ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-06 18:50:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
community.mysql/tests/integration/targets/test_mysql_user/tasks/main.yml
Daniel Rupp f5e8fbb3f5
Add default database "mysql" to mysql_user (#266) 
* Add default database "mysql" to mysql_user

Since permissions are stored in the "mysql" database anyway this should not change the behaviour of the module. But replication / binlog filters which rely on the current database will be able to filter the statements correctly afterwards. Prior to this change they were not executed in any database context and could not be filtered in any way by the existing methods in MySQL.

* Added changelog fragment

* Update changelogs/fragments/266-default-database-for-mysql-user

Thanks!

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update mysql_user.py

Make the change a configureable boolean

* Update 266-default-database-for-mysql-user

update changelog fragment

* Update 266-default-database-for-mysql-user

it´s not a bugfix anymore

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* renamed new option to force_context
enhanced description
added tests

* fixed changelog

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* added more tests

* removed first test attempts again (from issue-28.yml)
created new tests for testing with and without replication

* added force_context: no testing

* forgot to add the new part to main.yml

* found a copy&paste issue

* fix include naming

* Made sure the tests work in local testing

* MariaDB handles online replication filters differently

* fix changelog

* Update changelogs/fragments/266-default-database-for-mysql-user.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update changelogs/fragments/266-default-database-for-mysql-user.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2022-01-10 16:03:25 +01:00

290 lines
10 KiB
YAML
Raw Blame History

####################################################################
# WARNING: These are designed specifically for Ansible tests #
# and should not be used as examples of how to write Ansible roles #
####################################################################
# test code for the mysql_user module
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 dof the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
# create mysql user and verify user is added to mysql database
#
- name: alias mysql command to include default options
set_fact:
mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
- vars:
mysql_parameters: &mysql_params
login_user: '{{ mysql_user }}'
login_password: '{{ mysql_password }}'
login_host: 127.0.0.1
login_port: '{{ mysql_primary_port }}'
block:
- include: issue-121.yml
- include: issue-28.yml
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: resource_limits.yml
- include: assert_user.yml user_name={{user_name_1}}
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# Create mysql user that already exist on mysql database
#
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- name: create mysql user that already exist (expect changed=false)
mysql_user:
<<: *mysql_params
name: '{{user_name_1}}'
password: '{{user_password_1}}'
state: present
register: result
- name: assert output message mysql user was not created
assert: { that: "result.changed == false" }
# ============================================================
# remove mysql user and verify user is removed from mysql database
#
- name: remove mysql user state=absent (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: absent
register: result
- name: assert output message mysql user was removed
assert:
that:
- "result.changed == true"
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# remove mysql user that does not exist on mysql database
#
- name: remove mysql user that does not exist state=absent (expect changed=false)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: absent
register: result
- name: assert output message mysql user that does not exist
assert:
that:
- "result.changed == false"
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# Create user with no privileges and verify default privileges are assign
#
- name: create user with select privilege state=present (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
password: '{{ user_password_1 }}'
state: present
register: result
- include: assert_user.yml user_name={{user_name_1}} priv=USAGE
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: assert_no_user.yml user_name={{user_name_1}}
# ============================================================
# Create user with select privileges and verify select privileges are assign
#
- name: create user with select privilege state=present (expect changed=true)
mysql_user:
<<: *mysql_params
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
state: present
priv: '*.*:SELECT'
register: result
- include: assert_user.yml user_name={{user_name_2}} priv=SELECT
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_2 }}
- include: assert_no_user.yml user_name={{user_name_2}}
# ============================================================
# Assert user has access to multiple databases
#
- name: give users access to multiple databases
mysql_user:
<<: *mysql_params
name: '{{ item[0] }}'
priv: '{{ item[1] }}.*:ALL'
append_privs: yes
password: '{{ user_password_1 }}'
with_nested:
- [ '{{ user_name_1 }}', '{{ user_name_2 }}']
- "{{db_names}}"
- name: show grants access for user1 on multiple database
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
register: result
- name: assert grant access for user1 on multiple database
assert:
that:
- "'{{ item }}' in result.stdout"
with_items: "{{db_names}}"
- name: show grants access for user2 on multiple database
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost'\""
register: result
- name: assert grant access for user2 on multiple database
assert:
that:
- "'{{ item }}' in result.stdout"
with_items: "{{db_names}}"
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
- name: give user access to database via wildcard
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
priv: '%db.*:SELECT'
append_privs: yes
password: '{{ user_password_1 }}'
- name: show grants access for user1 on multiple database
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
register: result
- name: assert grant access for user1 on multiple database
assert:
that:
- "'%db' in result.stdout"
- "'SELECT' in result.stdout"
- name: test priv type check, must fail
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
priv:
- unsuitable
- type
append_privs: yes
host_all: yes
password: '{{ user_password_1 }}'
register: result
ignore_errors: yes
- name: check fail message
assert:
that:
- result is failed
- result.msg is search('priv parameter must be str or dict')
- name: change user access to database via wildcard
mysql_user:
<<: *mysql_params
name: '{{ user_name_1 }}'
priv: '%db.*:INSERT'
append_privs: yes
host_all: yes
password: '{{ user_password_1 }}'
- name: show grants access for user1 on multiple database
command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
register: result
- name: assert grant access for user1 on multiple database
assert:
that:
- "'%db' in result.stdout"
- "'INSERT' in result.stdout"
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
# ============================================================
# Test plaintext and encrypted password scenarios.
#
- include: test_user_password.yml
# ============================================================
# Test plugin authentication scenarios.
#
# FIXME: mariadb sql syntax for create/update user is not compatible
- include: test_user_plugin_auth.yml
when: install_type == 'mysql'
# ============================================================
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
#
- include: test_privs.yml current_privilege=SELECT current_append_privs=no
# ============================================================
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
#
- include: test_privs.yml current_privilege=DROP current_append_privs=yes
# ============================================================
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
#
- include: test_privs.yml current_privilege='UPDATE,ALTER' current_append_privs=no
# ============================================================
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
#
- include: test_privs.yml current_privilege='INSERT,DELETE' current_append_privs=yes
# Tests for the priv parameter with dict value (https://github.com/ansible/ansible/issues/57533)
- include: test_priv_dict.yml
# Test that append_privs will not attempt to make a change where current privileges are a superset of new privileges
# (https://github.com/ansible-collections/community.mysql/issues/69)
- include: test_priv_append.yml enable_check_mode=no
- include: test_priv_append.yml enable_check_mode=yes
# Tests for the TLS requires dictionary
- include: tls_requirements.yml
- import_tasks: issue-29511.yaml
tags:
- issue-29511
- import_tasks: issue-64560.yaml
tags:
- issue-64560
# Test that mysql_user still works with force_context enabled (database set to "mysql")
# (https://github.com/ansible-collections/community.mysql/issues/265)
- include: issue-265.yml
Reference in a new issue View git blame Copy permalink