ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-06 10:40:36 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
community.mysql/tests/integration/targets/test_mysql_user/tasks/issue-121.yml
Laurent Indermühle 8968f51533
Port stable 1 ci changes (#423) (#424) 
* Add changes from stable-1 integrations tests (PR 418)

* Refactor to use connectors' info declared in setup_mysql

* Fix 2nd replication stop marked changed by mysqlclient

(cherry picked from commit 61586ae4cc)
2022-08-17 11:30:34 +02:00

113 lines
3.3 KiB
YAML
Raw Blame History

---
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
block:
# ============================================================
- name: get server certificate
copy:
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
dest: /tmp/cert.pem
delegate_to: localhost
- name: get server version
mysql_info:
<<: *mysql_params
filter: version
register: db_version
- set_fact:
old_user_mgmt: "{{ db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2 | bool }}"
- name: Drop mysql user if exists
mysql_user:
<<: *mysql_params
name: '{{ item }}'
state: absent
ignore_errors: yes
with_items:
- "{{ user_name_1 }}"
- "{{ user_name_2 }}"
- name: create user with REQUIRESSL privilege
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
password: "{{ user_password_1 }}"
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
- name: verify REQUIRESSL is assigned to the user
mysql_query:
<<: *mysql_params
query: "SHOW {{ what }} '{{ user_name_1}}'@'localhost'"
register: result
vars:
what: "{{ 'GRANTS FOR' if old_user_mgmt else 'CREATE USER' }}"
- assert:
that:
- result is succeeded and 'REQUIRE SSL' in (result.query_result | string)
- name: create user with equivalent ssl requirement in tls_requires (expect unchanged)
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
password: "{{ user_password_1 }}"
priv: '*.*:SELECT,CREATE USER,GRANT'
tls_requires:
SSL:
register: result
- assert:
that:
- result is not changed
- name: create the same user again, with REQUIRESSL privilege once more
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
password: "{{ user_password_1 }}"
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
register: result
- assert:
that:
- result is not changed
- name: create user with both REQUIRESSL privilege and an incompatible tls_requires option
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
password: "{{ user_password_1 }}"
priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
tls_requires:
X509:
- name: create same user again without REQUIRESSL privilege
mysql_user:
<<: *mysql_params
name: "{{ user_name_1 }}"
password: "{{ user_password_1 }}"
priv: '*.*:SELECT,CREATE USER,GRANT'
tls_requires:
X509:
register: result
- assert:
that: result is not changed
- name: Drop mysql user
mysql_user:
<<: *mysql_params
name: '{{ item }}'
host: 127.0.0.1
state: absent
with_items:
- "{{ user_name_1 }}"
- "{{ user_name_2 }}"
Reference in a new issue View git blame Copy permalink