From 82cedf85108af7238d4e5bb7a0229424d7490893 Mon Sep 17 00:00:00 2001
From: "R.Sicart" <roger.sicart@gmail.com>
Date: Fri, 4 Mar 2022 10:52:43 +0100
Subject: [PATCH] Fix role integration tests for mariadb (#291)
* Fix: test_mysql_role : Check that the user have no active roles assertion
* Fix: test_mysql_role : Check in DB assertion
* Fix: test_mysql_role : Check in DB, if not granted, the query will fail for mariadb
* Fix: test_mysql_role : Check that the role is active assertion
* test_mysql_role : create checks for mariadb
* Make 'when' conditions uniform
* Fix: test_mysql_role : admin option tests
* test_mysql_role : create checks for mariadb
* Fix: add fixme on test which create role in check mode 'again'
It changes only on mariadb 10.2
(doesn't change on mysql 8 or mariadb 10.5)
* Fix: add fixme on test which create role 'again'
* Simplify test without checking Host part
* Fix 'show grant' checks for mariadb
* Enable mariadb tests for test_mysql_role target
* Add tests to verify role grants for roles
* Add FIXME comments for tests which do not pass on mariadb 10.2
* Fix FIXME tests related to mariadb 10.2
* Exclude mysqlclient==2.0.1 with mariadb from integration tests
---
.github/workflows/ansible-test-plugins.yml | 4 +
.../tasks/mysql_role_initial.yml | 465 ++++++++++++++++--
2 files changed, 432 insertions(+), 37 deletions(-)
diff --git a/.github/workflows/ansible-test-plugins.yml b/.github/workflows/ansible-test-plugins.yml
index f3e7839..3c34ee6 100644
--- a/.github/workflows/ansible-test-plugins.yml
+++ b/.github/workflows/ansible-test-plugins.yml
@@ -78,6 +78,10 @@ jobs:
connector: pymysql==0.7.10
- db_engine_version: mariadb_10.5.9
connector: pymysql==0.7.10
+ - db_engine_version: mariadb_10.3.34
+ connector: mysqlclient==2.0.1
+ - db_engine_version: mariadb_10.5.9
+ connector: mysqlclient==2.0.1
- python: 3.8
ansible: stable-2.9
- python: 3.8
diff --git a/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml b/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
index 5f47e7a..1bca3ae 100644
--- a/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
+++ b/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
@@ -32,10 +32,9 @@
when:
- srv['version']['major'] < 8
- # FIXME: tests should pass for both mysql >= 8 and mariadb
# Skip unsupported versions
- meta: end_play
- when: srv['version']['major'] < 8 or install_type == 'mariadb'
+ when: srv['version']['major'] < 8
#########
# Prepare
@@ -92,7 +91,7 @@
<<: *task_params
mysql_query:
<<: *mysql_params
- query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'"
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
- name: Check
assert:
@@ -106,11 +105,26 @@
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
ignore_errors: yes
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
#=====================
@@ -121,7 +135,7 @@
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
- query: 'SELECT current_role()'
+ query: 'SELECT COALESCE(current_role(), "NONE") as "current_role()"'
- name: Check
assert:
@@ -146,7 +160,7 @@
<<: *task_params
mysql_query:
<<: *mysql_params
- query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'"
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
- name: Check
assert:
@@ -158,11 +172,26 @@
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
- name: Check that the role is active
<<: *task_params
@@ -172,11 +201,31 @@
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
query: 'SELECT current_role()'
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- - result.query_result.0.0["current_role()"] == "`{{ role0 }}`@`%`"
+ - "'{{ role0 }}' in result.query_result.0.0['current_role()']"
+ when: install_type == 'mysql'
+
+ - name: Check that the role is active (mariadb)
+ <<: *task_params
+ mysql_query:
+ login_user: '{{ user0 }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ query:
+ - 'SET ROLE {{ role0 }}'
+ - 'SELECT current_role()'
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - "'{{ role0 }}' in result.query_result.1.0['current_role()']"
+ when: install_type == 'mariadb'
#========================
@@ -197,7 +246,7 @@
<<: *task_params
mysql_query:
<<: *mysql_params
- query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'"
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
- name: Check
assert:
@@ -209,11 +258,26 @@
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
#========================
@@ -233,7 +297,7 @@
<<: *task_params
mysql_query:
<<: *mysql_params
- query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'"
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
- name: Check
assert:
@@ -259,7 +323,7 @@
<<: *task_params
mysql_query:
<<: *mysql_params
- query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'"
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
- name: Check
assert:
@@ -272,11 +336,27 @@
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ # Must pass because of check_mode
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
#========================
@@ -296,7 +376,7 @@
<<: *task_params
mysql_query:
<<: *mysql_params
- query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'"
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
- name: Check
assert:
@@ -309,11 +389,27 @@
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
ignore_errors: yes
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
#========================
@@ -366,7 +462,7 @@
<<: *task_params
mysql_query:
<<: *mysql_params
- query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'"
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
- name: Check
assert:
@@ -396,7 +492,7 @@
<<: *task_params
mysql_query:
<<: *mysql_params
- query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'"
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
- name: Check
assert:
@@ -477,11 +573,27 @@
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ # user0 is still a member because of check_mode
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
# user1, user2, and role1 are not members because of check_mode
- name: Check in DB, if not granted, the query will fail
@@ -490,11 +602,26 @@
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'"
ignore_errors: yes
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
- name: Check in DB, if not granted, the query will fail
<<: *task_params
@@ -502,11 +629,26 @@
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'"
ignore_errors: yes
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
- name: Check in DB, if not granted, the query will fail
<<: *task_params
@@ -514,11 +656,27 @@
<<: *mysql_params
query: "SHOW GRANTS FOR {{ role1 }} USING '{{ role0 }}'"
ignore_errors: yes
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ role1 }}' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
+
#========================
- name: Rewrite members
@@ -544,33 +702,79 @@
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
ignore_errors: yes
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is failed
+ when: install_type == 'mysql'
+
+ # user0 is not a member any more
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - "'{{ role0 }}' not in result.query_result.0.0['Grants for user0@localhost']"
+ when: install_type == 'mariadb'
- name: Check in DB, if not granted, the query will fail
<<: *task_params
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
- name: Check in DB, if not granted, the query will fail
<<: *task_params
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
- name: Check in DB, if not granted, the query will fail
<<: *task_params
@@ -578,11 +782,27 @@
<<: *mysql_params
query: "SHOW GRANTS FOR {{ role1 }} USING '{{ role0 }}'"
ignore_errors: yes
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ role1 }}' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
#==========================
@@ -646,12 +866,26 @@
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
ignore_errors: yes
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is failed
+ when: install_type == 'mysql'
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
#=====================
- name: Append a member
@@ -674,11 +908,26 @@
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
# user1 and user2 must still be in DB because we are appending
- name: Check in DB, if not granted, the query will fail
@@ -686,22 +935,52 @@
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
- name: Check in DB, if not granted, the query will fail
<<: *task_params
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
#========================
@@ -763,33 +1042,78 @@
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
- name: Check in DB, if not granted, the query will fail
<<: *task_params
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
- name: Check in DB, if not granted, the query will fail
<<: *task_params
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
#========================
@@ -814,11 +1138,26 @@
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
- name: Check in DB, if not granted, the query will fail
<<: *task_params
@@ -826,11 +1165,26 @@
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'"
ignore_errors: yes
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
- name: Check in DB, if not granted, the query will fail
<<: *task_params
@@ -838,11 +1192,26 @@
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'"
ignore_errors: yes
+ when: install_type == 'mysql'
- name: Check
assert:
that:
- result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
#=====================
@@ -914,6 +1283,15 @@
- result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`"
- result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`"
- result.rowcount.0 == 2
+ when: install_type == 'mysql'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`"
+ - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`"
+ - result.rowcount.0 == 2
+ when: install_type == 'mariadb'
- name: Append privs in check_mode
<<: *task_params
@@ -942,6 +1320,15 @@
- result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`"
- result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`"
- result.rowcount.0 == 2
+ when: install_type == 'mysql'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`"
+ - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`"
+ - result.rowcount.0 == 2
+ when: install_type == 'mariadb'
- name: Append privs
<<: *task_params
@@ -971,6 +1358,17 @@
- result.query_result.0.2["Grants for role0@%"] == "GRANT SELECT, INSERT ON `test_db1`.`test_table` TO `role0`@`%`"
- result.query_result.0.3["Grants for role0@%"] == "GRANT DELETE ON `test_db2`.`test_table` TO `role0`@`%`"
- result.rowcount.0 == 4
+ when: install_type == 'mysql'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`"
+ - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`"
+ - result.query_result.0.2["Grants for role0"] == "GRANT SELECT, INSERT ON `test_db1`.`test_table` TO `role0`"
+ - result.query_result.0.3["Grants for role0"] == "GRANT DELETE ON `test_db2`.`test_table` TO `role0`"
+ - result.rowcount.0 == 4
+ when: install_type == 'mariadb'
- name: Append privs again in check_mode
<<: *task_params
@@ -1038,6 +1436,14 @@
that:
- result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT ON *.* TO `role0`@`%`"
- result.rowcount.0 == 1
+ when: install_type == 'mysql'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0"] == "GRANT SELECT ON *.* TO `role0`"
+ - result.rowcount.0 == 1
+ when: install_type == 'mariadb'
# #################
# Test admin option
@@ -1056,7 +1462,7 @@
<<: *mysql_params
name: '{{ role0 }}'
state: present
- admin: '{{ user0 }}'
+ admin: '{{ user0 }}@localhost'
ignore_errors: yes
- name: Check with MySQL
@@ -1064,34 +1470,26 @@
that:
- result is failed
- result.msg is search('option can be used only with MariaDB')
- when:
- # Semantically, when there's MySQL
- - srv['version']['major'] < 10
+ when: install_type == 'mysql'
- name: Check with MariaDB
assert:
that:
- result is changed
- when:
- # Semantically, when there's MariaDB
- - srv['version']['major'] >= 10
+ when: install_type == 'mariadb'
- name: Check in DB
<<: *task_params
mysql_query:
<<: *mysql_params
- query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'"
- when:
- # Semantically, when there's MariaDB
- - srv['version']['major'] >= 10
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = ''"
+ when: install_type == 'mariadb'
- name: Check
assert:
that:
- result.rowcount.0 == 1
- when:
- # Semantically, when there's MariaDB
- - srv['version']['major'] >= 10
+ when: install_type == 'mariadb'
- name: Create role with admin again
<<: *task_params
@@ -1099,7 +1497,7 @@
<<: *mysql_params
name: '{{ role0 }}'
state: present
- admin: '{{ user0 }}'
+ admin: '{{ user0 }}@localhost'
ignore_errors: yes
- name: Check with MySQL
@@ -1107,17 +1505,13 @@
that:
- result is failed
- result.msg is search('option can be used only with MariaDB')
- when:
- # Semantically, when there's MySQL
- - srv['version']['major'] < 10
+ when: install_type == 'mysql'
- name: Check with MariaDB
assert:
that:
- result is not changed
- # Semantically, when there's MariaDB
- when:
- - srv['version']['major'] >= 10
+ when: install_type == 'mariadb'
# Try to grant a role to a user who does not exist
- name: Create role with admin again
@@ -1130,14 +1524,11 @@
- '{{ nonexistent }}@localhost'
ignore_errors: yes
- - name: Check with MySQL
+ - name: Check
assert:
that:
- result is failed
- result.msg is search('does not exist')
- when:
- # Semantically, when there's MySQL
- - srv['version']['major'] < 10
always:
# Clean up