[stable-2] Backport stable 2 5 (#235)

* Copy ignore-2.12.txt to ignore-2.13.txt (#225) (cherry picked from commit 4f205ef540) * CI matrix update (#226) * CI matrix update * Fix test_mysql_user * Fix CI * Fix CI * Fix CI * Fix CI * Fix CI (cherry picked from commit fc984b28aa) * integration tests: remove superfluous debug task (#228) * integration tests: remove superfluous debug task * Turn off integration tests against devel (cherry picked from commit f47d4635f1) * mysql_user: fix broken compatibility for priviledge aliases (#233) * mysql_user: fix broken compatibility for priviledge aliases * add changelog fragment * fix changelog fragment * Improve formatting (cherry picked from commit bb3e9fd3fa)
2025-04-06 10:40:36 -07:00 · 2021-10-19 13:20:30 +03:00 · 2021-10-19 13:20:30 +03:00 · 55a8ecd64e
commit 55a8ecd64e
parent a6bacefc41
13 changed files with 104 additions and 43 deletions
--- a/.github/workflows/ansible-test-plugins.yml
+++ b/.github/workflows/ansible-test-plugins.yml
@ -28,6 +28,7 @@ jobs:
          - stable-2.9
          - stable-2.10
          - stable-2.11
          - stable-2.12
          - devel
    steps:
@ -61,9 +62,11 @@ jobs:
          - stable-2.9
          - stable-2.10
          - stable-2.11
          - stable-2.12
          #- devel
        python:
          - 3.6
          - 3.8
        connector:
          - pymysql==0.7.10
          - pymysql==0.9.3
@ -71,6 +74,17 @@ jobs:
        exclude:
          - mysql: 8.0.22
            connector: pymysql==0.7.10
          - python: 3.8
            ansible: stable-2.9
          - python: 3.8
            ansible: stable-2.10
          - python: 3.8
            ansible: stable-2.11
          - python: 3.6
            ansible: stable-2.12
          - python: 3.6
            ansible: devel
    steps:
      - name: Check out code
@ -116,6 +130,7 @@ jobs:
          - stable-2.9
          - stable-2.10
          - stable-2.11
          - stable-2.12
          - devel
    steps:
--- a/changelogs/fragments/233-mysql_user_return_valid_privs.yml
+++ b/changelogs/fragments/233-mysql_user_return_valid_privs.yml
@ -0,0 +1,2 @@
 bugfixes:
  - mysql_user - Fix crash reporting ``Invalid privileges specified`` when passing privileges that became aliases (https://github.com/ansible-collections/community.mysql/issues/232).
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@ -21,6 +21,46 @@ from ansible_collections.community.mysql.plugins.module_utils.mysql import (
 EXTRA_PRIVS = ['ALL', 'ALL PRIVILEGES', 'GRANT', 'REQUIRESSL']
 # This list is kept for backwards compatibility after release 2.3.0,
 # see https://github.com/ansible-collections/community.mysql/issues/232 for details
 VALID_PRIVS = [
    'CREATE', 'DROP', 'GRANT', 'GRANT OPTION',
    'LOCK TABLES', 'REFERENCES', 'EVENT', 'ALTER',
    'DELETE', 'INDEX', 'INSERT', 'SELECT', 'UPDATE',
    'CREATE TEMPORARY TABLES', 'TRIGGER', 'CREATE VIEW',
    'SHOW VIEW', 'ALTER ROUTINE', 'CREATE ROUTINE',
    'EXECUTE', 'FILE', 'CREATE TABLESPACE', 'CREATE USER',
    'PROCESS', 'PROXY', 'RELOAD', 'REPLICATION CLIENT',
    'REPLICATION SLAVE', 'SHOW DATABASES', 'SHUTDOWN',
    'SUPER', 'ALL', 'ALL PRIVILEGES', 'USAGE',
    'REQUIRESSL',  # Deprecated, to be removed in version 3.0.0
    'CREATE ROLE', 'DROP ROLE', 'APPLICATION_PASSWORD_ADMIN',
    'AUDIT_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
    'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
    'ENCRYPTION_KEY_ADMIN', 'FIREWALL_ADMIN', 'FIREWALL_USER',
    'GROUP_REPLICATION_ADMIN', 'INNODB_REDO_LOG_ARCHIVE',
    'NDB_STORED_USER', 'PERSIST_RO_VARIABLES_ADMIN',
    'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
    'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER',
    'ROLE_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID',
    'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'SYSTEM_USER',
    'TABLE_ENCRYPTION_ADMIN', 'VERSION_TOKEN_ADMIN',
    'XA_RECOVER_ADMIN', 'LOAD FROM S3', 'SELECT INTO S3',
    'INVOKE LAMBDA',
    'ALTER ROUTINE',
    'BINLOG ADMIN',
    'BINLOG MONITOR',
    'BINLOG REPLAY',
    'CONNECTION ADMIN',
    'READ_ONLY ADMIN',
    'REPLICATION MASTER ADMIN',
    'REPLICATION SLAVE ADMIN',
    'SET USER',
    'SHOW_ROUTINE',
    'SLAVE MONITOR',
    'REPLICA MONITOR',
 ]
 class InvalidPrivsError(Exception):
    pass
@ -110,7 +150,8 @@ def get_tls_requires(cursor, user, host):
 def get_valid_privs(cursor):
    cursor.execute("SHOW PRIVILEGES")
    show_privs = [priv[0].upper() for priv in cursor.fetchall()]
-    all_privs = show_privs + EXTRA_PRIVS
+    # See the comment above VALID_PRIVS declaration
    all_privs = show_privs + EXTRA_PRIVS + VALID_PRIVS
    return frozenset(all_privs)
--- a/tests/integration/targets/setup_mysql/tasks/install.yml
+++ b/tests/integration/targets/setup_mysql/tasks/install.yml
@ -28,6 +28,23 @@
 - name: "{{ role_name }} | install | install python packages"
  pip:
    name: "{{ python_packages }}"
  register: connector
 - name: Extract connector.name.0 content
  set_fact:
    connector_name: "{{ connector.name.0 }}"
 - name: Debug connector_name content
  debug:
    msg: '{{ connector_name }}'
 - name: Extract connector version
  set_fact:
    connector_ver: "{{ connector_name.split('=')[2].strip() }}"
 - name: Debug connector_ver var content
  debug:
    msg: '{{ connector_ver }}'
 - name: "{{ role_name }} | install | install packages required by mysql"
  apt:
--- a/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml
+++ b/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml
@ -11,27 +11,26 @@
 - name: Add fake port to config file
  shell: 'echo "port = {{ fake_port }}" >> {{ config_file }}'
 - name: Get pymysql version
  shell: pip show pymysql | awk '/Version/ {print $2}'
  register: pymysql_version
 - name: Add blank line
  shell: 'echo "" >> {{ config_file }}'
-  when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
+  when:
  - (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')
 - name: Create include_dir
  file:
    path: '{{ include_dir }}'
    state: directory
    mode: '0777'
-  when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
+  when:
  - (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')
 - name: Add include_dir
  lineinfile:
    path: '{{ config_file }}'
    line: '!includedir {{ include_dir }}'
    insertafter: EOF
-  when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
+  when:
  - (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')
 - name: Create database using fake port to connect to, must fail
  mysql_db:
--- a/tests/integration/targets/test_mysql_db/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_db/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:
    # ============================================================
    - shell: pip show pymysql | awk '/Version/ {print $2}'
      register: pymysql_version
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -49,12 +46,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
    - name: attempt connection with newly created user ignoring hostname
      mysql_db:
--- a/tests/integration/targets/test_mysql_info/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_info/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:
    # ============================================================
    - shell: pip show pymysql | awk '/Version/ {print $2}'
      register: pymysql_version
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -47,12 +44,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
    - name: attempt connection with newly created user ignoring hostname
      mysql_info:
--- a/tests/integration/targets/test_mysql_query/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_query/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:
    # ============================================================
    - shell: pip show pymysql | awk '/Version/ {print $2}'
      register: pymysql_version
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -47,12 +44,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
    - name: attempt connection with newly created user ignoring hostname
      mysql_query:
--- a/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:
    # ============================================================
    - shell: pip show pymysql | awk '/Version/ {print $2}'
      register: pymysql_version
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -48,12 +45,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
    - name: attempt connection with newly created user ignoring hostname
      mysql_replication:
--- a/tests/integration/targets/test_mysql_user/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:
    # ============================================================
    - shell: pip show pymysql | awk '/Version/ {print $2}'
      register: pymysql_version
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -50,12 +47,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
    - name: attempt connection with newly created user ignoring hostname
      mysql_user:
--- a/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml
@ -9,9 +9,6 @@
  block:
    # ============================================================
    - shell: pip show pymysql | awk '/Version/ {print $2}'
      register: pymysql_version
    - name: get server certificate
      copy:
        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@ -48,12 +45,12 @@
    - assert:
        that:
          - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
    - assert:
        that:
          - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
    - name: attempt connection with newly created user ignoring hostname
      mysql_variables:
--- a/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml
+++ b/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml
@ -151,9 +151,6 @@
    # ============================================================
    # Verify mysql_variable fails when setting an incorrect value (out of range)
    #
    - shell: pip show pymysql | awk '/Version/ {print $2}'
      register: pymysql_version
    - name: set mysql variable value to a number out of range
      mysql_variables:
        <<: *mysql_params
@ -163,10 +160,10 @@
      ignore_errors: true
    - include: assert_var.yml changed=true output={{ oor_result }} var_name=max_connect_errors var_value=1
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
    - include: assert_fail_msg.yml output={{ oor_result }}  msg='Truncated incorrect'
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
    # ============================================================
    # Verify mysql_variable fails when setting an incorrect value (incorrect type)
--- a/tests/sanity/ignore-2.13.txt
+++ b/tests/sanity/ignore-2.13.txt
@ -0,0 +1,8 @@
 plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch
 plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements
 plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
 plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch
 plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements
 plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements
 plugins/modules/mysql_user.py validate-modules:undocumented-parameter
 plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch
		`@ -0,0 +1,2 @@`
							`bugfixes:`
							- mysql_user - Fix crash reporting ``Invalid privileges specified`` when passing privileges that became aliases (https://github.com/ansible-collections/community.mysql/issues/232).