Introduce account locking functionality

2025-07-28 23:51:26 -07:00 · 2020-11-17 12:57:33 +02:00 · 2020-11-17 12:57:33 +02:00 · be0244e5bc
commit be0244e5bc
parent 31bd2b567f
3 changed files with 253 additions and 11 deletions
--- a/tests/integration/targets/test_mysql_user/tasks/issue-49.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/issue-49.yml
@ -0,0 +1,148 @@
+---
+- vars:
+    mysql_parameters: &mysql_params
+      login_user: '{{ mysql_user }}'
+      login_password: '{{ mysql_password }}'
+      login_host: 127.0.0.1
+      login_port: '{{ mysql_primary_port }}'
+
+  block:
+
+    # ============================================================
+    - name: find out the database version
+      mysql_info:
+        <<: *mysql_params
+        filter: version
+      register: db_version
+
+    - set_fact:
+        version_string: "{{[db_version.version.major, db_version.version.minor, db_version.version.release] | join('.')}}"
+
+    - name: Drop mysql user if exists
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        state: absent
+      ignore_errors: yes
+
+    - name: Create user with account locking in test mode
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        account_locking:
+          PASSWORD_LOCK_TIME: 3
+          FAILED_LOGIN_ATTEMPTS: 3
+      check_mode: True
+      register: result
+
+    - assert:
+        that:
+          - result is changed
+
+    - include: assert_no_user.yml user_name={{ user_name_1 }}
+
+    - name: Create user with account locking
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        account_locking:
+          PASSWORD_LOCK_TIME: 3
+          FAILED_LOGIN_ATTEMPTS: 3
+      register: result
+
+    - assert:
+        that:
+          - result is changed
+
+    - include: assert_user.yml user_name={{ user_name_1 }}
+
+    - block:
+      - name: retrieve create request
+        command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
+        register: result
+
+      - assert:
+          that:
+            - "{{ 'PASSWORD_LOCK_TIME 3' in result.stdout }}"
+            - "{{ 'FAILED_LOGIN_ATTEMPTS 3' in result.stdout }}"
+      when: version_string is version('8.0.19', '>=') and version_string is version('10', '<')
+
+    - name: Create existing user with account locking in test mode
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        account_locking:
+          PASSWORD_LOCK_TIME: 3
+          FAILED_LOGIN_ATTEMPTS: 3
+      check_mode: True
+      register: result
+
+    - assert:
+        that: result is not changed
+
+    - name: Create existing user with account locking
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        account_locking:
+          PASSWORD_LOCK_TIME: 3
+          FAILED_LOGIN_ATTEMPTS: 3
+      register: result
+
+    - assert:
+        that: result is not changed
+
+    - name: Update existing user with account locking in test mode
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        account_locking:
+          PASSWORD_LOCK_TIME: 3
+          FAILED_LOGIN_ATTEMPTS: 5
+      check_mode: True
+      register: result
+
+    - assert:
+        that: result is changed
+
+    - block:
+      - name: retrieve create request
+        command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
+        register: result
+      - assert:
+          that:
+            - "{{ 'PASSWORD_LOCK_TIME 3' in result.stdout }}"
+            - "{{ 'FAILED_LOGIN_ATTEMPTS 3' in result.stdout }}"
+      when: version_string is version('8.0.19', '>=') and version_string is version('10', '<')
+
+    - name: Update existing user with account locking
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        password: '{{ user_password_1 }}'
+        account_locking:
+          PASSWORD_LOCK_TIME: 2
+          FAILED_LOGIN_ATTEMPTS: 5
+      register: result
+
+    - assert:
+        that: result is changed
+
+    - block:
+      - name: retrieve create request
+        command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
+        register: result
+      - assert:
+          that:
+            - "{{ 'PASSWORD_LOCK_TIME 2' in result.stdout }}"
+            - "{{ 'FAILED_LOGIN_ATTEMPTS 5' in result.stdout }}"
+      when: version_string is version('8.0.19', '>=') and version_string is version('10', '<')
+
+    - include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+    - include: assert_no_user.yml user_name={{user_name_1}}
--- a/tests/integration/targets/test_mysql_user/tasks/main.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/main.yml
@ -36,6 +36,7 @@
      login_port: '{{ mysql_primary_port }}'

  block:
+    - include: issue-49.yml

    - include: issue-28.yml