From d719e23ffaa5791f65b5c5e9982711f454a9c3ae Mon Sep 17 00:00:00 2001
From: Markus Bergholz <git@osuv.de>
Date: Tue, 7 Feb 2023 16:53:28 +0100
Subject: [PATCH] test

---
 .../targets/test_mysql_user/tasks/main.yml    |  2 +
 .../tasks/revoke_only_grant.yml               | 58 +++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml

diff --git a/tests/integration/targets/test_mysql_user/tasks/main.yml b/tests/integration/targets/test_mysql_user/tasks/main.yml
index d829322..5a029b8 100644
--- a/tests/integration/targets/test_mysql_user/tasks/main.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/main.yml
@@ -322,3 +322,5 @@
 
     # https://github.com/ansible-collections/community.mysql/issues/231
     - include: test_user_grants_with_roles_applied.yml
+
+    - include: revoke_only_grant.yml
\ No newline at end of file
diff --git a/tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml b/tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml
new file mode 100644
index 0000000..19b9b6a
--- /dev/null
+++ b/tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml
@@ -0,0 +1,58 @@
+---
+- vars:
+    mysql_parameters: &mysql_params
+      login_user: '{{ mysql_user }}'
+      login_password: '{{ mysql_password }}'
+      login_host: 127.0.0.1
+      login_port: '{{ mysql_primary_port }}'
+  block:
+    - name: Drop mysql user if exists
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        state: absent
+      ignore_errors: true
+
+    - name: create user with two grants
+      mysql_user:
+        <<: *mysql_params
+        name: "{{ user_name_1 }}"
+        password: "{{ user_password_1 }}"
+        update_password: on_create
+        priv: '*.*:SELECT,GRANT'
+
+    - name: user must have only on priv, grant priv must be dropped
+      register: result
+      mysql_user:
+        <<: *mysql_params
+        name: "{{ user_name_1 }}"
+        password: "{{ user_password_1 }}"
+        update_password: on_create
+        priv: '*.*:SELECT'
+
+    - assert:
+        that:
+          - result is not failed
+          - result is changed
+
+    - name: immutable - user must have only on priv, grant priv must be dropped
+      register: result
+      mysql_user:
+        <<: *mysql_params
+        name: "{{ user_name_1 }}"
+        password: "{{ user_password_1 }}"
+        update_password: on_create
+        priv: '*.*:SELECT'
+
+    - assert:
+        that:
+          - result is not failed
+          - result is not changed
+
+  always:
+    - name: drop user
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ user_name_1 }}'
+        state: absent
+      ignore_errors: true