mirror of
https://github.com/ansible-collections/community.mysql.git
synced 2025-04-05 02:00:31 -07:00
307 lines
9.6 KiB
YAML
307 lines
9.6 KiB
YAML
---
|
|
####################################################################
|
|
# WARNING: These are designed specifically for Ansible tests #
|
|
# and should not be used as examples of how to write Ansible roles #
|
|
####################################################################
|
|
|
|
# test code for the mysql_user module
|
|
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
|
|
|
|
# This file is part of Ansible
|
|
#
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 dof the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
# ============================================================
|
|
# create mysql user and verify user is added to mysql database
|
|
#
|
|
|
|
- vars:
|
|
mysql_parameters: &mysql_params
|
|
login_user: '{{ mysql_user }}'
|
|
login_password: '{{ mysql_password }}'
|
|
login_host: '{{ mysql_host }}'
|
|
login_port: '{{ mysql_primary_port }}'
|
|
|
|
block:
|
|
|
|
- include_tasks: issue-121.yml
|
|
|
|
- include_tasks: issue-28.yml
|
|
|
|
- include_tasks: test_resource_limits.yml
|
|
|
|
- include_tasks: test_idempotency.yml
|
|
|
|
- include_tasks: test_password_expire.yml
|
|
|
|
# ============================================================
|
|
# Create user with no privileges and verify default privileges are assign
|
|
#
|
|
- name: create user with DEFAULT privilege state=present (expect changed=true)
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
state: present
|
|
register: result
|
|
|
|
- include_tasks: utils/assert_user.yml
|
|
vars:
|
|
user_name: "{{ user_name_1 }}"
|
|
user_host: localhost
|
|
priv: USAGE
|
|
|
|
- include_tasks: utils/remove_user.yml
|
|
vars:
|
|
user_name: "{{ user_name_1 }}"
|
|
|
|
- include_tasks: utils/assert_no_user.yml
|
|
vars:
|
|
user_name: "{{ user_name_1 }}"
|
|
|
|
|
|
# ============================================================
|
|
# Create user with select privileges and verify select privileges are assign
|
|
#
|
|
- name: Create user with SELECT privilege state=present (expect changed=true)
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_2 }}"
|
|
password: "{{ user_password_2 }}"
|
|
state: present
|
|
priv: '*.*:SELECT'
|
|
register: result
|
|
|
|
- include_tasks: utils/assert_user.yml
|
|
vars:
|
|
user_name: "{{ user_name_2 }}"
|
|
user_host: localhost
|
|
priv: SELECT
|
|
|
|
- include_tasks: utils/remove_user.yml
|
|
vars:
|
|
user_name: "{{ user_name_2 }}"
|
|
|
|
- include_tasks: utils/assert_no_user.yml
|
|
vars:
|
|
user_name: "{{ user_name_2 }}"
|
|
|
|
|
|
# ============================================================
|
|
# Assert user has access to multiple databases
|
|
#
|
|
- name: Give users access to multiple databases
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ item[0] }}'
|
|
priv: '{{ item[1] }}.*:ALL'
|
|
append_privs: yes
|
|
password: '{{ user_password_1 }}'
|
|
with_nested:
|
|
- ['{{ user_name_1 }}', '{{ user_name_2 }}']
|
|
- "{{db_names}}"
|
|
|
|
- name: Show grants access for user1 on multiple database
|
|
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
|
|
register: result
|
|
|
|
- name: Assert grant access for user1 on multiple database
|
|
assert:
|
|
that:
|
|
- item in result.stdout
|
|
loop: "{{ db_names }}"
|
|
|
|
- name: Show grants access for user2 on multiple database
|
|
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost'\""
|
|
register: result
|
|
|
|
- name: Assert grant access for user2 on multiple database
|
|
assert:
|
|
that:
|
|
- item in result.stdout
|
|
loop: "{{db_names}}"
|
|
|
|
- include_tasks: utils/remove_user.yml
|
|
vars:
|
|
user_name: "{{ user_name_1 }}"
|
|
|
|
- include_tasks: utils/remove_user.yml
|
|
vars:
|
|
user_name: "{{ user_name_2 }}"
|
|
|
|
- name: Give user SELECT access to database via wildcard
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ user_name_1 }}'
|
|
priv: '%db.*:SELECT'
|
|
append_privs: yes
|
|
password: '{{ user_password_1 }}'
|
|
|
|
- name: Show grants access for user1 on database via wildcard
|
|
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
|
|
register: result
|
|
|
|
- name: assert grant access for user1 on multiple database
|
|
assert:
|
|
that:
|
|
- "'%db' in result.stdout"
|
|
- "'SELECT' in result.stdout"
|
|
|
|
- name: test priv type check, must fail
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ user_name_1 }}'
|
|
priv:
|
|
- unsuitable
|
|
- type
|
|
append_privs: yes
|
|
host_all: yes
|
|
password: '{{ user_password_1 }}'
|
|
register: result
|
|
ignore_errors: yes
|
|
|
|
- name: check fail message
|
|
assert:
|
|
that:
|
|
- result is failed
|
|
- result.msg is search('priv parameter must be str or dict')
|
|
|
|
- name: Change SELECT to INSERT for user access to database via wildcard
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ user_name_1 }}'
|
|
priv: '%db.*:INSERT'
|
|
append_privs: yes
|
|
host_all: yes
|
|
password: '{{ user_password_1 }}'
|
|
|
|
- name: Show grants access for user1 on database via wildcard
|
|
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
|
|
register: result
|
|
|
|
- name: assert grant access for user1 on multiple database
|
|
assert:
|
|
that:
|
|
- "'%db' in result.stdout"
|
|
- "'INSERT' in result.stdout"
|
|
|
|
- include_tasks: utils/remove_user.yml
|
|
vars:
|
|
user_name: "{{user_name_1}}"
|
|
|
|
# ============================================================
|
|
# Test plaintext and encrypted password scenarios.
|
|
#
|
|
- include_tasks: test_user_password.yml
|
|
|
|
# ============================================================
|
|
# Test plugin authentication scenarios.
|
|
#
|
|
# FIXME: mariadb sql syntax for create/update user is not compatible
|
|
- include_tasks: test_user_plugin_auth.yml
|
|
when: db_engine == 'mysql'
|
|
|
|
# ============================================================
|
|
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
|
|
#
|
|
- include_tasks: test_privs.yml
|
|
vars:
|
|
current_privilege: SELECT
|
|
current_append_privs: no
|
|
|
|
# ============================================================
|
|
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
|
|
#
|
|
- include_tasks: test_privs.yml
|
|
vars:
|
|
current_privilege: DROP
|
|
current_append_privs: yes
|
|
|
|
# ============================================================
|
|
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
|
|
#
|
|
- include_tasks: test_privs.yml
|
|
vars:
|
|
current_privilege: 'UPDATE,ALTER'
|
|
current_append_privs: no
|
|
|
|
# ============================================================
|
|
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
|
|
#
|
|
- include_tasks: test_privs.yml
|
|
vars:
|
|
current_privilege: 'INSERT,DELETE'
|
|
current_append_privs: yes
|
|
|
|
# Tests for the priv parameter with dict value (https://github.com/ansible/ansible/issues/57533)
|
|
- include_tasks: test_priv_dict.yml
|
|
|
|
# Test that append_privs will not attempt to make a change where current privileges are a superset of new privileges
|
|
# (https://github.com/ansible-collections/community.mysql/issues/69)
|
|
- include_tasks: test_priv_append.yml
|
|
vars:
|
|
enable_check_mode: no
|
|
- include_tasks: test_priv_append.yml
|
|
vars:
|
|
enable_check_mode: yes
|
|
|
|
# Test that subtract_privs will only revoke the grants given by priv
|
|
# (https://github.com/ansible-collections/community.mysql/issues/331)
|
|
- include_tasks: test_priv_subtract.yml
|
|
vars:
|
|
enable_check_mode: no
|
|
- include_tasks: test_priv_subtract.yml
|
|
vars:
|
|
enable_check_mode: yes
|
|
|
|
- import_tasks: test_privs_issue_465.yml
|
|
tags:
|
|
- issue_465
|
|
|
|
# Tests for user attributes
|
|
- include_tasks: test_user_attributes.yml
|
|
|
|
# Tests for the TLS requires dictionary
|
|
- include_tasks: test_tls_requirements.yml
|
|
|
|
- import_tasks: issue-29511.yaml
|
|
tags:
|
|
- issue-29511
|
|
|
|
- import_tasks: issue-64560.yaml
|
|
tags:
|
|
- issue-64560
|
|
|
|
- name: Test ANSI_QUOTES
|
|
ansible.builtin.import_tasks:
|
|
file: issue-671.yaml
|
|
tags:
|
|
- issue-671
|
|
|
|
# Test that mysql_user still works with force_context enabled (database set to "mysql")
|
|
# (https://github.com/ansible-collections/community.mysql/issues/265)
|
|
- include_tasks: issue-265.yml
|
|
|
|
# https://github.com/ansible-collections/community.mysql/issues/231
|
|
- include_tasks: test_user_grants_with_roles_applied.yml
|
|
|
|
- include_tasks: test_revoke_only_grant.yml
|
|
|
|
- name: Mysql_user - test column case sensitive
|
|
ansible.builtin.import_tasks:
|
|
file: test_column_case_sensitive.yml
|
|
|
|
- name: Mysql_user - test update_password
|
|
ansible.builtin.import_tasks:
|
|
file: test_update_password.yml
|