ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-05-30 04:49:10 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Update module documentation

Browse source
This commit is contained in:
Jorge-Rodriguez 2020-11-29 22:02:53 +02:00
parent 800d9a553b
commit 9a303ac55a
No known key found for this signature in database
GPG key ID: 43153D1EFD8F7D90
2 changed files with 138 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

24
plugins/modules/mysql_user.py
View file

@ -119,10 +119,23 @@ options:
account_locking: account_locking:
description: description:
- Configure user accounts such that too many consecutive login failures cause temporary account locking. Provided since MySQL 8.0.19. - Configure user accounts such that too many consecutive login failures cause temporary account locking. Provided since MySQL 8.0.19.
- "Available options are C(FAILED_LOGIN_ATTEMPTS: num), C(PASSWORD_LOCK_TIME: num | UNBOUNDED)." - Available options are C(FAILED_LOGIN_ATTEMPTS: num), C(PASSWORD_LOCK_TIME: num | UNBOUNDED).
- Used when I(state=present) and target server is MySQL >= 8.0.19, ignored otherwise. - Used when I(state=present) and target server is MySQL >= 8.0.19, ignored otherwise.
- U(https://dev.mysql.com/doc/refman/8.0/en/password-management.html#failed-login-tracking). - U(https://dev.mysql.com/doc/refman/8.0/en/password-management.html#failed-login-tracking).
type: dict type: dict
suboptions:
FAILED_LOGIN_ATTEMPTS:
description:
- Number of failed login attempts before the user account is locked.
- Permitted values are in the range from 0 to 32767.
- A value of 0 disables the option.
type: int
PASSWORD_LOCK_TIME:
description:
- Number of days the account stays locked after the FAILED_LOGIN_ATTEMPTS threshold is exceeded.
- Permitted values are in the range from 0 to 32767, or the string ``UNBOUNDED``
- A value of 0 disables the option.
- A value of ``UNBOUNDED`` permanently locks the account until it's administratively unlocked.
version_added: '1.2.0' version_added: '1.2.0'
notes: notes:
@ -242,7 +255,14 @@ EXAMPLES = r'''
name: bob name: bob
tls_requires: tls_requires:
- name: Ensure no user named 'sally'@'localhost' exists, also passing in the auth credentials - name: Create user with enabled loging tracking.
community.mysql.mysql_user:
name: bob
account_locking:
PASSWORD_LOCK_TIME: 2
FAILED_LOGIN_ATTEMPTS: 5
- name: Ensure no user named 'sally'@'localhost' exists, also passing in the auth credentials.
community.mysql.mysql_user: community.mysql.mysql_user:
login_user: root login_user: root
login_password: 123456 login_password: 123456

116
tests/integration/targets/test_mysql_user/tasks/issue-49.yml
View file

@ -40,7 +40,118 @@
that: that:
- result is changed - result is changed
- name: Create user with account locking with password lock time below range
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
account_locking:
PASSWORD_LOCK_TIME: -1
FAILED_LOGIN_ATTEMPTS: 3
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == "Account locking values are out of the valid range (0-32767)"
when: version_string is version('8.0.19', '>=') and version_string is version('10', '<')
- assert:
that:
- result is changed
when: version_string is version('8.0.19', '<') or version_string is version('10', '>=')
- name: Create user with account locking with password lock time above range
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
account_locking:
PASSWORD_LOCK_TIME: 32768
FAILED_LOGIN_ATTEMPTS: 3
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == "Account locking values are out of the valid range (0-32767)"
when: version_string is version('8.0.19', '>=') and version_string is version('10', '<')
- assert:
that:
- result is changed
when: version_string is version('8.0.19', '<') or version_string is version('10', '>=')
- name: Create user with account locking with failed login attempts below range
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
account_locking:
PASSWORD_LOCK_TIME: 2
FAILED_LOGIN_ATTEMPTS: -1
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == "Account locking values are out of the valid range (0-32767)"
when: version_string is version('8.0.19', '>=') and version_string is version('10', '<')
- assert:
that:
- result is changed
when: version_string is version('8.0.19', '<') or version_string is version('10', '>=')
- name: Create user with account locking with failed login attempts above range
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
account_locking:
PASSWORD_LOCK_TIME: 2
FAILED_LOGIN_ATTEMPTS: 32768
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == "Account locking values are out of the valid range (0-32767)"
when: version_string is version('8.0.19', '>=') and version_string is version('10', '<')
- assert:
that:
- result is changed
when: version_string is version('8.0.19', '<') or version_string is version('10', '>=')
- name: Create user with account locking with invalid password lock time
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
account_locking:
PASSWORD_LOCK_TIME: INVALID
FAILED_LOGIN_ATTEMPTS: 3
register: result
ignore_errors: yes
- assert:
that:
- result is failed
- result.msg == "PASSWORD_LOCK_TIME must be an integer between 0 and 32767 or 'UNBOUNDED'"
when: version_string is version('8.0.19', '>=') and version_string is version('10', '<')
- assert:
that:
- result is changed
when: version_string is version('8.0.19', '<') or version_string is version('10', '>=')
- include: assert_no_user.yml user_name={{ user_name_1 }} - include: assert_no_user.yml user_name={{ user_name_1 }}
when: version_string is version('8.0.19', '>=') and version_string is version('10', '<')
- name: Create user with account locking - name: Create user with account locking
mysql_user: mysql_user:
@ -56,6 +167,11 @@
that: that:
- result is changed - result is changed
- assert:
that:
- result is changed
when: version_string is version('8.0.19', '<') or version_string is version('10', '>=')
- include: assert_user.yml user_name={{ user_name_1 }} - include: assert_user.yml user_name={{ user_name_1 }}
- block: - block: