mysql_user: fix parsing privs when a user has roles assigned to it (#341)

* mysql_user: fix parsing errors when a user has roles assigned

* Add a changelog fragment

* Fix a typo

* Fix CI
This commit is contained in:
Andrew Klychkov 2022-05-12 10:36:21 +03:00 committed by GitHub
commit 8d114c7e39
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 133 additions and 0 deletions

View file

@ -293,3 +293,6 @@
# Test that mysql_user still works with force_context enabled (database set to "mysql")
# (https://github.com/ansible-collections/community.mysql/issues/265)
- include: issue-265.yml
# https://github.com/ansible-collections/community.mysql/issues/231
- include: test_user_grants_with_roles_applied.yml

View file

@ -0,0 +1,95 @@
# https://github.com/ansible-collections/community.mysql/issues/231
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
block:
- name: Get server version
mysql_info:
<<: *mysql_params
register: srv
# Skip unsupported versions
- meta: end_play
when: srv['version']['major'] < 8
- name: Create test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
state: present
loop:
- data1
- data2
- name: Create user with privileges
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
password: '{{ user_password_3 }}'
priv:
"data1.*": "SELECT"
"data2.*": "SELECT"
state: present
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
register: result
- name: Assert user has giving privileges
assert:
that:
- "'GRANT SELECT ON `data1`.*' in result.stdout"
- "'GRANT SELECT ON `data2`.*' in result.stdout"
- name: Create role
mysql_role:
<<: *mysql_params
name: test231
members:
- '{{ user_name_3 }}@localhost'
- name: Try to change privs
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
priv:
"data1.*": "INSERT"
"data2.*": "INSERT"
state: present
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
register: result
- name: Assert user has giving privileges
assert:
that:
- "'GRANT INSERT ON `data1`.*' in result.stdout"
- "'GRANT INSERT ON `data2`.*' in result.stdout"
##########
# Clean up
- name: Drop test databases
mysql_db:
<<: *mysql_params
name: '{{ item }}'
state: present
loop:
- data1
- data2
- name: Drop test user
mysql_user:
<<: *mysql_params
name: '{{ user_name_3 }}'
state: absent
- name: Drop test role
mysql_role:
<<: *mysql_params
name: test231
state: absent