ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-17 16:01:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

mysql_role: don't add members to a role when creating the role and "detach_members: true" is set (#367)

Browse source 
* mysql_role: don't add members to a role when creating the role and "detach_members: true" is set, add integration test

* add changelog fragment

* mysql_role: add author betanummeric

* Update changelogs/fragments/367-mysql_role-fix-deatch-members.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
This commit is contained in:
betanummeric 2022-05-25 11:47:39 +02:00 committed by GitHub
parent 07a72865f7
commit ceda7662d0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 33 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/367-mysql_role-fix-deatch-members.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- "mysql_role - don't add members to a role when creating the role and ``detach_members: true`` is set (https://github.com/ansible-collections/community.mysql/pull/367)."

3
plugins/modules/mysql_role.py
View file

@ -128,6 +128,7 @@ seealso:
author: author:
- Andrew Klychkov (@Andersson007) - Andrew Klychkov (@Andersson007)
- Felix Hamme (@betanummeric)
extends_documentation_fragment: extends_documentation_fragment:
- community.mysql.mysql - community.mysql.mysql
@ -1028,6 +1029,8 @@ def main():
if not role.exists: if not role.exists:
if subtract_privs: if subtract_privs:
priv = None # avoid granting unwanted privileges priv = None # avoid granting unwanted privileges
if detach_members:
members = None # avoid adding unwanted members
changed = role.add(members, priv, module.check_mode, admin, changed = role.add(members, priv, module.check_mode, admin,
set_default_role_all) set_default_role_all)

1
tests/integration/targets/test_mysql_role/defaults/main.yml
View file

@ -15,3 +15,4 @@ nonexistent: user3
role0: role0 role0: role0
role1: role1 role1: role1
role2: role2 role2: role2
role3: role3

27
tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
View file

@ -1248,6 +1248,32 @@
that: that:
- result is not changed - result is not changed
- name: '"detach" users when creating a new role'
<<: *task_params
mysql_role:
<<: *mysql_params
name: '{{ role3 }}'
state: present
detach_members: yes
members:
- '{{ user1 }}@localhost'
- name: Check the role was created
assert:
that:
- result is changed
- name: Check grants
<<: *task_params
mysql_query:
<<: *mysql_params
query: "SHOW GRANTS FOR {{ user1 }}@localhost"
- name: asssert detach_members did not add a user to the role
assert:
that:
- "'{{ role3 }}' not in result.query_result.0.0['Grants for {{ user1 }}@localhost']"
# ########## # ##########
# Test privs # Test privs
# ########## # ##########
@ -1561,3 +1587,4 @@
loop: loop:
- '{{ role0 }}' - '{{ role0 }}'
- test - test
- '{{ role3 }}'