From 9a8b53dd5a4b6dde4b9fa27dc08ff34107e1a5e5 Mon Sep 17 00:00:00 2001 From: n-cc Date: Thu, 11 Jan 2024 12:54:18 -0600 Subject: [PATCH] write integration tests --- plugins/module_utils/user.py | 39 +-- .../targets/test_mysql_user/tasks/main.yml | 3 + .../tasks/test_user_attributes.yml | 244 ++++++++++++++++++ 3 files changed, 271 insertions(+), 15 deletions(-) create mode 100644 tests/integration/targets/test_mysql_user/tasks/test_user_attributes.yml diff --git a/plugins/module_utils/user.py b/plugins/module_utils/user.py index 87f2572..8bd2533 100644 --- a/plugins/module_utils/user.py +++ b/plugins/module_utils/user.py @@ -153,18 +153,16 @@ def get_existing_authentication(cursor, user, host): def user_add(cursor, user, host, host_all, password, encrypted, plugin, plugin_hash_string, plugin_auth_string, new_priv, attributes, tls_requires, reuse_existing_password, module): - # we cannot create users without a proper hostname - if host_all: - return {'changed': False, 'password_changed': False, 'attributes': {}} - - if module.check_mode: - return {'changed': True, 'password_changed': None, 'attributes': {}} - # If attributes are set, perform a sanity check to ensure server supports user attributes before creating user if attributes and not get_attribute_support(cursor): module.fail_json(msg="user attributes were specified but the mysql server does not support user attributes") - final_attributes = {} + # we cannot create users without a proper hostname + if host_all: + return {'changed': False, 'password_changed': False, 'attributes': attributes} + + if module.check_mode: + return {'changed': True, 'password_changed': None, 'attributes': attributes} # Determine what user management method server uses old_user_mgmt = impl.use_old_user_mgmt(cursor) @@ -210,12 +208,15 @@ def user_add(cursor, user, host, host_all, password, encrypted, if new_priv is not None: for db_table, priv in iteritems(new_priv): privileges_grant(cursor, user, host, db_table, priv, tls_requires) - if attributes is not None: - cursor.execute("ALTER USER %s@%s ATTRIBUTE %s", (user, host, json.dumps(attributes))) - final_attributes = attributes_get(cursor, user, host) if tls_requires is not None: privileges_grant(cursor, user, host, "*.*", get_grants(cursor, user, host), tls_requires) + final_attributes = {} + + if attributes: + cursor.execute("ALTER USER %s@%s ATTRIBUTE %s", (user, host, json.dumps(attributes))) + final_attributes = attributes_get(cursor, user, host) + return {'changed': True, 'password_changed': not used_existing_password, 'attributes': final_attributes} @@ -426,6 +427,7 @@ def user_mod(cursor, user, host, host_all, password, encrypted, # Handle attributes attribute_support = get_attribute_support(cursor) + final_attributes = {} if attributes: if not attribute_support: @@ -441,14 +443,21 @@ def user_mod(cursor, user, host, host_all, password, encrypted, if attributes_to_change: msg = "Attributes updated: %s" % (", ".join(["%s: %s" % (key, value) for key, value in attributes_to_change.items()])) + + # Calculate final attributes by re-running attributes_get when not in check mode, and merge dictionaries when in check mode if not module.check_mode: cursor.execute("ALTER USER %s@%s ATTRIBUTE %s", (user, host, json.dumps(attributes_to_change))) + final_attributes = attributes_get(cursor, user, host) + else: + # Final if statements excludes items whose values are None in attributes_to_change, i.e. attributes that will be deleted + final_attributes = {k: v for d in (current_attributes, attributes_to_change) for k, v in d.items() if k not in attributes_to_change or + attributes_to_change[k]} changed = True - - if attribute_support: - final_attributes = attributes_get(cursor, user, host) + else: + final_attributes = current_attributes else: - final_attributes = {} + if attribute_support: + final_attributes = attributes_get(cursor, user, host) if role: continue diff --git a/tests/integration/targets/test_mysql_user/tasks/main.yml b/tests/integration/targets/test_mysql_user/tasks/main.yml index f4247e4..f5e0748 100644 --- a/tests/integration/targets/test_mysql_user/tasks/main.yml +++ b/tests/integration/targets/test_mysql_user/tasks/main.yml @@ -267,6 +267,9 @@ tags: - issue_465 + # Tests for user attributes + - include_tasks: test_user_attributes.yml + # Tests for the TLS requires dictionary - include_tasks: test_tls_requirements.yml diff --git a/tests/integration/targets/test_mysql_user/tasks/test_user_attributes.yml b/tests/integration/targets/test_mysql_user/tasks/test_user_attributes.yml new file mode 100644 index 0000000..ec4a8f7 --- /dev/null +++ b/tests/integration/targets/test_mysql_user/tasks/test_user_attributes.yml @@ -0,0 +1,244 @@ +--- +- vars: + mysql_parameters: &mysql_params + login_user: '{{ mysql_user }}' + login_password: '{{ mysql_password }}' + login_host: '{{ mysql_host }}' + login_port: '{{ mysql_primary_port }}' + + block: + + - when: db_engine == 'mariadb' + block: + + - name: Attributes | Attempt to create user with attributes with mariadb in check mode + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + password: '{{ user_password_2 }}' + attributes: + key1: "value1" + ignore_errors: yes + register: result + check_mode: yes + + - name: Attributes | Assert that creating user with attributes fails with mariadb + assert: + that: + - result is failed + + - name: Attributes | Attempt to create user with attributes with mariadb + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + password: '{{ user_password_2 }}' + attributes: + key1: "value1" + ignore_errors: yes + register: result + + - name: Attributes | Assert that creating user with attributes fails with mariadb + assert: + that: + - result is failed + + - when: db_engine == 'mysql' + block: + + # Create user with attributes + - name: Attributes | Test creating a user with attributes in check mode + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + password: '{{ user_password_2 }}' + attributes: + key1: "value1" + register: result + check_mode: yes + + - name: Attributes | Assert that user would have been created with attributes + assert: + that: + - result is changed + - result.attributes.key1 == "value1" + + - name: Attributes | Test creating a user with attributes + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + password: '{{ user_password_2 }}' + attributes: + key1: "value1" + register: result + + - name: Attributes | Assert that user was created with attributes + assert: + that: + - result is changed + - result.attributes.key1 == "value1" + + # Append attributes on an existing user + - name: Attributes | Test appending attributes to an existing user in check mode + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + attributes: + key2: "value2" + register: result + check_mode: yes + + - name: Attributes | Assert that attribute would have been appended and existing attribute stays + assert: + that: + - result is changed + - result.attributes.key1 == "value1" + - result.attributes.key2 == "value2" + + - name: Attributes | Test appending attributes to an existing user + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + attributes: + key2: "value2" + register: result + + - name: Attributes | Assert that new attribute was appended and existing attribute stays + assert: + that: + - result is changed + - result.attributes.key1 == "value1" + - result.attributes.key2 == "value2" + + # Test updating existing attributes + - name: Attributes | Test updating attributes on an existing user in check mode + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + attributes: + key2: "new_value2" + check_mode: yes + register: result + + - name: Attributes | Assert that attribute would have been updated + assert: + that: + - result is changed + - result.attributes.key2 == "new_value2" + + - name: Attributes | Test updating attributes on an existing user + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + attributes: + key2: "new_value2" + register: result + + - name: Attributes | Assert that attribute was updated + assert: + that: + - result is changed + - result.attributes.key2 == "new_value2" + + # Test deleting attributes + - name: Attributes | Test deleting attributes on an existing user in check mode + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + attributes: + key2: False + register: result + check_mode: yes + + - name: Attributes | Assert that attribute would have been deleted + assert: + that: + - result is changed + - "'key2' not in result.attributes" + + - name: Attributes | Test deleting attributes on an existing user + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + attributes: + key2: False + register: result + + - name: Attributes | Assert that attribute was deleted + assert: + that: + - result is changed + - "'key2' not in result.attributes" + + # Test attribute idempotency + - name: Attributes | Test attribute idempotency by trying to change an already correct attribute in check mode + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + attributes: + key1: "value1" + register: result + check_mode: yes + + - name: Attributes | Assert that attribute would not have been updated + assert: + that: + - result is not changed + - result.attributes.key1 == "value1" + + - name: Attributes | Test attribute idempotency by trying to change an already correct attribute + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + attributes: + key1: "value1" + register: result + + - name: Attributes | Assert that attribute was not updated + assert: + that: + - result is not changed + - result.attributes.key1 == "value1" + + - name: Attributes | Test attribute idempotency by not specifying attribute parameter in check mode + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + register: result + check_mode: yes + + - name: Attributes | Assert that attribute is returned in check mode + assert: + that: + - result is not changed + - result.attributes.key1 == "value1" + + - name: Attributes | Test attribute idempotency by not specifying attribute parameter + mysql_user: + <<: *mysql_params + name: '{{ user_name_2 }}' + host: '%' + register: result + + - name: Attributes | Assert that attribute is returned + assert: + that: + - result is not changed + - result.attributes.key1 == "value1" + + # Cleanup + - include_tasks: utils/remove_user.yml + vars: + user_name: "{{ user_name_2 }}"