1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
# test code for privileges for mysql_user module
# (c) 2014, Wayne Rosario <wrosario@ansible.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: create user with basic select privileges
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:SELECT'
state: present
login_unix_socket: '{{ mysql_socket }}'
when: current_append_privs == "yes"
- include: assert_user.yml user_name={{user_name_2}} priv='SELECT'
when: current_append_privs == "yes"
- name: create user with current privileges (expect changed=true)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:{{current_privilege}}'
append_privs: '{{current_append_privs}}'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert output message for current privileges
assert: { that: "result.changed == true" }
- name: run command to show privileges for user (expect privileges in stdout)
command: mysql "-e SHOW GRANTS FOR '{{user_name_2}}'@'localhost';"
register: result
- name: assert user has correct privileges
assert: { that: "'GRANT {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout" }
when: current_append_privs == "no"
- name: assert user has correct privileges
assert: { that: "'GRANT SELECT, {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout" }
when: current_append_privs == "yes"
- name: create database using user current privileges
mysql_db:
name: '{{ db_name }}'
state: present
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
ignore_errors: true
- name: run command to test that database was not created
command: mysql "-e show databases like '{{ db_name }}';"
register: result
- name: assert database was not created
assert: { that: "'{{ db_name }}' not in result.stdout" }
# ============================================================
- name: Add privs to a specific table (expect changed)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: 'jmainguy.jmainguy:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert that priv changed
assert: { that: "result.changed == true" }
- name: Add privs to a specific table (expect ok)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: 'jmainguy.jmainguy:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert that priv did not change
assert: { that: "result.changed == false" }
# ============================================================
- name: update user with all privileges
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
- name: create database using user
mysql_db:
name: '{{ db_name }}'
state: present
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
- name: run command to test database was created using user new privileges
command: mysql "-e SHOW CREATE DATABASE {{ db_name }};"
- name: drop database using user
mysql_db:
name: '{{ db_name }}'
state: absent
login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}'
- name: remove username
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
state: absent
login_unix_socket: '{{ mysql_socket }}'
|
