mirror of
https://github.com/ansible-collections/community.mysql.git
synced 2025-08-05 21:54:24 -07:00
Refactor test_mysql_user to work with other host than localhost
This commit is contained in:
Laurent Indermuehle
parent
978676a6dc
commit
9da866a7bf
27 changed files with 675 additions and 758 deletions
|
|
@ -21,56 +21,58 @@
|
|||
mysql_parameters: &mysql_params
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ mysql_password }}'
|
||||
login_host: '{{ gateway_addr }}'
|
||||
login_host: '{{ mysql_host }}'
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
|
||||
block:
|
||||
|
||||
# ============================================================
|
||||
- name: create user with basic select privileges
|
||||
- name: Privs | Create user with basic select privileges
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
host: '%'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:SELECT'
|
||||
state: present
|
||||
when: current_append_privs == "yes"
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_2}} priv='SELECT'
|
||||
- include: utils_assert_user.yml user_name={{ user_name_2 }} user_host=% priv='SELECT'
|
||||
when: current_append_privs == "yes"
|
||||
|
||||
- name: create user with current privileges (expect changed=true)
|
||||
- name: Privs | Create user with current privileges (expect changed=true)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
host: '%'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:{{current_privilege}}'
|
||||
append_privs: '{{current_append_privs}}'
|
||||
priv: '*.*:{{ current_privilege }}'
|
||||
append_privs: '{{ current_append_privs }}'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: assert output message for current privileges
|
||||
- name: Privs | Assert output message for current privileges
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: run command to show privileges for user (expect privileges in stdout)
|
||||
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{user_name_2}}'@'localhost'\""
|
||||
- name: Privs | Run command to show privileges for user (expect privileges in stdout)
|
||||
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{user_name_2}}'@'%'\""
|
||||
register: result
|
||||
|
||||
- name: assert user has correct privileges
|
||||
- name: Privs | Assert user has correct privileges
|
||||
assert:
|
||||
that:
|
||||
- "'GRANT {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout"
|
||||
- "'GRANT {{ current_privilege | replace(',', ', ') }} ON *.*' in result.stdout"
|
||||
when: current_append_privs == "no"
|
||||
|
||||
- name: assert user has correct privileges
|
||||
- name: Privs | Assert user has correct privileges
|
||||
assert:
|
||||
that:
|
||||
- "'GRANT SELECT, {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout"
|
||||
- "'GRANT SELECT, {{ current_privilege | replace(',', ', ') }} ON *.*' in result.stdout"
|
||||
when: current_append_privs == "yes"
|
||||
|
||||
- name: create database using user current privileges
|
||||
- name: Privs | Create database using user current privileges
|
||||
mysql_db:
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
|
|
@ -80,56 +82,59 @@
|
|||
state: present
|
||||
ignore_errors: true
|
||||
|
||||
- name: run command to test that database was not created
|
||||
- name: Privs | Run command to test that database was not created
|
||||
command: "{{ mysql_command }} -e \"show databases like '{{ db_name }}'\""
|
||||
register: result
|
||||
|
||||
- name: assert database was not created
|
||||
- name: Privs | Assert database was not created
|
||||
assert:
|
||||
that:
|
||||
- "'{{ db_name }}' not in result.stdout"
|
||||
- db_name not in result.stdout
|
||||
|
||||
# ============================================================
|
||||
- name: Add privs to a specific table (expect changed)
|
||||
- name: Privs | Add privs to a specific table (expect changed)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
host: '%'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: 'jmainguy.jmainguy:ALL'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: Assert that priv changed
|
||||
- name: Privs | Assert that priv changed
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Add privs to a specific table (expect ok)
|
||||
- name: Privs | Add privs to a specific table (expect ok)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
host: '%'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: 'jmainguy.jmainguy:ALL'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: Assert that priv did not change
|
||||
- name: Privs | Assert that priv did not change
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
# ============================================================
|
||||
- name: update user with all privileges
|
||||
- name: Privs | Grant ALL to user {{ user_name_2 }}
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
host: '%'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:ALL'
|
||||
state: present
|
||||
|
||||
# - include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
|
||||
# - include: utils_assert_user.yml user_name={{user_name_2}} user_host=% priv='ALL PRIVILEGES'
|
||||
|
||||
- name: create database using user
|
||||
- name: Privs | Create database using user {{ user_name_2 }}
|
||||
mysql_db:
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
|
|
@ -138,10 +143,10 @@
|
|||
name: '{{ db_name }}'
|
||||
state: present
|
||||
|
||||
- name: run command to test database was created using user new privileges
|
||||
- name: Privs | Run command to test database was created using user new privileges
|
||||
command: "{{ mysql_command }} -e \"SHOW CREATE DATABASE {{ db_name }}\""
|
||||
|
||||
- name: drop database using user
|
||||
- name: Privs | Drop database using user {{ user_name_2 }}
|
||||
mysql_db:
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
|
|
@ -151,24 +156,26 @@
|
|||
state: absent
|
||||
|
||||
# ============================================================
|
||||
- name: update user with a long privileges list (mysql has a special multiline grant output)
|
||||
- name: Privs | Update user with a long privileges list (mysql has a special multiline grant output)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
host: '%'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: Assert that priv changed
|
||||
- name: Privs | Assert that priv changed
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Test idempotency with a long privileges list (expect ok)
|
||||
- name: Privs | Test idempotency with a long privileges list (expect ok)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
host: '%'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
|
||||
state: present
|
||||
|
|
@ -176,20 +183,15 @@
|
|||
|
||||
# FIXME: on mysql >=8 and mariadb >=10.5.2 there's always a change because
|
||||
# the REPLICATION CLIENT privilege was renamed to BINLOG MONITOR
|
||||
- name: Assert that priv did not change
|
||||
- name: Privs | Assert that priv did not change
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: remove username
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
state: absent
|
||||
- include: utils_remove_user.yml user_name="{{ user_name_2 }}"
|
||||
|
||||
# ============================================================
|
||||
- name: grant all privileges with grant option
|
||||
- name: Privs | Grant all privileges with grant option
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
|
|
@ -198,23 +200,23 @@
|
|||
state: present
|
||||
register: result
|
||||
|
||||
- name: Assert that priv changed
|
||||
- name: Privs | Assert that priv changed
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Collect user info by host
|
||||
- name: Privs | Collect user info by host
|
||||
community.mysql.mysql_info:
|
||||
<<: *mysql_params
|
||||
filter: "users"
|
||||
register: mysql_info_about_users
|
||||
|
||||
- name: Assert that 'GRANT' permission is present
|
||||
- name: Privs | Assert that 'GRANT' permission is present
|
||||
assert:
|
||||
that:
|
||||
- mysql_info_about_users.users.localhost.{{ user_name_2 }}.Grant_priv == 'Y'
|
||||
|
||||
- name: Test idempotency (expect ok)
|
||||
- name: Privs | Test idempotency (expect ok)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
|
|
@ -224,24 +226,24 @@
|
|||
register: result
|
||||
|
||||
# FIXME: on mysql >=8 there's always a change (ALL PRIVILEGES -> specific privileges)
|
||||
- name: Assert that priv did not change
|
||||
- name: Privs | Assert that priv did not change
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: Collect user info by host
|
||||
- name: Privs | Collect user info by host
|
||||
community.mysql.mysql_info:
|
||||
<<: *mysql_params
|
||||
filter: "users"
|
||||
register: mysql_info_about_users
|
||||
|
||||
- name: Assert that 'GRANT' permission is present
|
||||
- name: Privs | Assert that 'GRANT' permission is present (by host)
|
||||
assert:
|
||||
that:
|
||||
- mysql_info_about_users.users.localhost.{{ user_name_2 }}.Grant_priv == 'Y'
|
||||
|
||||
# ============================================================
|
||||
- name: update user with invalid privileges
|
||||
- name: Privs | Update user with invalid privileges
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
|
|
@ -251,15 +253,10 @@
|
|||
register: result
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Assert that priv did not change
|
||||
- name: Privs | Assert that priv did not change
|
||||
assert:
|
||||
that:
|
||||
- result is failed
|
||||
- "'Error granting privileges' in result.msg"
|
||||
|
||||
- name: remove username
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
state: absent
|
||||
- include: utils_remove_user.yml user_name="{{ user_name_2 }}"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue