mirror of
https://github.com/ansible-collections/community.mysql.git
synced 2025-04-09 20:20:32 -07:00
117 lines
3.6 KiB
YAML
117 lines
3.6 KiB
YAML
---
|
|
|
|
- vars:
|
|
mysql_parameters: &mysql_params
|
|
login_user: '{{ mysql_user }}'
|
|
login_password: '{{ mysql_password }}'
|
|
login_host: '{{ mysql_host }}'
|
|
login_port: '{{ mysql_primary_port }}'
|
|
|
|
block:
|
|
|
|
- name: Issue-121 | Setup | Get server certificate
|
|
copy:
|
|
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect {{ mysql_host }}:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
|
|
dest: /tmp/cert.pem
|
|
delegate_to: localhost
|
|
|
|
- name: Issue-121 | Setup | get server version
|
|
mysql_info:
|
|
<<: *mysql_params
|
|
filter: version
|
|
register: db_version
|
|
|
|
- set_fact:
|
|
old_user_mgmt: "{{ db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2 | bool }}"
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ item }}'
|
|
host_all: true
|
|
state: absent
|
|
ignore_errors: true
|
|
loop:
|
|
- "{{ user_name_1 }}"
|
|
- "{{ user_name_2 }}"
|
|
|
|
- name: Issue-121 | Create user with REQUIRESSL privilege
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
|
|
|
|
- name: Issue-121 | Verify REQUIRESSL is assigned to the user
|
|
mysql_query:
|
|
<<: *mysql_params
|
|
query: "SHOW {{ what }} '{{ user_name_1}}'@'localhost'"
|
|
register: result
|
|
vars:
|
|
what: "{{ 'GRANTS FOR' if old_user_mgmt else 'CREATE USER' }}"
|
|
|
|
- name: Issue-121 | Assert that requiressl is assigned to the user
|
|
assert:
|
|
that:
|
|
- result is succeeded and 'REQUIRE SSL' in (result.query_result | string)
|
|
|
|
- name: Issue-121 | Create user with equivalent ssl requirement in tls_requires (expect unchanged)
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:SELECT,CREATE USER,GRANT'
|
|
tls_requires:
|
|
SSL:
|
|
register: result
|
|
|
|
- name: Issue-121 | Assert that create user with equivalent ssl is not changed
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: Issue-121 | Create the same user again, with REQUIRESSL privilege once more
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
|
|
register: result
|
|
|
|
- name: Issue-121 | Assert error granting privileges
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: >-
|
|
Issue-121 | Create user with both REQUIRESSL privilege and an incompatible
|
|
tls_requires option
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
host: '{{ gateway_addr }}'
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
|
|
tls_requires:
|
|
X509:
|
|
|
|
- name: create same user again without REQUIRESSL privilege
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:SELECT,CREATE USER,GRANT'
|
|
tls_requires:
|
|
X509:
|
|
register: result
|
|
|
|
- assert:
|
|
that: result is not changed
|
|
|
|
- name: Issue-121 | Teardown | Drop mysql user
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ item }}'
|
|
host_all: true
|
|
state: absent
|
|
with_items:
|
|
- "{{ user_name_1 }}"
|
|
- "{{ user_name_2 }}"
|