ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-08-29 01:11:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

mysql_role, mysql_user: invalid privileges are ignored when subtract_privs is true -> document that and fix integration tests

Browse source
This commit is contained in:
Felix Hamme 2022-04-19 11:14:01 +02:00
commit ea48464f32
4 changed files with 36 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

1
plugins/modules/mysql_role.py
View file

@ -58,6 +58,7 @@ options:
subtract_privs: subtract_privs:
description: description:
- Revoke the privileges defined by the I(priv) option and keep other existing privileges. - Revoke the privileges defined by the I(priv) option and keep other existing privileges.
If set, invalid privileges in I(priv) are ignored.
Mutually exclusive with I(append_privs). Mutually exclusive with I(append_privs).
type: bool type: bool
default: no default: no

1
plugins/modules/mysql_user.py
View file

@ -69,6 +69,7 @@ options:
subtract_privs: subtract_privs:
description: description:
- Revoke the privileges defined by the I(priv) option and keep other existing privileges. - Revoke the privileges defined by the I(priv) option and keep other existing privileges.
If set, invalid privileges in I(priv) are ignored.
Mutually exclusive with I(append_privs). Mutually exclusive with I(append_privs).
type: bool type: bool
default: no default: no

21
tests/integration/targets/test_mysql_role/tasks/test_priv_subtract.yml
View file

@ -96,13 +96,26 @@
state: present state: present
check_mode: '{{ enable_check_mode }}' check_mode: '{{ enable_check_mode }}'
register: result register: result
ignore_errors: true
- name: Assert that there wasn't a change in privileges if check_mode is set to 'no' - name: Assert that there was no change because invalid permissions are ignored
assert: assert:
that: that:
- result is failed - "result.changed == false"
- "'Error granting privileges' in result.msg"
- name: Run command to show privileges for role (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
register: result
- name: Assert that the permissions were not changed with check_mode=='yes'
assert:
that:
- "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
when: enable_check_mode == 'yes'
- name: Assert that the permissions were not changed with check_mode=='no'
assert:
that:
- "'GRANT SELECT ON `data1`.*' in result.stdout"
when: enable_check_mode == 'no' when: enable_check_mode == 'no'
- name: trigger failure by trying to subtract and append privileges at the same time - name: trigger failure by trying to subtract and append privileges at the same time

21
tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml
View file

@ -100,13 +100,26 @@
state: present state: present
check_mode: '{{ enable_check_mode }}' check_mode: '{{ enable_check_mode }}'
register: result register: result
ignore_errors: true
- name: Assert that there wasn't a change in privileges if check_mode is set to 'no' - name: Assert that there was no change because invalid permissions are ignored
assert: assert:
that: that:
- result is failed - "result.changed == false"
- "'Error granting privileges' in result.msg"
- name: Run command to show privileges for user (expect privileges in stdout)
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
register: result
- name: Assert that the permissions were not changed with check_mode=='yes'
assert:
that:
- "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
when: enable_check_mode == 'yes'
- name: Assert that the permissions were not changed with check_mode=='no'
assert:
that:
- "'GRANT SELECT ON `data1`.*' in result.stdout"
when: enable_check_mode == 'no' when: enable_check_mode == 'no'
- name: trigger failure by trying to subtract and append privileges at the same time - name: trigger failure by trying to subtract and append privileges at the same time