mirror of
https://github.com/ansible-collections/community.mysql.git
synced 2025-07-24 05:40:25 -07:00
initial commit (#1)
* initial commit * removed remaining references to community.general * enabled integration pipeline * switched from preconfigured replication topology to simple multinode install * updated version from 1.0.0 to 0.1.0
This commit is contained in:
parent
9fcbbaad81
commit
c26bc095ad
89 changed files with 8774 additions and 135 deletions
|
@ -0,0 +1,25 @@
|
|||
# test code to assert no mysql user
|
||||
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
|
||||
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# ============================================================
|
||||
- name: run command to query for mysql user
|
||||
command: "{{ mysql_command }} -e \"SELECT User FROM mysql.user where user='{{ user_name }}'\""
|
||||
register: result
|
||||
|
||||
- name: assert mysql user is not present
|
||||
assert: { that: "'{{ user_name }}' not in result.stdout" }
|
|
@ -0,0 +1,38 @@
|
|||
# test code to assert mysql user
|
||||
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
|
||||
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# ============================================================
|
||||
- name: run command to query for mysql user
|
||||
command: "{{ mysql_command }} -e \"SELECT User FROM mysql.user where user='{{ user_name }}'\""
|
||||
register: result
|
||||
|
||||
- name: assert mysql user is present
|
||||
assert:
|
||||
that:
|
||||
- "'{{ user_name }}' in result.stdout"
|
||||
|
||||
- name: run command to show privileges for user (expect privileges in stdout)
|
||||
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name }}'@'localhost'\""
|
||||
register: result
|
||||
when: priv is defined
|
||||
|
||||
- name: assert user has giving privileges
|
||||
assert:
|
||||
that:
|
||||
- "'GRANT {{priv}} ON *.*' in result.stdout"
|
||||
when: priv is defined
|
|
@ -0,0 +1,40 @@
|
|||
# test code to create mysql user
|
||||
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
|
||||
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
- vars:
|
||||
mysql_parameters: &mysql_params
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ mysql_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
|
||||
block:
|
||||
|
||||
# ============================================================
|
||||
- name: create mysql user {{user_name}}
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name }}'
|
||||
password: '{{ user_password }}'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: assert output message mysql user was created
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == true"
|
|
@ -0,0 +1,86 @@
|
|||
---
|
||||
- vars:
|
||||
mysql_parameters: &mysql_params
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ mysql_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
|
||||
block:
|
||||
|
||||
- name: Issue test setup - drop database
|
||||
mysql_db:
|
||||
<<: *mysql_params
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- foo
|
||||
- bar
|
||||
|
||||
- name: Issue test setup - create database
|
||||
mysql_db:
|
||||
<<: *mysql_params
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- foo
|
||||
- bar
|
||||
|
||||
- name: Copy SQL scripts to remote
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ remote_tmp_dir }}/{{ item | basename }}"
|
||||
with_items:
|
||||
- create-function.sql
|
||||
- create-procedure.sql
|
||||
|
||||
- name: Create function for test
|
||||
shell: "{{ mysql_command }} < {{ remote_tmp_dir }}/create-function.sql"
|
||||
|
||||
- name: Create procedure for test
|
||||
shell: "{{ mysql_command }} < {{ remote_tmp_dir }}/create-procedure.sql"
|
||||
|
||||
- name: Create user with FUNCTION and PROCEDURE privileges
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
state: present
|
||||
priv: 'FUNCTION foo.function:EXECUTE/foo.*:SELECT/PROCEDURE bar.procedure:EXECUTE'
|
||||
register: result
|
||||
|
||||
- name: Assert Create user with FUNCTION and PROCEDURE privileges
|
||||
assert:
|
||||
that:
|
||||
- result is success
|
||||
- result is changed
|
||||
|
||||
- name: Create user with FUNCTION and PROCEDURE privileges - Idempotent check
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
state: present
|
||||
priv: 'FUNCTION foo.function:EXECUTE/foo.*:SELECT/PROCEDURE bar.procedure:EXECUTE'
|
||||
register: result
|
||||
|
||||
- name: Assert Create user with FUNCTION and PROCEDURE privileges
|
||||
assert:
|
||||
that:
|
||||
- result is success
|
||||
- result is not changed
|
||||
|
||||
- name: Remove user
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
state: absent
|
||||
|
||||
- name: Issue test teardown - cleanup databases
|
||||
mysql_db:
|
||||
<<: *mysql_params
|
||||
name: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- foo
|
||||
- bar
|
|
@ -0,0 +1,45 @@
|
|||
---
|
||||
- vars:
|
||||
mysql_parameters: &mysql_params
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ mysql_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
|
||||
block:
|
||||
|
||||
- name: Set root password
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: root
|
||||
password: '{{ root_password }}'
|
||||
check_implicit_admin: yes
|
||||
register: result
|
||||
|
||||
- name: assert root password is changed
|
||||
assert: { that: "result.changed == true" }
|
||||
|
||||
- name: Set root password again
|
||||
mysql_user:
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ root_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
name: root
|
||||
password: '{{ root_password }}'
|
||||
check_implicit_admin: yes
|
||||
register: result
|
||||
|
||||
- name: Assert root password is not changed
|
||||
assert: { that: "result.changed == false" }
|
||||
|
||||
- name: Set root password again
|
||||
mysql_user:
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ root_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
name: root
|
||||
password: '{{ mysql_password }}'
|
||||
check_implicit_admin: yes
|
||||
register: result
|
243
tests/integration/targets/test_mysql_user/tasks/main.yml
Normal file
243
tests/integration/targets/test_mysql_user/tasks/main.yml
Normal file
|
@ -0,0 +1,243 @@
|
|||
# test code for the mysql_user module
|
||||
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
|
||||
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 dof the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# ============================================================
|
||||
# create mysql user and verify user is added to mysql database
|
||||
#
|
||||
- name: alias mysql command to include default options
|
||||
set_fact:
|
||||
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
|
||||
|
||||
- vars:
|
||||
mysql_parameters: &mysql_params
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ mysql_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
|
||||
block:
|
||||
|
||||
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
||||
|
||||
- include: resource_limits.yml
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_1}}
|
||||
|
||||
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
||||
|
||||
- include: assert_no_user.yml user_name={{user_name_1}}
|
||||
|
||||
# ============================================================
|
||||
# Create mysql user that already exist on mysql database
|
||||
#
|
||||
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
||||
|
||||
- name: create mysql user that already exist (expect changed=false)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{user_name_1}}'
|
||||
password: '{{user_password_1}}'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: assert output message mysql user was not created
|
||||
assert: { that: "result.changed == false" }
|
||||
|
||||
# ============================================================
|
||||
# remove mysql user and verify user is removed from mysql database
|
||||
#
|
||||
- name: remove mysql user state=absent (expect changed=true)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: absent
|
||||
register: result
|
||||
|
||||
- name: assert output message mysql user was removed
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == true"
|
||||
|
||||
- include: assert_no_user.yml user_name={{user_name_1}}
|
||||
|
||||
# ============================================================
|
||||
# remove mysql user that does not exist on mysql database
|
||||
#
|
||||
- name: remove mysql user that does not exist state=absent (expect changed=false)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: absent
|
||||
register: result
|
||||
|
||||
- name: assert output message mysql user that does not exist
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == false"
|
||||
|
||||
- include: assert_no_user.yml user_name={{user_name_1}}
|
||||
|
||||
# ============================================================
|
||||
# Create user with no privileges and verify default privileges are assign
|
||||
#
|
||||
- name: create user with select privilege state=present (expect changed=true)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_1}} priv=USAGE
|
||||
|
||||
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
||||
|
||||
- include: assert_no_user.yml user_name={{user_name_1}}
|
||||
|
||||
# ============================================================
|
||||
# Create user with select privileges and verify select privileges are assign
|
||||
#
|
||||
- name: create user with select privilege state=present (expect changed=true)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
state: present
|
||||
priv: '*.*:SELECT'
|
||||
register: result
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_2}} priv=SELECT
|
||||
|
||||
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_2 }}
|
||||
|
||||
- include: assert_no_user.yml user_name={{user_name_2}}
|
||||
|
||||
# ============================================================
|
||||
# Assert user has access to multiple databases
|
||||
#
|
||||
- name: give users access to multiple databases
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ item[0] }}'
|
||||
priv: '{{ item[1] }}.*:ALL'
|
||||
append_privs: yes
|
||||
password: '{{ user_password_1 }}'
|
||||
with_nested:
|
||||
- [ '{{ user_name_1 }}', '{{ user_name_2 }}']
|
||||
- "{{db_names}}"
|
||||
|
||||
- name: show grants access for user1 on multiple database
|
||||
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
|
||||
register: result
|
||||
|
||||
- name: assert grant access for user1 on multiple database
|
||||
assert:
|
||||
that:
|
||||
- "'{{ item }}' in result.stdout"
|
||||
with_items: "{{db_names}}"
|
||||
|
||||
- name: show grants access for user2 on multiple database
|
||||
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost'\""
|
||||
register: result
|
||||
|
||||
- name: assert grant access for user2 on multiple database
|
||||
assert:
|
||||
that:
|
||||
- "'{{ item }}' in result.stdout"
|
||||
with_items: "{{db_names}}"
|
||||
|
||||
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
||||
|
||||
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
|
||||
|
||||
- name: give user access to database via wildcard
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
priv: '%db.*:SELECT'
|
||||
append_privs: yes
|
||||
password: '{{ user_password_1 }}'
|
||||
|
||||
- name: show grants access for user1 on multiple database
|
||||
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
|
||||
register: result
|
||||
|
||||
- name: assert grant access for user1 on multiple database
|
||||
assert:
|
||||
that:
|
||||
- "'%db' in result.stdout"
|
||||
- "'SELECT' in result.stdout"
|
||||
|
||||
- name: change user access to database via wildcard
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
priv: '%db.*:INSERT'
|
||||
append_privs: yes
|
||||
password: '{{ user_password_1 }}'
|
||||
|
||||
- name: show grants access for user1 on multiple database
|
||||
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
|
||||
register: result
|
||||
|
||||
- name: assert grant access for user1 on multiple database
|
||||
assert:
|
||||
that:
|
||||
- "'%db' in result.stdout"
|
||||
- "'INSERT' in result.stdout"
|
||||
|
||||
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
||||
|
||||
# ============================================================
|
||||
# Update user password for a user.
|
||||
# Assert the user password is updated and old password can no longer be used.
|
||||
#
|
||||
#- include: user_password_update_test.yml
|
||||
|
||||
# ============================================================
|
||||
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
|
||||
#
|
||||
- include: test_privs.yml current_privilege=SELECT current_append_privs=no
|
||||
|
||||
# ============================================================
|
||||
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
|
||||
#
|
||||
- include: test_privs.yml current_privilege=DROP current_append_privs=yes
|
||||
|
||||
# ============================================================
|
||||
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
|
||||
#
|
||||
- include: test_privs.yml current_privilege='UPDATE,ALTER' current_append_privs=no
|
||||
|
||||
# ============================================================
|
||||
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
|
||||
#
|
||||
- include: test_privs.yml current_privilege='INSERT,DELETE' current_append_privs=yes
|
||||
|
||||
# Tests for the priv parameter with dict value (https://github.com/ansible/ansible/issues/57533)
|
||||
- include: test_priv_dict.yml
|
||||
|
||||
- import_tasks: issue-29511.yaml
|
||||
tags:
|
||||
- issue-29511
|
||||
|
||||
- import_tasks: issue-64560.yaml
|
||||
tags:
|
||||
- issue-64560
|
|
@ -0,0 +1,74 @@
|
|||
# test code to remove mysql user
|
||||
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
|
||||
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
- vars:
|
||||
mysql_parameters: &mysql_params
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ mysql_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
|
||||
block:
|
||||
|
||||
# ============================================================
|
||||
- name: remove mysql user {{user_name}}
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{user_name}}'
|
||||
password: '{{user_password}}'
|
||||
state: absent
|
||||
register: result
|
||||
|
||||
- name: assert output message mysql user was removed
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == true"
|
||||
|
||||
# ============================================================
|
||||
- name: create blank mysql user to be removed later
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: ""
|
||||
state: present
|
||||
password: 'KJFDY&D*Sfuydsgf'
|
||||
|
||||
- name: remove blank mysql user with hosts=all (expect changed)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
user: ""
|
||||
host_all: true
|
||||
state: absent
|
||||
register: result
|
||||
|
||||
- name: assert changed is true for removing all blank users
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == true"
|
||||
|
||||
- name: remove blank mysql user with hosts=all (expect ok)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
user: ""
|
||||
host_all: true
|
||||
state: absent
|
||||
register: result
|
||||
|
||||
- name: assert changed is true for removing all blank users
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == false"
|
|
@ -0,0 +1,118 @@
|
|||
# test code for resource_limits parameter
|
||||
- vars:
|
||||
mysql_parameters: &mysql_params
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ mysql_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
|
||||
block:
|
||||
|
||||
- name: Drop mysql user {{ user_name_1 }} if exists
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
state: absent
|
||||
|
||||
- name: Create mysql user {{ user_name_1 }} with resource limits in check_mode
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: present
|
||||
resource_limits:
|
||||
MAX_QUERIES_PER_HOUR: 10
|
||||
MAX_CONNECTIONS_PER_HOUR: 5
|
||||
check_mode: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Create mysql user {{ user_name_1 }} with resource limits in actual mode
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: present
|
||||
resource_limits:
|
||||
MAX_QUERIES_PER_HOUR: 10
|
||||
MAX_CONNECTIONS_PER_HOUR: 5
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Check
|
||||
mysql_query:
|
||||
<<: *mysql_params
|
||||
query: >
|
||||
SELECT User FROM mysql.user WHERE User = '{{ user_name_1 }}' AND Host = 'localhost'
|
||||
AND max_questions = 10 AND max_connections = 5
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount[0] == 1
|
||||
|
||||
- name: Try to set the same limits again in check mode
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: present
|
||||
resource_limits:
|
||||
MAX_QUERIES_PER_HOUR: 10
|
||||
MAX_CONNECTIONS_PER_HOUR: 5
|
||||
check_mode: yes
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: Try to set the same limits again in actual mode
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: present
|
||||
resource_limits:
|
||||
MAX_QUERIES_PER_HOUR: 10
|
||||
MAX_CONNECTIONS_PER_HOUR: 5
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is not changed
|
||||
|
||||
- name: Change limits
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: present
|
||||
resource_limits:
|
||||
MAX_QUERIES_PER_HOUR: 5
|
||||
MAX_CONNECTIONS_PER_HOUR: 5
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result is changed
|
||||
|
||||
- name: Check
|
||||
mysql_query:
|
||||
<<: *mysql_params
|
||||
query: >
|
||||
SELECT User FROM mysql.user WHERE User = '{{ user_name_1 }}' AND Host = 'localhost'
|
||||
AND max_questions = 5 AND max_connections = 5
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- result.rowcount[0] == 1
|
||||
|
||||
when: (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18') or (ansible_distribution == 'CentOS' and ansible_distribution_major_version >= '8')
|
|
@ -0,0 +1,55 @@
|
|||
- vars:
|
||||
mysql_parameters: &mysql_params
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ mysql_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
|
||||
block:
|
||||
|
||||
# Tests for priv parameter value passed as a dict
|
||||
- name: Create test databases
|
||||
mysql_db:
|
||||
<<: *mysql_params
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
loop:
|
||||
- data1
|
||||
- data2
|
||||
|
||||
- name: Create user with privileges
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_3 }}'
|
||||
password: '{{ user_password_3 }}'
|
||||
priv:
|
||||
"data1.*": "SELECT"
|
||||
"data2.*": "SELECT"
|
||||
state: present
|
||||
|
||||
- name: Run command to show privileges for user (expect privileges in stdout)
|
||||
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
|
||||
register: result
|
||||
|
||||
- name: Assert user has giving privileges
|
||||
assert:
|
||||
that:
|
||||
- "'GRANT SELECT ON `data1`.*' in result.stdout"
|
||||
- "'GRANT SELECT ON `data2`.*' in result.stdout"
|
||||
|
||||
##########
|
||||
# Clean up
|
||||
- name: Drop test databases
|
||||
mysql_db:
|
||||
<<: *mysql_params
|
||||
name: '{{ item }}'
|
||||
state: present
|
||||
loop:
|
||||
- data1
|
||||
- data2
|
||||
|
||||
- name: Drop test user
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_3 }}'
|
||||
state: absent
|
186
tests/integration/targets/test_mysql_user/tasks/test_privs.yml
Normal file
186
tests/integration/targets/test_mysql_user/tasks/test_privs.yml
Normal file
|
@ -0,0 +1,186 @@
|
|||
# test code for privileges for mysql_user module
|
||||
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
|
||||
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
- vars:
|
||||
mysql_parameters: &mysql_params
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ mysql_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
|
||||
block:
|
||||
|
||||
# ============================================================
|
||||
- name: create user with basic select privileges
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:SELECT'
|
||||
state: present
|
||||
when: current_append_privs == "yes"
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_2}} priv='SELECT'
|
||||
when: current_append_privs == "yes"
|
||||
|
||||
- name: create user with current privileges (expect changed=true)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:{{current_privilege}}'
|
||||
append_privs: '{{current_append_privs}}'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: assert output message for current privileges
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == true"
|
||||
|
||||
- name: run command to show privileges for user (expect privileges in stdout)
|
||||
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{user_name_2}}'@'localhost'\""
|
||||
register: result
|
||||
|
||||
- name: assert user has correct privileges
|
||||
assert:
|
||||
that:
|
||||
- "'GRANT {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout"
|
||||
when: current_append_privs == "no"
|
||||
|
||||
- name: assert user has correct privileges
|
||||
assert:
|
||||
that:
|
||||
- "'GRANT SELECT, {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout"
|
||||
when: current_append_privs == "yes"
|
||||
|
||||
- name: create database using user current privileges
|
||||
mysql_db:
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
login_host: '{{ mysql_host }}'
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
name: '{{ db_name }}'
|
||||
state: present
|
||||
ignore_errors: true
|
||||
|
||||
- name: run command to test that database was not created
|
||||
command: "{{ mysql_command }} -e \"show databases like '{{ db_name }}'\""
|
||||
register: result
|
||||
|
||||
- name: assert database was not created
|
||||
assert:
|
||||
that:
|
||||
- "'{{ db_name }}' not in result.stdout"
|
||||
|
||||
# ============================================================
|
||||
- name: Add privs to a specific table (expect changed)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: 'jmainguy.jmainguy:ALL'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: Assert that priv changed
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == true"
|
||||
|
||||
- name: Add privs to a specific table (expect ok)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: 'jmainguy.jmainguy:ALL'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: Assert that priv did not change
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == false"
|
||||
|
||||
# ============================================================
|
||||
- name: update user with all privileges
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:ALL'
|
||||
state: present
|
||||
|
||||
# - include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
|
||||
|
||||
- name: create database using user
|
||||
mysql_db:
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
login_host: '{{ mysql_host }}'
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
name: '{{ db_name }}'
|
||||
state: present
|
||||
|
||||
- name: run command to test database was created using user new privileges
|
||||
command: "{{ mysql_command }} -e \"SHOW CREATE DATABASE {{ db_name }}\""
|
||||
|
||||
- name: drop database using user
|
||||
mysql_db:
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
login_host: '{{ mysql_host }}'
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
name: '{{ db_name }}'
|
||||
state: absent
|
||||
|
||||
# ============================================================
|
||||
- name: update user with a long privileges list (mysql has a special multiline grant output)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: Assert that priv changed
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == true"
|
||||
|
||||
- name: Test idempotency (expect ok)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: Assert that priv did not change
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == false"
|
||||
|
||||
- name: remove username
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
state: absent
|
|
@ -0,0 +1,178 @@
|
|||
# test code update password for the mysql_user module
|
||||
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
|
||||
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 dof the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
- vars:
|
||||
mysql_parameters: &mysql_params
|
||||
login_user: '{{ mysql_user }}'
|
||||
login_password: '{{ mysql_password }}'
|
||||
login_host: 127.0.0.1
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
|
||||
block:
|
||||
|
||||
# ============================================================
|
||||
# Update user password for a user.
|
||||
# Assert the user password is updated and old password can no longer be used.
|
||||
#
|
||||
- name: create user1 state=present with a password
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_1 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
priv: '*.*:ALL'
|
||||
state: present
|
||||
|
||||
- name: create user2 state=present with a password
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:ALL'
|
||||
state: present
|
||||
|
||||
- name: store user2 grants with old password (mysql 5.7.6 and newer)
|
||||
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ user_name_2 }}'@'localhost'\""
|
||||
register: user_password_old_create
|
||||
ignore_errors: yes
|
||||
|
||||
- name: store user2 grants with old password (mysql 5.7.5 and older)
|
||||
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost'\""
|
||||
register: user_password_old
|
||||
when: user_password_old_create is failed
|
||||
|
||||
- name: update user2 state=present with same password (expect changed=false)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_2 }}'
|
||||
priv: '*.*:ALL'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: assert output user2 was not updated
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == false"
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
|
||||
|
||||
- name: update user2 state=present with a new password (expect changed=true)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: '{{ user_name_2 }}'
|
||||
password: '{{ user_password_1 }}'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
|
||||
|
||||
- name: store user2 grants with old password (mysql 5.7.6 and newer)
|
||||
command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ user_name_2 }}'@'localhost'\""
|
||||
register: user_password_new_create
|
||||
ignore_errors: yes
|
||||
|
||||
- name: store user2 grants with new password
|
||||
command: "{{ mysql_command }} -e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost'\""
|
||||
register: user_password_new
|
||||
when: user_password_new_create is failed
|
||||
|
||||
- name: assert output message password was update for user2 (mysql 5.7.6 and newer)
|
||||
assert:
|
||||
that:
|
||||
- "user_password_old_create.stdout != user_password_new_create.stdout"
|
||||
when: user_password_new_create is not failed
|
||||
|
||||
- name: assert output message password was update for user2 (mysql 5.7.5 and older)
|
||||
assert:
|
||||
that:
|
||||
- "user_password_old.stdout != user_password_new.stdout"
|
||||
when: user_password_new_create is failed
|
||||
|
||||
- name: create database using user2 and old password
|
||||
mysql_db:
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_2 }}'
|
||||
login_host: '{{ mysql_host }}'
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
name: '{{ db_name }}'
|
||||
state: present
|
||||
ignore_errors: true
|
||||
register: result
|
||||
|
||||
- debug: var=result.msg
|
||||
- name: assert output message that database not create with old password
|
||||
assert:
|
||||
that:
|
||||
- "result.failed == true"
|
||||
|
||||
- name: create database using user2 and new password
|
||||
mysql_db:
|
||||
login_user: '{{ user_name_2 }}'
|
||||
login_password: '{{ user_password_1 }}'
|
||||
login_host: '{{ mysql_host }}'
|
||||
login_port: '{{ mysql_primary_port }}'
|
||||
name: '{{ db_name }}'
|
||||
state: present
|
||||
register: result
|
||||
|
||||
- name: assert output message that database is created with new password
|
||||
assert:
|
||||
that:
|
||||
- "result.changed == true"
|
||||
|
||||
- name: remove database
|
||||
mysql_db:
|
||||
<<: *mysql_params
|
||||
name: '{{ db_name }}'
|
||||
state: absent
|
||||
login_unix_socket: '{{ mysql_socket }}'
|
||||
|
||||
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
||||
|
||||
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
|
||||
|
||||
- name: Create user with Fdt8fd^34ds using hash. (expect changed=true)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: jmainguy
|
||||
password: '*0cb5b86f23fdc24db19a29b8854eb860cbc47793'
|
||||
encrypted: yes
|
||||
register: encrypt_result
|
||||
|
||||
- name: Check that the module made a change
|
||||
assert:
|
||||
that:
|
||||
- "encrypt_result.changed == True"
|
||||
|
||||
- name: See if the password needs to be updated. (expect changed=false)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: jmainguy
|
||||
password: 'Fdt8fd^34ds'
|
||||
register: plain_result
|
||||
|
||||
- name: Check that the module did not change the password
|
||||
assert:
|
||||
that:
|
||||
- "plain_result.changed == False"
|
||||
|
||||
- name: Remove user (cleanup)
|
||||
mysql_user:
|
||||
<<: *mysql_params
|
||||
name: jmainguy
|
||||
state: absent
|
Loading…
Add table
Add a link
Reference in a new issue