#################################################################### # WARNING: These are designed specifically for Ansible tests # # and should not be used as examples of how to write Ansible roles # #################################################################### # test code for the mysql_user module # (c) 2014, Wayne Rosario # This file is part of Ansible # # Ansible is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 dof the License, or # (at your option) any later version. # # Ansible is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with Ansible. If not, see . # ============================================================ # create mysql user and verify user is added to mysql database # - name: alias mysql command to include default options set_fact: mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp" - vars: mysql_parameters: &mysql_params login_user: '{{ mysql_user }}' login_password: '{{ mysql_password }}' login_host: 127.0.0.1 login_port: '{{ mysql_primary_port }}' block: - include: issue-121.yml - include: issue-28.yml - include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} - include: resource_limits.yml - include: assert_user.yml user_name={{user_name_1}} - include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} - include: assert_no_user.yml user_name={{user_name_1}} # ============================================================ # Create mysql user that already exist on mysql database # - include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} - name: create mysql user that already exist (expect changed=false) mysql_user: <<: *mysql_params name: '{{user_name_1}}' password: '{{user_password_1}}' state: present register: result - name: assert output message mysql user was not created assert: that: - result is not changed # ============================================================ # remove mysql user and verify user is removed from mysql database # - name: remove mysql user state=absent (expect changed=true) mysql_user: <<: *mysql_params name: '{{ user_name_1 }}' password: '{{ user_password_1 }}' state: absent register: result - name: assert output message mysql user was removed assert: that: - result is changed - include: assert_no_user.yml user_name={{user_name_1}} # ============================================================ # remove mysql user that does not exist on mysql database # - name: remove mysql user that does not exist state=absent (expect changed=false) mysql_user: <<: *mysql_params name: '{{ user_name_1 }}' password: '{{ user_password_1 }}' state: absent register: result - name: assert output message mysql user that does not exist assert: that: - result is not changed - include: assert_no_user.yml user_name={{user_name_1}} # ============================================================ # Create user with no privileges and verify default privileges are assign # - name: create user with select privilege state=present (expect changed=true) mysql_user: <<: *mysql_params name: '{{ user_name_1 }}' password: '{{ user_password_1 }}' state: present register: result - include: assert_user.yml user_name={{user_name_1}} priv=USAGE - include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} - include: assert_no_user.yml user_name={{user_name_1}} # ============================================================ # Create user with select privileges and verify select privileges are assign # - name: create user with select privilege state=present (expect changed=true) mysql_user: <<: *mysql_params name: '{{ user_name_2 }}' password: '{{ user_password_2 }}' state: present priv: '*.*:SELECT' register: result - include: assert_user.yml user_name={{user_name_2}} priv=SELECT - include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_2 }} - include: assert_no_user.yml user_name={{user_name_2}} # ============================================================ # Assert user has access to multiple databases # - name: give users access to multiple databases mysql_user: <<: *mysql_params name: '{{ item[0] }}' priv: '{{ item[1] }}.*:ALL' append_privs: yes password: '{{ user_password_1 }}' with_nested: - [ '{{ user_name_1 }}', '{{ user_name_2 }}'] - "{{db_names}}" - name: show grants access for user1 on multiple database command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\"" register: result - name: assert grant access for user1 on multiple database assert: that: - "'{{ item }}' in result.stdout" with_items: "{{db_names}}" - name: show grants access for user2 on multiple database command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost'\"" register: result - name: assert grant access for user2 on multiple database assert: that: - "'{{ item }}' in result.stdout" with_items: "{{db_names}}" - include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} - include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }} - name: give user access to database via wildcard mysql_user: <<: *mysql_params name: '{{ user_name_1 }}' priv: '%db.*:SELECT' append_privs: yes password: '{{ user_password_1 }}' - name: show grants access for user1 on multiple database command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\"" register: result - name: assert grant access for user1 on multiple database assert: that: - "'%db' in result.stdout" - "'SELECT' in result.stdout" - name: test priv type check, must fail mysql_user: <<: *mysql_params name: '{{ user_name_1 }}' priv: - unsuitable - type append_privs: yes host_all: yes password: '{{ user_password_1 }}' register: result ignore_errors: yes - name: check fail message assert: that: - result is failed - result.msg is search('priv parameter must be str or dict') - name: change user access to database via wildcard mysql_user: <<: *mysql_params name: '{{ user_name_1 }}' priv: '%db.*:INSERT' append_privs: yes host_all: yes password: '{{ user_password_1 }}' - name: show grants access for user1 on multiple database command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\"" register: result - name: assert grant access for user1 on multiple database assert: that: - "'%db' in result.stdout" - "'INSERT' in result.stdout" - include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} # ============================================================ # Test plaintext and encrypted password scenarios. # - include: test_user_password.yml # ============================================================ # Test plugin authentication scenarios. # # FIXME: mariadb sql syntax for create/update user is not compatible - include: test_user_plugin_auth.yml when: install_type == 'mysql' # ============================================================ # Assert create user with SELECT privileges, attempt to create database and update privileges to create database # - include: test_privs.yml current_privilege=SELECT current_append_privs=no # ============================================================ # Assert creating user with SELECT privileges, attempt to create database and append privileges to create database # - include: test_privs.yml current_privilege=DROP current_append_privs=yes # ============================================================ # Assert create user with SELECT privileges, attempt to create database and update privileges to create database # - include: test_privs.yml current_privilege='UPDATE,ALTER' current_append_privs=no # ============================================================ # Assert creating user with SELECT privileges, attempt to create database and append privileges to create database # - include: test_privs.yml current_privilege='INSERT,DELETE' current_append_privs=yes # Tests for the priv parameter with dict value (https://github.com/ansible/ansible/issues/57533) - include: test_priv_dict.yml # Test that append_privs will not attempt to make a change where current privileges are a superset of new privileges # (https://github.com/ansible-collections/community.mysql/issues/69) - include: test_priv_append.yml enable_check_mode=no - include: test_priv_append.yml enable_check_mode=yes # Test that subtract_privs will only revoke the grants given by priv # (https://github.com/ansible-collections/community.mysql/issues/331) - include: test_priv_subtract.yml enable_check_mode=no - include: test_priv_subtract.yml enable_check_mode=yes - import_tasks: test_privs_issue_465.yml tags: - issue_465 # Tests for the TLS requires dictionary - include: tls_requirements.yml - import_tasks: issue-29511.yaml tags: - issue-29511 - import_tasks: issue-64560.yaml tags: - issue-64560 # Test that mysql_user still works with force_context enabled (database set to "mysql") # (https://github.com/ansible-collections/community.mysql/issues/265) - include: issue-265.yml # https://github.com/ansible-collections/community.mysql/issues/231 - include: test_user_grants_with_roles_applied.yml