some changes and integration tests

2025-07-25 14:20:24 -07:00 · 2023-11-28 21:28:04 +02:00 · 2023-11-28 21:28:04 +02:00 · 6d73c24526
commit 6d73c24526
parent 10780aee98
5 changed files with 230 additions and 20 deletions
--- a/tests/integration/targets/test_mysql_user/tasks/main.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/main.yml
@ -43,6 +43,8 @@

    - include_tasks: test_idempotency.yml

+    - include_tasks: test_password_expire.yml
+
    # ============================================================
    # Create user with no privileges and verify default privileges are assign
    #
--- a/tests/integration/targets/test_mysql_user/tasks/test_password_expire.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/test_password_expire.yml
@ -0,0 +1,113 @@
+---
+# Tests scenarios for password_expire
+
+- vars:
+    mysql_parameters:
+      login_user: "{{ mysql_user }}"
+      login_password: "{{ mysql_password }}"
+      login_host: "{{ mysql_host }}"
+      login_port: "{{ mysql_primary_port }}"
+      password_expire: "{{ password_expire }}"
+
+  block:
+    - include_tasks: utils/assert_user_password_expire.yml
+      vars:
+        username: "{{ item.username }}"
+        host: "%"
+        password_expire: "{{ item.password_expire }}"
+        password: "{{ user_password_1 }}"
+        expect_change: "{{ item.expect_change }}"
+        expect_password_expire_change: "{{ item.expect_password_expire_change }}"
+        expected_password_lifetime: "{{ item.expected_password_lifetime }}"
+        password_expire_interval: "{{ item.password_expire_interval | default(omit) }}"
+        expected_password_expired: "{{ item.expected_password_expired }}"
+
+      loop:
+        # all variants set the password when nothing exists
+        # never expires
+        - username: "{{ user_name_1 }}"
+          password_expire: never
+          expect_change: true
+          expected_password_lifetime: "0"
+          expected_password_expired: "N"
+        # expires ussing default policy
+        - username: "{{ user_name_2 }}"
+          password_expire: default
+          expect_change: true
+          expected_password_lifetime: "-1"
+          expected_password_expired: "N"
+        # expires ussing interval
+        - username: "{{ user_name_3 }}"
+          password_expire: interval
+          password_expire_interval: "10"
+          expect_change: true
+          expected_password_lifetime: "10"
+          expected_password_expired: "N"
+
+        # assert idempotency
+        - username: "{{ user_name_1 }}"
+          password_expire: never
+          expect_change: false
+          expected_password_lifetime: "0"
+          expected_password_expired: "N"
+        - username: "{{ user_name_2 }}"
+          password_expire: default
+          expect_change: false
+          expected_password_lifetime: "-1"
+          expected_password_expired: "N"
+        - username: "{{ user_name_3 }}"
+          password_expire: interval
+          password_expire_interval: "10"
+          expect_change: false
+          expected_password_lifetime: "10"
+          expected_password_expired: "N"
+
+        # assert change is made
+        - username: "{{ user_name_3 }}"
+          password_expire: never
+          expect_change: true
+          expected_password_lifetime: "0"
+          expected_password_expired: "N"
+        - username: "{{ user_name_1 }}"
+          password_expire: default
+          expect_change: true
+          expected_password_lifetime: "-1"
+          expected_password_expired: "N"
+        - username: "{{ user_name_2 }}"
+          password_expire: interval
+          password_expire_interval: "100"
+          expect_change: true
+          expected_password_lifetime: "100"
+          expected_password_expired: "N"
+
+        # assert password expires now
+        - username: "{{ user_name_1 }}"
+          password_expire: now
+          expect_change: true
+          expected_password_lifetime: "-1" # password lifetime should be the same
+          expected_password_expired: "Y"
+        - username: "{{ user_name_2 }}"
+          password_expire: now
+          expect_change: true
+          expected_password_lifetime: "100" # password lifetime should be the same
+          expected_password_expired: "Y"
+
+        # assert idempotency password expires now
+        - username: "{{ user_name_1 }}"
+          password_expire: now
+          expect_change: false
+          expected_password_lifetime: "-1" # password lifetime should be the same
+          expected_password_expired: "Y"
+        - username: "{{ user_name_2 }}"
+          password_expire: now
+          expect_change: false
+          expected_password_lifetime: "100" # password lifetime should be the same
+          expected_password_expired: "Y"
+
+    - include_tasks: utils/remove_user.yml
+      vars:
+          user_name: "{{ item.username }}"
+      loop:
+        - username: "{{ user_name_1 }}"
+        - username: "{{ user_name_2 }}"
+        - username: "{{ user_name_3 }}"
--- a/tests/integration/targets/test_mysql_user/tasks/utils/assert_user_password_expire.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/utils/assert_user_password_expire.yml
@ -0,0 +1,65 @@
+---
+- name: Utils | Assert user password_expire | Create modify {{ username }} with password_expire
+  mysql_user:
+    login_user: "{{ mysql_parameters.login_user }}"
+    login_password: "{{ mysql_parameters.login_password }}"
+    login_host: "{{ mysql_parameters.login_host }}"
+    login_port: "{{ mysql_parameters.login_port }}"
+    state: present
+    name: "{{ username }}"
+    host: "{{ host }}"
+    password: "{{ password }}"
+    password_expire: "{{ password_expire }}"
+    password_expire_interval: "{{ password_expire_interval | default(omit) }}"
+  register: result
+
+- name: Utils | Assert user password_expire | Assert a change occurred
+  assert:
+    that: "result.changed  == {{ expect_change }}"
+
+- name: Utils | Assert user password_lifetime | Query user '{{ username }}'
+  command: '{{ mysql_command }} -BNe "SELECT IFNULL(password_lifetime, -1) FROM mysql.user where user=''{{ username }}'' and host=''{{ host }}''"'
+  register: password_lifetime
+  when:
+    - db_engine == 'mysql'
+    - db_version is version('5.7.0', '>=')
+
+- name: Utils | Assert user password_lifetime | Assert password_lifetime is in user stdout
+  assert:
+    that:
+      - "'{{ expected_password_lifetime }}' in password_lifetime.stdout_lines"
+  when:
+    - db_engine == 'mysql'
+    - db_version is version('5.7.0', '>=')
+
+- name: Utils | Assert user password_lifetime | Query user '{{ username }}'
+  command:
+    "{{ mysql_command }} -BNe \"SELECT JSON_EXTRACT(Priv, '$.password_lifetime') AS password_lifetime \
+    FROM mysql.global_priv \
+    WHERE user='{{ username }}' and host='{{ host }}'\""
+  register: password_lifetime
+  when:
+    - db_engine == 'mariadb'
+    - db_version is version('10.4.3', '>=')
+
+- name: Utils | Assert user password_lifetime | Assert password_lifetime is in user stdout
+  assert:
+    that:
+      - "'{{ expected_password_lifetime }}' in password_lifetime.stdout_lines"
+  when:
+    - db_engine == 'mariadb'
+    - db_version is version('10.4.3', '>=')
+
+- name: Utils | Assert user password_expired | Query user '{{ username }}'
+  command: "{{ mysql_command }} -BNe \"SELECT password_expired FROM mysql.user \
+    WHERE user='{{ username }}' and host='{{ host }}'\""
+  register: password_expired
+  when: (db_engine == 'mysql' and db_version is version('5.7.0', '>=')) or
+    (db_engine == 'mariadb' and db_version is version('10.4.3', '>='))
+
+- name: Utils | Assert user password_expired | Assert password_expired is in user stdout
+  assert:
+    that:
+      - "'{{ expected_password_expired }}' in password_expired.stdout_lines"
+  when: (db_engine == 'mysql' and db_version is version('5.7.0', '>=')) or
+    (db_engine == 'mariadb' and db_version is version('10.4.3', '>='))