[stable-2] Backport stable 2 5 (#235)

* Copy ignore-2.12.txt to ignore-2.13.txt (#225) (cherry picked from commit 4f205ef540) * CI matrix update (#226) * CI matrix update * Fix test_mysql_user * Fix CI * Fix CI * Fix CI * Fix CI * Fix CI (cherry picked from commit fc984b28aa) * integration tests: remove superfluous debug task (#228) * integration tests: remove superfluous debug task * Turn off integration tests against devel (cherry picked from commit f47d4635f1) * mysql_user: fix broken compatibility for priviledge aliases (#233) * mysql_user: fix broken compatibility for priviledge aliases * add changelog fragment * fix changelog fragment * Improve formatting (cherry picked from commit bb3e9fd3fa)
2025-04-05 10:10:32 -07:00 · 2021-10-19 13:20:30 +03:00 · 2021-10-19 13:20:30 +03:00 · 55a8ecd64e
commit 55a8ecd64e
parent a6bacefc41
13 changed files with 104 additions and 43 deletions
--- a/.github/workflows/ansible-test-plugins.yml
+++ b/.github/workflows/ansible-test-plugins.yml
@ -28,6 +28,7 @@ jobs:
          - stable-2.9
          - stable-2.10
          - stable-2.11
+          - stable-2.12
          - devel
    steps:

@ -61,9 +62,11 @@ jobs:
          - stable-2.9
          - stable-2.10
          - stable-2.11
+          - stable-2.12
          #- devel
        python:
          - 3.6
+          - 3.8
        connector:
          - pymysql==0.7.10
          - pymysql==0.9.3
@ -71,6 +74,17 @@ jobs:
        exclude:
          - mysql: 8.0.22
            connector: pymysql==0.7.10
+          - python: 3.8
+            ansible: stable-2.9
+          - python: 3.8
+            ansible: stable-2.10
+          - python: 3.8
+            ansible: stable-2.11
+          - python: 3.6
+            ansible: stable-2.12
+          - python: 3.6
+            ansible: devel
+
    steps:

      - name: Check out code
@ -116,6 +130,7 @@ jobs:
          - stable-2.9
          - stable-2.10
          - stable-2.11
+          - stable-2.12
          - devel

    steps:
--- a/changelogs/fragments/233-mysql_user_return_valid_privs.yml
+++ b/changelogs/fragments/233-mysql_user_return_valid_privs.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - mysql_user - Fix crash reporting ``Invalid privileges specified`` when passing privileges that became aliases (https://github.com/ansible-collections/community.mysql/issues/232).
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@ -21,6 +21,46 @@ from ansible_collections.community.mysql.plugins.module_utils.mysql import (

 EXTRA_PRIVS = ['ALL', 'ALL PRIVILEGES', 'GRANT', 'REQUIRESSL']

+# This list is kept for backwards compatibility after release 2.3.0,
+# see https://github.com/ansible-collections/community.mysql/issues/232 for details
+VALID_PRIVS = [
+    'CREATE', 'DROP', 'GRANT', 'GRANT OPTION',
+    'LOCK TABLES', 'REFERENCES', 'EVENT', 'ALTER',
+    'DELETE', 'INDEX', 'INSERT', 'SELECT', 'UPDATE',
+    'CREATE TEMPORARY TABLES', 'TRIGGER', 'CREATE VIEW',
+    'SHOW VIEW', 'ALTER ROUTINE', 'CREATE ROUTINE',
+    'EXECUTE', 'FILE', 'CREATE TABLESPACE', 'CREATE USER',
+    'PROCESS', 'PROXY', 'RELOAD', 'REPLICATION CLIENT',
+    'REPLICATION SLAVE', 'SHOW DATABASES', 'SHUTDOWN',
+    'SUPER', 'ALL', 'ALL PRIVILEGES', 'USAGE',
+    'REQUIRESSL',  # Deprecated, to be removed in version 3.0.0
+    'CREATE ROLE', 'DROP ROLE', 'APPLICATION_PASSWORD_ADMIN',
+    'AUDIT_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
+    'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
+    'ENCRYPTION_KEY_ADMIN', 'FIREWALL_ADMIN', 'FIREWALL_USER',
+    'GROUP_REPLICATION_ADMIN', 'INNODB_REDO_LOG_ARCHIVE',
+    'NDB_STORED_USER', 'PERSIST_RO_VARIABLES_ADMIN',
+    'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
+    'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER',
+    'ROLE_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID',
+    'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'SYSTEM_USER',
+    'TABLE_ENCRYPTION_ADMIN', 'VERSION_TOKEN_ADMIN',
+    'XA_RECOVER_ADMIN', 'LOAD FROM S3', 'SELECT INTO S3',
+    'INVOKE LAMBDA',
+    'ALTER ROUTINE',
+    'BINLOG ADMIN',
+    'BINLOG MONITOR',
+    'BINLOG REPLAY',
+    'CONNECTION ADMIN',
+    'READ_ONLY ADMIN',
+    'REPLICATION MASTER ADMIN',
+    'REPLICATION SLAVE ADMIN',
+    'SET USER',
+    'SHOW_ROUTINE',
+    'SLAVE MONITOR',
+    'REPLICA MONITOR',
+]
+

 class InvalidPrivsError(Exception):
    pass
@ -110,7 +150,8 @@ def get_tls_requires(cursor, user, host):
 def get_valid_privs(cursor):
    cursor.execute("SHOW PRIVILEGES")
    show_privs = [priv[0].upper() for priv in cursor.fetchall()]
-    all_privs = show_privs + EXTRA_PRIVS
+    # See the comment above VALID_PRIVS declaration
+    all_privs = show_privs + EXTRA_PRIVS + VALID_PRIVS
    return frozenset(all_privs)


--- a/tests/integration/targets/setup_mysql/tasks/install.yml
+++ b/tests/integration/targets/setup_mysql/tasks/install.yml
@ -28,6 +28,23 @@
 - name: "{{ role_name }} | install | install python packages"
  pip:
    name: "{{ python_packages }}"
+  register: connector
+
+- name: Extract connector.name.0 content
+  set_fact:
+    connector_name: "{{ connector.name.0 }}"
+
+- name: Debug connector_name content
+  debug:
+    msg: '{{ connector_name }}'
+
+- name: Extract connector version
+  set_fact:
+    connector_ver: "{{ connector_name.split('=')[2].strip() }}"
+
+- name: Debug connector_ver var content
+  debug:
+    msg: '{{ connector_ver }}'

 - name: "{{ role_name }} | install | install packages required by mysql"
  apt:
--- a/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml
+++ b/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml
@ -11,27 +11,26 @@
 - name: Add fake port to config file
  shell: 'echo "port = {{ fake_port }}" >> {{ config_file }}'

- name: Get pymysql version
-  shell: pip show pymysql | awk '/Version/ {print $2}'
-  register: pymysql_version
-
 - name: Add blank line
  shell: 'echo "" >> {{ config_file }}'
-  when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
+  when:
+  - (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')

 - name: Create include_dir
  file:
    path: '{{ include_dir }}'
    state: directory
    mode: '0777'
-  when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
+  when:
+  - (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')

 - name: Add include_dir
  lineinfile:
    path: '{{ config_file }}'
    line: '!includedir {{ include_dir }}'
    insertafter: EOF
-  when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
+  when:
+  - (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')

 - name: Create database using fake port to connect to, must fail
  mysql_db:
--- a/tests/integration/targets/test_mysql_db/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_db/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:

    # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -49,12 +46,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')

    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')

    - name: attempt connection with newly created user ignoring hostname
      mysql_db:
--- a/tests/integration/targets/test_mysql_info/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_info/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:

    # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -47,12 +44,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')

    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')

    - name: attempt connection with newly created user ignoring hostname
      mysql_info:
--- a/tests/integration/targets/test_mysql_query/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_query/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:

    # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -47,12 +44,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')

    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')

    - name: attempt connection with newly created user ignoring hostname
      mysql_query:
--- a/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:

    # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -48,12 +45,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')

    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')

    - name: attempt connection with newly created user ignoring hostname
      mysql_replication:
--- a/tests/integration/targets/test_mysql_user/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:

    # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -50,12 +47,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')

    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')

    - name: attempt connection with newly created user ignoring hostname
      mysql_user:
--- a/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:

    # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -48,12 +45,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')

    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')

    - name: attempt connection with newly created user ignoring hostname
      mysql_variables:
--- a/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml
+++ b/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml
@ -151,9 +151,6 @@
    # ============================================================
    # Verify mysql_variable fails when setting an incorrect value (out of range)
    #
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
    - name: set mysql variable value to a number out of range
      mysql_variables:
        <<: *mysql_params
@ -163,10 +160,10 @@
      ignore_errors: true

    - include: assert_var.yml changed=true output={{ oor_result }} var_name=max_connect_errors var_value=1
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')

    - include: assert_fail_msg.yml output={{ oor_result }}  msg='Truncated incorrect'
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')

    # ============================================================
    # Verify mysql_variable fails when setting an incorrect value (incorrect type)
--- a/tests/sanity/ignore-2.13.txt
+++ b/tests/sanity/ignore-2.13.txt
@ -0,0 +1,8 @@
+plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
+plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_user.py validate-modules:undocumented-parameter
+plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch