* function to check if a user is locked already
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the location and logic of where I think user locking would happen.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix missing parameters for execute()
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add the locked attribute
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial user locking integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add attribute documentation
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* More descriptive names in the integration tests
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* - Changes requested/suggested by @Andersson007
- Example usage
- Changelog fragment
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix user_is_locked and remove host_all option.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix host of user (was % should have been localhost after deleting `host:` earlier)
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch locked to named instead of positional.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode support.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode: true test cases
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Fix names that included `check_mode: true`
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add idempotence checks
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Switch calls to user_mod with sequences of None positional arguments to full named arguments
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* locked check should not run for roles.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* check_mode is set at the task level and not the module level
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add user locking to info module and test.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Handle DictCursor
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check_mode feedback
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add another builtin account to the exclusion list
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Initial switch to default=None for locked, will need to add a test for it.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* Add check that missing locked argument does not unlock a user
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
---------
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
* fix tuple indexerror when no accounts are found
* Fix tests for update_password not executed
* Add test for case where existing user have different password
* lint to prevent warning about jinja templating in when clause
* Refactor get_existing_authentication to return a list of all row found
Previously we were returning only the first row found. We need to be
able to see if there is a difference in the existing passwords.
* Refactor host option to be optional
This make it possible to use the same method from mysql_user to help
update_password retrieve existing password for all account with the same
username independently of their hostname. And from mysql_info to get
the password of a specif user using WHERE user = '' AND host = ''
* Add change log fragment
* Add link to the PR in the change log
* lint for ansible devel
* Fix templating type error could not cconvert to bool with ansible devel
* Revert changes made for ansible-devel that broke tests for Ansible 2.15
* Revert changes made for ansible-devel that broke tests
* Cut unnecessary set, uniqueness is ensured by the group_by in the query
* Cut auth plugin from returned values when multiple existing auths exists
Discussed here:
https://github.com/ansible-collections/community.mysql/pull/642/files#r1649720519
* fix convertion of list(dict) to list(tuple)
* Fix test for empty password on MySQL 8+
* Add tests for Ansible core 2.17 (devel is 2.18 today)
* Drop tests for Ansible core 2.14 and add 2.17
* Cut duplicate exclude
* Add back python 3.8 and 3.9 for stable2.15
* Bump action to prevent deprecation warnings
* Cut python 3.9 for devel in roles tests
* Attempt to fix GHA line folding
* fix typo
* Bump ubuntu
Latest ansible-test doesn't work with old ubuntu. See here for more
info: https://github.com/ansible-collections/collection_template/blob/main/.github/workflows/ansible-test.yml#L83-L91
* fix docker_image var assignation
* fix yamllint false positive
* Attempt to fix docker_image_multiline assignation
* Fix empty var due to scope of each command
* Attempt to fix docker_image assignation
* fix error "vars should be dict"
* Document URL of the repository for the action ansible-test-gh-action
* Disable role tests
* Document ansible-core version tested
* Cut ansible-core 2.14 from testing documentation
* initial commit for password_expire support
* sanity check and default values
* add one more if block for version check
* some changes and integration tests
* docs and sanity and integration test fix
* make integration tests work
* make integration tests work
* fix unneeded commits
* fix verify as well
* Update plugins/modules/mysql_user.py
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update tests/integration/targets/test_mysql_user/tasks/test_password_expire.yml
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Apply suggestions from code review
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* typo and no_log remove for password_expire* vars
* add change log fragment
* move one if statement to module initialiazation
* fix merge conflicts
* fix order
* some fixes
* set no_log to true for password word containing keys
* fix sanity error
* Update changelogs/fragments/598-password_expire-support-for-mysql_user.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* add support for mysql user attributes
* fix CI
* write integration tests
* requested changes pt. 1
* requested changes pt. 2
* fix changelog fragment
---------
Co-authored-by: n-cc <ncc@github.com>
* Add integrations tests for column case sensitive name
* add a warning when column_case_sensitive in not set
* add announce default will change in in 4.0.0
* fix tests for engine that don't wrap column in backticks
* add filter because only MySQL 5.7 is case sensitive for users privs
* add kmarse and myself to the authors
* add kmarse to the contributors list
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@epfl.ch>
Co-authored-by: Andrew Klychkov <aklychko@redhat.com>
* Draft: Add a mariadb container
* Add playbook to test connection to the server
* Add healthcheck to MariaDB before starting the tests
This prevent the first test to fail because the db isn't ready yet.
* Add default file for root necessary since using venv instead of docker
* Add % instead of the default 'localhost' since we use remote connection
Previously, everything was on localhost. Now ansible-test is in a
venv and the db is in a container. The db see the IP address from the
podman host (10.88.0.2)
* Add ansible-test integration inventory to .gitignore
* Revert to old workflow to use ansible-test --venv
It seams that that ansible-test-gh-action doesn't handle this option:
https://github.com/ansible-community/ansible-test-gh-action/blob/main/action.yml#L483-L497
* Cut target filtering
* Fix comparison
We are not logged in as 127.0.0.1 anymore, but 10.88... as I couldn't
test this easily, I decided to simplify the test.
* Add path to default-file
/root doesn't exist with --venv
* Fix workflow unknown option container_name
* Attempt GHA communication between container using "docker host network"
https://docs.github.com/en/actions/using-containerized-services/about-service-containers
I re-revert the workflow to use the new custom action. But I'm not sure
it will works because I don't know how the container for ansible-test
is started and if it will have access to the services containers.
* Cut anchors currently unsupported by GHA
* Disable healthcheck
I want to first prove that this setup is possible before adding safety
* Disable sanity, units and matrix to speed up tests in GHA
* Further disable tests to speed up
* Add mysql_client to the controller
* Install mysql_client the correct way
* Fix package name and missing apt cache
* Prepare controller with Podman/Docker Network
We use the Podman/Docker network gateway address to communicate between
container. I haven't tested Docker. I would have preferred to use a pod
but only Podman support it and ansible-test only support the
--docker-network option.
* Swap MariaDB with MySQL
* De-duplicate the mysql_command alias
* Generalize mysql and mariadb version based on container name
This way we can split db_engine and db_version and simplify tests.
Also this is mandatory to use the matrix.db_engine_version as the
image name for our services containers.
* Cut docker healthcheck unsupported by GHA
* Fix replication server_id already in use
* Add static test with replication containers
* Fix database not selected
* Fix replication due to usage of gateway_addr instead of localhost
* Simplify version computation
* Linting
* Refactor setup_mysql into setup_controller
* Fix test_mysql_role
* Fix server_id in GHA
GHA lack a way to pass option to docker's command. Also server_id is
not read as a environment variable. So I'm forced to use a config file.
* Add back a package to connect to MySQL 8+
* Linting
* Refactor test_mysql_user to work with other host than localhost
* Refactor way tests info are passed from sed to file with lookup
The idea is to avoid modifying test targets from the workflow to prevent
ansible-test to think every tests needs to be run.
* Fix missing var
* Refactor test to use the db_version from setup_controller
* Add temporary files to .gitignore
* Fix volume path
* Fix volume path by adding a final /
* Fix volume path using $(pwd)
* Fix volume path using github.workspace var
* Cut files from gitignore because it prevents ansible-test to copy them
* Fix pre-test-cmd missing separators
* Cut the newline added by lookup 'file'
* Fix tailing newline by not created it in the first place
* Disable tests to concentrate on the \n and quote issue with my files
* Fix trailing newline and quote in db_engine_version
* Re-enable integration tests to validate db_engine_version is fixed
* lint
* Cut unused file
* Fix pre-test-cmd paste in wrong context
* Re-enable service containers
* Add back docker healthcheck on services
I saw in the GHA logs that it perform an healtcheck ! So I hope this
will work.
* Add tmate to debug the server_id in replicas
* Attempt to fix "invalid syntax"
* Enclose command in quotes
* Refactor the way server_id is set for replicas
The simple way is to add '--server-id 2' after the name of the image of
the container. But GHA doesn't let us do that. The idea of mount a file
from our repo doesn't work because the repo is check out later in the
workflow and I failed to find a pre-job hook. Then I realized that this
MySQL option is dynamic! So we will set that in the test target!
* Re-activate all tests
* Cut useless task
* Use same variable as other target for consistency
* Linting
* Update version tested
* Add options to the makefile
* Add same variables as other target for consistency
* Add IF NOT EXISTS to prevent misleading error on retry
* Cut python 3.11 not supported by ansible-test yet
* Attempt to set log-bin into docker
* Reformat for readability
* Document that full version is mandatory
* Fix newline
* Github complain it doesn't find python 3.1 !!!
* Add option to run only a single target
* Fix mysqlclient not supporting Python 3.9
* Enhance installation of mysql_client
Initially I wanted to install mysql-client-5.7 to test mysql server 5.7
but this package is not available for Ubuntu 18+.
I keep those changes because it allow us to specify the name of the
package based on the Ubuntu version.
* Linting
* Add unique name to simplify debugging
* Fix mysql_dump for MySQL 5.7 and MariaDB when using mysqldump 8
* Add unique name to simplify debugging
* Deduplicate tasks
* Lining
* Add python script to recreate the test matrix from github workflow file
* Fix dump with mysqldump 8 against mysql 5.7
* Disable test for replication with chanel for mysql 5.7
* Add better task name
* Fix exclusion function
* Disable replication with channel tests entirely for MySQL 5.7
* Activate Mysql 8 and Mariadb into GitHub Action Workflow
* Cut Ansible since we can't change what the user have on his computer
* Add running make command for all tests of the matrix
* Add unique test names
* Document run_all_tests.py
* Add unique test names
* Add tmate to experiment with docker healthcheck
* Fix replication settings
sh don't know 'echo -e', so we use bash instead.
Also, we need to wait for the container to be healthy before trying to
restart it. Otherwise that could corrupt it.
* Add TODO verify that the version of mysql/mariadb is correct
* Add more descriptive tests names
* Use mysql_host var name instead of gateway_addr in tests
* Refactor user@<gateway ip addr> into user@%
* Fix healthcheck in GHA
* Disable tests that fails only on MariaDB
* Refactor to remove useless variables
* Workaround for plugin role that fails with any MariaDB versions
* Fix Python 3.10 beein run as 3.1
* Ensure replicas are healthy before rebooting them
* Enable all tests
* Add a virtualenv for ansible-test used locally
* Simplify connector_name variables
* Add PoC using custom ansible-test containers
* Fix docker_container variable name
* Cut forgotten comment
* Fix error when using local registry by using quay.io
* Change tag of test-containers to latest
* Fix ansible-test unknown option
I copied blindly https://github.com/ansible-collections/community.sops/blob/main/.github/workflows/ansible-test.yml#L195
and forgot what ansible-test was expecting
* Cut column-statistics disabling
Thanks to our test-container, we now use the correspond mysql-client.
So to test mysql 5.7 we use mysql-client-5.7 and to test mysql 8 we
use mysql-client-8.
* Add manual test matrix (MariaDB 10.6, 10.7 and 10.8 missing)
* Fix test matrix
Python version should be quoted, otherwise 3.10 become 3.1
We can skip 2.14 and devel with Python3.8
We can skip devel with Python 3.9
We can skip MariaDB 10.4 with mysql-client-10.6
Add tests for MariaDB 10.6, 10.7 and 10.8
* Reduce number of tests and adapt containers images
* Fix queries for roles
* Add filter for issues resolved in newer version of mysqlclient
* Add names to tests
* Fix assertion for mariadb
* Linting
* Cut tests for incompatible MySQL 8 and pymysql 0.7.11
* Fix assertion for older mysqlclient than 2.0.1 with mysql (mariadb ok)
* Cut playbook that are now handled by the test-containers
* Change timeout from 10 to 30 seconds to let mysql/mariadb restart
* Add connector information to the returned values
I need to know what python library was used. I had a container with
both mysqlclient and pymysql installed and tests used a different
connector that what is advertised by the title of integration tests.
We need to prevent that otherwise our tests are worth nothing.
* Add a verify stage at setup of test to assert all version are correct
* Attempt to build and publish an image on ghcr.io
* Add latest release of actions and with a context
* Add trigger on workflow file edit
* Fix env not recognized in the 'on' clause
* Add latest tag
* Fix insufficient context
* Add missing slash
* Cut addition of tag 'latest' as GHA does it automatically
* Add ghcr.io image for mariadb10.3 python3.8 mysqlclient2.0.1
* Change docker-image workflow to work on all images using matrix
* Fix workflow title
* Add support for version of mysqlclient
* Fix context path
* Workaround failed to push ghcr.io
Error was: failed to copy: io: read/write on closed pipe
* Add back all tests using ghcr.io images
* Cut unused images
* Fix verify database version
Sometimes, version_full contains trailing information (-log). To prevent
issues it's best to concatenate major and minor version.
* Fix verify for mysqlclient second name MySQLdb
* Rename variable for consistency
* Fix container name
* Add tag 'latest' to images
* Cut filter for tests now that the right connector is used
* Fix test of mysql/mariadb version in use
* Fix python version lookup
* Add clean up in "always" phase of the block
Because our tests use --retry-on-error, and the first thing the test
does is to try to create the database. We must cleanup otherwise if
there is a retry, it will throw a misleading "database already exists"
error.
* Document TODO
* Disable tests using pymysql 1.0.2
Many tests are failing but this must be fixed in the plugins in a future
PR.
* Cut test MySQL 8 with incompatible pymysql 0.7.11
It fails to connect with error about cryptography unsupported
* Fix dict key lookup
* Fix indentation
* Cut tests that was excluded in previous matrix
* Enable back sanity and unit tests
* Refactor get_driver_version to display name while passing sanity tests
* Fix variable name
* Fix missing cffi package to connect to MySQL 8 using Python 3.9
* Fix image not found
* Split Docker image workflow to rebuild only changed Dockerfile
My goal is not to save the planet but to make it work. Currently
docker/setup-buildx-action@v2 often fails. You have to rerun the
workflow multiple times until it succeed. When you do that with the
matrix with 15 containers, you never get to the point where they all
built successfully. Having separate workflows makes rerun the failing
build easier.
* Fix verify ansible 'devel' for which the version is unknown
Today 'devel' means 2.15, but in the future it will be something else.
* Fix ansible version extraction for "devel"
* Cut matrix from when build was done in a single workflow
* Document fix container name
* Add bold
* Add option to let containers alive at end of testing
* Enhance error handling and doc of get_driver_name and get_driver_version
* Migrate tests documentations in their own file
* Skip retry-on-error by default and add option to activate it on demand
* Rename folder to better purpose
* Enable back push and schedule workflow
* Rename registry from fork to upstream
* Cut Docker Image workflow's filter for branch from my fork
* Add changelog fragment
* Update supported versions
* Rename file for clarity
* Cut mariadb non long term releases
* Add '-client' to the block title to better explain what it is
* Update readme for tested versions of long term release of MariaDB
* Attempt to add the workflow to the Action tab
* Second attempt to add the workflow to the Action tab
* Cut folder re-created by merge from main
* Cut filter by branch
GHA will build the image using the branch name as tag. So we can safely
remove this filter.
* Cut changelog item done in #497
* Attempt to fix upload of image under c.mysql instead of my fork
* Add debug to buildkitd
* Bump setup-buildy-action to latest
* Cut dot in image name in attempt to fix buildx bad request 400 error
* Sanitize the repository name using metadata-action
https://github.com/docker/build-push-action/blob/master/TROUBLESHOOTING.md#repository-name-must-be-lowercase
* Document why we use optional checkout action
* Cut debugging from setup-buildx-action
* Fix workflow to work both on fork and c.mysql repository
* Use apt-get instead of apt that not have a stable CLI interface
* Use apt-get instead of apt
* update docker image path to my personal repo
I'm unable to publish under community.mysql. Either it's the dot in
the name or I do something wrong with the GITHUB_TOKEN, but we need to
test my PR, so I'll use docker images from my fork for now.
* Fix test after merge of PR497
* Enhance testing documentation header
* Fix installation of ansible venv
ansible-test is included in ansible package. Also, on Fedora 37 with
python 3.11, pip is missing. By using ensurepip we solve that issue.
* Document usage of continue_on_errors
* Fix versions used in examples
* Add support for systems with unsupported python set as default
* Fix cleanup task
* Fix variable assignation to the include task
* Add forgotten variable to handle unsupported python version
* Fix user site-packages not visible in virtualenv
* Fix test connection to the database and tasks names
* Add create podman network for system missing it.
We saw that on a Fedora 33 with Podman 3.3.1, an old system. I didn't
find in which release the default network changed and maybe it's
defined in the Linux distribution. So in doubt I always attempt to
create the network.
* Add full path to image to prevent podman asking which registry to use
* Add options to enforce recreate containers even if already exists
* Reformat command multiline to oneline
* Add deletion of anonymous volumes associated with the container
* Comment unused variable
* Change shebang from python to python3 to avoid confusion with python2
This script is a python3 script.
* Add disk and RAM requirements
* Cut the 3 from python command to follow shebang recommendations
https://docs.ansible.com/ansible-core/devel/dev_guide/testing/sanity/shebang.html
* Reformat spelling
Co-authored-by: Jorge Rodriguez (A.K.A. Tiriel) <jorge.rodriguez@futurice.com>
* Reformat file path
Co-authored-by: Jorge Rodriguez (A.K.A. Tiriel) <jorge.rodriguez@futurice.com>
* Fix link URI
Co-authored-by: Jorge Rodriguez (A.K.A. Tiriel) <jorge.rodriguez@futurice.com>
* Fix link URI
Co-authored-by: Jorge Rodriguez (A.K.A. Tiriel) <jorge.rodriguez@futurice.com>
* Lint
Co-authored-by: Jorge Rodriguez (A.K.A. Tiriel) <jorge.rodriguez@futurice.com>
* Lint
Co-authored-by: Jorge Rodriguez (A.K.A. Tiriel) <jorge.rodriguez@futurice.com>
* Add better task name
Co-authored-by: Jorge Rodriguez (A.K.A. Tiriel) <jorge.rodriguez@futurice.com>
* Move utility task files in their own folder
* Refactor using reusable GHA workflows
* Fix path to called workflow file
* Fix path to use local workflow
* Fix cannot specify version when calling local workflows
* Attempt to use a fixed repo name in the image name
My last attempts produced duplicates images under my name + repo name:
laurent-indermuehle/community.mysql. Previously I had only my name. And
none of the above are what we want. We want only community.mysql in the
image name...
* Add called workflow file in the GHA hooks
Without this, the containers are not rebuilt when you modify the file
built-docker-image.yml.
* Rollback to github.repository in container image name
This time I think I understood. We publish in the
github.repository_owner's namespace. In my case it's laurent-indermuehle
and in case of upstream it's ansible-collection. A proof of that:
https://github.com/orgs/ansible-collections/packages <- here there is
one attempt I did in february to push my branch to the upstream.
So, our tests containers will be visible to the whole community, not
just community.mysql.
---------
Co-authored-by: Jorge Rodriguez (A.K.A. Tiriel) <jorge.rodriguez@futurice.com>
* Compare privileges from before and after manipulation
* Add unit tests
* Fix FIXME integration tests related to this issue
* Fix sanity check
* Fix assertion when appending privs in mysql_role_initial integration tests
* Fix pylint
* [ci-skip] Add changelog fragment
* Fix: missing fragment file extension
* Replace privileges_equal() by a comparison
* Fix: sanity pylint
* Fix: forgot to remove privileges_equal import from unit tests
* Fix: exclude mysql 8 from test_mysql_user's 'Assert that priv did not change' test
* Add tests to verify that GRANT permission is present after user modification
* Fix: do not revoke GRANT permission when it's already allowed and present in priv parameter
* Deduplicate tests name
Easier to debug this way
* Fix assertions named 'GRANT permission is present'
* Only revoke grant option if it exists and absence is requested
* Fix assertion comments
* Fix: Only revoke grant option if it exists and absence is requested
* Avoid pointless revocations when ALL are granted
* Assert that priv did not change on mariadb also
* Fix: sanity and unity tests
* Format long lines
* Add changelog fragment
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* Refactor tests to use "is" and "is not" changed
* Refactor tests to use is succeeded or is failed
* Reformat indentation
* Add filter "bool" to prevent issues
* Add changes from stable-1 integrations tests (PR 418)
* Refactor to use connectors' info declared in setup_mysql
* Fix 2nd replication stop marked changed by mysqlclient
* add option subtract_privs to mysql_role and mysql_user
see https://github.com/ansible-collections/community.mysql/issues/331
* add integration tests for subtract_privs for mysql_role and mysql_user
* add changelog fragment for PR #333
* mysql_role, mysql_user: when subtract_privileges, don't grant unwanted privileges and don't revoke USAGE implicitly
* fix integration tests
* mysql_role, mysql_user: invalid privileges are ignored when subtract_privs is true -> document that and fix integration tests
* fix mysql_role integration tests
* fix mysql_role, mysql_user integration tests
* formatting
make the PEP8 check happy
* mysql_user and mysql_role: fix granting privileges when only the GRANT OPTION needs to be added
* mysql_user and mysql_role: log some updated privileges; explain integration test blind spot
* mysql_user and mysql_role: don't grant too much privileges
If only the grant option needs to be granted, at least one privilege needs to be granted to get valid syntax. USAGE is better for that than the existing privileges, because unwanted privileges would be re-added after revokation.
* mysql_user and mysql_role: fix type error
* Update changelogs/fragments/333-mysql_user-mysql_role-add-subtract_privileges-argument.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_role.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add default database "mysql" to mysql_user
Since permissions are stored in the "mysql" database anyway this should not change the behaviour of the module. But replication / binlog filters which rely on the current database will be able to filter the statements correctly afterwards. Prior to this change they were not executed in any database context and could not be filtered in any way by the existing methods in MySQL.
* Added changelog fragment
* Update changelogs/fragments/266-default-database-for-mysql-user
Thanks!
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update mysql_user.py
Make the change a configureable boolean
* Update 266-default-database-for-mysql-user
update changelog fragment
* Update 266-default-database-for-mysql-user
it´s not a bugfix anymore
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* renamed new option to force_context
enhanced description
added tests
* fixed changelog
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* added more tests
* removed first test attempts again (from issue-28.yml)
created new tests for testing with and without replication
* added force_context: no testing
* forgot to add the new part to main.yml
* found a copy&paste issue
* fix include naming
* Made sure the tests work in local testing
* MariaDB handles online replication filters differently
* fix changelog
* Update changelogs/fragments/266-default-database-for-mysql-user.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update changelogs/fragments/266-default-database-for-mysql-user.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Replace matrix.mysql by matrix.db_engine_version
* Specify db flavor
* Upgrade dbdeployer to 1.56.0
See https://github.com/datacharmer/dbdeployer/issues/120
* Fix: github workflow syntax
* Fix: mysql version file for mariadb engine
* Do not test mysql_variables modes persist and persist_only on mariadb
Those modes do not exist on mariadb. See https://mariadb.com/kb/en/set/
* Exclude integration tests for mariadb_10.5.4 with pymysql==0.7.10
* TLS on mariadb is disabled by default
* Configure mariadb supported versions in matrix
As discussed in https://github.com/ansible-collections/community.mysql/discussions/141#discussioncomment-643657
* Fix: test_mysql_db : assert that databases does not exist
"assertion": "database1 not in mysql_result.stdout"
* Fix: assertion mysql_version in result.version.full
* Fix: test_mysql_user : Check that the module made a change and that the expected plugin type is set
'mysql_native_password' in show_create_user.stdout
* Fix: test_mysql_replication : Create user for replication
ERROR 1064 (42000) at line 1: You have an error in your SQL syntax;
check the manual that corresponds to your MariaDB server version for the
right syntax to use near 'BY 'replication_pass'' at line 1
https://dev.mysql.com/doc/mysql-replication-excerpt/5.7/en/replication-howto-repuser.htmlhttps://dev.mysql.com/doc/mysql-replication-excerpt/8.0/en/replication-howto-repuser.htmlhttps://mariadb.com/kb/en/setting-up-replication/#example-enabling-replication-for-mariadb
Create user syntax compatible with auth plugin and password on both
mysql and mariadb.
https://dev.mysql.com/doc/refman/8.0/en/create-user.htmlhttps://mariadb.com/kb/en/create-user/
* Fix: test_mysql_replication: replica_status 'dict object' has no attribute 'Source_Host'
* Do not test mysql_replication_channel.yml on mariadb
* Do not test target 'test_mysql_role' with mariadb, too much errors to fix
* Setup mysql_version_parts depending on install type (mysql or mariadb)
* Install mariadb-client when install_type is mariadb
To use the same client tools as the database engine.
And to use a more updated mysqldump version, in order to fix this error:
ERROR 1556 (HY000) at line 776: You can't use locks with log tables
* Fix: mysql auth plugin is set on mariadb >10.2
* Fix: skip assertion on mariadb 10.2
* Do not execute test_user_plugin_auth.yml tests on mariadb, create/update useer sql syntax not compatible
* Fix: test_mysql_user : assert user1 TLS requirements
Remove test for oldd versions
* Fix: typo
* Fix: test_mysql_user : Test idempotency (expect ok) ignore mariadb 10.5
* [ci skip] Add changelog fragment
* Delete changelog fragment
* Remove all code related to VALID_PRIVS and get_valid_privs()
* Add tests to update user with invalid privs
* Re-raise InvalidPrivsError when granting privileges
* Fix: compatibility with python2
* More explicit assertions as commented by Andersson007
* Add changelog fragment
* mysql_user: add proper handling of INSERT, UPDATE, REFERENCES on columns
* Add changelog fragment
* fix sanity
* fix CI
* fix sanity
* fix CI
* make the assertion fairer
* Improve
* mysql_user: fix the module is not idempotent when there is SELECT on columns granted
* add changelog fragment
* fix
* Add unit tests for has_select_on_col function
* Add unit tests for sort_column_order function
* Add unit tests for handle_select_on_col function
* Update a comment
* mysql_user: fixed encrypted option for MySQL 8.0 and test coverage
The purpose of this change was originally to expand test coverage to
unblock #76, but an issue was detected with the encrypted parameter on
MySQL 8.0 in the process of writing the tests. Additionally,
user_password_update_test.yml had been disabled at some point, so I
opted to replace it with two new files that will focus on the password
and plugin auth paths.
* Updated tests to cover a couple of missing branches
* Skip tests that rely on sha256_password if pymysql < 0.9
* Cover the case where pymysql isn't installed for plugin tests
* Added better plugin auth checking to tests and other minor changes
* Fixed version detection to explicitly handle MariaDB
* Removed unneeded import from previous change
* Remove whitespace that was introduced by change that was removed
* Added unit tests for missing coverage
* mysql_user: Fixed change detection with append_privs (#69)
Prior to this change, mysql_user with append_privs would attempt to make
a change even if the current privileges were a superset of the new
privileges (shouldn't require any action).
* Fixed unrelated mysql_replication doc causing failures in CI
* Added fragments and check_mode tests
* Expanded priv append tests to cover additional case
* Add changelog fragment
* Add check_hostname option
* Propagate check_hostname option across the collection
* Update documentation fragment
* Propagate test to all other plugins
* Remove stray line
* Give test user privileges to run test operations
* Extend integration tests job matrix
* Add caution note to documentation fragment.
* Update matrix job name
* Rearrange job matrix
* Fix sanity issues
* Fix issue with mysqldb silently failing to update out of range variables
* Fix variable overwrite
* Ignore `check_hostname` when using MySQLdb
* Update plugins/doc_fragments/mysql.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/doc_fragments/mysql.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update changelogs/fragments/35-disable-hostname-check.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add test to verify TLS requirements are removed
* Fix cursor parsing
* small fixes
* Refactor TLS tests into their own file
* Fix TLS requirements parsing
* Add TLS connection parameters
* Add check mode tests
* Fix check mode indentation
* Run MySQL commands with the mysql_command variable
* Fix typo
* Restore code lost during cherry pick
* Fix conditionals to accomodate for MySQL v8
* Fix equal operators
* Remove Black formatting in an attempt to make codecov happy
* Remove deprecation notice
* Fix closing bracket
* Remove code duplication
* initial commit
* removed remaining references to community.general
* enabled integration pipeline
* switched from preconfigured replication topology to simple multinode install
* updated version from 1.0.0 to 0.1.0
