* function to check if a user is locked already
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the location and logic of where I think user locking would happen.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix missing parameters for execute()
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the locked attribute
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial user locking integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add attribute documentation
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* More descriptive names in the integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* - Changes requested/suggested by @Andersson007
- Example usage
- Changelog fragment
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix user_is_locked and remove host_all option.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix host of user (was % should have been localhost after deleting `host:` earlier)
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch locked to named instead of positional.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode support.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode: true test cases
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix names that included `check_mode: true`
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add idempotence checks
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch calls to user_mod with sequences of None positional arguments to full named arguments
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* locked check should not run for roles.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* check_mode is set at the task level and not the module level
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add user locking to info module and test.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Handle DictCursor
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode feedback
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add another builtin account to the exclusion list
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial switch to default=None for locked, will need to add a test for it.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check that missing locked argument does not unlock a user
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
---------
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* fix missing symlink to mysql binaries for MariaDB 11+
* update tested version of MariaDB 11.4 instead of 10.5
* add changelog fragment
* [CI] add way to trigger workflow manually
Useful in the case we don't modifiy any files in the paths: sections of the push event.
* add version check for mariadb < 10.4.6 without mariadb* binaries
* Use same concatenation method between functions to avoid future confusion
I didn't notice that db_dump and db_import were different, thus I introduced a bug with the initialization of the variable cmd. This commit fixes that.
* Update mysql_user.py - table/privilege spacing update
Add note for no spacing between the table and the privilege as this will make the task not idempotent in check mode but still make it idempotent when in normal mode.
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
---------
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Fix show master status for MySQL 8.2+
* Fix mysqldump option form --master-data to --source-data
* Fix incompatibility between mysqldump 8.0 and MySQL 8.4
Installing the same version between the client and the server makes
sense anyway. The incompatibility arise when you use mysqldump with
--source-data. The the tool tries to perform a SHOW MASTER STATUS which
is deprecated in MySQL 8.2+.
* Fix missing condition
* Fix unit tests
* Add a query resolver depending on implementation and version
* Sanity
* Fix SHOW REPLICA STATUS queries
* Fix mariadb's SHOW REPLICA HOSTS query
* Fix CHANGE MASTER for MySQL 8.0.23+
* Fix integration test for CHANGE MASTER
* Fix integration test for CHANGE MASTER
* Fix replication queries for MySQL 8.0.23+ and 8.4+
* Revert file edited by mistake
* Enhance tests format
* fix tuple indexerror when no accounts are found
* Fix tests for update_password not executed
* Add test for case where existing user have different password
* lint to prevent warning about jinja templating in when clause
* Refactor get_existing_authentication to return a list of all row found
Previously we were returning only the first row found. We need to be
able to see if there is a difference in the existing passwords.
* Refactor host option to be optional
This make it possible to use the same method from mysql_user to help
update_password retrieve existing password for all account with the same
username independently of their hostname. And from mysql_info to get
the password of a specif user using WHERE user = '' AND host = ''
* Add change log fragment
* Add link to the PR in the change log
* lint for ansible devel
* Fix templating type error could not cconvert to bool with ansible devel
* Revert changes made for ansible-devel that broke tests for Ansible 2.15
* Revert changes made for ansible-devel that broke tests
* Cut unnecessary set, uniqueness is ensured by the group_by in the query
* Cut auth plugin from returned values when multiple existing auths exists
Discussed here:
https://github.com/ansible-collections/community.mysql/pull/642/files#r1649720519
* fix convertion of list(dict) to list(tuple)
* Fix test for empty password on MySQL 8+
* Fix case where a failed fetchone() still return a dict
* Fix test for MariaDB
* fix case where a failed fetchone() still return a dict for primary
* Add changelog fragment
* fix option name
* Add tests for users using SSL
* Rewrite get_tls_requires using mysql.user table
* Add tls_requires to users_info filter
* add more consistant test users
* Add tls tests users in cleanup task
* Fix tls_requires data structure inconsistencies between modules
* Refactor user implementation to host get_tls_requires
* fix MySQL tls_requires not removed from user passed as empty
* Fix wrong variable used to return a hashed password
* Fix sanity
* fix unit tests
* Add changelog fragment
* Add PR URI to the changelog
* Add more precise change log
* fix documentation using wrong variable as an example
* Document example returned value `tls_requires` from users_info filter
* Revert changes that will be in a separate PR
* Fix sanity
* initial commit for password_expire support
* sanity check and default values
* add one more if block for version check
* some changes and integration tests
* docs and sanity and integration test fix
* make integration tests work
* make integration tests work
* fix unneeded commits
* fix verify as well
* Update plugins/modules/mysql_user.py
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update tests/integration/targets/test_mysql_user/tasks/test_password_expire.yml
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Apply suggestions from code review
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* typo and no_log remove for password_expire* vars
* add change log fragment
* move one if statement to module initialiazation
* fix merge conflicts
* fix order
* some fixes
* set no_log to true for password word containing keys
* fix sanity error
* Update changelogs/fragments/598-password_expire-support-for-mysql_user.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Using `show all slaves status` whe using MariaDB to be consistent
with the MySQL behaviour.
* Fixing lint issues
* Fix issue by using dict attribute
* Fix unit tests
* fix lint test
* Add unit tests
* Fix unit tests
* Adding changlog fragment
* Update changelogs/fragments/602-show-all-slaves-status.yaml
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Refactoring change by moving common logic to the module_utils
* Fix sanity checks
* Fix sanity checks
* Adding lines to fix sanity checks
* Fixing sanity checks
* Update changelogs/fragments/602-show-all-slaves-status.yaml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Removing is_mariadb and is_mysql functions
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* add support for mysql user attributes
* fix CI
* write integration tests
* requested changes pt. 1
* requested changes pt. 2
* fix changelog fragment
---------
Co-authored-by: n-cc <ncc@github.com>
* add documentation for new mysql_info users_info filter
* Add integration tests for mysql_info users_info
* fix list parsing when cursor come from mysql_info
Mysql_info use a DictCursor and mysql_user a normal cursor.
* fix case when an account as same user but different host and password
* document why certain authentications plugins cause issues
* add version_added for users_info to the documentation
* Add 'users' description to differentiate it from 'users_info'
---------
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* switch "PRIMARY" to "MASTER" on description
* Update plugins/modules/mysql_replication.py
* Add author to contributors lists
---------
Co-authored-by: Thomas Lau <lkthomas@localhost.localdomain>
Co-authored-by: Thomas Lau <thomas.lau@gfo-x.com>
* Add integrations tests for column case sensitive name
* add a warning when column_case_sensitive in not set
* add announce default will change in in 4.0.0
* fix tests for engine that don't wrap column in backticks
* add filter because only MySQL 5.7 is case sensitive for users privs
* add kmarse and myself to the authors
* add kmarse to the contributors list
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@epfl.ch>
Co-authored-by: Andrew Klychkov <aklychko@redhat.com>
* Document connector-version relationship
* Fix missing option in the command usage documentation
* Rephrase commands descriptions
* Document that pymysql 0.10.0 disabled its warnings
* Disable tests for pymysql newer than 0.10.0 because the behavior changed
* Enable integration tests for pymysql 1.0.2
* Add exclusion to avoid requesting nonexistent test containers
* Cut comments about PyMySQL 1.0.2 need to be fixed
* docs: explain PyMySQL 0.10.0+ returns changed when using IF EXISTS
* Allow uppercase in variable names for Galera wsrep variables
* Changelog fragment for regex change
* Corrected for excessive line lengths
* Update changelogs/fragments/mysql_variables_allow_uppercase_identifiers.yml
---------
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add methods to retrieve connector name and version
* Document that mysqlclient is also named MySQLdb
* Document version_added
* Add connector name and version in the returned block
* Cut condition to display any name that is return
In case of MySQLdb is renamed in mysqlclient. In that case, the
integration tests will catch this the day we update the connector
version.
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* mysql_user: enabled autocommit to support MySQL 8
* Add changelog fragment
* Link to issue instead of pull request in changelog fragment
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* add service name to plugin pam/auth_pam usage
* typo fixed
* MySLQ is using identified with auth_pam by ... instead of identified with pam using ... like mariadb does
* a : in description lines breaks yaml syntax
* clearify documentation and add changelog fragment
* Update changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add SOURCE_SSL_VERIFY_SERVER_CERT parameter
* Rewiev fixs and add changelog fragment
* fix version
* Update changelogs/fragments/435-mysql_replication_verify_server_cert.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add schema and tables for the tests
* Add tests for full dump with and without compression
* Add test for distinct dump with and without compression
* Fix sh not seeing errors for command before the pipe
sh is missing the pipefail flag. We must use bash for this.
* Add cleanup to prevent the following tests from failing
* Fix fqcn in module_defaults
* Add changelog fragment
* Add check to the error message to ensure we captured the right one
* Add option to activate the fix on systems with bash
* Fix errors when data schema is already absent
* Update changelogs/fragments/fix-256-mysql_dump-errors.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add markup for commands in the documentation string
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add markup and next release version in the documentation string
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Fix missing dependency for MySQL 8
* Add pipefail to tests of uncompressed dumps to enure it still works
* Fix "bash command not found" if pipefail is used for uncompressed dump
* Fix sanity pep8
* Document example of dump with pipefail
* Add dedpulication to command construct
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Using += on a list cause some problems druing creation of mysql command:
/usr/bin/mysql - - u s e r = r o o t - - p a s s w o r d = ' ' --socket=/run/mysqld/mysqld.sock
* mysql_user: prevent password getting set for existing users on on_create when plugin is used
* added changelog fragment
* format fix
* added substract_privs, to t list of arguments
* clarify the documetation
* additional documentation to password,plugin,plugin_hash_string,plugin_auth_string options, format fix on changelog
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* linting
* linting
* linting
* linting
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
