* function to check if a user is locked already
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the location and logic of where I think user locking would happen.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix missing parameters for execute()
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the locked attribute
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial user locking integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add attribute documentation
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* More descriptive names in the integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* - Changes requested/suggested by @Andersson007
- Example usage
- Changelog fragment
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix user_is_locked and remove host_all option.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix host of user (was % should have been localhost after deleting `host:` earlier)
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch locked to named instead of positional.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode support.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode: true test cases
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix names that included `check_mode: true`
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add idempotence checks
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch calls to user_mod with sequences of None positional arguments to full named arguments
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* locked check should not run for roles.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* check_mode is set at the task level and not the module level
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add user locking to info module and test.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Handle DictCursor
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode feedback
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add another builtin account to the exclusion list
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial switch to default=None for locked, will need to add a test for it.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check that missing locked argument does not unlock a user
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
---------
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Update user.py
Added correct syntax to ed25519 password plugin.
on create user
on update user
This only accepts cleartext passwords (PASSWORD(%s)) not pregenerated ed25519 hashes.
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
* Update plugins/module_utils/user.py
---------
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Fix show master status for MySQL 8.2+
* Fix mysqldump option form --master-data to --source-data
* Fix incompatibility between mysqldump 8.0 and MySQL 8.4
Installing the same version between the client and the server makes
sense anyway. The incompatibility arise when you use mysqldump with
--source-data. The the tool tries to perform a SHOW MASTER STATUS which
is deprecated in MySQL 8.2+.
* Fix missing condition
* Fix unit tests
* Add a query resolver depending on implementation and version
* Sanity
* Fix SHOW REPLICA STATUS queries
* Fix mariadb's SHOW REPLICA HOSTS query
* Fix CHANGE MASTER for MySQL 8.0.23+
* Fix integration test for CHANGE MASTER
* Fix integration test for CHANGE MASTER
* Fix replication queries for MySQL 8.0.23+ and 8.4+
* Revert file edited by mistake
* Enhance tests format
* fix tuple indexerror when no accounts are found
* Fix tests for update_password not executed
* Add test for case where existing user have different password
* lint to prevent warning about jinja templating in when clause
* Refactor get_existing_authentication to return a list of all row found
Previously we were returning only the first row found. We need to be
able to see if there is a difference in the existing passwords.
* Refactor host option to be optional
This make it possible to use the same method from mysql_user to help
update_password retrieve existing password for all account with the same
username independently of their hostname. And from mysql_info to get
the password of a specif user using WHERE user = '' AND host = ''
* Add change log fragment
* Add link to the PR in the change log
* lint for ansible devel
* Fix templating type error could not cconvert to bool with ansible devel
* Revert changes made for ansible-devel that broke tests for Ansible 2.15
* Revert changes made for ansible-devel that broke tests
* Cut unnecessary set, uniqueness is ensured by the group_by in the query
* Cut auth plugin from returned values when multiple existing auths exists
Discussed here:
https://github.com/ansible-collections/community.mysql/pull/642/files#r1649720519
* fix convertion of list(dict) to list(tuple)
* Fix test for empty password on MySQL 8+
* fix returned variable from plugin_auth_string to plugin_hash_string
* Refactor to keep plugin_auth_string in addition to plugin_hash_string
* Add breaking_changes to the changelog
* fix option name
* Add tests for users using SSL
* Rewrite get_tls_requires using mysql.user table
* Add tls_requires to users_info filter
* add more consistant test users
* Add tls tests users in cleanup task
* Fix tls_requires data structure inconsistencies between modules
* Refactor user implementation to host get_tls_requires
* fix MySQL tls_requires not removed from user passed as empty
* Fix wrong variable used to return a hashed password
* Fix sanity
* fix unit tests
* Add changelog fragment
* Add PR URI to the changelog
* Add more precise change log
* fix documentation using wrong variable as an example
* Document example returned value `tls_requires` from users_info filter
* Revert changes that will be in a separate PR
* Fix sanity
* initial commit for password_expire support
* sanity check and default values
* add one more if block for version check
* some changes and integration tests
* docs and sanity and integration test fix
* make integration tests work
* make integration tests work
* fix unneeded commits
* fix verify as well
* Update plugins/modules/mysql_user.py
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update tests/integration/targets/test_mysql_user/tasks/test_password_expire.yml
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Apply suggestions from code review
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* typo and no_log remove for password_expire* vars
* add change log fragment
* move one if statement to module initialiazation
* fix merge conflicts
* fix order
* some fixes
* set no_log to true for password word containing keys
* fix sanity error
* Update changelogs/fragments/598-password_expire-support-for-mysql_user.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Using `show all slaves status` whe using MariaDB to be consistent
with the MySQL behaviour.
* Fixing lint issues
* Fix issue by using dict attribute
* Fix unit tests
* fix lint test
* Add unit tests
* Fix unit tests
* Adding changlog fragment
* Update changelogs/fragments/602-show-all-slaves-status.yaml
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Refactoring change by moving common logic to the module_utils
* Fix sanity checks
* Fix sanity checks
* Adding lines to fix sanity checks
* Fixing sanity checks
* Update changelogs/fragments/602-show-all-slaves-status.yaml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Removing is_mariadb and is_mysql functions
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* add support for mysql user attributes
* fix CI
* write integration tests
* requested changes pt. 1
* requested changes pt. 2
* fix changelog fragment
---------
Co-authored-by: n-cc <ncc@github.com>
* add documentation for new mysql_info users_info filter
* Add integration tests for mysql_info users_info
* fix list parsing when cursor come from mysql_info
Mysql_info use a DictCursor and mysql_user a normal cursor.
* fix case when an account as same user but different host and password
* document why certain authentications plugins cause issues
* add version_added for users_info to the documentation
* Add 'users' description to differentiate it from 'users_info'
---------
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add integrations tests for column case sensitive name
* add a warning when column_case_sensitive in not set
* add announce default will change in in 4.0.0
* fix tests for engine that don't wrap column in backticks
* add filter because only MySQL 5.7 is case sensitive for users privs
* add kmarse and myself to the authors
* add kmarse to the contributors list
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@epfl.ch>
Co-authored-by: Andrew Klychkov <aklychko@redhat.com>
* only use the "database" connection argument with driver versions where "db" is deprecated/removed
* connection arguments: fix KeyError
* connection arguments: fix KeyError
* connection arguments: use 'passwd' instead of 'password' with older drivers
* add changelog fragment
* refactoring: use "get_connector_name" in "mysql_connect"
---------
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
* change deprecated parameter pw to password
* change deprecated parameter db to database
* add changelog fragment
* Old plugin versions are no longer supported
* Use packaging version checking.
* Use stdlib version comparison
* Use parse_version from setuptools
* Revert to tuple/reduce version check
---------
Co-authored-by: Jorge-Rodriguez <jorge.rodriguez@futurice.com>
* Add methods to retrieve connector name and version
* Document that mysqlclient is also named MySQLdb
* Document version_added
* Add connector name and version in the returned block
* Cut condition to display any name that is return
In case of MySQLdb is renamed in mysqlclient. In that case, the
integration tests will catch this the day we update the connector
version.
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* add service name to plugin pam/auth_pam usage
* typo fixed
* MySLQ is using identified with auth_pam by ... instead of identified with pam using ... like mariadb does
* a : in description lines breaks yaml syntax
* clearify documentation and add changelog fragment
* Update changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Compare privileges from before and after manipulation
* Add unit tests
* Fix FIXME integration tests related to this issue
* Fix sanity check
* Fix assertion when appending privs in mysql_role_initial integration tests
* Fix pylint
* [ci-skip] Add changelog fragment
* Fix: missing fragment file extension
* Replace privileges_equal() by a comparison
* Fix: sanity pylint
* Fix: forgot to remove privileges_equal import from unit tests
* Fix: exclude mysql 8 from test_mysql_user's 'Assert that priv did not change' test
* Add tests to verify that GRANT permission is present after user modification
* Fix: do not revoke GRANT permission when it's already allowed and present in priv parameter
* Deduplicate tests name
Easier to debug this way
* Fix assertions named 'GRANT permission is present'
* Only revoke grant option if it exists and absence is requested
* Fix assertion comments
* Fix: Only revoke grant option if it exists and absence is requested
* Avoid pointless revocations when ALL are granted
* Assert that priv did not change on mariadb also
* Fix: sanity and unity tests
* Format long lines
* Add changelog fragment
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* add option subtract_privs to mysql_role and mysql_user
see https://github.com/ansible-collections/community.mysql/issues/331
* add integration tests for subtract_privs for mysql_role and mysql_user
* add changelog fragment for PR #333
* mysql_role, mysql_user: when subtract_privileges, don't grant unwanted privileges and don't revoke USAGE implicitly
* fix integration tests
* mysql_role, mysql_user: invalid privileges are ignored when subtract_privs is true -> document that and fix integration tests
* fix mysql_role integration tests
* fix mysql_role, mysql_user integration tests
* formatting
make the PEP8 check happy
* mysql_user and mysql_role: fix granting privileges when only the GRANT OPTION needs to be added
* mysql_user and mysql_role: log some updated privileges; explain integration test blind spot
* mysql_user and mysql_role: don't grant too much privileges
If only the grant option needs to be granted, at least one privilege needs to be granted to get valid syntax. USAGE is better for that than the existing privileges, because unwanted privileges would be re-added after revokation.
* mysql_user and mysql_role: fix type error
* Update changelogs/fragments/333-mysql_user-mysql_role-add-subtract_privileges-argument.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_role.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* added flush privileges to write dynamic privs into db
Fixes https://github.com/ansible-collections/community.mysql/issues/120
* added changelog fragment
* Update changelogs/fragments/338-mysql_user_fix_missing_dynamic_privileges.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Clarified error message about missing python modules, and tweak documentation to suggest overriding interpreter.
* Mention mysqlclient as another option
* Correct mysqlclient suggestions from python2 to python3
Co-authored-by: Matthew Exon <git.mexon@spamgourmet.com>
* Use vendored version of distutils.version
* Correct fragment
* Update plugins/module_utils/version.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Prepare for distutils.version being removed in Python 3.12
* Update plugins/module_utils/version.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove all code related to VALID_PRIVS and get_valid_privs()
* Add tests to update user with invalid privs
* Re-raise InvalidPrivsError when granting privileges
* Fix: compatibility with python2
* More explicit assertions as commented by Andersson007
* Add changelog fragment
* mysql_user: replace VALID_PRIVS by get_valid_privs() function
* Add EXTRA_PRIVS in case we need to add more privs in the future
* Add changelog fragment
