47aea84924
* Don't return module error when mysql_connect fails (#64560) mysql_user expects an Exception when using check_implicit_admin. * Adds integration tests for mysql_user check_implicit_admin (#64560)
217 lines
7.5 KiB
YAML
217 lines
7.5 KiB
YAML
# test code for the mysql_user module
|
|
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
|
|
|
|
# This file is part of Ansible
|
|
#
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 dof the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
# ============================================================
|
|
# create mysql user and verify user is added to mysql database
|
|
#
|
|
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
|
|
|
- include: assert_user.yml user_name={{user_name_1}}
|
|
|
|
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
|
|
|
- include: assert_no_user.yml user_name={{user_name_1}}
|
|
|
|
# ============================================================
|
|
# Create mysql user that already exist on mysql database
|
|
#
|
|
- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
|
|
|
- name: create mysql user that already exist (expect changed=false)
|
|
mysql_user:
|
|
name: '{{user_name_1}}'
|
|
password: '{{user_password_1}}'
|
|
state: present
|
|
login_unix_socket: '{{ mysql_socket }}'
|
|
register: result
|
|
|
|
- name: assert output message mysql user was not created
|
|
assert: { that: "result.changed == false" }
|
|
|
|
# ============================================================
|
|
# remove mysql user and verify user is removed from mysql database
|
|
#
|
|
- name: remove mysql user state=absent (expect changed=true)
|
|
mysql_user:
|
|
name: '{{ user_name_1 }}'
|
|
password: '{{ user_password_1 }}'
|
|
state: absent
|
|
login_unix_socket: '{{ mysql_socket }}'
|
|
register: result
|
|
|
|
- name: assert output message mysql user was removed
|
|
assert: { that: "result.changed == true" }
|
|
|
|
- include: assert_no_user.yml user_name={{user_name_1}}
|
|
|
|
# ============================================================
|
|
# remove mysql user that does not exist on mysql database
|
|
#
|
|
- name: remove mysql user that does not exist state=absent (expect changed=false)
|
|
mysql_user:
|
|
name: '{{ user_name_1 }}'
|
|
password: '{{ user_password_1 }}'
|
|
state: absent
|
|
login_unix_socket: '{{ mysql_socket }}'
|
|
register: result
|
|
|
|
- name: assert output message mysql user that does not exist
|
|
assert: { that: "result.changed == false" }
|
|
|
|
- include: assert_no_user.yml user_name={{user_name_1}}
|
|
|
|
# ============================================================
|
|
# Create user with no privileges and verify default privileges are assign
|
|
#
|
|
- name: create user with select privilege state=present (expect changed=true)
|
|
mysql_user:
|
|
name: '{{ user_name_1 }}'
|
|
password: '{{ user_password_1 }}'
|
|
state: present
|
|
login_unix_socket: '{{ mysql_socket }}'
|
|
register: result
|
|
|
|
- include: assert_user.yml user_name={{user_name_1}} priv=USAGE
|
|
|
|
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
|
|
|
- include: assert_no_user.yml user_name={{user_name_1}}
|
|
|
|
# ============================================================
|
|
# Create user with select privileges and verify select privileges are assign
|
|
#
|
|
- name: create user with select privilege state=present (expect changed=true)
|
|
mysql_user:
|
|
name: '{{ user_name_2 }}'
|
|
password: '{{ user_password_2 }}'
|
|
state: present
|
|
priv: '*.*:SELECT'
|
|
login_unix_socket: '{{ mysql_socket }}'
|
|
register: result
|
|
|
|
- include: assert_user.yml user_name={{user_name_2}} priv=SELECT
|
|
|
|
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_2 }}
|
|
|
|
- include: assert_no_user.yml user_name={{user_name_2}}
|
|
|
|
# ============================================================
|
|
# Assert user has access to multiple databases
|
|
#
|
|
- name: give users access to multiple databases
|
|
mysql_user:
|
|
name: '{{ item[0] }}'
|
|
priv: '{{ item[1] }}.*:ALL'
|
|
append_privs: yes
|
|
password: '{{ user_password_1 }}'
|
|
login_unix_socket: '{{ mysql_socket }}'
|
|
with_nested:
|
|
- [ '{{ user_name_1 }}', '{{ user_name_2 }}']
|
|
- "{{db_names}}"
|
|
|
|
- name: show grants access for user1 on multiple database
|
|
command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
|
|
register: result
|
|
|
|
- name: assert grant access for user1 on multiple database
|
|
assert: { that: "'{{ item }}' in result.stdout" }
|
|
with_items: "{{db_names}}"
|
|
|
|
- name: show grants access for user2 on multiple database
|
|
command: mysql "-e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost';"
|
|
register: result
|
|
|
|
- name: assert grant access for user2 on multiple database
|
|
assert: { that: "'{{ item }}' in result.stdout" }
|
|
with_items: "{{db_names}}"
|
|
|
|
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
|
|
|
- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
|
|
|
|
- name: give user access to database via wildcard
|
|
mysql_user:
|
|
name: '{{ user_name_1 }}'
|
|
priv: '%db.*:SELECT'
|
|
append_privs: yes
|
|
password: '{{ user_password_1 }}'
|
|
login_unix_socket: '{{ mysql_socket }}'
|
|
|
|
- name: show grants access for user1 on multiple database
|
|
command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
|
|
register: result
|
|
|
|
- name: assert grant access for user1 on multiple database
|
|
assert:
|
|
that:
|
|
- "'%db' in result.stdout"
|
|
- "'SELECT' in result.stdout"
|
|
|
|
- name: change user access to database via wildcard
|
|
mysql_user:
|
|
name: '{{ user_name_1 }}'
|
|
priv: '%db.*:INSERT'
|
|
append_privs: yes
|
|
password: '{{ user_password_1 }}'
|
|
login_unix_socket: '{{ mysql_socket }}'
|
|
|
|
- name: show grants access for user1 on multiple database
|
|
command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';"
|
|
register: result
|
|
|
|
- name: assert grant access for user1 on multiple database
|
|
assert:
|
|
that:
|
|
- "'%db' in result.stdout"
|
|
- "'INSERT' in result.stdout"
|
|
|
|
- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
|
|
|
|
# ============================================================
|
|
# Update user password for a user.
|
|
# Assert the user password is updated and old password can no longer be used.
|
|
#
|
|
#- include: user_password_update_test.yml
|
|
|
|
# ============================================================
|
|
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
|
|
#
|
|
- include: test_privs.yml current_privilege=SELECT current_append_privs=no
|
|
|
|
# ============================================================
|
|
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
|
|
#
|
|
- include: test_privs.yml current_privilege=DROP current_append_privs=yes
|
|
|
|
# ============================================================
|
|
# Assert create user with SELECT privileges, attempt to create database and update privileges to create database
|
|
#
|
|
- include: test_privs.yml current_privilege='UPDATE,ALTER' current_append_privs=no
|
|
|
|
# ============================================================
|
|
# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
|
|
#
|
|
- include: test_privs.yml current_privilege='INSERT,DELETE' current_append_privs=yes
|
|
|
|
- import_tasks: issue-29511.yaml
|
|
tags:
|
|
- issue-29511
|
|
|
|
- import_tasks: issue-64560.yaml
|
|
tags:
|
|
- issue-64560
|