mirror of
https://github.com/ansible-collections/community.mysql.git
synced 2025-04-05 10:10:32 -07:00
f5e8fbb3f5
* Add default database "mysql" to mysql_user Since permissions are stored in the "mysql" database anyway this should not change the behaviour of the module. But replication / binlog filters which rely on the current database will be able to filter the statements correctly afterwards. Prior to this change they were not executed in any database context and could not be filtered in any way by the existing methods in MySQL. * Added changelog fragment * Update changelogs/fragments/266-default-database-for-mysql-user Thanks! Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update mysql_user.py Make the change a configureable boolean * Update 266-default-database-for-mysql-user update changelog fragment * Update 266-default-database-for-mysql-user it´s not a bugfix anymore * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * renamed new option to force_context enhanced description added tests * fixed changelog * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * added more tests * removed first test attempts again (from issue-28.yml) created new tests for testing with and without replication * added force_context: no testing * forgot to add the new part to main.yml * found a copy&paste issue * fix include naming * Made sure the tests work in local testing * MariaDB handles online replication filters differently * fix changelog * Update changelogs/fragments/266-default-database-for-mysql-user.yml Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update changelogs/fragments/266-default-database-for-mysql-user.yml Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
165 lines
4.9 KiB
YAML
165 lines
4.9 KiB
YAML
---
|
|
- name: alias mysql command to include default options
|
|
set_fact:
|
|
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} --protocol=tcp"
|
|
|
|
- vars:
|
|
mysql_parameters: &mysql_params
|
|
login_user: '{{ mysql_user }}'
|
|
login_password: '{{ mysql_password }}'
|
|
login_host: 127.0.0.1
|
|
login_port: '{{ mysql_primary_port }}'
|
|
block:
|
|
|
|
# start replica so it is available for testing
|
|
|
|
- name: Start replica
|
|
mysql_replication:
|
|
<<: *mysql_params
|
|
login_port: '{{ mysql_replica1_port }}'
|
|
mode: startreplica
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result.queries == ["START SLAVE"] or result.queries == ["START REPLICA"]
|
|
|
|
- name: Drop {{ user_name_1 }} if exists
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ user_name_1 }}'
|
|
state: absent
|
|
ignore_errors: yes
|
|
|
|
# First test
|
|
# check if user creation works with force_context and is replicated
|
|
- name: create user with force_context
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:ALL,GRANT'
|
|
force_context: yes
|
|
|
|
- name: attempt connection on replica1 with newly created user (expect success)
|
|
mysql_replication:
|
|
mode: getprimary
|
|
login_user: '{{ user_name_1 }}'
|
|
login_password: '{{ user_password_1 }}'
|
|
login_host: 127.0.0.1
|
|
login_port: '{{ mysql_replica1_port }}'
|
|
register: result
|
|
ignore_errors: yes
|
|
|
|
- assert:
|
|
that:
|
|
- result is succeeded
|
|
|
|
- name: Drop user
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ user_name_1 }}'
|
|
state: absent
|
|
force_context: yes
|
|
|
|
- name: attempt connection on replica with freshly removed user (expect failure)
|
|
mysql_replication:
|
|
mode: getprimary
|
|
login_user: '{{ user_name_1 }}'
|
|
login_password: '{{ user_password_1 }}'
|
|
login_host: 127.0.0.1
|
|
login_port: '{{ mysql_replica1_port }}'
|
|
register: result
|
|
ignore_errors: yes
|
|
|
|
- assert:
|
|
that:
|
|
- result is failed
|
|
|
|
# Prepare replica1 for testing with a replication filter in place
|
|
# Stop replication, create a filter and restart replication on replica1.
|
|
- name: Stop replica
|
|
mysql_replication:
|
|
<<: *mysql_params
|
|
login_port: '{{ mysql_replica1_port }}'
|
|
mode: stopreplica
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result.queries == ["STOP SLAVE"] or result.queries == ["STOP REPLICA"]
|
|
|
|
- name: Create replication filter MySQL
|
|
shell: "echo \"CHANGE REPLICATION FILTER REPLICATE_IGNORE_DB = (mysql);\" | {{ mysql_command }} -P{{ mysql_replica1_port }}"
|
|
when: install_type == 'mysql'
|
|
|
|
- name: Create replication filter MariaDB
|
|
shell: "echo \"SET GLOBAL replicate_ignore_db = 'mysql';\" | {{ mysql_command }} -P{{ mysql_replica1_port }}"
|
|
when: install_type == 'mariadb'
|
|
|
|
- name: Start replica
|
|
mysql_replication:
|
|
<<: *mysql_params
|
|
login_port: '{{ mysql_replica1_port }}'
|
|
mode: startreplica
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result.queries == ["START SLAVE"] or result.queries == ["START REPLICA"]
|
|
|
|
# Second test
|
|
# Filter in place, ready to test if user creation is filtered with force_context
|
|
- name: create user with force_context
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: "{{ user_name_1 }}"
|
|
password: "{{ user_password_1 }}"
|
|
priv: '*.*:ALL,GRANT'
|
|
force_context: yes
|
|
|
|
- name: attempt connection on replica with newly created user (expect failure)
|
|
mysql_replication:
|
|
mode: getprimary
|
|
login_user: '{{ user_name_1 }}'
|
|
login_password: '{{ user_password_1 }}'
|
|
login_host: 127.0.0.1
|
|
login_port: '{{ mysql_replica1_port }}'
|
|
register: result
|
|
ignore_errors: yes
|
|
|
|
- assert:
|
|
that:
|
|
- result is failed
|
|
|
|
- name: Drop user
|
|
mysql_user:
|
|
<<: *mysql_params
|
|
name: '{{ user_name_1 }}'
|
|
state: absent
|
|
force_context: yes
|
|
|
|
# restore normal replica1 operation
|
|
# Stop replication and remove the filter
|
|
- name: Stop replica
|
|
mysql_replication:
|
|
<<: *mysql_params
|
|
login_port: '{{ mysql_replica1_port }}'
|
|
mode: stopreplica
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result.queries == ["STOP SLAVE"] or result.queries == ["STOP REPLICA"]
|
|
|
|
- name: Remove replication filter MySQL
|
|
shell: "echo \"CHANGE REPLICATION FILTER REPLICATE_IGNORE_DB = ();\" | {{ mysql_command }} -P{{ mysql_replica1_port }}"
|
|
when: install_type == 'mysql'
|
|
|
|
- name: Remove replication filter MariaDB
|
|
shell: "echo \"SET GLOBAL replicate_ignore_db = '';\" | {{ mysql_command }} -P{{ mysql_replica1_port }}"
|
|
when: install_type == 'mariadb'
|