Disable hostname check (#38)

* Add changelog fragment

* Add check_hostname option

* Propagate check_hostname option across the collection

* Update documentation fragment

* Propagate test to all other plugins

* Remove stray line

* Give test user privileges to run test operations

* Extend integration tests job matrix

* Add caution note to documentation fragment.

* Update matrix job name

* Rearrange job matrix

* Fix sanity issues

* Fix issue with mysqldb silently failing to update out of range variables

* Fix variable overwrite

* Ignore `check_hostname` when using MySQLdb

* Update plugins/doc_fragments/mysql.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/doc_fragments/mysql.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update changelogs/fragments/35-disable-hostname-check.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

tests/integration/targets/setup_mysql/tasks/install.yml

@@ -18,6 +18,13 @@
   environment:
     DEBIAN_FRONTEND: noninteractive
 
+- name: "{{ role_name }} | install | install packages required by mysql connector"
+  apt:
+    name: "{{ install_python_prereqs }}"
+    state: present
+  environment:
+    DEBIAN_FRONTEND: noninteractive
+
 - name: "{{ role_name }} | install | install python packages"
   pip:
     name: "{{ python_packages }}"

tests/integration/targets/setup_mysql/vars/main.yml

@@ -14,13 +14,17 @@ percona_mysql_repos:
 percona_mysql_packages:
   - percona-server-client-{{ percona_client_version }}
 
-python_packages:
-  - pymysql==0.9.3  #  temporary fix pinning to 0.9.3 to ensure warnings are handled (https://github.com/ansible-collections/community.mysql/pull/9#issuecomment-663040948)
+python_packages: [pymysql == 0.9.3]
 
 install_prereqs:
   - libaio1
   - libnuma1
 
+install_python_prereqs:
+  - python3-dev
+  - default-libmysqlclient-dev
+  - build-essential
+
 mysql_tarball: "mysql-{{ mysql_version }}-linux-glibc2.12-x86_64.tar.{{ mysql_compression_extension }}"
 mysql_src: "https://dev.mysql.com/get/Downloads/MySQL-{{ mysql_major_version }}/{{ mysql_tarball }}"
 mariadb_tarball: "mariadb-{{ mariadb_version }}-linux-x86_64.tar.gz"

tests/integration/targets/test_mysql_db/defaults/main.yml

@@ -12,3 +12,6 @@ db_user2: 'datauser2'
 tmp_dir: '/tmp'
 db_latin1_name: 'db_latin1'
 file4: 'latin1_file'
+
+user_name_1: 'db_user1'
+user_password_1: 'gadfFDSdtTU^Sdfuj'

tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml

@@ -71,7 +71,7 @@
   assert:
     that:
     - result is failed
-    - result.msg is search("Can't connect to MySQL server on '{{ fake_host }}'")
+    - result.msg is search("Can't connect to MySQL server on '{{ fake_host }}'") or result.msg is search("Unknown MySQL server host '{{ fake_host }}'")
 
 # Clean up
 - name: Remove test db

tests/integration/targets/test_mysql_db/tasks/issue-28.yml

@@ -0,0 +1,81 @@
+---
+- vars:
+    mysql_parameters: &mysql_params
+      login_user: '{{ mysql_user }}'
+      login_password: '{{ mysql_password }}'
+      login_host: 127.0.0.1
+      login_port: '{{ mysql_primary_port }}'
+
+  block:
+
+    # ============================================================
+    - shell: pip show pymysql | awk '/Version/ {print $2}'
+      register: pymysql_version
+
+    - name: get server certificate
+      copy:
+        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+        dest: /tmp/cert.pem
+      delegate_to: localhost
+
+    - name: Drop mysql user if exists
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        state: absent
+      ignore_errors: yes
+
+    - name: create user with ssl requirement
+      mysql_user:
+        <<: *mysql_params
+        name: "{{ user_name_1 }}"
+        password: "{{ user_password_1 }}"
+        priv: '*.*:ALL,GRANT'
+        tls_requires:
+          SSL:
+
+    - name: attempt connection with newly created user (expect failure)
+      mysql_db:
+        name: '{{ db_name }}'
+        state: absent
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is failed
+      when: pymysql_version.stdout != ""
+
+    - assert:
+        that:
+          - result is succeeded
+      when: pymysql_version.stdout == ""
+
+    - name: attempt connection with newly created user ignoring hostname
+      mysql_db:
+        name: '{{ db_name }}'
+        state: absent
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+        check_hostname: no
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+    - name: Drop mysql user
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        host: 127.0.0.1
+        state: absent

tests/integration/targets/test_mysql_db/tasks/main.yml

@@ -322,3 +322,5 @@
 
 - include: config_overrides_defaults.yml
   when: ansible_python.version_info[0] >= 3
+
+- include: issue-28.yml

tests/integration/targets/test_mysql_info/defaults/main.yml

@@ -6,3 +6,6 @@ mysql_host: 127.0.0.1
 mysql_primary_port: 3307
 
 db_name: data
+
+user_name_1: 'db_user1'
+user_password_1: 'gadfFDSdtTU^Sdfuj'

tests/integration/targets/test_mysql_info/tasks/issue-28.yml

@@ -0,0 +1,78 @@
+---
+- vars:
+    mysql_parameters: &mysql_params
+      login_user: '{{ mysql_user }}'
+      login_password: '{{ mysql_password }}'
+      login_host: 127.0.0.1
+      login_port: '{{ mysql_primary_port }}'
+
+  block:
+
+    # ============================================================
+    - shell: pip show pymysql | awk '/Version/ {print $2}'
+      register: pymysql_version
+
+    - name: get server certificate
+      copy:
+        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+        dest: /tmp/cert.pem
+      delegate_to: localhost
+
+    - name: Drop mysql user if exists
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        state: absent
+      ignore_errors: yes
+
+    - name: create user with ssl requirement
+      mysql_user:
+        <<: *mysql_params
+        name: "{{ user_name_1 }}"
+        password: "{{ user_password_1 }}"
+        tls_requires:
+          SSL:
+
+    - name: attempt connection with newly created user (expect failure)
+      mysql_info:
+        filter: version
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is failed
+      when: pymysql_version.stdout != ""
+
+    - assert:
+        that:
+          - result is succeeded
+      when: pymysql_version.stdout == ""
+
+    - name: attempt connection with newly created user ignoring hostname
+      mysql_info:
+        filter: version
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+        check_hostname: no
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+    - name: Drop mysql user
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        host: 127.0.0.1
+        state: absent

tests/integration/targets/test_mysql_info/tasks/main.yml

@@ -189,3 +189,5 @@
         <<: *mysql_params
         name: acme
         state: absent
+
+    - include: issue-28.yml

tests/integration/targets/test_mysql_query/defaults/main.yml

@@ -7,3 +7,6 @@ test_db: testdb
 test_table1: test1
 test_table2: test2
 test_script_path: /tmp/test.sql
+
+user_name_1: 'db_user1'
+user_password_1: 'gadfFDSdtTU^Sdfuj'

tests/integration/targets/test_mysql_query/tasks/issue-28.yml

@@ -0,0 +1,78 @@
+---
+- vars:
+    mysql_parameters: &mysql_params
+      login_user: '{{ mysql_user }}'
+      login_password: '{{ mysql_password }}'
+      login_host: 127.0.0.1
+      login_port: '{{ mysql_primary_port }}'
+
+  block:
+
+    # ============================================================
+    - shell: pip show pymysql | awk '/Version/ {print $2}'
+      register: pymysql_version
+
+    - name: get server certificate
+      copy:
+        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+        dest: /tmp/cert.pem
+      delegate_to: localhost
+
+    - name: Drop mysql user if exists
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        state: absent
+      ignore_errors: yes
+
+    - name: create user with ssl requirement
+      mysql_user:
+        <<: *mysql_params
+        name: "{{ user_name_1 }}"
+        password: "{{ user_password_1 }}"
+        tls_requires:
+          SSL:
+
+    - name: attempt connection with newly created user (expect failure)
+      mysql_query:
+        query: 'SHOW DATABASES'
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is failed
+      when: pymysql_version.stdout != ""
+
+    - assert:
+        that:
+          - result is succeeded
+      when: pymysql_version.stdout == ""
+
+    - name: attempt connection with newly created user ignoring hostname
+      mysql_query:
+        query: 'SHOW DATABASES'
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+        check_hostname: no
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+    - name: Drop mysql user
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        host: 127.0.0.1
+        state: absent

tests/integration/targets/test_mysql_query/tasks/main.yml

@@ -5,3 +5,5 @@
 
 # mysql_query module initial CI tests
 - import_tasks: mysql_query_initial.yml
+
+- include: issue-28.yml

tests/integration/targets/test_mysql_replication/defaults/main.yml

@@ -12,3 +12,6 @@ replication_user: replication_user
 replication_pass: replication_pass
 dump_path: /tmp/dump.sql
 test_channel: test_channel-1
+
+user_name_1: 'db_user1'
+user_password_1: 'gadfFDSdtTU^Sdfuj'

tests/integration/targets/test_mysql_replication/tasks/issue-28.yml

@@ -0,0 +1,79 @@
+---
+- vars:
+    mysql_parameters: &mysql_params
+      login_user: '{{ mysql_user }}'
+      login_password: '{{ mysql_password }}'
+      login_host: 127.0.0.1
+      login_port: '{{ mysql_primary_port }}'
+
+  block:
+
+    # ============================================================
+    - shell: pip show pymysql | awk '/Version/ {print $2}'
+      register: pymysql_version
+
+    - name: get server certificate
+      copy:
+        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+        dest: /tmp/cert.pem
+      delegate_to: localhost
+
+    - name: Drop mysql user if exists
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        state: absent
+      ignore_errors: yes
+
+    - name: create user with ssl requirement
+      mysql_user:
+        <<: *mysql_params
+        name: "{{ user_name_1 }}"
+        password: "{{ user_password_1 }}"
+        priv: '*.*:ALL,GRANT'
+        tls_requires:
+          SSL:
+
+    - name: attempt connection with newly created user (expect failure)
+      mysql_replication:
+        mode: getmaster
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is failed
+      when: pymysql_version.stdout != ""
+
+    - assert:
+        that:
+          - result is succeeded
+      when: pymysql_version.stdout == ""
+
+    - name: attempt connection with newly created user ignoring hostname
+      mysql_replication:
+        mode: getmaster
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+        check_hostname: no
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+    - name: Drop mysql user
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        host: 127.0.0.1
+        state: absent

tests/integration/targets/test_mysql_replication/tasks/main.yml

@@ -17,3 +17,5 @@
 
 # Tests of resetmaster mode:
 - import_tasks: mysql_replication_resetmaster_mode.yml
+
+- include: issue-28.yml

tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml

@@ -165,6 +165,9 @@
         that:
         - slave_status.Exec_Master_Log_Pos != mysql_primary_status.Position
 
+    - shell: pip show pymysql | awk '/Version/ {print $2}'
+      register: pymysql_version
+
     - name: Start slave that is already running
       mysql_replication:
         <<: *mysql_params
@@ -176,6 +179,7 @@
     - assert:
         that:
         - result is not changed
+      when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '<=')
 
     # Test stopslave mode:
     - name: Stop slave
@@ -202,3 +206,4 @@
     - assert:
         that:
         - result is not changed
+      when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '<=')

tests/integration/targets/test_mysql_user/tasks/issue-28.yml

@@ -0,0 +1,86 @@
+---
+- vars:
+    mysql_parameters: &mysql_params
+      login_user: '{{ mysql_user }}'
+      login_password: '{{ mysql_password }}'
+      login_host: 127.0.0.1
+      login_port: '{{ mysql_primary_port }}'
+
+  block:
+
+    # ============================================================
+    - shell: pip show pymysql | awk '/Version/ {print $2}'
+      register: pymysql_version
+
+    - name: get server certificate
+      copy:
+        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+        dest: /tmp/cert.pem
+      delegate_to: localhost
+
+    - name: Drop mysql user if exists
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        state: absent
+      ignore_errors: yes
+
+    - name: create user with ssl requirement
+      mysql_user:
+        <<: *mysql_params
+        name: "{{ user_name_1 }}"
+        password: "{{ user_password_1 }}"
+        priv: '*.*:ALL,GRANT'
+        tls_requires:
+          SSL:
+
+    - name: attempt connection with newly created user (expect failure)
+      mysql_user:
+        name: "{{ user_name_2 }}"
+        password: "{{ user_password_2 }}"
+        host: 127.0.0.1
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is failed
+      when: pymysql_version.stdout != ""
+
+    - assert:
+        that:
+          - result is succeeded
+      when: pymysql_version.stdout == ""
+
+    - name: attempt connection with newly created user ignoring hostname
+      mysql_user:
+        name: "{{ user_name_2 }}"
+        password: "{{ user_password_2 }}"
+        host: 127.0.0.1
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+        check_hostname: no
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+    - name: Drop mysql user
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ item }}'
+        host: 127.0.0.1
+        state: absent
+      with_items:
+        - "{{ user_name_1 }}"
+        - "{{ user_name_2 }}"

tests/integration/targets/test_mysql_user/tasks/main.yml

@@ -37,6 +37,8 @@
 
   block:
 
+    - include: issue-28.yml
+
     - include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
 
     - include: resource_limits.yml

tests/integration/targets/test_mysql_variables/defaults/main.yml

@@ -3,3 +3,6 @@
 mysql_user: root
 mysql_password: msandbox
 mysql_primary_port: 3307
+
+user_name_1: 'db_user1'
+user_password_1: 'gadfFDSdtTU^Sdfuj'

tests/integration/targets/test_mysql_variables/tasks/issue-28.yml

@@ -0,0 +1,79 @@
+---
+- vars:
+    mysql_parameters: &mysql_params
+      login_user: '{{ mysql_user }}'
+      login_password: '{{ mysql_password }}'
+      login_host: 127.0.0.1
+      login_port: '{{ mysql_primary_port }}'
+
+  block:
+
+    # ============================================================
+    - shell: pip show pymysql | awk '/Version/ {print $2}'
+      register: pymysql_version
+
+    - name: get server certificate
+      copy:
+        content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+        dest: /tmp/cert.pem
+      delegate_to: localhost
+
+    - name: Drop mysql user if exists
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        state: absent
+      ignore_errors: yes
+
+    - name: create user with ssl requirement
+      mysql_user:
+        <<: *mysql_params
+        name: "{{ user_name_1 }}"
+        password: "{{ user_password_1 }}"
+        priv: '*.*:ALL,GRANT'
+        tls_requires:
+          SSL:
+
+    - name: attempt connection with newly created user (expect failure)
+      mysql_variables:
+        variable: '{{ set_name }}'
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is failed
+      when: pymysql_version.stdout != ""
+
+    - assert:
+        that:
+          - result is succeeded
+      when: pymysql_version.stdout == ""
+
+    - name: attempt connection with newly created user ignoring hostname
+      mysql_variables:
+        variable: '{{ set_name }}'
+        login_user: '{{ user_name_1 }}'
+        login_password: '{{ user_password_1 }}'
+        login_host: 127.0.0.1
+        login_port: '{{ mysql_primary_port }}'
+        ca_cert: /tmp/cert.pem
+        check_hostname: no
+      register: result
+      ignore_errors: yes
+
+    - assert:
+        that:
+          - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+    - name: Drop mysql user
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        host: 127.0.0.1
+        state: absent

tests/integration/targets/test_mysql_variables/tasks/main.yml

@@ -4,3 +4,5 @@
 ####################################################################
 
 - import_tasks: mysql_variables.yml
+
+- include: issue-28.yml

tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml

@@ -141,7 +141,7 @@
     - name: set mysql variable value to an expression
       mysql_variables:
         <<: *mysql_params
-        variable: max_tmp_tables
+        variable: max_connect_errors
         value: "1024*4"
       register: result
       ignore_errors: true
@@ -151,15 +151,22 @@
     # ============================================================
     # Verify mysql_variable fails when setting an incorrect value (out of range)
     #
+    - shell: pip show pymysql | awk '/Version/ {print $2}'
+      register: pymysql_version
+
     - name: set mysql variable value to a number out of range
       mysql_variables:
         <<: *mysql_params
-        variable: max_tmp_tables
+        variable: max_connect_errors
         value: -1
-      register: result
+      register: oor_result
       ignore_errors: true
 
-    - include: assert_fail_msg.yml output={{ result }}  msg='Truncated incorrect'
+    - include: assert_var.yml changed=true output={{ oor_result }} var_name=max_connect_errors var_value=1
+      when: pymysql_version.stdout == ""
+
+    - include: assert_fail_msg.yml output={{ oor_result }}  msg='Truncated incorrect'
+      when: pymysql_version.stdout != ""
 
     # ============================================================
     # Verify mysql_variable fails when setting an incorrect value (incorrect type)
@@ -167,12 +174,12 @@
     - name: set mysql variable value to a non-valid value number
       mysql_variables:
         <<: *mysql_params
-        variable: max_tmp_tables
+        variable: max_connect_errors
         value: TEST
-      register: result
+      register: nvv_result
       ignore_errors: true
 
-    - include: assert_fail_msg.yml output={{ result }}  msg='Incorrect argument type to variable'
+    - include: assert_fail_msg.yml output={{ nvv_result }}  msg='Incorrect argument type to variable'
 
     # ============================================================
     # Verify mysql_variable fails when setting an unknown variable