* function to check if a user is locked already
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the location and logic of where I think user locking would happen.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix missing parameters for execute()
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the locked attribute
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial user locking integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add attribute documentation
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* More descriptive names in the integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* - Changes requested/suggested by @Andersson007
- Example usage
- Changelog fragment
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix user_is_locked and remove host_all option.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix host of user (was % should have been localhost after deleting `host:` earlier)
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch locked to named instead of positional.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode support.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode: true test cases
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix names that included `check_mode: true`
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add idempotence checks
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch calls to user_mod with sequences of None positional arguments to full named arguments
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* locked check should not run for roles.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* check_mode is set at the task level and not the module level
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add user locking to info module and test.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Handle DictCursor
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode feedback
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add another builtin account to the exclusion list
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial switch to default=None for locked, will need to add a test for it.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check that missing locked argument does not unlock a user
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
---------
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* fix missing symlink to mysql binaries for MariaDB 11+
* update tested version of MariaDB 11.4 instead of 10.5
* add changelog fragment
* [CI] add way to trigger workflow manually
Useful in the case we don't modifiy any files in the paths: sections of the push event.
* add version check for mariadb < 10.4.6 without mariadb* binaries
* Use same concatenation method between functions to avoid future confusion
I didn't notice that db_dump and db_import were different, thus I introduced a bug with the initialization of the variable cmd. This commit fixes that.
* Update mysql_user.py - table/privilege spacing update
Add note for no spacing between the table and the privilege as this will make the task not idempotent in check mode but still make it idempotent when in normal mode.
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
---------
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update user.py
Added correct syntax to ed25519 password plugin.
on create user
on update user
This only accepts cleartext passwords (PASSWORD(%s)) not pregenerated ed25519 hashes.
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
* Update plugins/module_utils/user.py
---------
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Fix show master status for MySQL 8.2+
* Fix mysqldump option form --master-data to --source-data
* Fix incompatibility between mysqldump 8.0 and MySQL 8.4
Installing the same version between the client and the server makes
sense anyway. The incompatibility arise when you use mysqldump with
--source-data. The the tool tries to perform a SHOW MASTER STATUS which
is deprecated in MySQL 8.2+.
* Fix missing condition
* Fix unit tests
* Add a query resolver depending on implementation and version
* Sanity
* Fix SHOW REPLICA STATUS queries
* Fix mariadb's SHOW REPLICA HOSTS query
* Fix CHANGE MASTER for MySQL 8.0.23+
* Fix integration test for CHANGE MASTER
* Fix integration test for CHANGE MASTER
* Fix replication queries for MySQL 8.0.23+ and 8.4+
* Revert file edited by mistake
* Enhance tests format
* Enable mysql_native_password for MySQL 8.2+
* Fix connection to MySQL 8 since Ubuntu 20.04 update
* Cut mysqlclient form the documentation
* Cut tests for Python 3.12 not supported by ansible-test
* Upgrade integration controller to ubuntu2204 by removing python
ansible-test uses python 3.10 if we specify ubuntu2204. Thus we lose the
ability to chose specific version of python to test. But integrations
tests are optional for a collection. And we don't catch a issue with
Python that often (ever ? I don't recall seen one).
This allow us to test MySQL 8.4, so it's a win.
* Cut tests for EoL MariaDB 10.4
* Reduce number of test in the matrix
* Cut support for intermediate LTS
* Fix python command not found with ansible-devel and add the debug
This is puzzling me. Why when using ansible devel the python command
changes? I know ansible-test install python after starting ubuntu22.04
so the way python is install must changes.
* Disable retry-on-error
When reading log we tend to look at the bottom, but doing so we find
often a idempotent error that are nothing to do with the first error.
Disabling this can greatly speedup tests and makes logs more readable.
Plus, now GHA jumps automatically at the latest error message. So with
this modification, we will always jump to the latest real error message.
* Enhance jobs title readability
We can't expand the left column on GHA, so the shorter, the better.
Use Ⓐ instead of Ansible.
* fix tuple indexerror when no accounts are found
* Fix tests for update_password not executed
* Add test for case where existing user have different password
* lint to prevent warning about jinja templating in when clause
* Refactor get_existing_authentication to return a list of all row found
Previously we were returning only the first row found. We need to be
able to see if there is a difference in the existing passwords.
* Refactor host option to be optional
This make it possible to use the same method from mysql_user to help
update_password retrieve existing password for all account with the same
username independently of their hostname. And from mysql_info to get
the password of a specif user using WHERE user = '' AND host = ''
* Add change log fragment
* Add link to the PR in the change log
* lint for ansible devel
* Fix templating type error could not cconvert to bool with ansible devel
* Revert changes made for ansible-devel that broke tests for Ansible 2.15
* Revert changes made for ansible-devel that broke tests
* Cut unnecessary set, uniqueness is ensured by the group_by in the query
* Cut auth plugin from returned values when multiple existing auths exists
Discussed here:
https://github.com/ansible-collections/community.mysql/pull/642/files#r1649720519
* fix convertion of list(dict) to list(tuple)
* Fix test for empty password on MySQL 8+
* Cut tests containers
* Cut unused flatten versions
* Fix installation of mysqlclient on Ubuntu
* Cut unused variables
* Fix package missing on Unbuntu 22.04
* Fix variable templating
* Fix test for ansible 2.17 and do remove the ignore_errors
ignore_errors is bad because it makes searching for real errors
difficult.
* fix returned variable from plugin_auth_string to plugin_hash_string
* Refactor to keep plugin_auth_string in addition to plugin_hash_string
* Add breaking_changes to the changelog
* Fix case where a failed fetchone() still return a dict
* Fix test for MariaDB
* fix case where a failed fetchone() still return a dict for primary
* Add changelog fragment
* fix option name
* Add tests for users using SSL
* Rewrite get_tls_requires using mysql.user table
* Add tls_requires to users_info filter
* add more consistant test users
* Add tls tests users in cleanup task
* Fix tls_requires data structure inconsistencies between modules
* Refactor user implementation to host get_tls_requires
* fix MySQL tls_requires not removed from user passed as empty
* Fix wrong variable used to return a hashed password
* Fix sanity
* fix unit tests
* Add changelog fragment
* Add PR URI to the changelog
* Add more precise change log
* fix documentation using wrong variable as an example
* Document example returned value `tls_requires` from users_info filter
* Revert changes that will be in a separate PR
* Fix sanity
* Add tests for Ansible core 2.17 (devel is 2.18 today)
* Drop tests for Ansible core 2.14 and add 2.17
* Cut duplicate exclude
* Add back python 3.8 and 3.9 for stable2.15
* Bump action to prevent deprecation warnings
* Cut python 3.9 for devel in roles tests
* Attempt to fix GHA line folding
* fix typo
* Bump ubuntu
Latest ansible-test doesn't work with old ubuntu. See here for more
info: https://github.com/ansible-collections/collection_template/blob/main/.github/workflows/ansible-test.yml#L83-L91
* fix docker_image var assignation
* fix yamllint false positive
* Attempt to fix docker_image_multiline assignation
* Fix empty var due to scope of each command
* Attempt to fix docker_image assignation
* fix error "vars should be dict"
* Document URL of the repository for the action ansible-test-gh-action
* Disable role tests
* Document ansible-core version tested
* Cut ansible-core 2.14 from testing documentation
* initial commit for password_expire support
* sanity check and default values
* add one more if block for version check
* some changes and integration tests
* docs and sanity and integration test fix
* make integration tests work
* make integration tests work
* fix unneeded commits
* fix verify as well
* Update plugins/modules/mysql_user.py
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update tests/integration/targets/test_mysql_user/tasks/test_password_expire.yml
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Apply suggestions from code review
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* typo and no_log remove for password_expire* vars
* add change log fragment
* move one if statement to module initialiazation
* fix merge conflicts
* fix order
* some fixes
* set no_log to true for password word containing keys
* fix sanity error
* Update changelogs/fragments/598-password_expire-support-for-mysql_user.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
