1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/tests/integration/targets/mysql_user/tasks/test_privs.yml

155 lines
5.2 KiB
YAML

# test code for privileges for mysql_user module
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: create user with basic select privileges
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:SELECT'
state: present
login_unix_socket: '{{ mysql_socket }}'
when: current_append_privs == "yes"
- include: assert_user.yml user_name={{user_name_2}} priv='SELECT'
when: current_append_privs == "yes"
- name: create user with current privileges (expect changed=true)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:{{current_privilege}}'
append_privs: '{{current_append_privs}}'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert output message for current privileges
assert: { that: "result.changed == true" }
- name: run command to show privileges for user (expect privileges in stdout)
command: mysql "-e SHOW GRANTS FOR '{{user_name_2}}'@'localhost';"
register: result
- name: assert user has correct privileges
assert: { that: "'GRANT {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout" }
when: current_append_privs == "no"
- name: assert user has correct privileges
assert: { that: "'GRANT SELECT, {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout" }
when: current_append_privs == "yes"
- name: create database using user current privileges
mysql_db:
name: '{{ db_name }}'
state: present
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
ignore_errors: true
- name: run command to test that database was not created
command: mysql "-e show databases like '{{ db_name }}';"
register: result
- name: assert database was not created
assert: { that: "'{{ db_name }}' not in result.stdout" }
# ============================================================
- name: Add privs to a specific table (expect changed)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: 'jmainguy.jmainguy:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert that priv changed
assert: { that: "result.changed == true" }
- name: Add privs to a specific table (expect ok)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: 'jmainguy.jmainguy:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert that priv did not change
assert: { that: "result.changed == false" }
# ============================================================
- name: update user with all privileges
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
- name: create database using user
mysql_db:
name: '{{ db_name }}'
state: present
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
- name: run command to test database was created using user new privileges
command: mysql "-e SHOW CREATE DATABASE {{ db_name }};"
- name: drop database using user
mysql_db:
name: '{{ db_name }}'
state: absent
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
# ============================================================
- name: update user with a long privileges list (mysql has a special multiline grant output)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert that priv changed
assert: { that: "result.changed == true" }
- name: Test idempotency (expect ok)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert that priv did not change
assert: { that: "result.changed == false" }
- name: remove username
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
state: absent
login_unix_socket: '{{ mysql_socket }}'