From d839871d1ee510bb9a25b9fb9ff60f8ead5d9619 Mon Sep 17 00:00:00 2001 From: "E.S. Rosenberg a.k.a. Keeper of the Keys" Date: Wed, 5 Mar 2025 15:51:20 +0200 Subject: [PATCH] - Changes requested/suggested by @Andersson007 - Example usage - Changelog fragment Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys --- changelogs/fragments/702-user_locking.yaml | 2 ++ plugins/modules/mysql_user.py | 11 +++++++++-- .../test_mysql_user/tasks/test_user_locking.yml | 16 ++++------------ 3 files changed, 15 insertions(+), 14 deletions(-) create mode 100644 changelogs/fragments/702-user_locking.yaml diff --git a/changelogs/fragments/702-user_locking.yaml b/changelogs/fragments/702-user_locking.yaml new file mode 100644 index 0000000..1378793 --- /dev/null +++ b/changelogs/fragments/702-user_locking.yaml @@ -0,0 +1,2 @@ +minor_changes: +- mysql_user - add ``locked`` option to lock/unlock users, this is mainly used to have users that will act as definers on stored procedures. diff --git a/plugins/modules/mysql_user.py b/plugins/modules/mysql_user.py index eac72f2..228f763 100644 --- a/plugins/modules/mysql_user.py +++ b/plugins/modules/mysql_user.py @@ -193,7 +193,7 @@ options: locked: description: - Lock account to prevent connections using it, this is primarily used for creating a user that will act as a DEFINER on stored procedures. - - The C(default) is C(false) + default: false type: bool version_added: '3.13.0' @@ -408,6 +408,13 @@ EXAMPLES = r''' priv: 'db1.*': DELETE +- name: Create locked user to act as a definer on procedures + community.mysql.mysql_user: + name: readonly_procedures_locked + locked: true + priv: + db1.*: SELECT + # Example .my.cnf file for setting the root password # [client] # user=root @@ -478,7 +485,7 @@ def main(): column_case_sensitive=dict(type='bool', default=None), # TODO 4.0.0 add default=True password_expire=dict(type='str', choices=['now', 'never', 'default', 'interval'], no_log=True), password_expire_interval=dict(type='int', required_if=[('password_expire', 'interval', True)], no_log=True), - locked=dict(type='bool', default='no'), + locked=dict(type='bool', default='false'), ) module = AnsibleModule( argument_spec=argument_spec, diff --git a/tests/integration/targets/test_mysql_user/tasks/test_user_locking.yml b/tests/integration/targets/test_mysql_user/tasks/test_user_locking.yml index 00ae771..5d77f4d 100644 --- a/tests/integration/targets/test_mysql_user/tasks/test_user_locking.yml +++ b/tests/integration/targets/test_mysql_user/tasks/test_user_locking.yml @@ -22,9 +22,8 @@ community.mysql.mysql_user: <<: *mysql_params name: mysql_locked_user - host: '%' password: 'msandbox' - locked: yes + locked: true priv: 'mysql_lock_user_test.*': 'SELECT' @@ -41,8 +40,7 @@ community.mysql.mysql_user: <<: *mysql_params name: mysql_locked_user - host: '%' - locked: no + locked: false priv: 'mysql_lock_user_test.*': 'SELECT' @@ -59,16 +57,14 @@ community.mysql.mysql_user: <<: *mysql_params name: mysql_locked_user - host: '%' state: absent - name: Mysql_user Lock user | create unlocked | Create test user community.mysql.mysql_user: <<: *mysql_params name: mysql_locked_user - host: '%' password: 'msandbox' - locked: no + locked: false priv: 'mysql_lock_user_test.*': 'SELECT' @@ -85,8 +81,7 @@ community.mysql.mysql_user: <<: *mysql_params name: mysql_locked_user - host: '%' - locked: yes + locked: true priv: 'mysql_lock_user_test.*': 'SELECT' @@ -103,14 +98,12 @@ community.mysql.mysql_user: <<: *mysql_params name: mysql_locked_user - host: '%' state: absent - name: Mysql_user Lock user | create default | Create test user community.mysql.mysql_user: <<: *mysql_params name: mysql_locked_user - host: '%' password: 'msandbox' priv: 'mysql_lock_user_test.*': 'SELECT' @@ -128,7 +121,6 @@ community.mysql.mysql_user: <<: *mysql_params name: mysql_locked_user - host: '%' state: absent # ========================= Teardown ======================================