* add service name to plugin pam/auth_pam usage
* typo fixed
* MySLQ is using identified with auth_pam by ... instead of identified with pam using ... like mariadb does
* a : in description lines breaks yaml syntax
* clearify documentation and add changelog fragment
* Update changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Compare privileges from before and after manipulation
* Add unit tests
* Fix FIXME integration tests related to this issue
* Fix sanity check
* Fix assertion when appending privs in mysql_role_initial integration tests
* Fix pylint
* [ci-skip] Add changelog fragment
* Fix: missing fragment file extension
* Replace privileges_equal() by a comparison
* Fix: sanity pylint
* Fix: forgot to remove privileges_equal import from unit tests
* Fix: exclude mysql 8 from test_mysql_user's 'Assert that priv did not change' test
* Add tests to verify that GRANT permission is present after user modification
* Fix: do not revoke GRANT permission when it's already allowed and present in priv parameter
* Deduplicate tests name
Easier to debug this way
* Fix assertions named 'GRANT permission is present'
* Only revoke grant option if it exists and absence is requested
* Fix assertion comments
* Fix: Only revoke grant option if it exists and absence is requested
* Avoid pointless revocations when ALL are granted
* Assert that priv did not change on mariadb also
* Fix: sanity and unity tests
* Format long lines
* Add changelog fragment
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* add option subtract_privs to mysql_role and mysql_user
see https://github.com/ansible-collections/community.mysql/issues/331
* add integration tests for subtract_privs for mysql_role and mysql_user
* add changelog fragment for PR #333
* mysql_role, mysql_user: when subtract_privileges, don't grant unwanted privileges and don't revoke USAGE implicitly
* fix integration tests
* mysql_role, mysql_user: invalid privileges are ignored when subtract_privs is true -> document that and fix integration tests
* fix mysql_role integration tests
* fix mysql_role, mysql_user integration tests
* formatting
make the PEP8 check happy
* mysql_user and mysql_role: fix granting privileges when only the GRANT OPTION needs to be added
* mysql_user and mysql_role: log some updated privileges; explain integration test blind spot
* mysql_user and mysql_role: don't grant too much privileges
If only the grant option needs to be granted, at least one privilege needs to be granted to get valid syntax. USAGE is better for that than the existing privileges, because unwanted privileges would be re-added after revokation.
* mysql_user and mysql_role: fix type error
* Update changelogs/fragments/333-mysql_user-mysql_role-add-subtract_privileges-argument.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_role.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* added flush privileges to write dynamic privs into db
Fixes https://github.com/ansible-collections/community.mysql/issues/120
* added changelog fragment
* Update changelogs/fragments/338-mysql_user_fix_missing_dynamic_privileges.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Remove all code related to VALID_PRIVS and get_valid_privs()
* Add tests to update user with invalid privs
* Re-raise InvalidPrivsError when granting privileges
* Fix: compatibility with python2
* More explicit assertions as commented by Andersson007
* Add changelog fragment
* mysql_user: replace VALID_PRIVS by get_valid_privs() function
* Add EXTRA_PRIVS in case we need to add more privs in the future
* Add changelog fragment
