* function to check if a user is locked already
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the location and logic of where I think user locking would happen.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix missing parameters for execute()
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the locked attribute
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial user locking integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add attribute documentation
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* More descriptive names in the integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* - Changes requested/suggested by @Andersson007
- Example usage
- Changelog fragment
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix user_is_locked and remove host_all option.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix host of user (was % should have been localhost after deleting `host:` earlier)
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch locked to named instead of positional.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode support.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode: true test cases
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix names that included `check_mode: true`
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add idempotence checks
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch calls to user_mod with sequences of None positional arguments to full named arguments
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* locked check should not run for roles.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* check_mode is set at the task level and not the module level
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add user locking to info module and test.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Handle DictCursor
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode feedback
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add another builtin account to the exclusion list
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial switch to default=None for locked, will need to add a test for it.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check that missing locked argument does not unlock a user
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
---------
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* fix option name
* Add tests for users using SSL
* Rewrite get_tls_requires using mysql.user table
* Add tls_requires to users_info filter
* add more consistant test users
* Add tls tests users in cleanup task
* Fix tls_requires data structure inconsistencies between modules
* Refactor user implementation to host get_tls_requires
* fix MySQL tls_requires not removed from user passed as empty
* Fix wrong variable used to return a hashed password
* Fix sanity
* fix unit tests
* Add changelog fragment
* Add PR URI to the changelog
* Add more precise change log
* fix documentation using wrong variable as an example
* Document example returned value `tls_requires` from users_info filter
* Revert changes that will be in a separate PR
* Fix sanity
* initial commit for password_expire support
* sanity check and default values
* add one more if block for version check
* some changes and integration tests
* docs and sanity and integration test fix
* make integration tests work
* make integration tests work
* fix unneeded commits
* fix verify as well
* Update plugins/modules/mysql_user.py
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update tests/integration/targets/test_mysql_user/tasks/test_password_expire.yml
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Apply suggestions from code review
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* typo and no_log remove for password_expire* vars
* add change log fragment
* move one if statement to module initialiazation
* fix merge conflicts
* fix order
* some fixes
* set no_log to true for password word containing keys
* fix sanity error
* Update changelogs/fragments/598-password_expire-support-for-mysql_user.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* add support for mysql user attributes
* fix CI
* write integration tests
* requested changes pt. 1
* requested changes pt. 2
* fix changelog fragment
---------
Co-authored-by: n-cc <ncc@github.com>
* Add integrations tests for column case sensitive name
* add a warning when column_case_sensitive in not set
* add announce default will change in in 4.0.0
* fix tests for engine that don't wrap column in backticks
* add filter because only MySQL 5.7 is case sensitive for users privs
* add kmarse and myself to the authors
* add kmarse to the contributors list
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@epfl.ch>
Co-authored-by: Andrew Klychkov <aklychko@redhat.com>
* mysql_role: add examples for "members_must_exist" argument
* mysql_role: fix syntax in example
* Update plugins/modules/mysql_role.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_role.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* mysql_role: add argument "members_must_exist" (boolean, default true)
The assertion that the users supplied in the "members" argument exist is only executed when the new argument "members_must_exist" is true, to allow opt-out.
* mysql_role: add integration tests for argument members_must_exist
* add changelog fragment
* mysql_role: fix behavior of members_must_exist argument
* Update plugins/modules/mysql_role.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update changelogs/fragments/369_mysql_role-add-members_must_exist.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* mysql_role: don't add members to a role when creating the role and "detach_members: true" is set, add integration test
* add changelog fragment
* mysql_role: add author betanummeric
* Update changelogs/fragments/367-mysql_role-fix-deatch-members.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* mysql_role: fix and simplify role membership detection
* add changelog fragment
* Update changelogs/fragments/368-mysql_role-fix-member-detection.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* add option subtract_privs to mysql_role and mysql_user
see https://github.com/ansible-collections/community.mysql/issues/331
* add integration tests for subtract_privs for mysql_role and mysql_user
* add changelog fragment for PR #333
* mysql_role, mysql_user: when subtract_privileges, don't grant unwanted privileges and don't revoke USAGE implicitly
* fix integration tests
* mysql_role, mysql_user: invalid privileges are ignored when subtract_privs is true -> document that and fix integration tests
* fix mysql_role integration tests
* fix mysql_role, mysql_user integration tests
* formatting
make the PEP8 check happy
* mysql_user and mysql_role: fix granting privileges when only the GRANT OPTION needs to be added
* mysql_user and mysql_role: log some updated privileges; explain integration test blind spot
* mysql_user and mysql_role: don't grant too much privileges
If only the grant option needs to be granted, at least one privilege needs to be granted to get valid syntax. USAGE is better for that than the existing privileges, because unwanted privileges would be re-added after revokation.
* mysql_user and mysql_role: fix type error
* Update changelogs/fragments/333-mysql_user-mysql_role-add-subtract_privileges-argument.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_role.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Remove all code related to VALID_PRIVS and get_valid_privs()
* Add tests to update user with invalid privs
* Re-raise InvalidPrivsError when granting privileges
* Fix: compatibility with python2
* More explicit assertions as commented by Andersson007
* Add changelog fragment
* mysql_user: replace VALID_PRIVS by get_valid_privs() function
* Add EXTRA_PRIVS in case we need to add more privs in the future
* Add changelog fragment
