From f7d860ac8c071d999da24309c5318605c342ad33 Mon Sep 17 00:00:00 2001 From: "R. Sicart" Date: Wed, 1 Dec 2021 14:35:20 +0100 Subject: [PATCH] test_mysql_role : create checks for mariadb --- .../tasks/mysql_role_initial.yml | 417 +++++++++++++++++- 1 file changed, 410 insertions(+), 7 deletions(-) diff --git a/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml b/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml index 70aefbd..9e7d7dd 100644 --- a/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml +++ b/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml @@ -175,17 +175,24 @@ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'" when: install_type == 'mysql' - - name: Check in DB, if not granted, the query will fail (mariadb) - <<: *task_params - mysql_query: - <<: *mysql_params - query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ role0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" - when: install_type == 'mariadb' - - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result is succeeded + when: install_type == 'mariadb' - name: Check that the role is active <<: *task_params @@ -195,11 +202,31 @@ login_host: 127.0.0.1 login_port: '{{ mysql_primary_port }}' query: 'SELECT current_role()' + when: install_type == 'mysql' - name: Check assert: that: - "'{{ role0 }}' in result.query_result.0.0['current_role()']" + when: install_type == 'mysql' + + - name: Check that the role is active (mariadb) + <<: *task_params + mysql_query: + login_user: '{{ user0 }}' + login_password: '{{ mysql_password }}' + login_host: 127.0.0.1 + login_port: '{{ mysql_primary_port }}' + query: + - 'SET ROLE {{ role0 }}' + - 'SELECT current_role()' + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - "'{{ role0 }}' in result.query_result.1.0['current_role()']" + when: install_type == 'mariadb' #======================== @@ -221,22 +248,52 @@ mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'" + when: install_type == 'mysql' - name: Check assert: that: - result.rowcount.0 == 1 + when: install_type == 'mysql' + + - name: Check in DB (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = ''" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' - name: Check in DB, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result is succeeded + when: install_type == 'mariadb' #======================== @@ -257,11 +314,26 @@ mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'" + when: install_type == 'mysql' - name: Check assert: that: - result.rowcount.0 == 1 + when: install_type == 'mysql' + + - name: Check in DB (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = ''" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' #======================== @@ -283,11 +355,26 @@ mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'" + when: install_type == 'mysql' - name: Check assert: that: - result.rowcount.0 == 1 + when: install_type == 'mysql' + + - name: Check in DB (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = ''" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' # Must pass because of check_mode - name: Check in DB, if not granted, the query will fail @@ -295,11 +382,27 @@ mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + # Must pass because of check_mode + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result is succeeded + when: install_type == 'mariadb' #======================== @@ -320,11 +423,26 @@ mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'" + when: install_type == 'mysql' - name: Check assert: that: - result.rowcount.0 == 0 + when: install_type == 'mysql' + + - name: Check in DB (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = ''" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 0 + when: install_type == 'mariadb' - name: Check in DB, if not granted, the query will fail <<: *task_params @@ -332,11 +450,27 @@ <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'" ignore_errors: yes + when: install_type == 'mysql' - name: Check assert: that: - result is failed + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SHOW GRANTS FOR {{ role0 }}" + ignore_errors: yes + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result is failed + when: install_type == 'mariadb' #======================== @@ -420,11 +554,26 @@ mysql_query: <<: *mysql_params query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = '%'" + when: install_type == 'mysql' - name: Check assert: that: - result.rowcount.0 == 1 + when: install_type == 'mysql' + + - name: Check in DB (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = ''" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' #======================== @@ -500,11 +649,27 @@ mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + # user0 is still a member because of check_mode + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result is succeeded + when: install_type == 'mariadb' # user1, user2, and role1 are not members because of check_mode - name: Check in DB, if not granted, the query will fail @@ -567,33 +732,80 @@ <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'" ignore_errors: yes + when: install_type == 'mysql' - name: Check assert: that: - result is failed + when: install_type == 'mysql' + + # user0 is not a member any more + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + ignore_errors: yes + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 0 + when: install_type == 'mariadb' - name: Check in DB, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' - name: Check in DB, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' - name: Check in DB, if not granted, the query will fail <<: *task_params @@ -601,11 +813,13 @@ <<: *mysql_params query: "SHOW GRANTS FOR {{ role1 }} USING '{{ role0 }}'" ignore_errors: yes + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' #========================== @@ -669,12 +883,27 @@ <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'" ignore_errors: yes + when: install_type == 'mysql' - name: Check assert: that: - result is failed + when: install_type == 'mysql' + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + ignore_errors: yes + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 0 + when: install_type == 'mariadb' #===================== - name: Append a member @@ -697,11 +926,26 @@ mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' # user1 and user2 must still be in DB because we are appending - name: Check in DB, if not granted, the query will fail @@ -709,22 +953,52 @@ mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' - name: Check in DB, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' #======================== @@ -786,33 +1060,78 @@ mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' - name: Check in DB, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' - name: Check in DB, if not granted, the query will fail <<: *task_params mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' #======================== @@ -837,11 +1156,26 @@ mysql_query: <<: *mysql_params query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'" + when: install_type == 'mysql' - name: Check assert: that: - result is succeeded + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 1 + when: install_type == 'mariadb' - name: Check in DB, if not granted, the query will fail <<: *task_params @@ -849,11 +1183,27 @@ <<: *mysql_params query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'" ignore_errors: yes + when: install_type == 'mysql' - name: Check assert: that: - result is failed + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + ignore_errors: yes + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 0 + when: install_type == 'mariadb' - name: Check in DB, if not granted, the query will fail <<: *task_params @@ -861,11 +1211,27 @@ <<: *mysql_params query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'" ignore_errors: yes + when: install_type == 'mysql' - name: Check assert: that: - result is failed + when: install_type == 'mysql' + + - name: Check in DB, if not granted, the query will fail (mariadb) + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SELECT 1 FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'" + ignore_errors: yes + when: install_type == 'mariadb' + + - name: Check (mariadb) + assert: + that: + - result.rowcount.0 == 0 + when: install_type == 'mariadb' #===================== @@ -937,6 +1303,15 @@ - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`" - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`" - result.rowcount.0 == 2 + when: install_type == 'mysql' + + - name: Check (mariadb) + assert: + that: + - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`" + - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`" + - result.rowcount.0 == 2 + when: install_type == 'mariadb' - name: Append privs in check_mode <<: *task_params @@ -965,6 +1340,15 @@ - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`" - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`" - result.rowcount.0 == 2 + when: install_type == 'mysql' + + - name: Check (mariadb) + assert: + that: + - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`" + - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`" + - result.rowcount.0 == 2 + when: install_type == 'mariadb' - name: Append privs <<: *task_params @@ -994,6 +1378,17 @@ - result.query_result.0.2["Grants for role0@%"] == "GRANT SELECT, INSERT ON `test_db1`.`test_table` TO `role0`@`%`" - result.query_result.0.3["Grants for role0@%"] == "GRANT DELETE ON `test_db2`.`test_table` TO `role0`@`%`" - result.rowcount.0 == 4 + when: install_type == 'mysql' + + - name: Check (mariadb) + assert: + that: + - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`" + - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`" + - result.query_result.0.2["Grants for role0"] == "GRANT SELECT, INSERT ON `test_db1`.`test_table` TO `role0`" + - result.query_result.0.3["Grants for role0"] == "GRANT DELETE ON `test_db2`.`test_table` TO `role0`" + - result.rowcount.0 == 4 + when: install_type == 'mariadb' - name: Append privs again in check_mode <<: *task_params @@ -1061,6 +1456,14 @@ that: - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT ON *.* TO `role0`@`%`" - result.rowcount.0 == 1 + when: install_type == 'mysql' + + - name: Check (mariadb) + assert: + that: + - result.query_result.0.0["Grants for role0"] == "GRANT SELECT ON *.* TO `role0`" + - result.rowcount.0 == 1 + when: install_type == 'mariadb' # ################# # Test admin option