From fcb2d49b248cd33fc77075dffdf819eeff4172f8 Mon Sep 17 00:00:00 2001
From: Laurent Indermuehle <laurent.indermuehle@pm.me>
Date: Fri, 15 Sep 2023 10:40:17 +0200
Subject: [PATCH] Add test users for MySQL auth plugins (sha256 and cache_sha2)

---
 .../tasks/filter_users_privs.yml              | 123 ++++++++++++------
 1 file changed, 86 insertions(+), 37 deletions(-)

diff --git a/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml b/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml
index 8f8434d..5205368 100644
--- a/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml
+++ b/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml
@@ -41,11 +41,45 @@
         state: import
         target: /root/create_procedure.sql
 
-    - name: Mysql_info users_privs | Prepare tests users
+    - name: Mysql_info users_privs | Prepare common tests users
+      community.mysql.mysql_user:
+        name: "{{ item.user }}"
+        host: "users_privs.com"
+        password: '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
+        encrypted: true
+        priv: "{{ item.privs }}"
+        resource_limits: "{{ item.resource_limits | default(omit) }}"
+        state: present
+      loop:
+        - user: users_privs_adm
+          privs:
+            '*.*': 'ALL,GRANT'
+        - user: users_privs_schema
+          privs:
+            'users_privs_db.*': 'SELECT,INSERT,UPDATE,DELETE'
+        - user: users_privs_table
+          privs:
+            'users_privs_db.t1': 'SELECT,INSERT,UPDATE'
+        - user: users_privs_col
+          privs:
+            'users_privs_db.t1': 'SELECT (id)'
+          resource_limits:
+            MAX_USER_CONNECTIONS: 100
+        - user: users_privs_proc
+          privs:
+            'PROCEDURE users_privs_db.get_all_items': 'EXECUTE'
+          resource_limits:
+            MAX_USER_CONNECTIONS: 2
+            MAX_CONNECTIONS_PER_HOUR: 60
+        - user: users_privs_multi
+          privs:
+            'mysql.*': 'SELECT'
+            'users_privs_db.*': 'SELECT'
+
+    - name: Mysql_info users_privs | Prepare tests users for MariaDB
       community.mysql.mysql_user:
         name: "{{ item.user }}"
         host: "users_privs.com"
-        password: "{{ item.password | default(omit) }}"
         plugin: "{{ item.plugin | default(omit) }}"
         plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}"
         plugin_hash_string: "{{ item.plugin_hash_string | default(omit) }}"
@@ -54,44 +88,59 @@
         resource_limits: "{{ item.resource_limits | default(omit) }}"
         state: present
       loop:
-        - user: users_privs_adm
+        - user: users_privs_socket  # Only for MariaDB
           privs:
-            '*.*': 'ALL,GRANT'
-          password: 'msandbox'
-        - user: users_privs_schema
+            '*.*': 'ALL'
+          plugin: 'unix_socket'
+      when:
+        - db_engine == 'mariadb'
+
+    - name: Mysql_info users_privs | Prepare tests users for MySQL
+      community.mysql.mysql_user:
+        name: "{{ item.user }}"
+        host: "users_privs.com"
+        password: "{{ item.password | default(omit) }}"
+        encrypted: true
+        plugin: "{{ item.plugin | default(omit) }}"
+        plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}"
+        plugin_hash_string: "{{ item.plugin_hash_string | default(omit) }}"
+        tls_require: "{{ item.tls_require | default(omit) }}"
+        priv: "{{ item.privs }}"
+        resource_limits: "{{ item.resource_limits | default(omit) }}"
+        state: present
+      loop:
+        - user: users_privs_sha256  # Only for MySQL
           privs:
-            'users_privs_db.*': 'SELECT,INSERT,UPDATE,DELETE'
-          password: 'msandbox'
-        - user: users_privs_table
+            '*.*': 'ALL'
+          plugin_auth_string:
+            '$5$/<w*D`L4\"F$WQiI1Pev.7atAh8udYs3wqlzgdfV8LXoy7rqSEC7NF2'
+          plugin: 'sha256_password'
+      when:
+        - db_engine == 'mysql'
+
+    - name: Mysql_info users_privs | Prepare tests users for MySQL 8+
+      community.mysql.mysql_user:
+        name: "{{ item.user }}"
+        host: "users_privs.com"
+        password: "{{ item.password | default(omit) }}"
+        encrypted: true
+        plugin: "{{ item.plugin | default(omit) }}"
+        plugin_auth_string: "{{ item.plugin_auth_string | default(omit) }}"
+        plugin_hash_string: "{{ item.plugin_hash_string | default(omit) }}"
+        tls_require: "{{ item.tls_require | default(omit) }}"
+        priv: "{{ item.privs }}"
+        resource_limits: "{{ item.resource_limits | default(omit) }}"
+        state: present
+      loop:
+        - user: users_privs_caching_sha2  # Only for MySQL 8+
           privs:
-            'users_privs_db.t1': 'SELECT,INSERT,UPDATE'
-        - user: users_privs_col
-          privs:
-            'users_privs_db.t1': 'SELECT (id)'
-          password: 'msandbox'
-          resource_limits:
-            MAX_USER_CONNECTIONS: 100
-        - user: users_privs_proc
-          privs:
-            'PROCEDURE users_privs_db.get_all_items': 'EXECUTE'
-          password: 'msandbox'
-          resource_limits:
-            MAX_USER_CONNECTIONS: 2
-            MAX_CONNECTIONS_PER_HOUR: 60
-        - user: users_privs_multi
-          privs:
-            'mysql.*': 'SELECT'
-            'users_privs_db.*': 'SELECT'
-          password: 'msandbox'
-        # - user: users_privs_socket  # Only for MariaDB
-        #   privs:
-        #     '*.*': 'ALL'
-        #   plugin: 'unix_socket'
-        # - user: users_privs_socket  # Only for MySQL
-        #   privs:
-        #     '*.*': 'ALL'
-        #   plugin_auth_string: 'msandbox'
-        #   plugin: 'sha256_password'
+            '*.*': 'ALL'
+          plugin_auth_string:
+            '$A$005$61j/uF%Qb4-=O2xkeO82u2HNkF.lxDq0liO4U3xqi7bDUCbWM6HayRXWn1'
+          plugin: 'caching_sha2_password'
+      when:
+        - db_engine == 'mysql'
+        - db_version is version('8.0', '>=')
 
     # ================================== Tests ==============================