mysql_role, mysql_user: invalid privileges are ignored when subtract_privs is true -> document that and fix integration tests

plugins/modules/mysql_role.py

@@ -58,6 +58,7 @@ options:
   subtract_privs:
     description:
       - Revoke the privileges defined by the I(priv) option and keep other existing privileges.
+        If set, invalid privileges in I(priv) are ignored.
         Mutually exclusive with I(append_privs).
     type: bool
     default: no

plugins/modules/mysql_user.py

@@ -69,6 +69,7 @@ options:
   subtract_privs:
     description:
       - Revoke the privileges defined by the I(priv) option and keep other existing privileges.
+        If set, invalid privileges in I(priv) are ignored.
         Mutually exclusive with I(append_privs).
     type: bool
     default: no

tests/integration/targets/test_mysql_role/tasks/test_priv_subtract.yml

@@ -96,13 +96,26 @@
         state: present
       check_mode: '{{ enable_check_mode }}'
       register: result
-      ignore_errors: true
 
-    - name: Assert that there wasn't a change in privileges if check_mode is set to 'no'
+    - name: Assert that there was no change because invalid permissions are ignored
       assert:
         that:
-          - result is failed
-          - "'Error granting privileges' in result.msg"
+          - "result.changed == false"
+
+    - name: Run command to show privileges for role (expect privileges in stdout)
+      command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
+      register: result
+
+    - name: Assert that the permissions were not changed with check_mode=='yes'
+      assert:
+        that:
+          - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+      when: enable_check_mode == 'yes'
+
+    - name: Assert that the permissions were not changed with check_mode=='no'
+      assert:
+        that:
+          - "'GRANT SELECT ON `data1`.*' in result.stdout"
       when: enable_check_mode == 'no'
 
     - name: trigger failure by trying to subtract and append privileges at the same time

tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml

@@ -100,13 +100,26 @@
         state: present
       check_mode: '{{ enable_check_mode }}'
       register: result
-      ignore_errors: true
 
-    - name: Assert that there wasn't a change in privileges if check_mode is set to 'no'
+    - name: Assert that there was no change because invalid permissions are ignored
       assert:
         that:
-          - result is failed
-          - "'Error granting privileges' in result.msg"
+          - "result.changed == false"
+
+    - name: Run command to show privileges for user (expect privileges in stdout)
+      command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
+      register: result
+
+    - name: Assert that the permissions were not changed with check_mode=='yes'
+      assert:
+        that:
+          - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+      when: enable_check_mode == 'yes'
+
+    - name: Assert that the permissions were not changed with check_mode=='no'
+      assert:
+        that:
+          - "'GRANT SELECT ON `data1`.*' in result.stdout"
       when: enable_check_mode == 'no'
 
     - name: trigger failure by trying to subtract and append privileges at the same time