diff --git a/tests/integration/targets/test_mysql_user/tasks/issue-265.yml b/tests/integration/targets/test_mysql_user/tasks/issue-265.yml deleted file mode 100644 index 167b69b..0000000 --- a/tests/integration/targets/test_mysql_user/tasks/issue-265.yml +++ /dev/null @@ -1,168 +0,0 @@ ---- -- vars: - mysql_parameters: &mysql_params - login_user: '{{ mysql_user }}' - login_password: '{{ mysql_password }}' - login_host: 127.0.0.1 - login_port: '{{ mysql_primary_port }}' - - block: - - name: Drop mysql user if exists - mysql_user: - <<: *mysql_params - name: '{{ user_name_1 }}' - state: absent - ignore_errors: yes - - # Tests with force_context: yes - # Test user creation - - name: create mysql user {{user_name_1}} - mysql_user: - <<: *mysql_params - name: '{{ user_name_1 }}' - password: '{{ user_password_1 }}' - state: present - force_context: yes - register: result - - - name: assert output message mysql user was created - assert: - that: - - result is changed - - - include: assert_user.yml user_name={{user_name_1}} - - # Test user removal - - name: remove mysql user {{user_name_1}} - mysql_user: - <<: *mysql_params - name: '{{user_name_1}}' - password: '{{user_password_1}}' - state: absent - force_context: yes - register: result - - - name: assert output message mysql user was removed - assert: - that: - - result is changed - - # Test blank user removal - - name: create blank mysql user to be removed later - mysql_user: - <<: *mysql_params - name: "" - state: present - force_context: yes - password: 'KJFDY&D*Sfuydsgf' - - - name: remove blank mysql user with hosts=all (expect changed) - mysql_user: - <<: *mysql_params - user: "" - host_all: true - state: absent - force_context: yes - register: result - - - name: assert changed is true for removing all blank users - assert: - that: - - result is changed - - - name: remove blank mysql user with hosts=all (expect ok) - mysql_user: - <<: *mysql_params - user: "" - host_all: true - force_context: yes - state: absent - register: result - - - name: assert changed is true for removing all blank users - assert: - that: - - result is not changed - - - include: assert_no_user.yml user_name={{user_name_1}} - - # Tests with force_context: no - # Test user creation - - name: Drop mysql user if exists - mysql_user: - <<: *mysql_params - name: '{{ user_name_1 }}' - state: absent - ignore_errors: yes - - # Tests with force_context: yes - # Test user creation - - name: create mysql user {{user_name_1}} - mysql_user: - <<: *mysql_params - name: '{{ user_name_1 }}' - password: '{{ user_password_1 }}' - state: present - force_context: yes - register: result - - - name: assert output message mysql user was created - assert: - that: - - result is changed - - - include: assert_user.yml user_name={{user_name_1}} - - # Test user removal - - name: remove mysql user {{user_name_1}} - mysql_user: - <<: *mysql_params - name: '{{user_name_1}}' - password: '{{user_password_1}}' - state: absent - force_context: no - register: result - - - name: assert output message mysql user was removed - assert: - that: - - result is changed - - # Test blank user removal - - name: create blank mysql user to be removed later - mysql_user: - <<: *mysql_params - name: "" - state: present - force_context: no - password: 'KJFDY&D*Sfuydsgf' - - - name: remove blank mysql user with hosts=all (expect changed) - mysql_user: - <<: *mysql_params - user: "" - host_all: true - state: absent - force_context: no - register: result - - - name: assert changed is true for removing all blank users - assert: - that: - - result is changed - - - name: remove blank mysql user with hosts=all (expect ok) - mysql_user: - <<: *mysql_params - user: "" - host_all: true - force_context: no - state: absent - register: result - - - name: assert changed is true for removing all blank users - assert: - that: - - result is not changed - - - include: assert_no_user.yml user_name={{user_name_1}} diff --git a/tests/integration/targets/test_mysql_user/tasks/main.yml b/tests/integration/targets/test_mysql_user/tasks/main.yml index db3304c..5ddf300 100644 --- a/tests/integration/targets/test_mysql_user/tasks/main.yml +++ b/tests/integration/targets/test_mysql_user/tasks/main.yml @@ -276,11 +276,6 @@ - include: test_priv_append.yml enable_check_mode=no - include: test_priv_append.yml enable_check_mode=yes - # Test that subtract_privs will only revoke the grants given by priv - # (https://github.com/ansible-collections/community.mysql/issues/331) - - include: test_priv_subtract.yml enable_check_mode=no - - include: test_priv_subtract.yml enable_check_mode=yes - # Tests for the TLS requires dictionary - include: tls_requirements.yml @@ -292,9 +287,5 @@ tags: - issue-64560 - # Test that mysql_user still works with force_context enabled (database set to "mysql") - # (https://github.com/ansible-collections/community.mysql/issues/265) - - include: issue-265.yml - # https://github.com/ansible-collections/community.mysql/issues/231 - include: test_user_grants_with_roles_applied.yml diff --git a/tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml b/tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml deleted file mode 100644 index 7595243..0000000 --- a/tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml +++ /dev/null @@ -1,173 +0,0 @@ -# Test code to ensure that subtracting privileges will not result in unnecessary changes. -- vars: - mysql_parameters: &mysql_params - login_user: '{{ mysql_user }}' - login_password: '{{ mysql_password }}' - login_host: 127.0.0.1 - login_port: '{{ mysql_primary_port }}' - - block: - - - name: Create test databases - mysql_db: - <<: *mysql_params - name: '{{ item }}' - state: present - loop: - - data1 - - - name: Create a user with an initial set of privileges - mysql_user: - <<: *mysql_params - name: '{{ user_name_4 }}' - password: '{{ user_password_4 }}' - priv: 'data1.*:SELECT,INSERT' - state: present - - - name: Run command to show privileges for user (expect privileges in stdout) - command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\"" - register: result - - - name: Assert that the initial set of privileges matches what is expected - assert: - that: - - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout" - - - name: Subtract privileges that are not in the current privileges, which should be a no-op - mysql_user: - <<: *mysql_params - name: '{{ user_name_4 }}' - password: '{{ user_password_4 }}' - priv: 'data1.*:DELETE' - subtract_privs: yes - state: present - check_mode: '{{ enable_check_mode }}' - register: result - - - name: Assert that there wasn't a change in permissions - assert: - that: - - result is not changed - - - name: Run command to show privileges for user (expect privileges in stdout) - command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\"" - register: result - - - name: Assert that the permissions still match what was originally granted - assert: - that: - - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout" - - - name: Subtract existing and not-existing privileges, but not all - mysql_user: - <<: *mysql_params - name: '{{ user_name_4 }}' - password: '{{ user_password_4 }}' - priv: 'data1.*:INSERT,DELETE' - subtract_privs: yes - state: present - check_mode: '{{ enable_check_mode }}' - register: result - - - name: Assert that there was a change because permissions were/would be revoked on data1.* - assert: - that: - - result is changed - - - name: Run command to show privileges for user (expect privileges in stdout) - command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\"" - register: result - - - name: Assert that the permissions were not changed if check_mode is set to 'yes' - assert: - that: - - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout" - when: enable_check_mode == 'yes' - - - name: Assert that only DELETE was revoked if check_mode is set to 'no' - assert: - that: - - "'GRANT SELECT ON `data1`.*' in result.stdout" - when: enable_check_mode == 'no' - - - name: Try to subtract invalid privileges - mysql_user: - <<: *mysql_params - name: '{{ user_name_4 }}' - password: '{{ user_password_4 }}' - priv: 'data1.*:INVALID' - subtract_privs: yes - state: present - check_mode: '{{ enable_check_mode }}' - register: result - - - name: Assert that there was no change because invalid permissions are ignored - assert: - that: - - result is not changed - - - name: Run command to show privileges for user (expect privileges in stdout) - command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\"" - register: result - - - name: Assert that the permissions were not changed with check_mode=='yes' - assert: - that: - - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout" - when: enable_check_mode == 'yes' - - - name: Assert that the permissions were not changed with check_mode=='no' - assert: - that: - - "'GRANT SELECT ON `data1`.*' in result.stdout" - when: enable_check_mode == 'no' - - - name: trigger failure by trying to subtract and append privileges at the same time - mysql_user: - <<: *mysql_params - name: '{{ user_name_4 }}' - password: '{{ user_password_4 }}' - priv: 'data1.*:SELECT' - subtract_privs: yes - append_privs: yes - state: present - check_mode: '{{ enable_check_mode }}' - register: result - ignore_errors: true - - - name: Assert the previous execution failed - assert: - that: - - result is failed - - - name: Run command to show privileges for user (expect privileges in stdout) - command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\"" - register: result - - - name: Assert that the permissions stayed the same, with check_mode=='yes' - assert: - that: - - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout" - when: enable_check_mode == 'yes' - - - name: Assert that the permissions stayed the same, with check_mode=='no' - assert: - that: - - "'GRANT SELECT ON `data1`.*' in result.stdout" - when: enable_check_mode == 'no' - - ########## - # Clean up - - name: Drop test databases - mysql_db: - <<: *mysql_params - name: '{{ item }}' - state: present - loop: - - data1 - - - name: Drop test user - mysql_user: - <<: *mysql_params - name: '{{ user_name_4 }}' - state: absent