mirror of
https://github.com/ansible-collections/community.mysql.git
synced 2025-04-05 10:10:32 -07:00
33e8754c4e
* fix tuple indexerror when no accounts are found * Fix tests for update_password not executed * Add test for case where existing user have different password * lint to prevent warning about jinja templating in when clause * Refactor get_existing_authentication to return a list of all row found Previously we were returning only the first row found. We need to be able to see if there is a difference in the existing passwords. * Refactor host option to be optional This make it possible to use the same method from mysql_user to help update_password retrieve existing password for all account with the same username independently of their hostname. And from mysql_info to get the password of a specif user using WHERE user = '' AND host = '' * Add change log fragment * Add link to the PR in the change log * lint for ansible devel * Fix templating type error could not cconvert to bool with ansible devel * Revert changes made for ansible-devel that broke tests for Ansible 2.15 * Revert changes made for ansible-devel that broke tests * Cut unnecessary set, uniqueness is ensured by the group_by in the query * Cut auth plugin from returned values when multiple existing auths exists Discussed here: https://github.com/ansible-collections/community.mysql/pull/642/files#r1649720519 * fix convertion of list(dict) to list(tuple) * Fix test for empty password on MySQL 8+
89 lines
2.8 KiB
YAML
89 lines
2.8 KiB
YAML
---
|
|
- name: set fact tls_enabled
|
|
ansible.builtin.command:
|
|
cmd: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
|
|
register: result
|
|
|
|
- name: Set tls_enabled fact
|
|
ansible.builtin.set_fact:
|
|
tls_enabled: "{{ 'YES' in result.stdout | bool | default('false', true) }}"
|
|
|
|
- vars:
|
|
mysql_parameters: &mysql_params
|
|
login_user: '{{ mysql_user }}'
|
|
login_password: '{{ mysql_password }}'
|
|
login_host: '{{ mysql_host }}'
|
|
login_port: '{{ mysql_primary_port }}'
|
|
when: tls_enabled
|
|
block:
|
|
|
|
# ============================================================
|
|
- name: get server certificate
|
|
ansible.builtin.copy:
|
|
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
|
|
dest: /tmp/cert.pem
|
|
delegate_to: localhost
|
|
|
|
- name: Drop mysql user if exists
|
|
community.mysql.mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ user_name_1 }}'
|
|
host_all: true
|
|
state: absent
|
|
ignore_errors: true
|
|
|
|
- name: create user with ssl requirement
|
|
community.mysql.mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
host: '%'
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:ALL,GRANT'
|
|
tls_requires:
|
|
SSL:
|
|
|
|
- name: attempt connection with newly created user (expect failure)
|
|
community.mysql.mysql_variables:
|
|
variable: '{{ set_name }}'
|
|
login_user: '{{ user_name_1 }}'
|
|
login_password: '{{ user_password_1 }}'
|
|
login_host: '{{ mysql_host }}'
|
|
login_port: '{{ mysql_primary_port }}'
|
|
ca_cert: /tmp/cert.pem
|
|
register: result
|
|
ignore_errors: true
|
|
|
|
- name: Assert that result is failed for pymysql
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is failed
|
|
when:
|
|
- connector_name == 'pymysql'
|
|
|
|
- name: Assert that result is success for mysqlclient
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is succeeded
|
|
when:
|
|
- connector_name != 'pymysql'
|
|
|
|
- name: attempt connection with newly created user ignoring hostname
|
|
community.mysql.mysql_variables:
|
|
variable: '{{ set_name }}'
|
|
login_user: '{{ user_name_1 }}'
|
|
login_password: '{{ user_password_1 }}'
|
|
login_host: '{{ mysql_host }}'
|
|
login_port: '{{ mysql_primary_port }}'
|
|
ca_cert: /tmp/cert.pem
|
|
check_hostname: no
|
|
register: result
|
|
ignore_errors: true
|
|
failed_when:
|
|
- result is failed or 'pymysql >= 0.7.11 is required' not in result.msg
|
|
|
|
- name: Drop mysql user
|
|
community.mysql.mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ user_name_1 }}'
|
|
host_all: true
|
|
state: absent
|