mirror of
https://github.com/ansible-collections/community.mysql.git
synced 2025-04-07 11:10:32 -07:00
836a1ce048
* :Fix ci python requirements (#416)
* Add matrix for python and ansible-core versions for sanity tests
* Add python 3.9 to integrations tests
* Add python 3.9 to unit tests
* Reformat sort by python version first
(cherry picked from commit 97318559e5)
* Fix string to int comparison error 1292
* Fix assert expected changed value
* Cut assertion that is incorrect
With both connectors, and only in stable-1 apparently, the test is
always failed.
* Fix bool comparison
* Revert separated tests for both connectors
* Refactor test using connector.name variable
* Refactor filtering of tasks using connector's vars sets during setup
* Fix "command not found" and "database doesn't exists"
* Fix assertion by not running on failing connectors
* Fix missing package when using sha256_password with MySQL 8
113 lines
3.3 KiB
YAML
113 lines
3.3 KiB
YAML
---
|
|
- vars:
|
|
mysql_parameters: &mysql_params
|
|
login_user: '{{ mysql_user }}'
|
|
login_password: '{{ mysql_password }}'
|
|
login_host: 127.0.0.1
|
|
login_port: '{{ mysql_primary_port }}'
|
|
|
|
block:
|
|
|
|
# ============================================================
|
|
|
|
- name: get server certificate
|
|
copy:
|
|
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
|
|
dest: /tmp/cert.pem
|
|
delegate_to: localhost
|
|
|
|
- name: get server version
|
|
mysql_info:
|
|
<<: *mysql_params
|
|
filter: version
|
|
register: db_version
|
|
|
|
- set_fact:
|
|
old_user_mgmt: "{{ db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2 | bool }}"
|
|
|
|
- name: Drop mysql user if exists
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ item }}'
|
|
state: absent
|
|
ignore_errors: yes
|
|
with_items:
|
|
- "{{ user_name_1 }}"
|
|
- "{{ user_name_2 }}"
|
|
|
|
- name: create user with REQUIRESSL privilege
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
|
|
|
|
- name: verify REQUIRESSL is assigned to the user
|
|
mysql_query:
|
|
<<: *mysql_params
|
|
query: "SHOW {{ what }} '{{ user_name_1}}'@'localhost'"
|
|
register: result
|
|
vars:
|
|
what: "{{ 'GRANTS FOR' if old_user_mgmt else 'CREATE USER' }}"
|
|
|
|
- assert:
|
|
that:
|
|
- result is succeeded and 'REQUIRE SSL' in (result.query_result | string)
|
|
|
|
- name: create user with equivalent ssl requirement in tls_requires (expect unchanged)
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:SELECT,CREATE USER,GRANT'
|
|
tls_requires:
|
|
SSL:
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: create the same user again, with REQUIRESSL privilege once more
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: create user with both REQUIRESSL privilege and an incompatible tls_requires option
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
|
|
tls_requires:
|
|
X509:
|
|
|
|
- name: create same user again without REQUIRESSL privilege
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:SELECT,CREATE USER,GRANT'
|
|
tls_requires:
|
|
X509:
|
|
register: result
|
|
|
|
- assert:
|
|
that: result is not changed
|
|
|
|
- name: Drop mysql user
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ item }}'
|
|
host: 127.0.0.1
|
|
state: absent
|
|
with_items:
|
|
- "{{ user_name_1 }}"
|
|
- "{{ user_name_2 }}"
|