mirror of
				https://github.com/ansible-collections/community.mysql.git
				synced 2025-10-25 05:24:01 -07:00 
			
		
		
		
	mysql_role, mysql_user: invalid privileges are ignored when subtract_privs is true -> document that and fix integration tests
This commit is contained in:
		
					parent
					
						
							
								501dd7d0ab
							
						
					
				
			
			
				commit
				
					
						ea48464f32
					
				
			
		
					 4 changed files with 36 additions and 8 deletions
				
			
		|  | @ -58,6 +58,7 @@ options: | ||||||
|   subtract_privs: |   subtract_privs: | ||||||
|     description: |     description: | ||||||
|       - Revoke the privileges defined by the I(priv) option and keep other existing privileges. |       - Revoke the privileges defined by the I(priv) option and keep other existing privileges. | ||||||
|  |         If set, invalid privileges in I(priv) are ignored. | ||||||
|         Mutually exclusive with I(append_privs). |         Mutually exclusive with I(append_privs). | ||||||
|     type: bool |     type: bool | ||||||
|     default: no |     default: no | ||||||
|  |  | ||||||
|  | @ -69,6 +69,7 @@ options: | ||||||
|   subtract_privs: |   subtract_privs: | ||||||
|     description: |     description: | ||||||
|       - Revoke the privileges defined by the I(priv) option and keep other existing privileges. |       - Revoke the privileges defined by the I(priv) option and keep other existing privileges. | ||||||
|  |         If set, invalid privileges in I(priv) are ignored. | ||||||
|         Mutually exclusive with I(append_privs). |         Mutually exclusive with I(append_privs). | ||||||
|     type: bool |     type: bool | ||||||
|     default: no |     default: no | ||||||
|  |  | ||||||
|  | @ -96,13 +96,26 @@ | ||||||
|         state: present |         state: present | ||||||
|       check_mode: '{{ enable_check_mode }}' |       check_mode: '{{ enable_check_mode }}' | ||||||
|       register: result |       register: result | ||||||
|       ignore_errors: true |  | ||||||
| 
 | 
 | ||||||
|     - name: Assert that there wasn't a change in privileges if check_mode is set to 'no' |     - name: Assert that there was no change because invalid permissions are ignored | ||||||
|       assert: |       assert: | ||||||
|         that: |         that: | ||||||
|           - result is failed |           - "result.changed == false" | ||||||
|           - "'Error granting privileges' in result.msg" | 
 | ||||||
|  |     - name: Run command to show privileges for role (expect privileges in stdout) | ||||||
|  |       command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\"" | ||||||
|  |       register: result | ||||||
|  | 
 | ||||||
|  |     - name: Assert that the permissions were not changed with check_mode=='yes' | ||||||
|  |       assert: | ||||||
|  |         that: | ||||||
|  |           - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout" | ||||||
|  |       when: enable_check_mode == 'yes' | ||||||
|  | 
 | ||||||
|  |     - name: Assert that the permissions were not changed with check_mode=='no' | ||||||
|  |       assert: | ||||||
|  |         that: | ||||||
|  |           - "'GRANT SELECT ON `data1`.*' in result.stdout" | ||||||
|       when: enable_check_mode == 'no' |       when: enable_check_mode == 'no' | ||||||
| 
 | 
 | ||||||
|     - name: trigger failure by trying to subtract and append privileges at the same time |     - name: trigger failure by trying to subtract and append privileges at the same time | ||||||
|  |  | ||||||
|  | @ -100,13 +100,26 @@ | ||||||
|         state: present |         state: present | ||||||
|       check_mode: '{{ enable_check_mode }}' |       check_mode: '{{ enable_check_mode }}' | ||||||
|       register: result |       register: result | ||||||
|       ignore_errors: true |  | ||||||
| 
 | 
 | ||||||
|     - name: Assert that there wasn't a change in privileges if check_mode is set to 'no' |     - name: Assert that there was no change because invalid permissions are ignored | ||||||
|       assert: |       assert: | ||||||
|         that: |         that: | ||||||
|           - result is failed |           - "result.changed == false" | ||||||
|           - "'Error granting privileges' in result.msg" | 
 | ||||||
|  |     - name: Run command to show privileges for user (expect privileges in stdout) | ||||||
|  |       command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\"" | ||||||
|  |       register: result | ||||||
|  | 
 | ||||||
|  |     - name: Assert that the permissions were not changed with check_mode=='yes' | ||||||
|  |       assert: | ||||||
|  |         that: | ||||||
|  |           - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout" | ||||||
|  |       when: enable_check_mode == 'yes' | ||||||
|  | 
 | ||||||
|  |     - name: Assert that the permissions were not changed with check_mode=='no' | ||||||
|  |       assert: | ||||||
|  |         that: | ||||||
|  |           - "'GRANT SELECT ON `data1`.*' in result.stdout" | ||||||
|       when: enable_check_mode == 'no' |       when: enable_check_mode == 'no' | ||||||
| 
 | 
 | ||||||
|     - name: trigger failure by trying to subtract and append privileges at the same time |     - name: trigger failure by trying to subtract and append privileges at the same time | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue