ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-05 02:00:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
community.mysql/tests/integration/targets/test_mysql_user/tasks/main.yml
Diego Gullo 6ac89ca1f6
Display a more informative error when InvalidPrivsError is raised (#465) (#466) 
* Display a more informative error when InvalidPrivsError is raised (Issue #465)

Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
2022-12-06 13:12:01 +01:00

304 lines
11 KiB
YAML
Raw Blame History

####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# test code for the mysql_user module
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 dof the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
# create mysql user and verify user is added to mysql database
#
- name: alias mysql command to include default options
set_fact:
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
block:
- include: issue-121.yml
- include: issue-28.yml
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: resource_limits.yml
- include: assert_user.yml user_name={{user_name_1}}
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# Create mysql user that already exist on mysql database
#
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- name: create mysql user that already exist (expect changed=false)
mysql_user:
<<: *mysql_params
name: '{{user_name_1}}'
password: '{{user_password_1}}'
state: present
register: result
- name: assert output message mysql user was not created
assert:
that:
- result is not changed
# ============================================================
# remove mysql user and verify user is removed from mysql database
#
- name: remove mysql user state=absent (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: absent
register: result
- name: assert output message mysql user was removed
assert:
that:
- result is changed
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# remove mysql user that does not exist on mysql database
#
- name: remove mysql user that does not exist state=absent (expect changed=false)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: absent
register: result
- name: assert output message mysql user that does not exist
assert:
that:
- result is not changed
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# Create user with no privileges and verify default privileges are assign
#
- name: create user with select privilege state=present (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: present
register: result
- include: assert_user.yml user_name={{user_name_1}} priv=USAGE
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# Create user with select privileges and verify select privileges are assign
#
- name: create user with select privilege state=present (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
state: present
priv: '*.*:SELECT'
register: result
- include: assert_user.yml user_name={{user_name_2}} priv=SELECT
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_2 }}
- include: assert_no_user.yml user_name={{user_name_2}}
# ============================================================
# Assert user has access to multiple databases
#
- name: give users access to multiple databases
mysql_user:
<<: *mysql_params
name: '{{ item[0] }}'
priv: '{{ item[1] }}.*:ALL'
append_privs: yes
password: '{{ user_password_1 }}'
with_nested:
- [ '{{ user_name_1 }}', '{{ user_name_2 }}']
- "{{db_names}}"
- name: show grants access for user1 on multiple database
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
register: result
- name: assert grant access for user1 on multiple database
assert:
that:
- "'{{ item }}' in result.stdout"
with_items: "{{db_names}}"
- name: show grants access for user2 on multiple database
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost'\""
register: result
- name: assert grant access for user2 on multiple database
assert:
that:
- "'{{ item }}' in result.stdout"
with_items: "{{db_names}}"
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
- name: give user access to database via wildcard
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
priv: '%db.*:SELECT'
append_privs: yes
password: '{{ user_password_1 }}'
- name: show grants access for user1 on multiple database
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
register: result
- name: assert grant access for user1 on multiple database
assert:
that:
- "'%db' in result.stdout"
- "'SELECT' in result.stdout"
- name: test priv type check, must fail
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
priv:
- unsuitable
- type
append_privs: yes
host_all: yes
password: '{{ user_password_1 }}'
register: result
ignore_errors: yes
- name: check fail message
assert:
that:
- result is failed
- result.msg is search('priv parameter must be str or dict')
- name: change user access to database via wildcard
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
priv: '%db.*:INSERT'
append_privs: yes
host_all: yes
password: '{{ user_password_1 }}'
- name: show grants access for user1 on multiple database
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
register: result
- name: assert grant access for user1 on multiple database
assert:
that:
- "'%db' in result.stdout"
- "'INSERT' in result.stdout"
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
# ============================================================
# Test plaintext and encrypted password scenarios.
#
- include: test_user_password.yml
# ============================================================
# Test plugin authentication scenarios.
#
# FIXME: mariadb sql syntax for create/update user is not compatible
- include: test_user_plugin_auth.yml
when: install_type == 'mysql'
# ============================================================
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
#
- include: test_privs.yml current_privilege=SELECT current_append_privs=no
# ============================================================
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
#
- include: test_privs.yml current_privilege=DROP current_append_privs=yes
# ============================================================
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
#
- include: test_privs.yml current_privilege='UPDATE,ALTER' current_append_privs=no
# ============================================================
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
#
- include: test_privs.yml current_privilege='INSERT,DELETE' current_append_privs=yes
# Tests for the priv parameter with dict value (https://github.com/ansible/ansible/issues/57533)
- include: test_priv_dict.yml
# Test that append_privs will not attempt to make a change where current privileges are a superset of new privileges
# (https://github.com/ansible-collections/community.mysql/issues/69)
- include: test_priv_append.yml enable_check_mode=no
- include: test_priv_append.yml enable_check_mode=yes
# Test that subtract_privs will only revoke the grants given by priv
# (https://github.com/ansible-collections/community.mysql/issues/331)
- include: test_priv_subtract.yml enable_check_mode=no
- include: test_priv_subtract.yml enable_check_mode=yes
- import_tasks: test_privs_issue_465.yml
tags:
- issue_465
# Tests for the TLS requires dictionary
- include: tls_requirements.yml
- import_tasks: issue-29511.yaml
tags:
- issue-29511
- import_tasks: issue-64560.yaml
tags:
- issue-64560
# Test that mysql_user still works with force_context enabled (database set to "mysql")
# (https://github.com/ansible-collections/community.mysql/issues/265)
- include: issue-265.yml
# https://github.com/ansible-collections/community.mysql/issues/231
- include: test_user_grants_with_roles_applied.yml
Reference in a new issue View git blame Copy permalink