* function to check if a user is locked already
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the location and logic of where I think user locking would happen.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix missing parameters for execute()
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the locked attribute
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial user locking integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add attribute documentation
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* More descriptive names in the integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* - Changes requested/suggested by @Andersson007
- Example usage
- Changelog fragment
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix user_is_locked and remove host_all option.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix host of user (was % should have been localhost after deleting `host:` earlier)
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch locked to named instead of positional.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode support.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode: true test cases
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix names that included `check_mode: true`
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add idempotence checks
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch calls to user_mod with sequences of None positional arguments to full named arguments
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* locked check should not run for roles.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* check_mode is set at the task level and not the module level
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add user locking to info module and test.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Handle DictCursor
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode feedback
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add another builtin account to the exclusion list
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial switch to default=None for locked, will need to add a test for it.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check that missing locked argument does not unlock a user
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
---------
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Update mysql_user.py - table/privilege spacing update
Add note for no spacing between the table and the privilege as this will make the task not idempotent in check mode but still make it idempotent when in normal mode.
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
---------
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* fix option name
* Add tests for users using SSL
* Rewrite get_tls_requires using mysql.user table
* Add tls_requires to users_info filter
* add more consistant test users
* Add tls tests users in cleanup task
* Fix tls_requires data structure inconsistencies between modules
* Refactor user implementation to host get_tls_requires
* fix MySQL tls_requires not removed from user passed as empty
* Fix wrong variable used to return a hashed password
* Fix sanity
* fix unit tests
* Add changelog fragment
* Add PR URI to the changelog
* Add more precise change log
* fix documentation using wrong variable as an example
* Document example returned value `tls_requires` from users_info filter
* Revert changes that will be in a separate PR
* Fix sanity
* initial commit for password_expire support
* sanity check and default values
* add one more if block for version check
* some changes and integration tests
* docs and sanity and integration test fix
* make integration tests work
* make integration tests work
* fix unneeded commits
* fix verify as well
* Update plugins/modules/mysql_user.py
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update tests/integration/targets/test_mysql_user/tasks/test_password_expire.yml
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Apply suggestions from code review
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* typo and no_log remove for password_expire* vars
* add change log fragment
* move one if statement to module initialiazation
* fix merge conflicts
* fix order
* some fixes
* set no_log to true for password word containing keys
* fix sanity error
* Update changelogs/fragments/598-password_expire-support-for-mysql_user.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* add support for mysql user attributes
* fix CI
* write integration tests
* requested changes pt. 1
* requested changes pt. 2
* fix changelog fragment
---------
Co-authored-by: n-cc <ncc@github.com>
* Add integrations tests for column case sensitive name
* add a warning when column_case_sensitive in not set
* add announce default will change in in 4.0.0
* fix tests for engine that don't wrap column in backticks
* add filter because only MySQL 5.7 is case sensitive for users privs
* add kmarse and myself to the authors
* add kmarse to the contributors list
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@epfl.ch>
Co-authored-by: Andrew Klychkov <aklychko@redhat.com>
* mysql_user: enabled autocommit to support MySQL 8
* Add changelog fragment
* Link to issue instead of pull request in changelog fragment
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* add service name to plugin pam/auth_pam usage
* typo fixed
* MySLQ is using identified with auth_pam by ... instead of identified with pam using ... like mariadb does
* a : in description lines breaks yaml syntax
* clearify documentation and add changelog fragment
* Update changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* mysql_user: prevent password getting set for existing users on on_create when plugin is used
* added changelog fragment
* format fix
* added substract_privs, to t list of arguments
* clarify the documetation
* additional documentation to password,plugin,plugin_hash_string,plugin_auth_string options, format fix on changelog
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* linting
* linting
* linting
* linting
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* add option subtract_privs to mysql_role and mysql_user
see https://github.com/ansible-collections/community.mysql/issues/331
* add integration tests for subtract_privs for mysql_role and mysql_user
* add changelog fragment for PR #333
* mysql_role, mysql_user: when subtract_privileges, don't grant unwanted privileges and don't revoke USAGE implicitly
* fix integration tests
* mysql_role, mysql_user: invalid privileges are ignored when subtract_privs is true -> document that and fix integration tests
* fix mysql_role integration tests
* fix mysql_role, mysql_user integration tests
* formatting
make the PEP8 check happy
* mysql_user and mysql_role: fix granting privileges when only the GRANT OPTION needs to be added
* mysql_user and mysql_role: log some updated privileges; explain integration test blind spot
* mysql_user and mysql_role: don't grant too much privileges
If only the grant option needs to be granted, at least one privilege needs to be granted to get valid syntax. USAGE is better for that than the existing privileges, because unwanted privileges would be re-added after revokation.
* mysql_user and mysql_role: fix type error
* Update changelogs/fragments/333-mysql_user-mysql_role-add-subtract_privileges-argument.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_role.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add default database "mysql" to mysql_user
Since permissions are stored in the "mysql" database anyway this should not change the behaviour of the module. But replication / binlog filters which rely on the current database will be able to filter the statements correctly afterwards. Prior to this change they were not executed in any database context and could not be filtered in any way by the existing methods in MySQL.
* Added changelog fragment
* Update changelogs/fragments/266-default-database-for-mysql-user
Thanks!
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update mysql_user.py
Make the change a configureable boolean
* Update 266-default-database-for-mysql-user
update changelog fragment
* Update 266-default-database-for-mysql-user
it´s not a bugfix anymore
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* renamed new option to force_context
enhanced description
added tests
* fixed changelog
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* added more tests
* removed first test attempts again (from issue-28.yml)
created new tests for testing with and without replication
* added force_context: no testing
* forgot to add the new part to main.yml
* found a copy&paste issue
* fix include naming
* Made sure the tests work in local testing
* MariaDB handles online replication filters differently
* fix changelog
* Update changelogs/fragments/266-default-database-for-mysql-user.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update changelogs/fragments/266-default-database-for-mysql-user.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Remove all code related to VALID_PRIVS and get_valid_privs()
* Add tests to update user with invalid privs
* Re-raise InvalidPrivsError when granting privileges
* Fix: compatibility with python2
* More explicit assertions as commented by Andersson007
* Add changelog fragment
* mysql_user: replace VALID_PRIVS by get_valid_privs() function
* Add EXTRA_PRIVS in case we need to add more privs in the future
* Add changelog fragment
* mysql_user: add proper handling of INSERT, UPDATE, REFERENCES on columns
* Add changelog fragment
* fix sanity
* fix CI
* fix sanity
* fix CI
* make the assertion fairer
* Improve
* mysql_user: fix the module is not idempotent when there is SELECT on columns granted
* add changelog fragment
* fix
* Add unit tests for has_select_on_col function
* Add unit tests for sort_column_order function
* Add unit tests for handle_select_on_col function
* Update a comment
This module does not currently log the SQL statements that it executes.
A change was proposed to add this functionality, but it would require
modifications in many sections of the code due to how many cursor.execute()
statements there currently are. This change simply consolidates the
number of execute() calls where it is trivial to do so.
* mysql_user: fixed encrypted option for MySQL 8.0 and test coverage
The purpose of this change was originally to expand test coverage to
unblock #76, but an issue was detected with the encrypted parameter on
MySQL 8.0 in the process of writing the tests. Additionally,
user_password_update_test.yml had been disabled at some point, so I
opted to replace it with two new files that will focus on the password
and plugin auth paths.
* Updated tests to cover a couple of missing branches
* Skip tests that rely on sha256_password if pymysql < 0.9
* Cover the case where pymysql isn't installed for plugin tests
* Added better plugin auth checking to tests and other minor changes
* Fixed version detection to explicitly handle MariaDB
* Removed unneeded import from previous change
* Remove whitespace that was introduced by change that was removed
* Added unit tests for missing coverage
* mysql_user: Fixed change detection with append_privs (#69)
Prior to this change, mysql_user with append_privs would attempt to make
a change even if the current privileges were a superset of the new
privileges (shouldn't require any action).
* Fixed unrelated mysql_replication doc causing failures in CI
* Added fragments and check_mode tests
* Expanded priv append tests to cover additional case
* Add changelog fragment
* Add check_hostname option
* Propagate check_hostname option across the collection
* Update documentation fragment
* Propagate test to all other plugins
* Remove stray line
* Give test user privileges to run test operations
* Extend integration tests job matrix
* Add caution note to documentation fragment.
* Update matrix job name
* Rearrange job matrix
* Fix sanity issues
* Fix issue with mysqldb silently failing to update out of range variables
* Fix variable overwrite
* Ignore `check_hostname` when using MySQLdb
* Update plugins/doc_fragments/mysql.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/doc_fragments/mysql.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update changelogs/fragments/35-disable-hostname-check.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add test to verify TLS requirements are removed
* Fix cursor parsing
* small fixes
* Refactor TLS tests into their own file
* Fix TLS requirements parsing
* Add TLS connection parameters
* Add check mode tests
* Fix check mode indentation
* Run MySQL commands with the mysql_command variable
* Fix typo
* Restore code lost during cherry pick
* Fix conditionals to accomodate for MySQL v8
* Fix equal operators
* Remove Black formatting in an attempt to make codecov happy
* Remove deprecation notice
* Fix closing bracket
* Remove code duplication
* Add changelog fragments from c.g.
* Adjust version_added to 0.1.0, which comes closer to the truth.
* Add changelogs/.plugin-cache.yaml to gitignore.
* initial commit
* removed remaining references to community.general
* enabled integration pipeline
* switched from preconfigured replication topology to simple multinode install
* updated version from 1.0.0 to 0.1.0
