12345' with all database privileges
@ -203,7 +204,7 @@ EXAMPLES = r'''
community.mysql.mysql_user:
name: bob
password: '*EE0D72C1085C46C5278932678FBE2C6A782821B4'
encrypted: yes
encrypted: true
priv: '*.*:ALL'
state: present
@ -264,7 +265,7 @@ EXAMPLES = r'''
If mysql allows root/nopassword login, try it without the credentials first.
If it's not allowed, pass the credentials
community.mysql.mysql_user:
check_implicit_admin: yes
check_implicit_admin: true
login_user: root
login_password: 123456
name: sally
@ -273,7 +274,7 @@ EXAMPLES = r'''
- name: Ensure no user named 'sally' exists at all
community.mysql.mysql_user:
name: sally
host_all: yes
host_all: true
state: absent
- name: Specify grants composed of more than one word
@ -305,7 +306,7 @@ EXAMPLES = r'''
password: 12345
priv: "*.*:USAGE"
state: present
sql_log_bin: no
sql_log_bin: false
- name: Create user 'bob' authenticated with plugin 'AWSAuthenticationPlugin'
community.mysql.mysql_user:
@ -325,7 +326,7 @@ EXAMPLES = r'''
- name: Ensure bob does not have the DELETE privilege
community.mysql.mysql_user:
name: bob
subtract_privs: yes
subtract_privs: true
priv:
'db1.*': DELETE
@ -432,13 +433,13 @@ def main():
if check_implicit_admin:
try:
cursor, db_conn = mysql_connect(module, "root", "", config_file, ssl_cert, ssl_key, ssl_ca, db,
connect_timeout=connect_timeout, check_hostname=check_hostname)
connect_timeout=connect_timeout, check_hostname=check_hostname, autocommit=True)
except Exception:
pass
if not cursor:
cursor, db_conn = mysql_connect(module, login_user, login_password, config_file, ssl_cert, ssl_key, ssl_ca, db,
connect_timeout=connect_timeout, check_hostname=check_hostname)
connect_timeout=connect_timeout, check_hostname=check_hostname, autocommit=True)
except Exception as e:
module.fail_json(msg="unable to connect to database, check login_user and login_password are correct or %s has the credentials. "
"Exception message: %s" % (config_file, to_native(e)))

2
plugins/modules/mysql_variables.py
View file

@ -22,7 +22,7 @@ options:
description:
- Variable name to operate.
type: str
required: yes
required: true
value:
description:
- If set, then sets variable value to this.