summaryrefslogtreecommitdiffstats
path: root/ansible_collections/community/mysql
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/community/mysql')
-rw-r--r--ansible_collections/community/mysql/.github/patchback.yml5
-rw-r--r--ansible_collections/community/mysql/.github/workflows/ansible-test-plugins.yml147
-rw-r--r--ansible_collections/community/mysql/.github/workflows/ansible-test-roles.yml73
-rw-r--r--ansible_collections/community/mysql/.gitignore139
-rw-r--r--ansible_collections/community/mysql/CHANGELOG.rst249
-rw-r--r--ansible_collections/community/mysql/CONTRIBUTING.md5
-rw-r--r--ansible_collections/community/mysql/CONTRIBUTORS284
-rw-r--r--ansible_collections/community/mysql/COPYING674
-rw-r--r--ansible_collections/community/mysql/FILES.json1482
-rw-r--r--ansible_collections/community/mysql/MAINTAINERS5
-rw-r--r--ansible_collections/community/mysql/MAINTAINING.md3
-rw-r--r--ansible_collections/community/mysql/MANIFEST.json32
-rw-r--r--ansible_collections/community/mysql/PSF-license.txt48
-rw-r--r--ansible_collections/community/mysql/README.md130
-rw-r--r--ansible_collections/community/mysql/changelogs/changelog.yaml302
-rw-r--r--ansible_collections/community/mysql/changelogs/config.yaml29
-rw-r--r--ansible_collections/community/mysql/changelogs/fragments/.keep0
-rw-r--r--ansible_collections/community/mysql/codecov.yml2
-rw-r--r--ansible_collections/community/mysql/meta/runtime.yml2
-rw-r--r--ansible_collections/community/mysql/plugins/README.md31
-rw-r--r--ansible_collections/community/mysql/plugins/doc_fragments/mysql.py113
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/_version.py343
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/database.py189
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/replication.py14
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/role.py19
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/user.py19
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/replication.py14
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/role.py19
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/user.py20
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/mysql.py201
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/user.py896
-rw-r--r--ansible_collections/community/mysql/plugins/module_utils/version.py16
-rw-r--r--ansible_collections/community/mysql/plugins/modules/mysql_db.py763
-rw-r--r--ansible_collections/community/mysql/plugins/modules/mysql_info.py605
-rw-r--r--ansible_collections/community/mysql/plugins/modules/mysql_query.py280
-rw-r--r--ansible_collections/community/mysql/plugins/modules/mysql_replication.py655
-rw-r--r--ansible_collections/community/mysql/plugins/modules/mysql_role.py1095
-rw-r--r--ansible_collections/community/mysql/plugins/modules/mysql_user.py528
-rw-r--r--ansible_collections/community/mysql/plugins/modules/mysql_variables.py271
-rw-r--r--ansible_collections/community/mysql/simplified_bsd.txt8
-rw-r--r--ansible_collections/community/mysql/tests/integration/old_mariadb_replication/aliases7
-rw-r--r--ansible_collections/community/mysql/tests/integration/old_mariadb_replication/defaults/main.yml7
-rw-r--r--ansible_collections/community/mysql/tests/integration/old_mariadb_replication/meta/main.yml3
-rw-r--r--ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/main.yml21
-rw-r--r--ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_master_use_gtid.yml173
-rw-r--r--ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_replication_connection_name.yml118
-rw-r--r--ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_replication_initial.yml96
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_mysql/defaults/main.yml18
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_mysql/handlers/main.yml8
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/config.yml15
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/dir.yml11
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/install.yml90
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/main.yml21
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/setvars.yml33
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/verify.yml27
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_mysql/templates/installed_file.j21
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_mysql/vars/main.yml30
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/handlers/main.yml9
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml5
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/default.yml11
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/main.yml19
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/defaults/main.yml27
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/meta/main.yml2
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml122
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/encoding_dump_import.yml99
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/issue-28.yml84
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/issue_256_mysqldump_errors.yml148
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/main.yml68
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/multi_db_create_delete.yml638
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/state_dump_import.yml504
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/state_present_absent.yml300
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/defaults/main.yml11
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/meta/main.yml3
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/connector_info.yml32
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/issue-28.yml85
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/main.yml219
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/templates/my.cnf.j25
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/defaults/main.yml14
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/meta/main.yml2
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/issue-28.yml85
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/main.yml9
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/mysql_query_initial.yml366
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/defaults/main.yml17
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/meta/main.yml3
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/issue-265.yml165
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml86
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/main.yml26
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_channel.yml127
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml275
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_primary_delay.yml45
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_resetprimary_mode.yml56
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/defaults/main.yml18
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/meta/main.yml2
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/main.yml17
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml1649
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/test_priv_subtract.yml168
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/defaults/main.yml26
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/files/create-function.sql8
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/files/create-procedure.sql5
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/meta/main.yml3
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_no_user.yml25
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_user.yml38
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_user_password.yml24
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/create_user.yml46
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-121.yml76
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-265.yml168
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-28.yml89
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-29511.yaml86
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-64560.yaml49
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/main.yml326
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/remove_user.yml74
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/resource_limits.yml118
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml58
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_append.yml133
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_dict.yml152
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml173
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_privs.yml264
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_privs_issue_465.yml31
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_update_password.yml128
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_grants_with_roles_applied.yml95
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_password.yml269
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml420
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/tls_requirements.yml187
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/defaults/main.yml8
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/meta/main.yml2
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_fail_msg.yml25
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_var.yml36
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_var_output.yml40
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml82
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/main.yml8
-rw-r--r--ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml378
-rw-r--r--ansible_collections/community/mysql/tests/sanity/ignore-2.10.txt8
-rw-r--r--ansible_collections/community/mysql/tests/sanity/ignore-2.11.txt8
-rw-r--r--ansible_collections/community/mysql/tests/sanity/ignore-2.12.txt8
-rw-r--r--ansible_collections/community/mysql/tests/sanity/ignore-2.13.txt8
-rw-r--r--ansible_collections/community/mysql/tests/sanity/ignore-2.14.txt8
-rw-r--r--ansible_collections/community/mysql/tests/sanity/ignore-2.15.txt8
-rw-r--r--ansible_collections/community/mysql/tests/sanity/ignore-2.9.txt3
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/module_utils/__init__.py0
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mariadb_replication.py24
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mariadb_user_implementation.py29
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql.py24
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_replication.py28
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_user.py99
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_user_implementation.py33
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/modules/__init__.py0
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/modules/test_mysql_info.py37
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/modules/test_mysql_role.py119
-rw-r--r--ansible_collections/community/mysql/tests/unit/plugins/utils.py19
149 files changed, 20023 insertions, 0 deletions
diff --git a/ansible_collections/community/mysql/.github/patchback.yml b/ansible_collections/community/mysql/.github/patchback.yml
new file mode 100644
index 00000000..33ad6e84
--- /dev/null
+++ b/ansible_collections/community/mysql/.github/patchback.yml
@@ -0,0 +1,5 @@
+---
+backport_branch_prefix: patchback/backports/
+backport_label_prefix: backport-
+target_branch_prefix: stable-
+...
diff --git a/ansible_collections/community/mysql/.github/workflows/ansible-test-plugins.yml b/ansible_collections/community/mysql/.github/workflows/ansible-test-plugins.yml
new file mode 100644
index 00000000..ea6ae8ef
--- /dev/null
+++ b/ansible_collections/community/mysql/.github/workflows/ansible-test-plugins.yml
@@ -0,0 +1,147 @@
+name: Plugins CI
+on:
+ push:
+ paths:
+ - 'plugins/**'
+ - 'tests/**'
+ - '.github/workflows/ansible-test-plugins.yml'
+ pull_request:
+ paths:
+ - 'plugins/**'
+ - 'tests/**'
+ - '.github/workflows/ansible-test-plugins.yml'
+ schedule:
+ - cron: '0 6 * * *'
+
+
+env:
+ mysql_version_file: "tests/integration/targets/setup_mysql/defaults/main.yml"
+ connector_version_file: "tests/integration/targets/setup_mysql/vars/main.yml"
+
+jobs:
+ sanity:
+ name: "Sanity (Ansible: ${{ matrix.ansible }})"
+ runs-on: ubuntu-20.04
+ strategy:
+ matrix:
+ ansible:
+ - stable-2.12
+ - stable-2.13
+ - stable-2.14
+ - devel
+ steps:
+ - name: Perform sanity testing
+ uses: ansible-community/ansible-test-gh-action@release/v1
+ with:
+ ansible-core-version: ${{ matrix.ansible }}
+ testing-type: sanity
+ pull-request-change-detection: true
+
+ integration:
+ name: "Integration (Python: ${{ matrix.python }}, Ansible: ${{ matrix.ansible }}, MySQL: ${{ matrix.db_engine_version }}, Connector: ${{ matrix.connector }})"
+ runs-on: ubuntu-20.04
+ strategy:
+ fail-fast: false
+ matrix:
+ db_engine_version:
+ - mysql_5.7.31
+ - mysql_8.0.22
+ - mariadb_10.3.34
+ - mariadb_10.8.3
+ ansible:
+ - stable-2.12
+ - stable-2.13
+ - stable-2.14
+ - devel
+ python:
+ - 3.6
+ - 3.8
+ - 3.9
+ connector:
+ - pymysql==0.7.10
+ - pymysql==0.9.3
+ - mysqlclient==2.0.1
+ exclude:
+ - db_engine_version: mysql_8.0.22
+ connector: pymysql==0.7.10
+ - db_engine_version: mariadb_10.8.3
+ connector: pymysql==0.7.10
+ - python: 3.6
+ ansible: stable-2.12
+ - python: 3.6
+ ansible: stable-2.13
+ - python: 3.6
+ ansible: stable-2.14
+ - python: 3.6
+ ansible: devel
+ - python: 3.8
+ ansible: stable-2.13
+ - python: 3.8
+ ansible: stable-2.14
+ - python: 3.8
+ ansible: devel
+ - python: 3.9
+ ansible: stable-2.12
+
+ steps:
+ - name: >-
+ Perform integration testing against
+ Ansible version ${{ matrix.ansible }}
+ under Python ${{ matrix.python }}
+ uses: ansible-community/ansible-test-gh-action@release/v1
+ with:
+ ansible-core-version: ${{ matrix.ansible }}
+ pre-test-cmd: >-
+ DB_ENGINE=$(echo '${{ matrix.db_engine_version }}' | awk -F_ '{print $1}');
+ DB_VERSION=$(echo '${{ matrix.db_engine_version }}' | awk -F_ '{print $2}');
+ DB_ENGINE_PRETTY=$([[ "${DB_ENGINE}" == 'mysql' ]] && echo 'MySQL' || echo 'MariaDB');
+ >&2 echo Matrix factor for the DB is ${{ matrix.db_engine_version }}...;
+ >&2 echo Setting ${DB_ENGINE_PRETTY} version to ${DB_VERSION}...;
+ sed -i -e "s/^${DB_ENGINE}_version:.*/${DB_ENGINE}_version: $DB_VERSION/g" '${{ env.mysql_version_file }}';
+ if [[ ${{ matrix.db_engine_version }} == mariadb* ]];
+ then
+ echo Set MariaDB install flag...; sed -i -e "s/^mariadb_install: false/mariadb_install: true/g" '${{ env.mysql_version_file }}';
+ echo Set MariaDB v10.8.3 URL sub dir...; sed -i -e "s/^mariadb_url_subdir:.*/mariadb_url_subdir: linux-systemd/g" '${{ env.connector_version_file }}';
+ fi;
+ >&2 echo Setting Connector version to ${{ matrix.connector }}...;
+ sed -i 's/^python_packages:.*/python_packages: [${{ matrix.connector }}]/' ${{ env.connector_version_file }}
+ target-python-version: ${{ matrix.python }}
+ testing-type: integration
+ pull-request-change-detection: true
+
+ units:
+ runs-on: ubuntu-20.04
+ name: Units (â’¶${{ matrix.ansible }})
+ strategy:
+ # As soon as the first unit test fails,
+ # cancel the others to free up the CI queue
+ fail-fast: true
+ matrix:
+ ansible:
+ - stable-2.12
+ - stable-2.13
+ - stable-2.14
+ - devel
+ python:
+ - 3.8
+ - 3.9
+ exclude:
+ - python: 3.8
+ ansible: stable-2.13
+ - python: 3.8
+ ansible: stable-2.14
+ - python: 3.8
+ ansible: devel
+ - python: 3.9
+ ansible: stable-2.12
+
+ steps:
+ - name: >-
+ Perform unit testing against
+ Ansible version ${{ matrix.ansible }}
+ uses: ansible-community/ansible-test-gh-action@release/v1
+ with:
+ ansible-core-version: ${{ matrix.ansible }}
+ target-python-version: ${{ matrix.python }}
+ testing-type: units
+ pull-request-change-detection: true
diff --git a/ansible_collections/community/mysql/.github/workflows/ansible-test-roles.yml b/ansible_collections/community/mysql/.github/workflows/ansible-test-roles.yml
new file mode 100644
index 00000000..4748b5ad
--- /dev/null
+++ b/ansible_collections/community/mysql/.github/workflows/ansible-test-roles.yml
@@ -0,0 +1,73 @@
+name: Roles CI
+on:
+ push:
+ paths:
+ - 'roles/**'
+ - '.github/workflows/ansible-test-roles.yml'
+ pull_request:
+ paths:
+ - 'roles/**'
+ - '.github/workflows/ansible-test-roles.yml'
+ schedule:
+ - cron: '0 6 * * *'
+
+jobs:
+ molecule:
+ name: "Molecule (Python: ${{ matrix.python }}, Ansible: ${{ matrix.ansible }}, MySQL: ${{ matrix.mysql }})"
+ runs-on: ubuntu-20.04
+ env:
+ PY_COLORS: 1
+ ANSIBLE_FORCE_COLOR: 1
+ strategy:
+ matrix:
+ mysql:
+ - 2.0.12
+ ansible:
+ - stable-2.11
+ - stable-2.12
+ - stable-2.13
+ - devel
+ python:
+ - 3.6
+ - 3.8
+ - 3.9
+ exclude:
+ - python: 3.6
+ ansible: stable-2.12
+ - python: 3.6
+ ansible: stable-2.13
+ - python: 3.6
+ ansible: devel
+ - python: 3.8
+ ansible: stable-2.11
+ - python: 3.8
+ ansible: stable-2.13
+ - python: 3.8
+ ansible: devel
+ - python: 3.9
+ ansible: stable-2.11
+ - python: 3.9
+ ansible: stable-2.12
+
+ steps:
+
+ - name: Check out code
+ uses: actions/checkout@v2
+ with:
+ path: ansible_collections/community/mysql
+
+ - name: Set up Python ${{ matrix.python }}
+ uses: actions/setup-python@v2
+ with:
+ python-version: ${{ matrix.python }}
+
+ - name: Install ansible-core (${{ matrix.ansible }})
+ run: pip install https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz --disable-pip-version-check
+
+ - name: Install molecule and related dependencies
+ run: |
+ pip install ansible-lint docker flake8 molecule testinfra yamllint
+
+ # - name: Run molecule default test scenario
+ # run: for d in roles/*/; do (cd "$d" && molecule --version && molecule test) done
+ # working-directory: ./ansible_collections/community/mysql
diff --git a/ansible_collections/community/mysql/.gitignore b/ansible_collections/community/mysql/.gitignore
new file mode 100644
index 00000000..1922df0f
--- /dev/null
+++ b/ansible_collections/community/mysql/.gitignore
@@ -0,0 +1,139 @@
+/tests/output/
+/changelogs/.plugin-cache.yaml
+*.swp
+
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+# Usually these files are written by a python script from a template
+# before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+# However, in case of collaboration, if having platform-specific dependencies or dependencies
+# having no cross-platform support, pipenv may install dependencies that don't work, or not
+# install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# MacOS
+.DS_Store
+
+# IntelliJ IDEA or PyCharm
+.idea/
diff --git a/ansible_collections/community/mysql/CHANGELOG.rst b/ansible_collections/community/mysql/CHANGELOG.rst
new file mode 100644
index 00000000..720ea412
--- /dev/null
+++ b/ansible_collections/community/mysql/CHANGELOG.rst
@@ -0,0 +1,249 @@
+========================================
+Community MySQL Collection Release Notes
+========================================
+
+.. contents:: Topics
+
+This changelog describes changes after version 2.0.0.
+
+v3.6.0
+======
+
+Release Summary
+---------------
+
+This is the minor release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules and plugins in this collection
+that have been made after the previous release.
+
+Minor Changes
+-------------
+
+- mysql_info - add ``connector_name`` and ``connector_version`` to returned values (https://github.com/ansible-collections/community.mysql/pull/497).
+- mysql_role - enable auto_commit to avoid MySQL metadata table lock (https://github.com/ansible-collections/community.mysql/issues/479).
+- mysql_user - add plugin_auth_string as optional parameter to use a specific pam service if pam/auth_pam plugin is used (https://github.com/ansible-collections/community.mysql/pull/445).
+- mysql_user - add the ``session_vars`` argument to set session variables at the beginning of module execution (https://github.com/ansible-collections/community.mysql/issues/478).
+- mysql_user - display a more informative invalid privilege exception. Changes the exception handling of the granting permission logic to show the query executed , params and the exception message granting privileges fails` (https://github.com/ansible-collections/community.mysql/issues/465).
+- mysql_user - enable auto_commit to avoid MySQL metadata table lock (https://github.com/ansible-collections/community.mysql/issues/479).
+- setup_mysql - update MySQL tarball URL (https://github.com/ansible-collections/community.mysql/pull/491).
+
+Bugfixes
+--------
+
+- mysql_user - when revoke privs consists only of ``GRANT``, a 2nd revoke query is executed with empty privs to revoke that ended in an SQL exception (https://github.com/ansible-collections/community.mysql/pull/503).
+- mysql_variables - add uppercase character pattern to regex to allow GLOBAL variables containing uppercase characters. This recognizes variable names used in Galera, for example, ``wsrep_OSU_method``, which breaks the normal pattern of all lowercase characters (https://github.com/ansible-collections/community.mysql/pull/501).
+
+v3.5.1
+======
+
+Release Summary
+---------------
+
+This is the patch release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules and plugins in this collection
+that have been made after the previous release.
+
+Bugfixes
+--------
+
+- mysql_user, mysql_role - mysql/mariadb recent versions translate 'ALL PRIVILEGES' to a list of specific privileges. That caused a change every time we modified user privileges. This fix compares privs before and after user modification to avoid this infinite change (https://github.com/ansible-collections/community.mysql/issues/77).
+
+v3.5.0
+======
+
+Release Summary
+---------------
+
+This is the minor release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules in this collection
+that have been added after the release of ``community.mysql`` 3.4.0.
+
+Minor Changes
+-------------
+
+- mysql_replication - add a new option: ``primary_ssl_verify_server_cert`` (https://github.com//pull/435).
+
+Bugfixes
+--------
+
+- mysql_user - grant option was revoked accidentally when modifying users. This fix revokes grant option only when privs are setup to do that (https://github.com/ansible-collections/community.mysql/issues/77#issuecomment-1209693807).
+
+v3.4.0
+======
+
+Release Summary
+---------------
+
+This is the minor release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules in this collection
+that have been added after the release of ``community.mysql`` 3.3.0.
+
+Major Changes
+-------------
+
+- mysql_db - the ``pipefail`` argument's default value will be changed to ``true`` in community.mysql 4.0.0. If your target machines do not use ``bash`` as a default interpreter, set ``pipefail`` to ``false`` explicitly. However, we strongly recommend setting up ``bash`` as a default and ``pipefail=true`` as it will protect you from getting broken dumps you don't know about (https://github.com/ansible-collections/community.mysql/issues/407).
+
+Minor Changes
+-------------
+
+- mysql_db - add the ``chdir`` argument to avoid failings when a dump file contains relative paths (https://github.com/ansible-collections/community.mysql/issues/395).
+- mysql_db - add the ``pipefail`` argument to avoid broken dumps when ``state`` is ``dump`` and compression is used (https://github.com/ansible-collections/community.mysql/issues/256).
+
+Bugfixes
+--------
+
+- Include ``simplified_bsd.txt`` license file for various module utils.
+- mysql_db - Using compression masks errors messages from mysql_dump. By default the fix is inactive to ensure retro-compatibility with system without bash. To activate the fix, use the module option ``pipefail=true`` (https://github.com/ansible-collections/community.mysql/issues/256).
+- mysql_replication - when the ``primary_ssl`` argument is set to ``no``, the module will turn off SSL (https://github.com/ansible-collections/community.mysql/issues/393).
+
+v3.3.0
+======
+
+Release Summary
+---------------
+
+This is the minor release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules in this collection
+that have been added after the release of ``community.mysql`` 3.2.1.
+
+Minor Changes
+-------------
+
+- mysql_role - add the argument ``members_must_exist`` (boolean, default true). The assertion that the users supplied in the ``members`` argument exist is only executed when the new argument ``members_must_exist`` is ``true``, to allow opt-out (https://github.com/ansible-collections/community.mysql/pull/369).
+- mysql_user - Add the option ``on_new_username`` to argument ``update_password`` to reuse the password (plugin and authentication_string) when creating a new user if some user with the same name already exists. If the existing user with the same name have varying passwords, the password from the arguments is used like with ``update_password: always`` (https://github.com/ansible-collections/community.mysql/pull/365).
+- mysql_user - Add the result field ``password_changed`` (boolean). It is true, when the user got a new password. When the user was created with ``update_password: on_new_username`` and an existing password was reused, ``password_changed`` is false (https://github.com/ansible-collections/community.mysql/pull/365).
+
+Bugfixes
+--------
+
+- mysql_query - fix false change reports when ``IF EXISTS/IF NOT EXISTS`` clause is used (https://github.com/ansible-collections/community.mysql/issues/268).
+- mysql_role - don't add members to a role when creating the role and ``detach_members: true`` is set (https://github.com/ansible-collections/community.mysql/pull/367).
+- mysql_role - in some cases (when "SHOW GRANTS" did not use backticks for quotes), no unwanted members were detached from the role (and redundant "GRANT" statements were executed for wanted members). This is fixed by querying the existing role members from the mysql.role_edges (MySQL) or mysql.roles_mapping (MariaDB) tables instead of parsing the "SHOW GRANTS" output (https://github.com/ansible-collections/community.mysql/pull/368).
+- mysql_user - fix logic when ``update_password`` is set to ``on_create`` for users using ``plugin*`` arguments (https://github.com/ansible-collections/community.mysql/issues/334). The ``on_create`` sets ``password`` to None for old mysql_native_authentication but not for authentiation methods which uses the ``plugin*`` arguments. This PR changes this so ``on_create`` also exchange ``plugin``, ``plugin_hash_string``, ``plugin_auth_string`` to None in the list of arguments to change
+
+v3.2.1
+======
+
+Release Summary
+---------------
+
+This is the patch release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules in this collection
+that have been added after the release of ``community.mysql`` 3.2.0.
+
+Bugfixes
+--------
+
+- Include ``PSF-license.txt`` file for ``plugins/module_utils/_version.py``.
+
+v3.2.0
+======
+
+Release Summary
+---------------
+
+This is the minor release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules in this collection
+that have been added after the release of ``community.mysql`` 3.1.3.
+
+Major Changes
+-------------
+
+- The community.mysql collection no longer supports ``Ansible 2.9`` and ``ansible-base 2.10``. While we take no active measures to prevent usage and there are no plans to introduce incompatible code to the modules, we will stop testing against ``Ansible 2.9`` and ``ansible-base 2.10``. Both will very soon be End of Life and if you are still using them, you should consider upgrading to the ``latest Ansible / ansible-core 2.11 or later`` as soon as possible (https://github.com/ansible-collections/community.mysql/pull/343).
+
+Minor Changes
+-------------
+
+- mysql_user and mysql_role: Add the argument ``subtract_privs`` (boolean, default false, mutually exclusive with ``append_privs``). If set, the privileges given in ``priv`` are revoked and existing privileges are kept (https://github.com/ansible-collections/community.mysql/pull/333).
+
+Bugfixes
+--------
+
+- mysql_user - fix missing dynamic privileges after revoke and grant privileges to user (https://github.com/ansible-collections/community.mysql/issues/120).
+- mysql_user - fix parsing privs when a user has roles assigned (https://github.com/ansible-collections/community.mysql/issues/231).
+
+v3.1.3
+======
+
+Release Summary
+---------------
+
+This is the patch release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules in this collection
+that have been added after the release of ``community.mysql`` 3.1.2.
+
+Bugfixes
+--------
+
+- mysql_replication - fails when using the `primary_use_gtid` option with `slave_pos` or `replica_pos` (https://github.com/ansible-collections/community.mysql/issues/335).
+- mysql_role - remove redundant connection closing (https://github.com/ansible-collections/community.mysql/pull/330).
+- mysql_user - fix the possibility for a race condition that breaks certain (circular) replication configurations when ``DROP USER`` is executed on multiple nodes in the replica set. Adding ``IF EXISTS`` avoids the need to use ``sql_log_bin: no`` making the statement always replication safe (https://github.com/ansible-collections/community.mysql/pull/287).
+
+v3.1.2
+======
+
+Release Summary
+---------------
+
+This is the patch release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules in this collection
+that have been added after the release of ``community.mysql`` 3.1.1.
+
+Bugfixes
+--------
+
+- Collection core functions - fixes related to the mysqlclient Python connector (https://github.com/ansible-collections/community.mysql/issues/292).
+
+v3.1.1
+======
+
+Release Summary
+---------------
+
+This is the patch release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules in this collection
+that have been added after the release of ``community.mysql`` 3.1.0.
+
+Bugfixes
+--------
+
+- mysql_role - make the ``set_default_role_all`` parameter actually working (https://github.com/ansible-collections/community.mysql/pull/282).
+
+v3.1.0
+======
+
+Release Summary
+---------------
+
+This is the minor release of the ``community.mysql`` collection.
+This changelog contains all changes to the modules in this collection
+that have been added after the release of ``community.mysql`` 3.0.0.
+
+Minor Changes
+-------------
+
+- Added explicit description of the supported versions of databases and connectors. Changes to the collection are **NOT** tested against database versions older than `mysql 5.7.31` and `mariadb 10.2.37` or connector versions older than `pymysql 0.7.10` and `mysqlclient 2.0.1`. (https://github.com/ansible-collections/community.mysql/discussions/141)
+- mysql_user - added the ``force_context`` boolean option to set the default database context for the queries to be the ``mysql`` database. This way replication/binlog filters can catch the statements (https://github.com/ansible-collections/community.mysql/issues/265).
+
+Bugfixes
+--------
+
+- Collection core functions - use vendored version of ``distutils.version`` instead of the deprecated Python standard library ``distutils`` (https://github.com/ansible-collections/community.mysql/pull/269).
+
+v3.0.0
+======
+
+Release Summary
+---------------
+
+This is the major release of the ``community.mysql`` collection.
+This changelog contains all breaking changes to the modules in this collection
+that have been added after the release of ``community.mysql`` 2.3.2.
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- mysql_replication - remove ``Is_Slave`` and ``Is_Master`` return values (were replaced with ``Is_Primary`` and ``Is_Replica`` (https://github.com/ansible-collections/community.mysql/issues/145).
+- mysql_replication - remove the mode options values containing ``master``/``slave`` and the master_use_gtid option ``slave_pos`` (were replaced with corresponding ``primary``/``replica`` values) (https://github.com/ansible-collections/community.mysql/issues/145).
+- mysql_user - remove support for the `REQUIRESSL` special privilege as it has ben superseded by the `tls_requires` option (https://github.com/ansible-collections/community.mysql/discussions/121).
+- mysql_user - validate privileges using database engine directly (https://github.com/ansible-collections/community.mysql/issues/234 https://github.com/ansible-collections/community.mysql/pull/243). Do not validate privileges in this module anymore.
diff --git a/ansible_collections/community/mysql/CONTRIBUTING.md b/ansible_collections/community/mysql/CONTRIBUTING.md
new file mode 100644
index 00000000..70cd5557
--- /dev/null
+++ b/ansible_collections/community/mysql/CONTRIBUTING.md
@@ -0,0 +1,5 @@
+# Contributing
+
+Refer to the [Ansible Contributing guidelines](https://docs.ansible.com/ansible/devel/community/index.html) to learn how to contribute to this collection.
+
+Refer to the [review checklist](https://docs.ansible.com/ansible/devel/community/collection_contributors/collection_reviewing.html) when triaging issues or reviewing PRs.
diff --git a/ansible_collections/community/mysql/CONTRIBUTORS b/ansible_collections/community/mysql/CONTRIBUTORS
new file mode 100644
index 00000000..3acc8f33
--- /dev/null
+++ b/ansible_collections/community/mysql/CONTRIBUTORS
@@ -0,0 +1,284 @@
+116davinder
+20
+28
+29
+4
+4n70w4
+abadger
+abondis
+acozine
+adamchainz
+adq
+Akasurde
+Alexander198961
+alustenberg
+aminvakil
+amitk79
+amree
+Andersson007
+andrewhowdencom
+ansibot
+anthonyxpalermo
+antonioribeiro
+apollo13
+aquach
+arcmop
+asad-at-srt
+AshDevilRed
+aurimasl
+axelll
+axisK
+azielke
+baldpale
+banyek
+BarbzYHOOL
+Berbe
+bizmate
+bjne
+bmalynovytch
+bmildren
+bmillemathias
+boreal321
+brutus
+burner1024
+calfonso
+candeira
+caphrim007
+cdalbergue
+checkphi
+chrismeyersfsu
+ChristopherGAndrews
+cmodijk
+codeaken
+codebymikey
+coreylane
+CormacBracken
+cosmix
+cptMikky
+crashes
+dagwieers
+damianmoore
+Davidffry
+denisemauldin
+diclophis
+d-lee
+d-rupp
+dmp1ce
+dnelson
+dramaley
+drybjed
+drzraf
+DSpeichert
+dungdm93
+dwagelaar
+dylanjbarth
+einarc
+E-M
+eowin
+Ernest0x
+esamattis
+Everspace
+F21
+faitno
+felixfontein
+flatrocks
+fourjay
+fraff
+g00fy-
+geerlingguy
+georgeOsdDev
+ghjm
+ghost
+giacmir
+giorgio-v
+gkoller
+gottwald
+gstorme
+gundalow
+hansbaer
+hchargois
+hluaces
+hwali
+hyperfocus1338
+igormukhingmailcom
+imjoseangel
+infigoKriti
+int32bit
+ipergenitsa
+iredmail
+ivandigiusto
+jadbaz
+jaikdean
+jamescassell
+janosmiko
+jarnold-timeout
+JaSafieddine
+jb-2197
+jborean93
+jctanner
+jean-christophe-manciot
+Jean-Daniel
+jgornick
+jhagg
+jhoekx
+jirib
+jkleckner
+jkordish
+jlaska
+Jmainguy
+jochu
+JoelFeiner
+johnavp1989
+jonatasbaldin
+Jorge-Rodriguez
+jpjaatin
+jpmens
+JSafieddine
+jsmartin
+juergenhoetzel
+jw34
+kalaisubbiah
+kenichi-ogawa-1988
+kkeane
+klingac
+koleo
+kotso
+kuntalFreshBooks
+kurtdavis
+larsks
+laurent-indermuehle
+ldesgrange
+leeadh
+LeonB
+leucos
+loomsen
+lorin
+lowwalker
+lperezs
+makmanalp
+manuelmorena
+MarcinOrlowski
+markdorison
+markotitel
+marktheunissen
+markuman
+mattclay
+matt-horwood-mayden
+mavimo
+maxamillion
+maxbube
+mcgoldrickm
+meanstrong
+meersjo
+megamisan
+michaeldg
+michalmedvecky
+MikeiLL
+milky-milk
+milosz
+mistaka0s
+mklassen
+mkrizek
+mmoya
+mohag
+mohsenSy
+mpdehaan
+MRwangyd
+mverwijs
+mvgrimes
+mysqlbox
+netmonk
+nhojpatrick
+nicolas-g
+NielsH
+nitinkansal1984
+nitzmahone
+Ompragash
+on
+order
+organman91
+p53
+pakal
+paulbadcock
+pennycoders
+petoju
+petracvv
+pgrenaud
+philfry
+pileofrogs
+pkaramol
+platypus-geek
+plumbeo
+pratikgadiya12
+pshanbhag
+r0bj
+rajsshah86
+reduzent
+relrod
+resmo
+ricco24
+richlv
+riupie
+rndmh3ro
+robertdebock
+robpblake
+rokka-n
+Roxyrob
+roysmith
+rsicart
+rthouvenin
+ruudk
+samccann
+samdoran
+sayap
+scottbrown
+seanorama
+sedrubal
+sergey-trukhin
+Shaps
+shrikeh
+sivel
+skalfyfan
+skoriy88
+sperantus
+spoyd
+steverweber
+steveteahan
+stijnopheide
+stintel
+stoned
+strixBE
+SWADESNA
+tapologo
+tarunm97
+tejatsk14
+tersmitten
+the
+the02
+thomasliddledba
+time-palominodb
+timorunge
+Tomasthanes
+tomdymond
+Tronde
+tuhoanganh
+tvlooy
+tyll
+UncertaintyP
+unnecessary-username
+vamshi8
+vanne
+vdboor
+vmahadev
+v-zhuravlev
+webmat
+wedi
+whysthatso
+willthames
+windowsansiblernew
+wrosario
+xiata
+Xyon
+yangchao0512
+ziegenberg
+Zverik
diff --git a/ansible_collections/community/mysql/COPYING b/ansible_collections/community/mysql/COPYING
new file mode 100644
index 00000000..f288702d
--- /dev/null
+++ b/ansible_collections/community/mysql/COPYING
@@ -0,0 +1,674 @@
+ GNU GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU General Public License is a free, copyleft license for
+software and other kinds of works.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+the GNU General Public License is intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users. We, the Free Software Foundation, use the
+GNU General Public License for most of our software; it applies also to
+any other work released this way by its authors. You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ To protect your rights, we need to prevent others from denying you
+these rights or asking you to surrender the rights. Therefore, you have
+certain responsibilities if you distribute copies of the software, or if
+you modify it: responsibilities to respect the freedom of others.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must pass on to the recipients the same
+freedoms that you received. You must make sure that they, too, receive
+or can get the source code. And you must show them these terms so they
+know their rights.
+
+ Developers that use the GNU GPL protect your rights with two steps:
+(1) assert copyright on the software, and (2) offer you this License
+giving you legal permission to copy, distribute and/or modify it.
+
+ For the developers' and authors' protection, the GPL clearly explains
+that there is no warranty for this free software. For both users' and
+authors' sake, the GPL requires that modified versions be marked as
+changed, so that their problems will not be attributed erroneously to
+authors of previous versions.
+
+ Some devices are designed to deny users access to install or run
+modified versions of the software inside them, although the manufacturer
+can do so. This is fundamentally incompatible with the aim of
+protecting users' freedom to change the software. The systematic
+pattern of such abuse occurs in the area of products for individuals to
+use, which is precisely where it is most unacceptable. Therefore, we
+have designed this version of the GPL to prohibit the practice for those
+products. If such problems arise substantially in other domains, we
+stand ready to extend this provision to those domains in future versions
+of the GPL, as needed to protect the freedom of users.
+
+ Finally, every program is threatened constantly by software patents.
+States should not allow patents to restrict development and use of
+software on general-purpose computers, but in those that do, we wish to
+avoid the special danger that patents applied to a free program could
+make it effectively proprietary. To prevent this, the GPL assures that
+patents cannot be used to render the program non-free.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Use with the GNU Affero General Public License.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU Affero General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the special requirements of the GNU Affero General Public License,
+section 13, concerning interaction through a network will apply to the
+combination as such.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If the program does terminal interaction, make it output a short
+notice like this when it starts in an interactive mode:
+
+ <program> Copyright (C) <year> <name of author>
+ This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, your program's commands
+might be different; for a GUI interface, you would use an "about box".
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU GPL, see
+<https://www.gnu.org/licenses/>.
+
+ The GNU General Public License does not permit incorporating your program
+into proprietary programs. If your program is a subroutine library, you
+may consider it more useful to permit linking proprietary applications with
+the library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License. But first, please read
+<https://www.gnu.org/licenses/why-not-lgpl.html>.
diff --git a/ansible_collections/community/mysql/FILES.json b/ansible_collections/community/mysql/FILES.json
new file mode 100644
index 00000000..333b14ab
--- /dev/null
+++ b/ansible_collections/community/mysql/FILES.json
@@ -0,0 +1,1482 @@
+{
+ "files": [
+ {
+ "name": ".",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": ".github",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": ".github/workflows",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": ".github/workflows/ansible-test-plugins.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "d829b08d26dbcf9959f58514c406a0946bbebae17fed21c0d2a7d418901a08ce",
+ "format": 1
+ },
+ {
+ "name": ".github/workflows/ansible-test-roles.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "6c93f8f505a4d6a09aed75fdb54e319f525fabe5dbce5fdcf55232ce446a55c7",
+ "format": 1
+ },
+ {
+ "name": ".github/patchback.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "f28653c2f8d2965a55f76092049c4205a9c7f828e4edbd1cd089f7dd2685f93a",
+ "format": 1
+ },
+ {
+ "name": "changelogs",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "changelogs/fragments",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "changelogs/fragments/.keep",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+ "format": 1
+ },
+ {
+ "name": "changelogs/changelog.yaml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "d19fe2a99b19852f65b4273118722b3a50a7df8c1105996ad91369c9e5a4c726",
+ "format": 1
+ },
+ {
+ "name": "changelogs/config.yaml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "05fcc8854bde7615af15a7063d5f33389c445158b90ec61439e53bb2efaa56a9",
+ "format": 1
+ },
+ {
+ "name": "meta",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "meta/runtime.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "df18179bb2f5447a56ac92261a911649b96821c0b2c08eea62d5cc6b0195203f",
+ "format": 1
+ },
+ {
+ "name": "plugins",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "plugins/doc_fragments",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "plugins/doc_fragments/mysql.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "68615ead33b2ffd38c639a47980ae62ff6b7a3d9063ab322580072c6c7d5c452",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/implementations",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/implementations/mariadb",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/implementations/mariadb/replication.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "6a8065198e4191b4c391e1dc04999e331323e5c96ba17fce639d4c0c31785872",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/implementations/mariadb/role.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "b2f6a9fd17aeeb8905a59f7c164b2d357fcd19e6e9356953cd506eff0e28fad8",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/implementations/mariadb/user.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "0f48d645030ad1c2c75d8c0c4c4da88ae280ca3dc5b536c1b965987919636512",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/implementations/mysql",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/implementations/mysql/replication.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "6c55a739ded9d9a2a4c15b27c6a21eb96aaabbf3f4a7497e338322d0d00b1c4b",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/implementations/mysql/role.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "42841b3ffdd2bcb8f8c5416bacc6254a0d0140cdb1a0e4f2461330d9385173e5",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/implementations/mysql/user.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "d931d1b71bba1154cda257520d11891f3eb264c2af33e7b349757e53731575a4",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/_version.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "1bdef9acb4f7b98135dee7366e5b26df32c52664175039b877a604b2865dadb5",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/database.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "647370826903ee88327f9faa84c007a44969c9d5093fcb979c7fbcacd1fea971",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/mysql.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "44f617f980c7396773f4011871164803375959e23ee563d4a3b7c3c0583c98cb",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/user.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "3cf6ec3ec88d36c7860f5b9889e33b029f79e1a230be1d4bc003397e3c662662",
+ "format": 1
+ },
+ {
+ "name": "plugins/module_utils/version.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "9d8cdb199b50593d3890fb415878a67ae267cbf00afdbe33d22e2d3d3e16d59e",
+ "format": 1
+ },
+ {
+ "name": "plugins/modules",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "plugins/modules/mysql_db.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "6a0800f77595c95ea3fb253e9465606946aad289f5599da037f09e7b06c2b4ce",
+ "format": 1
+ },
+ {
+ "name": "plugins/modules/mysql_info.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "c66d795038d4ee8fef281f942a936b939a1fbd3a2ba23e4d54ed7b3b47d7ddda",
+ "format": 1
+ },
+ {
+ "name": "plugins/modules/mysql_query.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "db4ebda7a9e4f00cfbd54e5fd0df89e800ba1d100e80c2791fdb55941f3b8e32",
+ "format": 1
+ },
+ {
+ "name": "plugins/modules/mysql_replication.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "f0ed9fdd7e738ba428192ecc958d1339b82f5a8a88954271e4643b6a87a55400",
+ "format": 1
+ },
+ {
+ "name": "plugins/modules/mysql_role.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "c10005349310d333fb7911bfe357ce6d9d6d407d4e61f7b256c98f3a0cc93878",
+ "format": 1
+ },
+ {
+ "name": "plugins/modules/mysql_user.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "88eb9d0286ee8f05e14fcb9862c318e0d7b5c3563d18d223e37234cecb4dda19",
+ "format": 1
+ },
+ {
+ "name": "plugins/modules/mysql_variables.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "a3301591b157740d3c77b8562cd278f8e626f3324741a98eaf14a740ea961135",
+ "format": 1
+ },
+ {
+ "name": "plugins/README.md",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "533dcaafc018b89297cf72098c36ea97dd2352a3f734fb8cc7568af8818fd7f1",
+ "format": 1
+ },
+ {
+ "name": "tests",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication/defaults",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication/defaults/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "615fbd5ffed3471edd2f8f6417532a4f25ccfb973a3c1f00e89a955ceee1f8b6",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication/meta",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication/meta/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "4dd18f7c3640db3c083acd4bccd974f5ee92ab73485be0b71fd3431feefcd0e3",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication/tasks",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication/tasks/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "44e2227e478af9f735498ec9805b1a1076885e4159dcaa21be440115948f0221",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication/tasks/mariadb_master_use_gtid.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "f3b513a57566d276388c2613fa9e1f94066d7ea657f87bad8d25c3abb2fb0cf6",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication/tasks/mariadb_replication_connection_name.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "033d2e2921c996279846f6d60a91335a8df55ebce7a1ca0428ad33029f21869e",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication/tasks/mariadb_replication_initial.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "fab156b92a4f740f1032b629c2c02726b716d570e6e306f36e3a7d904b702c83",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/old_mariadb_replication/aliases",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "8598fbccb4b6eaa7150d066f699e7bd937338c9de6cabbe1d630c7b9cf057ca4",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/defaults",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/defaults/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "c0bb6e46f00c94a35635d851d225b071fbbaffb9d870022770e6e69b944faba7",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/handlers",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/handlers/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "55154da3c03a8f8538805fcfbccbfadea7eb9ffc7e4c0b0b21d488560bc104f6",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/tasks",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/tasks/config.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "1cf4b1d07d36c67ee6c3780164a1c9cc0ee2ced302ddc55baed92417ba3fbe9f",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/tasks/dir.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "ebeb28b1ad217cb860646d17484f788091c33634365f59f6016f92742345b1b6",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/tasks/install.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "698745ddbbe50acddd85a6b2a09a4acaffc067e716c07aed2ead2391b5e9e53f",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/tasks/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "d33b3d96cd0a792419b7530e05a56e46e30bf245bf63f23bac4f99d4b9496e5e",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/tasks/setvars.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "13b9d6304159dd57657b64bcf14bc47a4d3638ec3cf487bf47c4329962963fc1",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/tasks/verify.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "c49c298c50f85b99525cc6cfed8445594afa6e05c5009a00136838d7a46597f9",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/templates",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/templates/installed_file.j2",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "838bee046d60c7cf9707aba8f8f33eaa4962aa4798b9d9cb5b66d7648dcf790d",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/vars",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_mysql/vars/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "7e46c3e31267307096b58b02b3b96c6f325f55344c991f8b83c32ae65ffb592a",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_remote_tmp_dir",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_remote_tmp_dir/handlers",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_remote_tmp_dir/handlers/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "2d8c4cefde8b51b04fe7017d112b08c7f76124e75c277151ee0b7cf37794bcf6",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_remote_tmp_dir/tasks",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "e273324ab90d72180a971d99b9ab69f08689c8be2e6adb991154fc294cf1056e",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_remote_tmp_dir/tasks/default.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "2441ac1753320d2cd3bea299c160540e6ae31739ed235923ca478284d1fcfe09",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/setup_remote_tmp_dir/tasks/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "a59a3b5187a2df0991b1f689ab40d4ff937247260d6b6225440cb10c1cf9b859",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/defaults",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/defaults/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "6b71d3f264a8c98ec111c874dc146c40ebb34dc1ef0ddf1073dfaffa8b2a8183",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/meta",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/meta/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "60880581b8217fe6a3e8f1c2c3db334efb3fda0358eec8a70aa12375fdbda23b",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/tasks",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "2a2f5d03bcec9e05b57acb23546f330587a16e08e7fef7ac30aa837b9151ac5f",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/tasks/encoding_dump_import.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "eef175e71ca71ed3a92c3483c7616387c3bd2f6acc899a0e264f87065adfabfa",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/tasks/issue-28.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "524cc8ba936986adf44fafcc5859827a692567a78180aa74b94ddf9fba37db8b",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/tasks/issue_256_mysqldump_errors.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "94570757b8ae1a1632e9e8cca49a62636cd7b309c9371818360c78b744cac485",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/tasks/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "aa043227d5d9d7a859973bdd6e349cf59ae78053d34a1a3598c07e8f22f1ce76",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/tasks/multi_db_create_delete.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "cb33b9b1fd57be107ddc9175fcee23817d8c919ac95e37de71921b6c4382c6db",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/tasks/state_dump_import.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "c69f6ede4bbbc9cd0b06efee3f8426b2a0b046c186164854e90dee61a2266945",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_db/tasks/state_present_absent.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "f406d7bbdd7b7c1777a92e07a7089f37b80720de47c548ad83890fffadd8252b",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info/defaults",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info/defaults/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "960ad89a5857c865b2b26151b82b0df4bb877ee24faea2cde9fa2ff612cd7604",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info/meta",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info/meta/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "7134f696d30f85b5e664425adf33a405686fbd05e00b6bfc4e74445298d692c8",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info/tasks",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info/tasks/connector_info.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "aa68d9fe6346cbee9b17f0d9084d0ad36fb25380f5ae80a6d196561352a05900",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info/tasks/issue-28.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "f176d1dd5edf8b41bfe54088e262c0ecc1f294a06dc12b5220b1b4dcb480877d",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info/tasks/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "9a28e2fba779d55e782d2dc5891054268b4be0ff31d10976f72d69eb8a027e45",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info/templates",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_info/templates/my.cnf.j2",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "28ce9e82a1512ce76200e2953ccfaf069f01a7ec915afbeec8c10a677c4f68d8",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_query",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_query/defaults",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_query/defaults/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "9a52baee8a5fb7b865cebe8496adaae972b198227d0f2ebfef31344c5b92fc3e",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_query/meta",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_query/meta/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "12b1878a7556f7ef5ee2146014c54d1e0a490ba6a8889c426377246522d5ce97",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_query/tasks",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_query/tasks/issue-28.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "b9477a3b1543740976254053adcb998e8838c326782453525e1fb8cba8a49d2e",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_query/tasks/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "325ea1e1dc136098d51af19b3aa194a5d5082e5426f7dd421fcc12661e60fdb6",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_query/tasks/mysql_query_initial.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "c75d1035338606d530f0a4529d0034c8c53e88a413bb9b587f1c470af0b6a5dc",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/defaults",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/defaults/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "bcf7a8bde59c4abf41d446eafc7c5220a4d474dadbb420f21bb2dab2ae764247",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/meta",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/meta/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "34abefbbfb4c1805c1b0cbc9e1d6f12e5d1ad95bf54fe594e3c09b4d3ede586d",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/tasks",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/tasks/issue-265.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "00a7c72adef8486c4609306476427fd78b6d396bf9e2700ab824e179d3e54d63",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/tasks/issue-28.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "47764c6cd3803eb59ed7bc4d819ba264174f2a870c93c25dce9acd0fbc695f27",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/tasks/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "888cf1cdd33bee8155730c29fdee6020a95da0166c3454dae0a37db15505464d",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/tasks/mysql_replication_channel.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "e52a666bec47c1a53782c536935822dd95a67d530bfacd1abc502e1338ad888a",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "87740ba715410d24c00918784aa404d5091ef05c700f3f300a6dd552da11edbf",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/tasks/mysql_replication_primary_delay.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "14f8fa730b758267c4a45806180d834988ed0baff08816664475809144bd9e43",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_replication/tasks/mysql_replication_resetprimary_mode.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "275e5f273dc068fbcc32d54c13a39e35d9d9807acbcfe90ee45694df48ae7f81",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_role",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_role/defaults",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_role/defaults/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "d4e4aef0ffe16535fc4a7f2efa5973326c0de3a94291429f25f84eb89a58b44d",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_role/meta",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_role/meta/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "12b1878a7556f7ef5ee2146014c54d1e0a490ba6a8889c426377246522d5ce97",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_role/tasks",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_role/tasks/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "8603b2aea84f41c9dee34196572d1da659b8e905107656697503ae4c4cd091fa",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "8e40c5f35bfbb903e9d5ad22272bdce0e8edb56eb82ceb5fbf96a9fd7fa07899",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_role/tasks/test_priv_subtract.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "630bcceda843d875cc2333af51c0d35505d0893d83370050306b387ee95b0635",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/defaults",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/defaults/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "2f06b510846ba09c579c74790cb1a3bbf767eb6393377f2c7650fe2e97b751b9",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/files",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/files/create-function.sql",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "f9ba9df87bc460be46fb77cabaceef9f93a73474d30e07d3d90648909d3c63f1",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/files/create-procedure.sql",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "8386a2c5a55abf33d19484765d8354947773a81141e92434f8e736f766e6932d",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/meta",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/meta/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "7134f696d30f85b5e664425adf33a405686fbd05e00b6bfc4e74445298d692c8",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/assert_no_user.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "a58e6271928c420c2152b96ee8d2e633ad0014603b53397217a8154234d1b479",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/assert_user.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "8f9d7cee387e3305757dd0dda7726418683f8e5e2fe95c501b96471e38007b42",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/assert_user_password.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "5b62065c05ffd956ec144edcee705c5ab4ec9c1090e7cdd425fd6966e14bba19",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/create_user.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "d94c9d14ec2c07b3446e6e4fe9d4be96917f52c406de0c7036da92e689585fe9",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/issue-121.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "9ecc97feaad839e580a6b203fb2095c7c2ff11b126bee4e8b75efef6a60305d0",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/issue-265.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "bc0c0b07a9404bd4503abe5a604599554ca12241d148d0fd037d5385864b3bfd",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/issue-28.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "8e5e5a234b1581629350cedcfc322d06d442f04af81610710b3eb39d77af9b89",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/issue-29511.yaml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "d8217bdeda7811c559d7b307e132c57f9c71c2f216750f90665785bd19484e7c",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/issue-64560.yaml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "7e0ab49ddbccbe99f78b729ecdd5c226cb51ea97f50f082c399e7378fd42814f",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "93036fdbae3c7a84e680dc46a91387e17f6adb816f536b7171eff653d08346da",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/remove_user.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "f236f2a6d419e1e61569b0862790578e1e50f8ea7c7234277572f3ce2e77d486",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/resource_limits.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "3d1c15602321921d2cbed6fef60895586c4e0d343bc9f972aec623c41ccc95b8",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "916e24913f05c3438f7568edac164c8682d130d1a74d98a9b2974803c5d8cbac",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/test_priv_append.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "d01b13a97b28f18604ab33585627813a24cd73d73889a8f9e0e0dea9b98beb06",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/test_priv_dict.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "ed2936fe6e729466472d8906d025fe85aa4d9e0f1d33a7b12c315b26cf6877d5",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "3e3b9df115888b1ecf4877ce5b15fa142b50cea0a385e4a05c30113a7cd12d3c",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/test_privs.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "b9d70ec131d84c4dea11beff1f4451a6a2f503c922555fa5a0d208fb9ed80a60",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/test_privs_issue_465.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "c5a8108d5f74d6b1a0aeead441eade6b4d55628551ae2b3d837126a1c7947660",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/test_update_password.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "86bed5d93d5af44f512c277c7dae077427818686c09c9e9212cfe9691304b975",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/test_user_grants_with_roles_applied.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "425f674aa153501b703b5bafe2ad101c6af4248ff175046cb74e518b8efc376e",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/test_user_password.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "85412f83393cbb0f620f4a9ab4f8b4a74f4a4898070778b748d91c9453861964",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "876c262732eb7516997726092265b40f4de9580bbd5fb136d3eae6ee784c747e",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_user/tasks/tls_requirements.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "c02ee288a73925f378a6134b1839562f10e987ad69af359c52028c17cf422626",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/defaults",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/defaults/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "eec8d6142beb55aa9cb81e0c777e81a1150e77f9e7362147274def8a08a62721",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/meta",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/meta/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "60880581b8217fe6a3e8f1c2c3db334efb3fda0358eec8a70aa12375fdbda23b",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/tasks",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/tasks/assert_fail_msg.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "91e923f38db01593064d9e115c94ca4c5fa7dd086c71923ba24f50c7d04b3c05",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/tasks/assert_var.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "83da397e3fc6f194f5dafcb6797a2329aaf09be67e2f4a8fd1331f04953aa225",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/tasks/assert_var_output.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "6f84480cccf78d7452e2d78596d91b03dd5078efe1339b5ec79228cdffcb8aba",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/tasks/issue-28.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "4e06d63902eed736bc0d1314cdb9cfd3033624de81f69a981e92d1a8e9a361b9",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/tasks/main.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "d1bb5e0c23980c724051ddcd1bd3e69f5b3fec2ad10b6c6530f691fed676d574",
+ "format": 1
+ },
+ {
+ "name": "tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "5f70823b9d11504b8d81a9f399631bffc4b4a08c6701681850c8849e844e9f31",
+ "format": 1
+ },
+ {
+ "name": "tests/sanity",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/sanity/ignore-2.10.txt",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "26cf6bdacb30652f6105a97ed3695fbfcdce39966654c8f1179427f5ccd10267",
+ "format": 1
+ },
+ {
+ "name": "tests/sanity/ignore-2.11.txt",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "26cf6bdacb30652f6105a97ed3695fbfcdce39966654c8f1179427f5ccd10267",
+ "format": 1
+ },
+ {
+ "name": "tests/sanity/ignore-2.12.txt",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "26cf6bdacb30652f6105a97ed3695fbfcdce39966654c8f1179427f5ccd10267",
+ "format": 1
+ },
+ {
+ "name": "tests/sanity/ignore-2.13.txt",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "26cf6bdacb30652f6105a97ed3695fbfcdce39966654c8f1179427f5ccd10267",
+ "format": 1
+ },
+ {
+ "name": "tests/sanity/ignore-2.14.txt",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "26cf6bdacb30652f6105a97ed3695fbfcdce39966654c8f1179427f5ccd10267",
+ "format": 1
+ },
+ {
+ "name": "tests/sanity/ignore-2.15.txt",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "26cf6bdacb30652f6105a97ed3695fbfcdce39966654c8f1179427f5ccd10267",
+ "format": 1
+ },
+ {
+ "name": "tests/sanity/ignore-2.9.txt",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "563f5bc68b05205c5545785c81b9245355ed09596c5ab5f01dcc92fd3a54c876",
+ "format": 1
+ },
+ {
+ "name": "tests/unit",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/module_utils",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/module_utils/__init__.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/module_utils/test_mariadb_replication.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "1241d3f1e777e37cc0bd653adc11fbb042a3898dc7b02e40cf3bbb31463f2db8",
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/module_utils/test_mariadb_user_implementation.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "09f6933bab49f9a3c6996c7bc035a4fafc13298b02412ed137f86da306c7039b",
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/module_utils/test_mysql.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "20d9ead509f38c46b09e931439e186ce1b678f9ca4ca9cc3242c725c20d05f57",
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/module_utils/test_mysql_replication.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "b78cab4dbb60a84bea25bbc218e2d42445d8b52a6d078be257174e2ec5970463",
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/module_utils/test_mysql_user.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "da8f1e227544dae02842378a7481716446d7a7c7b7922d65d7299dbab5ec0b6b",
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/module_utils/test_mysql_user_implementation.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "c68e6b43d46a5aad7d7054f07c889779ed7f68120f9b30d1b088405f6af03902",
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/modules",
+ "ftype": "dir",
+ "chksum_type": null,
+ "chksum_sha256": null,
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/modules/__init__.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/modules/test_mysql_info.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "d21791537625289a86302891669eae6260c6f06f2417e28d0345ffad0e988ffa",
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/modules/test_mysql_role.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "5c5b9bddce123b0b89559c6055062088282c987ee1553e651ac060fba85ecfc7",
+ "format": 1
+ },
+ {
+ "name": "tests/unit/plugins/utils.py",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "ba7638619ea90f4ac4f0f0a7639db544f4c4ca8c224bb1ccb4f7fd9cee953d66",
+ "format": 1
+ },
+ {
+ "name": ".gitignore",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "175ceab85a6da216020d26ede98a83b761b6395f94cdd7811e79c31e2ab4e9e4",
+ "format": 1
+ },
+ {
+ "name": "CHANGELOG.rst",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "66d2f140e5f8e586324e1bd51fc08bee874bd36681e133124c813cc195291363",
+ "format": 1
+ },
+ {
+ "name": "CONTRIBUTING.md",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "b0c50cf3715d59964a341dc651a6f626322209ef9fa8c0d03047d3a2b2e420a4",
+ "format": 1
+ },
+ {
+ "name": "CONTRIBUTORS",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "2f07f95d703ea52b586842f9a918bf0c7319f8745c0b11099b7f4b6d334fb8cc",
+ "format": 1
+ },
+ {
+ "name": "COPYING",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986",
+ "format": 1
+ },
+ {
+ "name": "MAINTAINERS",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "ac0286a0ab11f6107de564b8b08ff1196dda9eaea0406c05311fb4afedd8300c",
+ "format": 1
+ },
+ {
+ "name": "MAINTAINING.md",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "2435665a6562d5f3841fff1631970f95f0466c498e949d2b8579ccc2a0b810ad",
+ "format": 1
+ },
+ {
+ "name": "PSF-license.txt",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "83b042fc7d6aca0f10d68e45efa56b9bc0a1496608e7e7728fe09d1a534a054a",
+ "format": 1
+ },
+ {
+ "name": "README.md",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "df0aa5f4ebe82501817cf86fa7462c3f01ec779f58c988b3a0cc6fb19f424f1e",
+ "format": 1
+ },
+ {
+ "name": "codecov.yml",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "74ef69719758a63944e959504d5396e442ed023c1c589ed987d9fc4676096d53",
+ "format": 1
+ },
+ {
+ "name": "simplified_bsd.txt",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "f11e51ed1eec39ad21d458ba44d805807a301c17ee9fe39538ccc9e2b280936c",
+ "format": 1
+ }
+ ],
+ "format": 1
+} \ No newline at end of file
diff --git a/ansible_collections/community/mysql/MAINTAINERS b/ansible_collections/community/mysql/MAINTAINERS
new file mode 100644
index 00000000..597aa6ce
--- /dev/null
+++ b/ansible_collections/community/mysql/MAINTAINERS
@@ -0,0 +1,5 @@
+bmalynovytch
+Jorge-Rodriguez
+rsicart
+laurent-indermuehle
+Andersson007 (andersson007_ in #ansible-community IRC/Matrix)
diff --git a/ansible_collections/community/mysql/MAINTAINING.md b/ansible_collections/community/mysql/MAINTAINING.md
new file mode 100644
index 00000000..9fad0d34
--- /dev/null
+++ b/ansible_collections/community/mysql/MAINTAINING.md
@@ -0,0 +1,3 @@
+# Maintaining this collection
+
+Refer to the [Maintainer guidelines](https://github.com/ansible/community-docs/blob/main/maintaining.rst).
diff --git a/ansible_collections/community/mysql/MANIFEST.json b/ansible_collections/community/mysql/MANIFEST.json
new file mode 100644
index 00000000..e19e466f
--- /dev/null
+++ b/ansible_collections/community/mysql/MANIFEST.json
@@ -0,0 +1,32 @@
+{
+ "collection_info": {
+ "namespace": "community",
+ "name": "mysql",
+ "version": "3.6.0",
+ "authors": [
+ "Ansible community"
+ ],
+ "readme": "README.md",
+ "tags": [
+ "database",
+ "mysql",
+ "mariadb"
+ ],
+ "description": "MySQL collection for Ansible",
+ "license": [],
+ "license_file": "COPYING",
+ "dependencies": {},
+ "repository": "https://github.com/ansible-collections/community.mysql",
+ "documentation": "https://github.com/ansible-collections/community.mysql",
+ "homepage": "https://github.com/ansible-collections/community.mysql",
+ "issues": "https://github.com/ansible-collections/community.mysql/issues"
+ },
+ "file_manifest_file": {
+ "name": "FILES.json",
+ "ftype": "file",
+ "chksum_type": "sha256",
+ "chksum_sha256": "db95727210039656bee584d453ffada92ce5eadc4589448f7b5f018fca2cc890",
+ "format": 1
+ },
+ "format": 1
+} \ No newline at end of file
diff --git a/ansible_collections/community/mysql/PSF-license.txt b/ansible_collections/community/mysql/PSF-license.txt
new file mode 100644
index 00000000..35acd7fb
--- /dev/null
+++ b/ansible_collections/community/mysql/PSF-license.txt
@@ -0,0 +1,48 @@
+PYTHON SOFTWARE FOUNDATION LICENSE VERSION 2
+--------------------------------------------
+
+1. This LICENSE AGREEMENT is between the Python Software Foundation
+("PSF"), and the Individual or Organization ("Licensee") accessing and
+otherwise using this software ("Python") in source or binary form and
+its associated documentation.
+
+2. Subject to the terms and conditions of this License Agreement, PSF hereby
+grants Licensee a nonexclusive, royalty-free, world-wide license to reproduce,
+analyze, test, perform and/or display publicly, prepare derivative works,
+distribute, and otherwise use Python alone or in any derivative version,
+provided, however, that PSF's License Agreement and PSF's notice of copyright,
+i.e., "Copyright (c) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Python Software Foundation;
+All Rights Reserved" are retained in Python alone or in any derivative version
+prepared by Licensee.
+
+3. In the event Licensee prepares a derivative work that is based on
+or incorporates Python or any part thereof, and wants to make
+the derivative work available to others as provided herein, then
+Licensee hereby agrees to include in any such work a brief summary of
+the changes made to Python.
+
+4. PSF is making Python available to Licensee on an "AS IS"
+basis. PSF MAKES NO REPRESENTATIONS OR WARRANTIES, EXPRESS OR
+IMPLIED. BY WAY OF EXAMPLE, BUT NOT LIMITATION, PSF MAKES NO AND
+DISCLAIMS ANY REPRESENTATION OR WARRANTY OF MERCHANTABILITY OR FITNESS
+FOR ANY PARTICULAR PURPOSE OR THAT THE USE OF PYTHON WILL NOT
+INFRINGE ANY THIRD PARTY RIGHTS.
+
+5. PSF SHALL NOT BE LIABLE TO LICENSEE OR ANY OTHER USERS OF PYTHON
+FOR ANY INCIDENTAL, SPECIAL, OR CONSEQUENTIAL DAMAGES OR LOSS AS
+A RESULT OF MODIFYING, DISTRIBUTING, OR OTHERWISE USING PYTHON,
+OR ANY DERIVATIVE THEREOF, EVEN IF ADVISED OF THE POSSIBILITY THEREOF.
+
+6. This License Agreement will automatically terminate upon a material
+breach of its terms and conditions.
+
+7. Nothing in this License Agreement shall be deemed to create any
+relationship of agency, partnership, or joint venture between PSF and
+Licensee. This License Agreement does not grant permission to use PSF
+trademarks or trade name in a trademark sense to endorse or promote
+products or services of Licensee, or any third party.
+
+8. By copying, installing or otherwise using Python, Licensee
+agrees to be bound by the terms and conditions of this License
+Agreement.
diff --git a/ansible_collections/community/mysql/README.md b/ansible_collections/community/mysql/README.md
new file mode 100644
index 00000000..5f952518
--- /dev/null
+++ b/ansible_collections/community/mysql/README.md
@@ -0,0 +1,130 @@
+# MySQL collection for Ansible
+[![Plugins CI](https://github.com/ansible-collections/community.mysql/workflows/Plugins%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.mysql/actions?query=workflow%3A"Plugins+CI") [![Roles CI](https://github.com/ansible-collections/community.mysql/workflows/Roles%20CI/badge.svg?event=push)](https://github.com/ansible-collections/community.mysql/actions?query=workflow%3A"Roles+CI") [![Codecov](https://img.shields.io/codecov/c/github/ansible-collections/community.mysql)](https://codecov.io/gh/ansible-collections/community.mysql) [![Discuss on Matrix at #mysql:ansible.com](https://img.shields.io/matrix/mysql:ansible.com.svg?server_fqdn=ansible-accounts.ems.host&label=Discuss%20on%20Matrix%20at%20%23mysql:ansible.com&logo=matrix)](https://matrix.to/#/#mysql:ansible.com)
+
+This collection is a part of the Ansible package.
+
+## Code of Conduct
+
+We follow the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) in all our interactions within this project.
+
+If you encounter abusive behavior violating the [Ansible Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html), please refer to the [policy violations](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html#policy-violations) section of the Code of Conduct for information on how to raise a complaint.
+
+## Contributing
+
+The content of this collection is made by [people](https://github.com/ansible-collections/community.mysql/blob/main/CONTRIBUTORS) just like you, a community of individuals collaborating on making the world better through developing automation software.
+
+We are actively accepting new contributors.
+
+Any kind of contribution is very welcome.
+
+You don't know how to start? Refer to our [contribution guide](https://github.com/ansible-collections/community.mysql/blob/main/CONTRIBUTING.md)!
+
+## Collection maintenance
+
+The current maintainers (contributors with `write` or higher access) are listed in the [MAINTAINERS](https://github.com/ansible-collections/community.mysql/blob/main/MAINTAINERS) file. If you have questions or need help, feel free to mention them in the proposals.
+
+To learn how to maintain / become a maintainer of this collection, refer to the [Maintainer guidelines](https://github.com/ansible-collections/community.mysql/blob/main/MAINTAINING.md).
+
+It is necessary for maintainers of this collection to be subscribed to:
+
+* The collection itself (the `Watch` button -> `All Activity` in the upper right corner of the repository's homepage).
+* The "Changes Impacting Collection Contributors and Maintainers" [issue](https://github.com/ansible-collections/overview/issues/45).
+
+They also should be subscribed to Ansible's [The Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn).
+
+## Communication
+
+We announce releases and important changes through Ansible's [The Bullhorn newsletter](https://eepurl.com/gZmiEP). Be sure you are subscribed.
+
+Join us on Matrix in the `#mysql:ansible.com` [room](https://matrix.to/#/#mysql:ansible.com), the `#users:ansible.com` [room](https://matrix.to/#/#users:ansible.com) (general use questions and support), `#ansible-community:ansible.com` [room](https://matrix.to/#/#community:ansible.com) (community and collection development questions), and other Matrix rooms or corresponding bridged Libera.Chat channels. See the [Ansible Communication Guide](https://docs.ansible.com/ansible/devel/community/communication.html) for details.
+
+We take part in the global quarterly [Ansible Contributor Summit](https://github.com/ansible/community/wiki/Contributor-Summit) virtually or in-person. Track [The Bullhorn newsletter](https://eepurl.com/gZmiEP) and join us.
+
+For more information about communication, refer to the [Ansible Communication guide](https://docs.ansible.com/ansible/devel/community/communication.html).
+
+## Governance
+
+The process of decision making in this collection is based on discussing and finding consensus among participants.
+
+Every voice is important and every idea is valuable. If you have something on your mind, create an issue or dedicated discussion and let's discuss it!
+
+## Included content
+
+- **Modules**:
+ - [mysql_db](https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_db_module.html)
+ - [mysql_info](https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_info_module.html)
+ - [mysql_query](https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_query_module.html)
+ - [mysql_replication](https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_replication_module.html)
+ - [mysql_role](https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_role_module.html)
+ - [mysql_user](https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_user_module.html)
+ - [mysql_variables](https://docs.ansible.com/ansible/latest/collections/community/mysql/mysql_variables_module.html)
+
+## Tested with
+
+### ansible-core
+
+- 2.11
+- 2.12
+- 2.13
+- current development version
+
+### Databases
+
+- mysql 5.7.31
+- mysql 8.0.22
+- mariadb 10.3.34 (only collection version >= 3)
+- mariadb 10.8.3 (only collection version >= 3)
+
+### Database connectors
+
+- pymysql 0.7.10
+- pymysql 0.9.3
+- mysqlclient 2.0.1
+
+## External requirements
+
+The MySQL modules rely on a MySQL connector. The list of supported drivers is below:
+
+- [PyMySQL](https://github.com/PyMySQL/PyMySQL)
+- [mysqlclient](https://github.com/PyMySQL/mysqlclient)
+- Support for other Python MySQL connectors may be added in a future release.
+
+## Using this collection
+
+### Installing the Collection from Ansible Galaxy
+
+Before using the MySQL collection, you need to install it with the Ansible Galaxy CLI:
+
+```bash
+ansible-galaxy collection install community.mysql
+```
+
+You can also include it in a `requirements.yml` file and install it via `ansible-galaxy collection install -r requirements.yml`, using the format:
+
+```yaml
+---
+collections:
+ - name: community.mysql
+```
+
+Note that if you install the collection from Ansible Galaxy, it will not be upgraded automatically if you upgrade the Ansible package. To upgrade the collection to the latest available version, run the following command:
+
+```bash
+ansible-galaxy collection install community.mysql --upgrade
+```
+
+You can also install a specific version of the collection, for example, if you need to downgrade when something is broken in the latest version (please report an issue in this repository). Use the following syntax:
+
+```bash
+ansible-galaxy collection install community.mysql:==2.0.0
+```
+
+See [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details.
+
+## Licensing
+
+<!-- Include the appropriate license information here and a pointer to the full licensing details. If the collection contains modules migrated from the ansible/ansible repo, you must use the same license that existed in the ansible/ansible repo. See the GNU license example below. -->
+
+GNU General Public License v3.0 or later.
+
+See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text.
diff --git a/ansible_collections/community/mysql/changelogs/changelog.yaml b/ansible_collections/community/mysql/changelogs/changelog.yaml
new file mode 100644
index 00000000..e272941b
--- /dev/null
+++ b/ansible_collections/community/mysql/changelogs/changelog.yaml
@@ -0,0 +1,302 @@
+ancestor: 2.0.0
+releases:
+ 3.0.0:
+ changes:
+ breaking_changes:
+ - mysql_replication - remove ``Is_Slave`` and ``Is_Master`` return values (were
+ replaced with ``Is_Primary`` and ``Is_Replica`` (https://github.com/ansible-collections/community.mysql/issues/145).
+ - mysql_replication - remove the mode options values containing ``master``/``slave``
+ and the master_use_gtid option ``slave_pos`` (were replaced with corresponding
+ ``primary``/``replica`` values) (https://github.com/ansible-collections/community.mysql/issues/145).
+ - mysql_user - remove support for the `REQUIRESSL` special privilege as it has
+ ben superseded by the `tls_requires` option (https://github.com/ansible-collections/community.mysql/discussions/121).
+ - mysql_user - validate privileges using database engine directly (https://github.com/ansible-collections/community.mysql/issues/234
+ https://github.com/ansible-collections/community.mysql/pull/243). Do not validate
+ privileges in this module anymore.
+ release_summary: 'This is the major release of the ``community.mysql`` collection.
+
+ This changelog contains all breaking changes to the modules in this collection
+
+ that have been added after the release of ``community.mysql`` 2.3.2.'
+ fragments:
+ - 243-get-rid-of-privs-comparison.yml
+ - 244-remove-requiressl-privilege.yaml
+ - 3.0.0.yml
+ - 300-mysql_replication_remove_master_slave.yml
+ release_date: '2021-12-01'
+ 3.1.0:
+ changes:
+ bugfixes:
+ - Collection core functions - use vendored version of ``distutils.version``
+ instead of the deprecated Python standard library ``distutils`` (https://github.com/ansible-collections/community.mysql/pull/269).
+ minor_changes:
+ - Added explicit description of the supported versions of databases and connectors.
+ Changes to the collection are **NOT** tested against database versions older
+ than `mysql 5.7.31` and `mariadb 10.2.37` or connector versions older than
+ `pymysql 0.7.10` and `mysqlclient 2.0.1`. (https://github.com/ansible-collections/community.mysql/discussions/141)
+ - mysql_user - added the ``force_context`` boolean option to set the default
+ database context for the queries to be the ``mysql`` database. This way replication/binlog
+ filters can catch the statements (https://github.com/ansible-collections/community.mysql/issues/265).
+ release_summary: 'This is the minor release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules in this collection
+
+ that have been added after the release of ``community.mysql`` 3.0.0.'
+ fragments:
+ - 141-supported-database-and-connector-versions.yaml
+ - 266-default-database-for-mysql-user.yml
+ - 267-prepare_for_distutils_be_removed.yml
+ - 3.1.0.yml
+ release_date: '2022-01-18'
+ 3.1.1:
+ changes:
+ bugfixes:
+ - mysql_role - make the ``set_default_role_all`` parameter actually working
+ (https://github.com/ansible-collections/community.mysql/pull/282).
+ release_summary: 'This is the patch release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules in this collection
+
+ that have been added after the release of ``community.mysql`` 3.1.0.'
+ fragments:
+ - 282-mysql_role_fix_set_default_role_all_argument.yml
+ - 3.1.1.yml
+ release_date: '2022-02-16'
+ 3.1.2:
+ changes:
+ bugfixes:
+ - Collection core functions - fixes related to the mysqlclient Python connector
+ (https://github.com/ansible-collections/community.mysql/issues/292).
+ release_summary: 'This is the patch release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules in this collection
+
+ that have been added after the release of ``community.mysql`` 3.1.1.'
+ fragments:
+ - 0-mysqlclient.yml
+ - 3.1.2.yml
+ release_date: '2022-03-14'
+ 3.1.3:
+ changes:
+ bugfixes:
+ - mysql_replication - fails when using the `primary_use_gtid` option with `slave_pos`
+ or `replica_pos` (https://github.com/ansible-collections/community.mysql/issues/335).
+ - mysql_role - remove redundant connection closing (https://github.com/ansible-collections/community.mysql/pull/330).
+ - 'mysql_user - fix the possibility for a race condition that breaks certain
+ (circular) replication configurations when ``DROP USER`` is executed on multiple
+ nodes in the replica set. Adding ``IF EXISTS`` avoids the need to use ``sql_log_bin:
+ no`` making the statement always replication safe (https://github.com/ansible-collections/community.mysql/pull/287).'
+ release_summary: 'This is the patch release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules in this collection
+
+ that have been added after the release of ``community.mysql`` 3.1.2.'
+ fragments:
+ - 0-mysql_replication_replica_pos.yml
+ - 3.1.3.yml
+ - 307-mysql_user_add_if_exists_to_drop.yml
+ - 329-mysql_role-remove-redudant-connection-closing.yml
+ release_date: '2022-04-26'
+ 3.2.0:
+ changes:
+ bugfixes:
+ - mysql_user - fix missing dynamic privileges after revoke and grant privileges
+ to user (https://github.com/ansible-collections/community.mysql/issues/120).
+ - mysql_user - fix parsing privs when a user has roles assigned (https://github.com/ansible-collections/community.mysql/issues/231).
+ major_changes:
+ - The community.mysql collection no longer supports ``Ansible 2.9`` and ``ansible-base
+ 2.10``. While we take no active measures to prevent usage and there are no
+ plans to introduce incompatible code to the modules, we will stop testing
+ against ``Ansible 2.9`` and ``ansible-base 2.10``. Both will very soon be
+ End of Life and if you are still using them, you should consider upgrading
+ to the ``latest Ansible / ansible-core 2.11 or later`` as soon as possible
+ (https://github.com/ansible-collections/community.mysql/pull/343).
+ minor_changes:
+ - 'mysql_user and mysql_role: Add the argument ``subtract_privs`` (boolean,
+ default false, mutually exclusive with ``append_privs``). If set, the privileges
+ given in ``priv`` are revoked and existing privileges are kept (https://github.com/ansible-collections/community.mysql/pull/333).'
+ release_summary: 'This is the minor release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules in this collection
+
+ that have been added after the release of ``community.mysql`` 3.1.3.'
+ fragments:
+ - 001-mysql_user_fix_pars_users_with_roles_assigned.yml
+ - 3.2.0.yml
+ - 333-mysql_user-mysql_role-add-subtract_privileges-argument.yml
+ - 338-mysql_user_fix_missing_dynamic_privileges.yml
+ - drop_support_of_2.9-2.10.yml
+ release_date: '2022-05-13'
+ 3.2.1:
+ changes:
+ bugfixes:
+ - Include ``PSF-license.txt`` file for ``plugins/module_utils/_version.py``.
+ release_summary: 'This is the patch release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules in this collection
+
+ that have been added after the release of ``community.mysql`` 3.2.0.'
+ fragments:
+ - 3.2.1.yml
+ - psf-license.yml
+ release_date: '2022-05-17'
+ 3.3.0:
+ changes:
+ bugfixes:
+ - mysql_query - fix false change reports when ``IF EXISTS/IF NOT EXISTS`` clause
+ is used (https://github.com/ansible-collections/community.mysql/issues/268).
+ - 'mysql_role - don''t add members to a role when creating the role and ``detach_members:
+ true`` is set (https://github.com/ansible-collections/community.mysql/pull/367).'
+ - 'mysql_role - in some cases (when "SHOW GRANTS" did not use backticks for
+ quotes), no unwanted members were detached from the role (and redundant "GRANT"
+ statements were executed for wanted members). This is fixed by querying the
+ existing role members from the mysql.role_edges (MySQL) or mysql.roles_mapping
+ (MariaDB) tables instead of parsing the "SHOW GRANTS" output (https://github.com/ansible-collections/community.mysql/pull/368).
+
+ '
+ - mysql_user - fix logic when ``update_password`` is set to ``on_create`` for
+ users using ``plugin*`` arguments (https://github.com/ansible-collections/community.mysql/issues/334).
+ The ``on_create`` sets ``password`` to None for old mysql_native_authentication
+ but not for authentiation methods which uses the ``plugin*`` arguments. This
+ PR changes this so ``on_create`` also exchange ``plugin``, ``plugin_hash_string``,
+ ``plugin_auth_string`` to None in the list of arguments to change
+ minor_changes:
+ - 'mysql_role - add the argument ``members_must_exist`` (boolean, default true).
+ The assertion that the users supplied in the ``members`` argument exist is
+ only executed when the new argument ``members_must_exist`` is ``true``, to
+ allow opt-out (https://github.com/ansible-collections/community.mysql/pull/369).
+
+ '
+ - 'mysql_user - Add the option ``on_new_username`` to argument ``update_password``
+ to reuse the password (plugin and authentication_string) when creating a new
+ user if some user with the same name already exists. If the existing user
+ with the same name have varying passwords, the password from the arguments
+ is used like with ``update_password: always`` (https://github.com/ansible-collections/community.mysql/pull/365).
+
+ '
+ - 'mysql_user - Add the result field ``password_changed`` (boolean). It is true,
+ when the user got a new password. When the user was created with ``update_password:
+ on_new_username`` and an existing password was reused, ``password_changed``
+ is false (https://github.com/ansible-collections/community.mysql/pull/365).
+
+ '
+ release_summary: 'This is the minor release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules in this collection
+
+ that have been added after the release of ``community.mysql`` 3.2.1.'
+ fragments:
+ - 3.3.0.yml
+ - 322-mysql_query_fix_false_change_report.yml
+ - 334-mysql_user_fix_logic_on_oncreate.yml
+ - 365-mysql_user-add-on_new_username-and-password_changed.yml
+ - 367-mysql_role-fix-deatch-members.yml
+ - 368-mysql_role-fix-member-detection.yml
+ - 369_mysql_role-add-members_must_exist.yml
+ release_date: '2022-06-02'
+ 3.4.0:
+ changes:
+ bugfixes:
+ - Include ``simplified_bsd.txt`` license file for various module utils.
+ - mysql_db - Using compression masks errors messages from mysql_dump. By default
+ the fix is inactive to ensure retro-compatibility with system without bash.
+ To activate the fix, use the module option ``pipefail=true`` (https://github.com/ansible-collections/community.mysql/issues/256).
+ - mysql_replication - when the ``primary_ssl`` argument is set to ``no``, the
+ module will turn off SSL (https://github.com/ansible-collections/community.mysql/issues/393).
+ major_changes:
+ - mysql_db - the ``pipefail`` argument's default value will be changed to ``true``
+ in community.mysql 4.0.0. If your target machines do not use ``bash`` as a
+ default interpreter, set ``pipefail`` to ``false`` explicitly. However, we
+ strongly recommend setting up ``bash`` as a default and ``pipefail=true``
+ as it will protect you from getting broken dumps you don't know about (https://github.com/ansible-collections/community.mysql/issues/407).
+ minor_changes:
+ - mysql_db - add the ``chdir`` argument to avoid failings when a dump file contains
+ relative paths (https://github.com/ansible-collections/community.mysql/issues/395).
+ - mysql_db - add the ``pipefail`` argument to avoid broken dumps when ``state``
+ is ``dump`` and compression is used (https://github.com/ansible-collections/community.mysql/issues/256).
+ release_summary: 'This is the minor release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules in this collection
+
+ that have been added after the release of ``community.mysql`` 3.3.0.'
+ fragments:
+ - 0-mysql_db_add_chdir_argument.yml
+ - 1-mysql_replication_can_disable_master_ssl.yml
+ - 2-mysql_db_announce.yml
+ - 3.4.0.yml
+ - fix-256-mysql_dump-errors.yml
+ - simplified-bsd-license.yml
+ release_date: '2022-08-02'
+ 3.5.0:
+ changes:
+ bugfixes:
+ - mysql_user - grant option was revoked accidentally when modifying users. This
+ fix revokes grant option only when privs are setup to do that (https://github.com/ansible-collections/community.mysql/issues/77#issuecomment-1209693807).
+ minor_changes:
+ - 'mysql_replication - add a new option: ``primary_ssl_verify_server_cert``
+ (https://github.com//pull/435).'
+ release_summary: 'This is the minor release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules in this collection
+
+ that have been added after the release of ``community.mysql`` 3.4.0.'
+ fragments:
+ - 3.5.0.yml
+ - 434-do-not-revoke-grant-option-always.yaml
+ - 435-mysql_replication_verify_server_cert.yml
+ release_date: '2022-09-05'
+ 3.5.1:
+ changes:
+ bugfixes:
+ - mysql_user, mysql_role - mysql/mariadb recent versions translate 'ALL PRIVILEGES'
+ to a list of specific privileges. That caused a change every time we modified
+ user privileges. This fix compares privs before and after user modification
+ to avoid this infinite change (https://github.com/ansible-collections/community.mysql/issues/77).
+ release_summary: 'This is the patch release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules and plugins in this collection
+
+ that have been made after the previous release.'
+ fragments:
+ - 3.5.1.yml
+ - 438-fix-privilege-changing-everytime.yml
+ release_date: '2022-09-09'
+ 3.6.0:
+ changes:
+ bugfixes:
+ - mysql_user - when revoke privs consists only of ``GRANT``, a 2nd revoke query
+ is executed with empty privs to revoke that ended in an SQL exception (https://github.com/ansible-collections/community.mysql/pull/503).
+ - mysql_variables - add uppercase character pattern to regex to allow GLOBAL
+ variables containing uppercase characters. This recognizes variable names
+ used in Galera, for example, ``wsrep_OSU_method``, which breaks the normal
+ pattern of all lowercase characters (https://github.com/ansible-collections/community.mysql/pull/501).
+ minor_changes:
+ - mysql_info - add ``connector_name`` and ``connector_version`` to returned
+ values (https://github.com/ansible-collections/community.mysql/pull/497).
+ - mysql_role - enable auto_commit to avoid MySQL metadata table lock (https://github.com/ansible-collections/community.mysql/issues/479).
+ - mysql_user - add plugin_auth_string as optional parameter to use a specific
+ pam service if pam/auth_pam plugin is used (https://github.com/ansible-collections/community.mysql/pull/445).
+ - mysql_user - add the ``session_vars`` argument to set session variables at
+ the beginning of module execution (https://github.com/ansible-collections/community.mysql/issues/478).
+ - mysql_user - display a more informative invalid privilege exception. Changes
+ the exception handling of the granting permission logic to show the query
+ executed , params and the exception message granting privileges fails` (https://github.com/ansible-collections/community.mysql/issues/465).
+ - mysql_user - enable auto_commit to avoid MySQL metadata table lock (https://github.com/ansible-collections/community.mysql/issues/479).
+ - setup_mysql - update MySQL tarball URL (https://github.com/ansible-collections/community.mysql/pull/491).
+ release_summary: 'This is the minor release of the ``community.mysql`` collection.
+
+ This changelog contains all changes to the modules and plugins in this collection
+
+ that have been made after the previous release.'
+ fragments:
+ - 0_mysql_user_session_vars.yml
+ - 3.6.0.yml
+ - 445_add_service_name_to_plugin_pam_auth_pam_usage.yml
+ - 465-display_more_informative_invalid_priv_exceptiion.yml
+ - 479_enable_auto_commit.yml
+ - 479_enable_auto_commit_part2.yml
+ - 491_fix_download_url.yaml
+ - 497_mysql_info_returns_connector_name_and_version.yml
+ - 503-fix-revoke-grant-only.yml
+ - mysql_variables_allow_uppercase_identifiers.yml
+ release_date: '2023-02-08'
diff --git a/ansible_collections/community/mysql/changelogs/config.yaml b/ansible_collections/community/mysql/changelogs/config.yaml
new file mode 100644
index 00000000..70ab0368
--- /dev/null
+++ b/ansible_collections/community/mysql/changelogs/config.yaml
@@ -0,0 +1,29 @@
+changelog_filename_template: ../CHANGELOG.rst
+changelog_filename_version_depth: 0
+changes_file: changelog.yaml
+changes_format: combined
+keep_fragments: false
+mention_ancestor: true
+new_plugins_after_name: removed_features
+notesdir: fragments
+prelude_section_name: release_summary
+prelude_section_title: Release Summary
+sections:
+- - major_changes
+ - Major Changes
+- - minor_changes
+ - Minor Changes
+- - breaking_changes
+ - Breaking Changes / Porting Guide
+- - deprecated_features
+ - Deprecated Features
+- - removed_features
+ - Removed Features (previously deprecated)
+- - security_fixes
+ - Security Fixes
+- - bugfixes
+ - Bugfixes
+- - known_issues
+ - Known Issues
+title: Community MySQL Collection
+trivial_section_name: trivial
diff --git a/ansible_collections/community/mysql/changelogs/fragments/.keep b/ansible_collections/community/mysql/changelogs/fragments/.keep
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/ansible_collections/community/mysql/changelogs/fragments/.keep
diff --git a/ansible_collections/community/mysql/codecov.yml b/ansible_collections/community/mysql/codecov.yml
new file mode 100644
index 00000000..e832c21f
--- /dev/null
+++ b/ansible_collections/community/mysql/codecov.yml
@@ -0,0 +1,2 @@
+fixes:
+ - "/ansible_collections/community/mysql/::"
diff --git a/ansible_collections/community/mysql/meta/runtime.yml b/ansible_collections/community/mysql/meta/runtime.yml
new file mode 100644
index 00000000..2ee3c9fa
--- /dev/null
+++ b/ansible_collections/community/mysql/meta/runtime.yml
@@ -0,0 +1,2 @@
+---
+requires_ansible: '>=2.9.10'
diff --git a/ansible_collections/community/mysql/plugins/README.md b/ansible_collections/community/mysql/plugins/README.md
new file mode 100644
index 00000000..5b4711b5
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/README.md
@@ -0,0 +1,31 @@
+# Collections Plugins Directory
+
+This directory can be used to ship various plugins inside an Ansible collection. Each plugin is placed in a folder that
+is named after the type of plugin it is in. It can also include the `module_utils` and `modules` directory that
+would contain module utils and modules respectively.
+
+Here is an example directory of the majority of plugins currently supported by Ansible:
+
+```
+└── plugins
+ ├── action
+ ├── become
+ ├── cache
+ ├── callback
+ ├── cliconf
+ ├── connection
+ ├── filter
+ ├── httpapi
+ ├── inventory
+ ├── lookup
+ ├── module_utils
+ ├── modules
+ ├── netconf
+ ├── shell
+ ├── strategy
+ ├── terminal
+ ├── test
+ └── vars
+```
+
+A full list of plugin types can be found at [Working With Plugins](https://docs.ansible.com/ansible/latest/plugins/plugins.html).
diff --git a/ansible_collections/community/mysql/plugins/doc_fragments/mysql.py b/ansible_collections/community/mysql/plugins/doc_fragments/mysql.py
new file mode 100644
index 00000000..939126cb
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/doc_fragments/mysql.py
@@ -0,0 +1,113 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2015, Jonathan Mainguy <jon@soh.re>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class ModuleDocFragment(object):
+
+ # Standard mysql documentation fragment
+ DOCUMENTATION = r'''
+options:
+ login_user:
+ description:
+ - The username used to authenticate with.
+ type: str
+ login_password:
+ description:
+ - The password used to authenticate with.
+ type: str
+ login_host:
+ description:
+ - Host running the database.
+ - In some cases for local connections the I(login_unix_socket=/path/to/mysqld/socket),
+ that is usually C(/var/run/mysqld/mysqld.sock), needs to be used instead of I(login_host=localhost).
+ type: str
+ default: localhost
+ login_port:
+ description:
+ - Port of the MySQL server. Requires I(login_host) be defined as other than localhost if login_port is used.
+ type: int
+ default: 3306
+ login_unix_socket:
+ description:
+ - The path to a Unix domain socket for local connections.
+ - Use this parameter to avoid the C(Please explicitly state intended protocol) error.
+ type: str
+ connect_timeout:
+ description:
+ - The connection timeout when connecting to the MySQL server.
+ type: int
+ default: 30
+ config_file:
+ description:
+ - Specify a config file from which user and password are to be read.
+ - The default config file, C(~/.my.cnf), if it exists, will be read, even if I(config_file) is not specified.
+ - The default config file, C(~/.my.cnf), if it exists, must contain a C([client]) section as a MySQL connector requirement.
+ - To prevent the default config file from being read, set I(config_file) to be an empty string.
+ type: path
+ default: '~/.my.cnf'
+ ca_cert:
+ description:
+ - The path to a Certificate Authority (CA) certificate. This option, if used, must specify the same certificate
+ as used by the server.
+ type: path
+ aliases: [ ssl_ca ]
+ client_cert:
+ description:
+ - The path to a client public key certificate.
+ type: path
+ aliases: [ ssl_cert ]
+ client_key:
+ description:
+ - The path to the client private key.
+ type: path
+ aliases: [ ssl_key ]
+ check_hostname:
+ description:
+ - Whether to validate the server host name when an SSL connection is required. Corresponds to MySQL CLIs C(--ssl) switch.
+ - Setting this to C(false) disables hostname verification. Use with caution.
+ - Requires pymysql >= 0.7.11.
+ - This option has no effect on MySQLdb.
+ type: bool
+ version_added: '1.1.0'
+requirements:
+ - mysqlclient (Python 3.5+) or
+ - PyMySQL (Python 2.7 and Python 3.x) or
+ - MySQLdb (Python 2.x)
+notes:
+ - Requires the PyMySQL (Python 2.7 and Python 3.X) or MySQL-python (Python 2.X) package installed on the remote host.
+ The Python package may be installed with apt-get install python-pymysql (Ubuntu; see M(ansible.builtin.apt)) or
+ yum install python2-PyMySQL (RHEL/CentOS/Fedora; see M(ansible.builtin.yum)). You can also use dnf install python2-PyMySQL
+ for newer versions of Fedora; see M(ansible.builtin.dnf).
+ - Be sure you have mysqlclient, PyMySQL, or MySQLdb library installed on the target machine
+ for the Python interpreter Ansible discovers. For example if ansible discovers and uses Python 3, you need to install
+ the Python 3 version of PyMySQL or mysqlclient. If ansible discovers and uses Python 2, you need to install the Python 2
+ version of either PyMySQL or MySQL-python.
+ - If you have trouble, it may help to force Ansible to use the Python interpreter you need by specifying
+ C(ansible_python_interpreter). For more information, see
+ U(https://docs.ansible.com/ansible/latest/reference_appendices/interpreter_discovery.html).
+ - Both C(login_password) and C(login_user) are required when you are
+ passing credentials. If none are present, the module will attempt to read
+ the credentials from C(~/.my.cnf), and finally fall back to using the MySQL
+ default login of 'root' with no password.
+ - If there are problems with local connections, using I(login_unix_socket=/path/to/mysqld/socket)
+ instead of I(login_host=localhost) might help. As an example, the default MariaDB installation of version 10.4
+ and later uses the unix_socket authentication plugin by default that
+ without using I(login_unix_socket=/var/run/mysqld/mysqld.sock) (the default path)
+ causes the error ``Host '127.0.0.1' is not allowed to connect to this MariaDB server``.
+ - Alternatively, you can use the mysqlclient library instead of MySQL-python (MySQLdb)
+ which supports both Python 2.X and Python >=3.5.
+ See U(https://pypi.org/project/mysqlclient/) how to install it.
+ - "If credentials from the config file (for example, C(/root/.my.cnf)) are not needed to connect to a database server, but
+ the file exists and does not contain a C([client]) section, before any other valid directives, it will be read and this
+ will cause the connection to fail, to prevent this set it to an empty string, (for example C(config_file: ''))."
+ - "To avoid the C(Please explicitly state intended protocol) error, use the I(login_unix_socket) argument,
+ for example, C(login_unix_socket: /run/mysqld/mysqld.sock)."
+ - Alternatively, to avoid using I(login_unix_socket) argument on each invocation you can specify the socket path
+ using the `socket` option in your MySQL config file (usually C(~/.my.cnf)) on the destination host, for
+ example C(socket=/var/lib/mysql/mysql.sock).
+'''
diff --git a/ansible_collections/community/mysql/plugins/module_utils/_version.py b/ansible_collections/community/mysql/plugins/module_utils/_version.py
new file mode 100644
index 00000000..ce027171
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/_version.py
@@ -0,0 +1,343 @@
+# Vendored copy of distutils/version.py from CPython 3.9.5
+#
+# Implements multiple version numbering conventions for the
+# Python Module Distribution Utilities.
+#
+# PSF License (see PSF-license.txt or https://opensource.org/licenses/Python-2.0)
+#
+
+"""Provides classes to represent module version numbers (one class for
+each style of version numbering). There are currently two such classes
+implemented: StrictVersion and LooseVersion.
+
+Every version number class implements the following interface:
+ * the 'parse' method takes a string and parses it to some internal
+ representation; if the string is an invalid version number,
+ 'parse' raises a ValueError exception
+ * the class constructor takes an optional string argument which,
+ if supplied, is passed to 'parse'
+ * __str__ reconstructs the string that was passed to 'parse' (or
+ an equivalent string -- ie. one that will generate an equivalent
+ version number instance)
+ * __repr__ generates Python code to recreate the version number instance
+ * _cmp compares the current instance with either another instance
+ of the same class or a string (which will be parsed to an instance
+ of the same class, thus must follow the same rules)
+"""
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import re
+
+try:
+ RE_FLAGS = re.VERBOSE | re.ASCII
+except AttributeError:
+ RE_FLAGS = re.VERBOSE
+
+
+class Version:
+ """Abstract base class for version numbering classes. Just provides
+ constructor (__init__) and reproducer (__repr__), because those
+ seem to be the same for all version numbering classes; and route
+ rich comparisons to _cmp.
+ """
+
+ def __init__(self, vstring=None):
+ if vstring:
+ self.parse(vstring)
+
+ def __repr__(self):
+ return "%s ('%s')" % (self.__class__.__name__, str(self))
+
+ def __eq__(self, other):
+ c = self._cmp(other)
+ if c is NotImplemented:
+ return c
+ return c == 0
+
+ def __lt__(self, other):
+ c = self._cmp(other)
+ if c is NotImplemented:
+ return c
+ return c < 0
+
+ def __le__(self, other):
+ c = self._cmp(other)
+ if c is NotImplemented:
+ return c
+ return c <= 0
+
+ def __gt__(self, other):
+ c = self._cmp(other)
+ if c is NotImplemented:
+ return c
+ return c > 0
+
+ def __ge__(self, other):
+ c = self._cmp(other)
+ if c is NotImplemented:
+ return c
+ return c >= 0
+
+
+# Interface for version-number classes -- must be implemented
+# by the following classes (the concrete ones -- Version should
+# be treated as an abstract class).
+# __init__ (string) - create and take same action as 'parse'
+# (string parameter is optional)
+# parse (string) - convert a string representation to whatever
+# internal representation is appropriate for
+# this style of version numbering
+# __str__ (self) - convert back to a string; should be very similar
+# (if not identical to) the string supplied to parse
+# __repr__ (self) - generate Python code to recreate
+# the instance
+# _cmp (self, other) - compare two version numbers ('other' may
+# be an unparsed version string, or another
+# instance of your version class)
+
+
+class StrictVersion(Version):
+ """Version numbering for anal retentives and software idealists.
+ Implements the standard interface for version number classes as
+ described above. A version number consists of two or three
+ dot-separated numeric components, with an optional "pre-release" tag
+ on the end. The pre-release tag consists of the letter 'a' or 'b'
+ followed by a number. If the numeric components of two version
+ numbers are equal, then one with a pre-release tag will always
+ be deemed earlier (lesser) than one without.
+
+ The following are valid version numbers (shown in the order that
+ would be obtained by sorting according to the supplied cmp function):
+
+ 0.4 0.4.0 (these two are equivalent)
+ 0.4.1
+ 0.5a1
+ 0.5b3
+ 0.5
+ 0.9.6
+ 1.0
+ 1.0.4a3
+ 1.0.4b1
+ 1.0.4
+
+ The following are examples of invalid version numbers:
+
+ 1
+ 2.7.2.2
+ 1.3.a4
+ 1.3pl1
+ 1.3c4
+
+ The rationale for this version numbering system will be explained
+ in the distutils documentation.
+ """
+
+ version_re = re.compile(r'^(\d+) \. (\d+) (\. (\d+))? ([ab](\d+))?$',
+ RE_FLAGS)
+
+ def parse(self, vstring):
+ match = self.version_re.match(vstring)
+ if not match:
+ raise ValueError("invalid version number '%s'" % vstring)
+
+ (major, minor, patch, prerelease, prerelease_num) = \
+ match.group(1, 2, 4, 5, 6)
+
+ if patch:
+ self.version = tuple(map(int, [major, minor, patch]))
+ else:
+ self.version = tuple(map(int, [major, minor])) + (0,)
+
+ if prerelease:
+ self.prerelease = (prerelease[0], int(prerelease_num))
+ else:
+ self.prerelease = None
+
+ def __str__(self):
+ if self.version[2] == 0:
+ vstring = '.'.join(map(str, self.version[0:2]))
+ else:
+ vstring = '.'.join(map(str, self.version))
+
+ if self.prerelease:
+ vstring = vstring + self.prerelease[0] + str(self.prerelease[1])
+
+ return vstring
+
+ def _cmp(self, other):
+ if isinstance(other, str):
+ other = StrictVersion(other)
+ elif not isinstance(other, StrictVersion):
+ return NotImplemented
+
+ if self.version != other.version:
+ # numeric versions don't match
+ # prerelease stuff doesn't matter
+ if self.version < other.version:
+ return -1
+ else:
+ return 1
+
+ # have to compare prerelease
+ # case 1: neither has prerelease; they're equal
+ # case 2: self has prerelease, other doesn't; other is greater
+ # case 3: self doesn't have prerelease, other does: self is greater
+ # case 4: both have prerelease: must compare them!
+
+ if (not self.prerelease and not other.prerelease):
+ return 0
+ elif (self.prerelease and not other.prerelease):
+ return -1
+ elif (not self.prerelease and other.prerelease):
+ return 1
+ elif (self.prerelease and other.prerelease):
+ if self.prerelease == other.prerelease:
+ return 0
+ elif self.prerelease < other.prerelease:
+ return -1
+ else:
+ return 1
+ else:
+ raise AssertionError("never get here")
+
+# end class StrictVersion
+
+# The rules according to Greg Stein:
+# 1) a version number has 1 or more numbers separated by a period or by
+# sequences of letters. If only periods, then these are compared
+# left-to-right to determine an ordering.
+# 2) sequences of letters are part of the tuple for comparison and are
+# compared lexicographically
+# 3) recognize the numeric components may have leading zeroes
+#
+# The LooseVersion class below implements these rules: a version number
+# string is split up into a tuple of integer and string components, and
+# comparison is a simple tuple comparison. This means that version
+# numbers behave in a predictable and obvious way, but a way that might
+# not necessarily be how people *want* version numbers to behave. There
+# wouldn't be a problem if people could stick to purely numeric version
+# numbers: just split on period and compare the numbers as tuples.
+# However, people insist on putting letters into their version numbers;
+# the most common purpose seems to be:
+# - indicating a "pre-release" version
+# ('alpha', 'beta', 'a', 'b', 'pre', 'p')
+# - indicating a post-release patch ('p', 'pl', 'patch')
+# but of course this can't cover all version number schemes, and there's
+# no way to know what a programmer means without asking him.
+#
+# The problem is what to do with letters (and other non-numeric
+# characters) in a version number. The current implementation does the
+# obvious and predictable thing: keep them as strings and compare
+# lexically within a tuple comparison. This has the desired effect if
+# an appended letter sequence implies something "post-release":
+# eg. "0.99" < "0.99pl14" < "1.0", and "5.001" < "5.001m" < "5.002".
+#
+# However, if letters in a version number imply a pre-release version,
+# the "obvious" thing isn't correct. Eg. you would expect that
+# "1.5.1" < "1.5.2a2" < "1.5.2", but under the tuple/lexical comparison
+# implemented here, this just isn't so.
+#
+# Two possible solutions come to mind. The first is to tie the
+# comparison algorithm to a particular set of semantic rules, as has
+# been done in the StrictVersion class above. This works great as long
+# as everyone can go along with bondage and discipline. Hopefully a
+# (large) subset of Python module programmers will agree that the
+# particular flavour of bondage and discipline provided by StrictVersion
+# provides enough benefit to be worth using, and will submit their
+# version numbering scheme to its domination. The free-thinking
+# anarchists in the lot will never give in, though, and something needs
+# to be done to accommodate them.
+#
+# Perhaps a "moderately strict" version class could be implemented that
+# lets almost anything slide (syntactically), and makes some heuristic
+# assumptions about non-digits in version number strings. This could
+# sink into special-case-hell, though; if I was as talented and
+# idiosyncratic as Larry Wall, I'd go ahead and implement a class that
+# somehow knows that "1.2.1" < "1.2.2a2" < "1.2.2" < "1.2.2pl3", and is
+# just as happy dealing with things like "2g6" and "1.13++". I don't
+# think I'm smart enough to do it right though.
+#
+# In any case, I've coded the test suite for this module (see
+# ../test/test_version.py) specifically to fail on things like comparing
+# "1.2a2" and "1.2". That's not because the *code* is doing anything
+# wrong, it's because the simple, obvious design doesn't match my
+# complicated, hairy expectations for real-world version numbers. It
+# would be a snap to fix the test suite to say, "Yep, LooseVersion does
+# the Right Thing" (ie. the code matches the conception). But I'd rather
+# have a conception that matches common notions about version numbers.
+
+
+class LooseVersion(Version):
+ """Version numbering for anarchists and software realists.
+ Implements the standard interface for version number classes as
+ described above. A version number consists of a series of numbers,
+ separated by either periods or strings of letters. When comparing
+ version numbers, the numeric components will be compared
+ numerically, and the alphabetic components lexically. The following
+ are all valid version numbers, in no particular order:
+
+ 1.5.1
+ 1.5.2b2
+ 161
+ 3.10a
+ 8.02
+ 3.4j
+ 1996.07.12
+ 3.2.pl0
+ 3.1.1.6
+ 2g6
+ 11g
+ 0.960923
+ 2.2beta29
+ 1.13++
+ 5.5.kw
+ 2.0b1pl0
+
+ In fact, there is no such thing as an invalid version number under
+ this scheme; the rules for comparison are simple and predictable,
+ but may not always give the results you want (for some definition
+ of "want").
+ """
+
+ component_re = re.compile(r'(\d+ | [a-z]+ | \.)', re.VERBOSE)
+
+ def __init__(self, vstring=None):
+ if vstring:
+ self.parse(vstring)
+
+ def parse(self, vstring):
+ # I've given up on thinking I can reconstruct the version string
+ # from the parsed tuple -- so I just store the string here for
+ # use by __str__
+ self.vstring = vstring
+ components = [x for x in self.component_re.split(vstring) if x and x != '.']
+ for i, obj in enumerate(components):
+ try:
+ components[i] = int(obj)
+ except ValueError:
+ pass
+
+ self.version = components
+
+ def __str__(self):
+ return self.vstring
+
+ def __repr__(self):
+ return "LooseVersion ('%s')" % str(self)
+
+ def _cmp(self, other):
+ if isinstance(other, str):
+ other = LooseVersion(other)
+ elif not isinstance(other, LooseVersion):
+ return NotImplemented
+
+ if self.version == other.version:
+ return 0
+ if self.version < other.version:
+ return -1
+ if self.version > other.version:
+ return 1
+
+# end class LooseVersion
diff --git a/ansible_collections/community/mysql/plugins/module_utils/database.py b/ansible_collections/community/mysql/plugins/module_utils/database.py
new file mode 100644
index 00000000..da0375d5
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/database.py
@@ -0,0 +1,189 @@
+# This code is part of Ansible, but is an independent component.
+# This particular file snippet, and this file snippet only, is BSD licensed.
+# Modules you write using this snippet, which is embedded dynamically by Ansible
+# still belong to the author of the module, and may assign their own license
+# to the complete work.
+#
+# Copyright (c) 2014, Toshio Kuratomi <tkuratomi@ansible.com>
+#
+# Simplified BSD License (see simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import re
+
+
+# Input patterns for is_input_dangerous function:
+#
+# 1. '"' in string and '--' in string or
+# "'" in string and '--' in string
+PATTERN_1 = re.compile(r'(\'|\").*--')
+
+# 2. union \ intersect \ except + select
+PATTERN_2 = re.compile(r'(UNION|INTERSECT|EXCEPT).*SELECT', re.IGNORECASE)
+
+# 3. ';' and any KEY_WORDS
+PATTERN_3 = re.compile(r';.*(SELECT|UPDATE|INSERT|DELETE|DROP|TRUNCATE|ALTER)', re.IGNORECASE)
+
+
+class SQLParseError(Exception):
+ pass
+
+
+class UnclosedQuoteError(SQLParseError):
+ pass
+
+
+# maps a type of identifier to the maximum number of dot levels that are
+# allowed to specify that identifier. For example, a database column can be
+# specified by up to 4 levels: database.schema.table.column
+_PG_IDENTIFIER_TO_DOT_LEVEL = dict(
+ database=1,
+ schema=2,
+ table=3,
+ column=4,
+ role=1,
+ tablespace=1,
+ sequence=3,
+ publication=1,
+)
+_MYSQL_IDENTIFIER_TO_DOT_LEVEL = dict(database=1, table=2, column=3, role=1, vars=1)
+
+
+def _find_end_quote(identifier, quote_char):
+ accumulate = 0
+ while True:
+ try:
+ quote = identifier.index(quote_char)
+ except ValueError:
+ raise UnclosedQuoteError
+ accumulate = accumulate + quote
+ try:
+ next_char = identifier[quote + 1]
+ except IndexError:
+ return accumulate
+ if next_char == quote_char:
+ try:
+ identifier = identifier[quote + 2:]
+ accumulate = accumulate + 2
+ except IndexError:
+ raise UnclosedQuoteError
+ else:
+ return accumulate
+
+
+def _identifier_parse(identifier, quote_char):
+ if not identifier:
+ raise SQLParseError('Identifier name unspecified or unquoted trailing dot')
+
+ already_quoted = False
+ if identifier.startswith(quote_char):
+ already_quoted = True
+ try:
+ end_quote = _find_end_quote(identifier[1:], quote_char=quote_char) + 1
+ except UnclosedQuoteError:
+ already_quoted = False
+ else:
+ if end_quote < len(identifier) - 1:
+ if identifier[end_quote + 1] == '.':
+ dot = end_quote + 1
+ first_identifier = identifier[:dot]
+ next_identifier = identifier[dot + 1:]
+ further_identifiers = _identifier_parse(next_identifier, quote_char)
+ further_identifiers.insert(0, first_identifier)
+ else:
+ raise SQLParseError('User escaped identifiers must escape extra quotes')
+ else:
+ further_identifiers = [identifier]
+
+ if not already_quoted:
+ try:
+ dot = identifier.index('.')
+ except ValueError:
+ identifier = identifier.replace(quote_char, quote_char * 2)
+ identifier = ''.join((quote_char, identifier, quote_char))
+ further_identifiers = [identifier]
+ else:
+ if dot == 0 or dot >= len(identifier) - 1:
+ identifier = identifier.replace(quote_char, quote_char * 2)
+ identifier = ''.join((quote_char, identifier, quote_char))
+ further_identifiers = [identifier]
+ else:
+ first_identifier = identifier[:dot]
+ next_identifier = identifier[dot + 1:]
+ further_identifiers = _identifier_parse(next_identifier, quote_char)
+ first_identifier = first_identifier.replace(quote_char, quote_char * 2)
+ first_identifier = ''.join((quote_char, first_identifier, quote_char))
+ further_identifiers.insert(0, first_identifier)
+
+ return further_identifiers
+
+
+def pg_quote_identifier(identifier, id_type):
+ identifier_fragments = _identifier_parse(identifier, quote_char='"')
+ if len(identifier_fragments) > _PG_IDENTIFIER_TO_DOT_LEVEL[id_type]:
+ raise SQLParseError('PostgreSQL does not support %s with more than %i dots' % (id_type, _PG_IDENTIFIER_TO_DOT_LEVEL[id_type]))
+ return '.'.join(identifier_fragments)
+
+
+def mysql_quote_identifier(identifier, id_type):
+ identifier_fragments = _identifier_parse(identifier, quote_char='`')
+ if (len(identifier_fragments) - 1) > _MYSQL_IDENTIFIER_TO_DOT_LEVEL[id_type]:
+ raise SQLParseError('MySQL does not support %s with more than %i dots' % (id_type, _MYSQL_IDENTIFIER_TO_DOT_LEVEL[id_type]))
+
+ special_cased_fragments = []
+ for fragment in identifier_fragments:
+ if fragment == '`*`':
+ special_cased_fragments.append('*')
+ else:
+ special_cased_fragments.append(fragment)
+
+ return '.'.join(special_cased_fragments)
+
+
+def is_input_dangerous(string):
+ """Check if the passed string is potentially dangerous.
+ Can be used to prevent SQL injections.
+
+ Note: use this function only when you can't use
+ psycopg2's cursor.execute method parametrized
+ (typically with DDL queries).
+ """
+ if not string:
+ return False
+
+ for pattern in (PATTERN_1, PATTERN_2, PATTERN_3):
+ if re.search(pattern, string):
+ return True
+
+ return False
+
+
+def check_input(module, *args):
+ """Wrapper for is_input_dangerous function."""
+ needs_to_check = args
+
+ dangerous_elements = []
+
+ for elem in needs_to_check:
+ if isinstance(elem, str):
+ if is_input_dangerous(elem):
+ dangerous_elements.append(elem)
+
+ elif isinstance(elem, list):
+ for e in elem:
+ if is_input_dangerous(e):
+ dangerous_elements.append(e)
+
+ elif elem is None or isinstance(elem, bool):
+ pass
+
+ else:
+ elem = str(elem)
+ if is_input_dangerous(elem):
+ dangerous_elements.append(elem)
+
+ if dangerous_elements:
+ module.fail_json(msg="Passed input '%s' is "
+ "potentially dangerous" % ', '.join(dangerous_elements))
diff --git a/ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/replication.py b/ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/replication.py
new file mode 100644
index 00000000..a1733e78
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/replication.py
@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible_collections.community.mysql.plugins.module_utils.mysql import get_server_version
+from ansible_collections.community.mysql.plugins.module_utils.version import LooseVersion
+
+
+def uses_replica_terminology(cursor):
+ """Checks if REPLICA must be used instead of SLAVE"""
+ return LooseVersion(get_server_version(cursor)) >= LooseVersion('10.5.1')
diff --git a/ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/role.py b/ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/role.py
new file mode 100644
index 00000000..d227d598
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/role.py
@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible_collections.community.mysql.plugins.module_utils.version import LooseVersion
+from ansible_collections.community.mysql.plugins.module_utils.mysql import get_server_version
+
+
+def supports_roles(cursor):
+ version = get_server_version(cursor)
+
+ return LooseVersion(version) >= LooseVersion('10.0.5')
+
+
+def is_mariadb():
+ return True
diff --git a/ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/user.py b/ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/user.py
new file mode 100644
index 00000000..b87ff69e
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/implementations/mariadb/user.py
@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible_collections.community.mysql.plugins.module_utils.version import LooseVersion
+from ansible_collections.community.mysql.plugins.module_utils.mysql import get_server_version
+
+
+def use_old_user_mgmt(cursor):
+ version = get_server_version(cursor)
+
+ return LooseVersion(version) < LooseVersion("10.2")
+
+
+def supports_identified_by_password(cursor):
+ return True
diff --git a/ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/replication.py b/ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/replication.py
new file mode 100644
index 00000000..2e50beaf
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/replication.py
@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible_collections.community.mysql.plugins.module_utils.mysql import get_server_version
+from ansible_collections.community.mysql.plugins.module_utils.version import LooseVersion
+
+
+def uses_replica_terminology(cursor):
+ """Checks if REPLICA must be used instead of SLAVE"""
+ return LooseVersion(get_server_version(cursor)) >= LooseVersion('8.0.22')
diff --git a/ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/role.py b/ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/role.py
new file mode 100644
index 00000000..932d74a9
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/role.py
@@ -0,0 +1,19 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible_collections.community.mysql.plugins.module_utils.version import LooseVersion
+from ansible_collections.community.mysql.plugins.module_utils.mysql import get_server_version
+
+
+def supports_roles(cursor):
+ version = get_server_version(cursor)
+
+ return LooseVersion(version) >= LooseVersion('8')
+
+
+def is_mariadb():
+ return False
diff --git a/ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/user.py b/ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/user.py
new file mode 100644
index 00000000..b1419031
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/implementations/mysql/user.py
@@ -0,0 +1,20 @@
+# -*- coding: utf-8 -*-
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from ansible_collections.community.mysql.plugins.module_utils.version import LooseVersion
+from ansible_collections.community.mysql.plugins.module_utils.mysql import get_server_version
+
+
+def use_old_user_mgmt(cursor):
+ version = get_server_version(cursor)
+
+ return LooseVersion(version) < LooseVersion("5.7")
+
+
+def supports_identified_by_password(cursor):
+ version = get_server_version(cursor)
+ return LooseVersion(version) < LooseVersion("8")
diff --git a/ansible_collections/community/mysql/plugins/module_utils/mysql.py b/ansible_collections/community/mysql/plugins/module_utils/mysql.py
new file mode 100644
index 00000000..2cafcb60
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/mysql.py
@@ -0,0 +1,201 @@
+# This code is part of Ansible, but is an independent component.
+# This particular file snippet, and this file snippet only, is BSD licensed.
+# Modules you write using this snippet, which is embedded dynamically by Ansible
+# still belong to the author of the module, and may assign their own license
+# to the complete work.
+#
+# Copyright (c), Jonathan Mainguy <jon@soh.re>, 2015
+# Most of this was originally added by Sven Schliesing @muffl0n in the mysql_user.py module
+#
+# Simplified BSD License (see simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause)
+
+from __future__ import (absolute_import, division, print_function)
+from functools import reduce
+__metaclass__ = type
+
+import os
+
+from ansible.module_utils.six.moves import configparser
+from ansible.module_utils._text import to_native
+
+try:
+ import pymysql as mysql_driver
+ _mysql_cursor_param = 'cursor'
+except ImportError:
+ try:
+ # mysqlclient is called MySQLdb
+ import MySQLdb as mysql_driver
+ import MySQLdb.cursors
+ _mysql_cursor_param = 'cursorclass'
+ except ImportError:
+ mysql_driver = None
+
+mysql_driver_fail_msg = ('A MySQL module is required: for Python 2.7 either PyMySQL, or '
+ 'MySQL-python, or for Python 3.X mysqlclient or PyMySQL. '
+ 'Consider setting ansible_python_interpreter to use '
+ 'the intended Python version.')
+
+from ansible_collections.community.mysql.plugins.module_utils.database import mysql_quote_identifier
+
+
+def get_connector_name(connector):
+ """ (class) -> str
+ Return the name of the connector (pymysql or mysqlclient (MySQLdb))
+ or 'Unknown' if not pymysql or MySQLdb. When adding a
+ connector here, also modify get_connector_version.
+ """
+ if connector is None or not hasattr(connector, '__name__'):
+ return 'Unknown'
+
+ return connector.__name__
+
+
+def get_connector_version(connector):
+ """ (class) -> str
+ Return the version of pymysql or mysqlclient (MySQLdb).
+ Return 'Unknown' if the connector name is unknown.
+ """
+
+ if connector is None:
+ return 'Unknown'
+
+ connector_name = get_connector_name(connector)
+
+ if connector_name == 'pymysql':
+ # pymysql has two methods:
+ # - __version__ that returns the string: 0.7.11.None
+ # - VERSION that returns the tuple (0, 7, 11, None)
+ v = connector.VERSION[:3]
+ return '.'.join(map(str, v))
+ elif connector_name == 'MySQLdb':
+ # version_info returns the tuple (2, 1, 1, 'final', 0)
+ v = connector.version_info[:3]
+ return '.'.join(map(str, v))
+ else:
+ return 'Unknown'
+
+
+def parse_from_mysql_config_file(cnf):
+ # Default values of comment_prefix is '#' and ';'.
+ # '!' added to prevent a parsing error
+ # when a config file contains !includedir parameter.
+ cp = configparser.ConfigParser(comment_prefixes=('#', ';', '!'))
+ cp.read(cnf)
+ return cp
+
+
+def mysql_connect(module, login_user=None, login_password=None, config_file='', ssl_cert=None,
+ ssl_key=None, ssl_ca=None, db=None, cursor_class=None, connect_timeout=30,
+ autocommit=False, config_overrides_defaults=False, check_hostname=None):
+ config = {}
+
+ if config_file and os.path.exists(config_file):
+ config['read_default_file'] = config_file
+
+ if config_overrides_defaults:
+ try:
+ cp = parse_from_mysql_config_file(config_file)
+ except Exception as e:
+ module.fail_json(msg="Failed to parse %s: %s" % (config_file, to_native(e)))
+
+ # Override some commond defaults with values from config file if needed
+ if cp and cp.has_section('client'):
+ try:
+ module.params['login_host'] = cp.get('client', 'host', fallback=module.params['login_host'])
+ module.params['login_port'] = cp.getint('client', 'port', fallback=module.params['login_port'])
+ except Exception as e:
+ if "got an unexpected keyword argument 'fallback'" in e.message:
+ module.fail_json(msg='To use config_overrides_defaults, '
+ 'it needs Python 3.5+ as the default interpreter on a target host')
+
+ if ssl_ca is not None or ssl_key is not None or ssl_cert is not None or check_hostname is not None:
+ config['ssl'] = {}
+
+ if module.params['login_unix_socket']:
+ config['unix_socket'] = module.params['login_unix_socket']
+ else:
+ config['host'] = module.params['login_host']
+ config['port'] = module.params['login_port']
+
+ # If login_user or login_password are given, they should override the
+ # config file
+ if login_user is not None:
+ config['user'] = login_user
+ if login_password is not None:
+ config['passwd'] = login_password
+ if ssl_cert is not None:
+ config['ssl']['cert'] = ssl_cert
+ if ssl_key is not None:
+ config['ssl']['key'] = ssl_key
+ if ssl_ca is not None:
+ config['ssl']['ca'] = ssl_ca
+ if db is not None:
+ config['db'] = db
+ if connect_timeout is not None:
+ config['connect_timeout'] = connect_timeout
+ if check_hostname is not None:
+ if mysql_driver.__name__ == "pymysql":
+ version_tuple = (n for n in mysql_driver.__version__.split('.') if n != 'None')
+ if reduce(lambda x, y: int(x) * 100 + int(y), version_tuple) >= 711:
+ config['ssl']['check_hostname'] = check_hostname
+ else:
+ module.fail_json(msg='To use check_hostname, pymysql >= 0.7.11 is required on the target host')
+
+ if _mysql_cursor_param == 'cursor':
+ # In case of PyMySQL driver:
+ db_connection = mysql_driver.connect(autocommit=autocommit, **config)
+ else:
+ # In case of MySQLdb driver
+ db_connection = mysql_driver.connect(**config)
+ if autocommit:
+ db_connection.autocommit(True)
+
+ # Monkey patch the Connection class to close the connection when garbage collected
+ def _conn_patch(conn_self):
+ conn_self.close()
+ db_connection.__class__.__del__ = _conn_patch
+ # Patched
+
+ if cursor_class == 'DictCursor':
+ return db_connection.cursor(**{_mysql_cursor_param: mysql_driver.cursors.DictCursor}), db_connection
+ else:
+ return db_connection.cursor(), db_connection
+
+
+def mysql_common_argument_spec():
+ return dict(
+ login_user=dict(type='str', default=None),
+ login_password=dict(type='str', no_log=True),
+ login_host=dict(type='str', default='localhost'),
+ login_port=dict(type='int', default=3306),
+ login_unix_socket=dict(type='str'),
+ config_file=dict(type='path', default='~/.my.cnf'),
+ connect_timeout=dict(type='int', default=30),
+ client_cert=dict(type='path', aliases=['ssl_cert']),
+ client_key=dict(type='path', aliases=['ssl_key']),
+ ca_cert=dict(type='path', aliases=['ssl_ca']),
+ check_hostname=dict(type='bool', default=None),
+ )
+
+
+def get_server_version(cursor):
+ """Returns a string representation of the server version."""
+ cursor.execute("SELECT VERSION() AS version")
+ result = cursor.fetchone()
+
+ if isinstance(result, dict):
+ version_str = result['version']
+ else:
+ version_str = result[0]
+
+ return version_str
+
+
+def set_session_vars(module, cursor, session_vars):
+ """Set session vars."""
+ for var, value in session_vars.items():
+ query = "SET SESSION %s = " % mysql_quote_identifier(var, 'vars')
+ try:
+ cursor.execute(query + "%s", (value,))
+ except Exception as e:
+ module.fail_json(msg='Failed to execute %s%s: %s' % (query, value, e))
diff --git a/ansible_collections/community/mysql/plugins/module_utils/user.py b/ansible_collections/community/mysql/plugins/module_utils/user.py
new file mode 100644
index 00000000..fc4c40e8
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/user.py
@@ -0,0 +1,896 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+# This code is part of Ansible, but is an independent component.
+# This particular file snippet, and this file snippet only, is BSD licensed.
+# Modules you write using this snippet, which is embedded dynamically by Ansible
+# still belong to the author of the module, and may assign their own license
+# to the complete work.
+#
+# Simplified BSD License (see simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause)
+
+import string
+import re
+
+from ansible.module_utils.six import iteritems
+
+from ansible_collections.community.mysql.plugins.module_utils.mysql import (
+ mysql_driver,
+)
+
+
+class InvalidPrivsError(Exception):
+ pass
+
+
+def get_mode(cursor):
+ cursor.execute('SELECT @@GLOBAL.sql_mode')
+ result = cursor.fetchone()
+ mode_str = result[0]
+ if 'ANSI' in mode_str:
+ mode = 'ANSI'
+ else:
+ mode = 'NOTANSI'
+ return mode
+
+
+def user_exists(cursor, user, host, host_all):
+ if host_all:
+ cursor.execute("SELECT count(*) FROM mysql.user WHERE user = %s", (user,))
+ else:
+ cursor.execute("SELECT count(*) FROM mysql.user WHERE user = %s AND host = %s", (user, host))
+
+ count = cursor.fetchone()
+ return count[0] > 0
+
+
+def sanitize_requires(tls_requires):
+ sanitized_requires = {}
+ if tls_requires:
+ for key in tls_requires.keys():
+ sanitized_requires[key.upper()] = tls_requires[key]
+ if any(key in ["CIPHER", "ISSUER", "SUBJECT"] for key in sanitized_requires.keys()):
+ sanitized_requires.pop("SSL", None)
+ sanitized_requires.pop("X509", None)
+ return sanitized_requires
+
+ if "X509" in sanitized_requires.keys():
+ sanitized_requires = "X509"
+ else:
+ sanitized_requires = "SSL"
+
+ return sanitized_requires
+ return None
+
+
+def mogrify_requires(query, params, tls_requires):
+ if tls_requires:
+ if isinstance(tls_requires, dict):
+ k, v = zip(*tls_requires.items())
+ requires_query = " AND ".join(("%s %%s" % key for key in k))
+ params += v
+ else:
+ requires_query = tls_requires
+ query = " REQUIRE ".join((query, requires_query))
+ return query, params
+
+
+def do_not_mogrify_requires(query, params, tls_requires):
+ return query, params
+
+
+def get_tls_requires(cursor, user, host):
+ if user:
+ if not impl.use_old_user_mgmt(cursor):
+ query = "SHOW CREATE USER '%s'@'%s'" % (user, host)
+ else:
+ query = "SHOW GRANTS for '%s'@'%s'" % (user, host)
+
+ cursor.execute(query)
+ require_list = [tuple[0] for tuple in filter(lambda x: "REQUIRE" in x[0], cursor.fetchall())]
+ require_line = require_list[0] if require_list else ""
+ pattern = r"(?<=\bREQUIRE\b)(.*?)(?=(?:\bPASSWORD\b|$))"
+ requires_match = re.search(pattern, require_line)
+ requires = requires_match.group().strip() if requires_match else ""
+ if any((requires.startswith(req) for req in ('SSL', 'X509', 'NONE'))):
+ requires = requires.split()[0]
+ if requires == 'NONE':
+ requires = None
+ else:
+ import shlex
+
+ items = iter(shlex.split(requires))
+ requires = dict(zip(items, items))
+ return requires or None
+
+
+def get_grants(cursor, user, host):
+ cursor.execute("SHOW GRANTS FOR %s@%s", (user, host))
+ grants_line = list(filter(lambda x: "ON *.*" in x[0], cursor.fetchall()))[0]
+ pattern = r"(?<=\bGRANT\b)(.*?)(?=(?:\bON\b))"
+ grants = re.search(pattern, grants_line[0]).group().strip()
+ return grants.split(", ")
+
+
+def get_existing_authentication(cursor, user):
+ # Return the plugin and auth_string if there is exactly one distinct existing plugin and auth_string.
+ cursor.execute("SELECT VERSION()")
+ if 'mariadb' in cursor.fetchone()[0].lower():
+ # before MariaDB 10.2.19 and 10.3.11, "password" and "authentication_string" can differ
+ # when using mysql_native_password
+ cursor.execute("""select plugin, auth from (
+ select plugin, password as auth from mysql.user where user=%(user)s
+ union select plugin, authentication_string as auth from mysql.user where user=%(user)s
+ ) x group by plugin, auth limit 2
+ """, {'user': user})
+ else:
+ cursor.execute("""select plugin, authentication_string as auth from mysql.user where user=%(user)s
+ group by plugin, authentication_string limit 2""", {'user': user})
+ rows = cursor.fetchall()
+ if len(rows) == 1:
+ return {'plugin': rows[0][0], 'auth_string': rows[0][1]}
+ return None
+
+
+def user_add(cursor, user, host, host_all, password, encrypted,
+ plugin, plugin_hash_string, plugin_auth_string, new_priv,
+ tls_requires, check_mode, reuse_existing_password):
+ # we cannot create users without a proper hostname
+ if host_all:
+ return {'changed': False, 'password_changed': False}
+
+ if check_mode:
+ return {'changed': True, 'password_changed': None}
+
+ # Determine what user management method server uses
+ old_user_mgmt = impl.use_old_user_mgmt(cursor)
+
+ mogrify = do_not_mogrify_requires if old_user_mgmt else mogrify_requires
+
+ used_existing_password = False
+ if reuse_existing_password:
+ existing_auth = get_existing_authentication(cursor, user)
+ if existing_auth:
+ plugin = existing_auth['plugin']
+ plugin_hash_string = existing_auth['auth_string']
+ password = None
+ used_existing_password = True
+ if password and encrypted:
+ if impl.supports_identified_by_password(cursor):
+ query_with_args = "CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password)
+ else:
+ query_with_args = "CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, password)
+ elif password and not encrypted:
+ if old_user_mgmt:
+ query_with_args = "CREATE USER %s@%s IDENTIFIED BY %s", (user, host, password)
+ else:
+ cursor.execute("SELECT CONCAT('*', UCASE(SHA1(UNHEX(SHA1(%s)))))", (password,))
+ encrypted_password = cursor.fetchone()[0]
+ query_with_args = "CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, encrypted_password)
+ elif plugin and plugin_hash_string:
+ query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
+ elif plugin and plugin_auth_string:
+ # Mysql and MariaDB differ in naming pam plugin and Syntax to set it
+ if plugin == 'pam': # Used by MariaDB which requires the USING keyword, not BY
+ query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
+ else:
+ query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
+ elif plugin:
+ query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)
+ else:
+ query_with_args = "CREATE USER %s@%s", (user, host)
+
+ query_with_args_and_tls_requires = query_with_args + (tls_requires,)
+ cursor.execute(*mogrify(*query_with_args_and_tls_requires))
+
+ if new_priv is not None:
+ for db_table, priv in iteritems(new_priv):
+ privileges_grant(cursor, user, host, db_table, priv, tls_requires)
+ if tls_requires is not None:
+ privileges_grant(cursor, user, host, "*.*", get_grants(cursor, user, host), tls_requires)
+ return {'changed': True, 'password_changed': not used_existing_password}
+
+
+def is_hash(password):
+ ishash = False
+ if len(password) == 41 and password[0] == '*':
+ if frozenset(password[1:]).issubset(string.hexdigits):
+ ishash = True
+ return ishash
+
+
+def user_mod(cursor, user, host, host_all, password, encrypted,
+ plugin, plugin_hash_string, plugin_auth_string, new_priv,
+ append_privs, subtract_privs, tls_requires, module, role=False, maria_role=False):
+ changed = False
+ msg = "User unchanged"
+ grant_option = False
+
+ # Determine what user management method server uses
+ old_user_mgmt = impl.use_old_user_mgmt(cursor)
+
+ if host_all and not role:
+ hostnames = user_get_hostnames(cursor, user)
+ else:
+ hostnames = [host]
+
+ password_changed = False
+ for host in hostnames:
+ # Handle clear text and hashed passwords.
+ if not role:
+ if bool(password):
+
+ # Get a list of valid columns in mysql.user table to check if Password and/or authentication_string exist
+ cursor.execute("""
+ SELECT COLUMN_NAME FROM information_schema.COLUMNS
+ WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME IN ('Password', 'authentication_string')
+ ORDER BY COLUMN_NAME DESC LIMIT 1
+ """)
+ colA = cursor.fetchone()
+
+ cursor.execute("""
+ SELECT COLUMN_NAME FROM information_schema.COLUMNS
+ WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME IN ('Password', 'authentication_string')
+ ORDER BY COLUMN_NAME ASC LIMIT 1
+ """)
+ colB = cursor.fetchone()
+
+ # Select hash from either Password or authentication_string, depending which one exists and/or is filled
+ cursor.execute("""
+ SELECT COALESCE(
+ CASE WHEN %s = '' THEN NULL ELSE %s END,
+ CASE WHEN %s = '' THEN NULL ELSE %s END
+ )
+ FROM mysql.user WHERE user = %%s AND host = %%s
+ """ % (colA[0], colA[0], colB[0], colB[0]), (user, host))
+ current_pass_hash = cursor.fetchone()[0]
+ if isinstance(current_pass_hash, bytes):
+ current_pass_hash = current_pass_hash.decode('ascii')
+
+ if encrypted:
+ encrypted_password = password
+ if not is_hash(encrypted_password):
+ module.fail_json(msg="encrypted was specified however it does not appear to be a valid hash expecting: *SHA1(SHA1(your_password))")
+ else:
+ if old_user_mgmt:
+ cursor.execute("SELECT PASSWORD(%s)", (password,))
+ else:
+ cursor.execute("SELECT CONCAT('*', UCASE(SHA1(UNHEX(SHA1(%s)))))", (password,))
+ encrypted_password = cursor.fetchone()[0]
+
+ if current_pass_hash != encrypted_password:
+ password_changed = True
+ msg = "Password updated"
+ if module.check_mode:
+ return {'changed': True, 'msg': msg, 'password_changed': password_changed}
+ if old_user_mgmt:
+ cursor.execute("SET PASSWORD FOR %s@%s = %s", (user, host, encrypted_password))
+ msg = "Password updated (old style)"
+ else:
+ try:
+ cursor.execute("ALTER USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, encrypted_password))
+ msg = "Password updated (new style)"
+ except (mysql_driver.Error) as e:
+ # https://stackoverflow.com/questions/51600000/authentication-string-of-root-user-on-mysql
+ # Replacing empty root password with new authentication mechanisms fails with error 1396
+ if e.args[0] == 1396:
+ cursor.execute(
+ "UPDATE mysql.user SET plugin = %s, authentication_string = %s, Password = '' WHERE User = %s AND Host = %s",
+ ('mysql_native_password', encrypted_password, user, host)
+ )
+ cursor.execute("FLUSH PRIVILEGES")
+ msg = "Password forced update"
+ else:
+ raise e
+ changed = True
+
+ # Handle plugin authentication
+ if plugin and not role:
+ cursor.execute("SELECT plugin, authentication_string FROM mysql.user "
+ "WHERE user = %s AND host = %s", (user, host))
+ current_plugin = cursor.fetchone()
+
+ update = False
+
+ if current_plugin[0] != plugin:
+ update = True
+
+ if plugin_hash_string and current_plugin[1] != plugin_hash_string:
+ update = True
+
+ if plugin_auth_string and current_plugin[1] != plugin_auth_string:
+ # this case can cause more updates than expected,
+ # as plugin can hash auth_string in any way it wants
+ # and there's no way to figure it out for
+ # a check, so I prefer to update more often than never
+ update = True
+
+ if update:
+ if plugin_hash_string:
+ query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
+ elif plugin_auth_string:
+ # Mysql and MariaDB differ in naming pam plugin and syntax to set it
+ if plugin == 'pam':
+ query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
+ else:
+ query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
+ else:
+ query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)
+
+ cursor.execute(*query_with_args)
+ password_changed = True
+ changed = True
+
+ # Handle privileges
+ if new_priv is not None:
+ curr_priv = privileges_get(cursor, user, host, maria_role)
+
+ # If the user has privileges on a db.table that doesn't appear at all in
+ # the new specification, then revoke all privileges on it.
+ if not append_privs and not subtract_privs:
+ for db_table, priv in iteritems(curr_priv):
+ # If the user has the GRANT OPTION on a db.table, revoke it first.
+ if "GRANT" in priv:
+ grant_option = True
+ if db_table not in new_priv:
+ if user != "root" and "PROXY" not in priv:
+ msg = "Privileges updated"
+ if module.check_mode:
+ return {'changed': True, 'msg': msg, 'password_changed': password_changed}
+ privileges_revoke(cursor, user, host, db_table, priv, grant_option, maria_role)
+ changed = True
+
+ # If the user doesn't currently have any privileges on a db.table, then
+ # we can perform a straight grant operation.
+ if not subtract_privs:
+ for db_table, priv in iteritems(new_priv):
+ if db_table not in curr_priv:
+ msg = "New privileges granted"
+ if module.check_mode:
+ return {'changed': True, 'msg': msg, 'password_changed': password_changed}
+ privileges_grant(cursor, user, host, db_table, priv, tls_requires, maria_role)
+ changed = True
+
+ # If the db.table specification exists in both the user's current privileges
+ # and in the new privileges, then we need to see if there's a difference.
+ db_table_intersect = set(new_priv.keys()) & set(curr_priv.keys())
+ for db_table in db_table_intersect:
+
+ grant_privs = []
+ revoke_privs = []
+ if append_privs:
+ # When appending privileges, only missing privileges need to be granted. Nothing is revoked.
+ grant_privs = list(set(new_priv[db_table]) - set(curr_priv[db_table]))
+ elif subtract_privs:
+ # When subtracting privileges, revoke only the intersection of requested and current privileges.
+ # No privileges are granted.
+ revoke_privs = list(set(new_priv[db_table]) & set(curr_priv[db_table]))
+ else:
+ # When replacing (neither append_privs nor subtract_privs), grant all missing privileges
+ # and revoke existing privileges that were not requested...
+ grant_privs = list(set(new_priv[db_table]) - set(curr_priv[db_table]))
+ revoke_privs = list(set(curr_priv[db_table]) - set(new_priv[db_table]))
+
+ # ... avoiding pointless revocations when ALL are granted
+ if 'ALL' in grant_privs or 'ALL PRIVILEGES' in grant_privs:
+ revoke_privs = list(set(['GRANT', 'PROXY']).intersection(set(revoke_privs)))
+
+ # Only revoke grant option if it exists and absence is requested
+ #
+ # For more details
+ # https://github.com/ansible-collections/community.mysql/issues/77#issuecomment-1209693807
+ grant_option = 'GRANT' in revoke_privs and 'GRANT' not in grant_privs
+
+ if grant_privs == ['GRANT']:
+ # USAGE grants no privileges, it is only needed because 'WITH GRANT OPTION' cannot stand alone
+ grant_privs.append('USAGE')
+
+ if len(grant_privs) + len(revoke_privs) > 0:
+ msg = "Privileges updated: granted %s, revoked %s" % (grant_privs, revoke_privs)
+ if module.check_mode:
+ return {'changed': True, 'msg': msg, 'password_changed': password_changed}
+ if len(revoke_privs) > 0:
+ privileges_revoke(cursor, user, host, db_table, revoke_privs, grant_option, maria_role)
+ if len(grant_privs) > 0:
+ privileges_grant(cursor, user, host, db_table, grant_privs, tls_requires, maria_role)
+
+ # after privilege manipulation, compare privileges from before and now
+ after_priv = privileges_get(cursor, user, host, maria_role)
+ changed = changed or (curr_priv != after_priv)
+
+ if role:
+ continue
+
+ # Handle TLS requirements
+ current_requires = get_tls_requires(cursor, user, host)
+ if current_requires != tls_requires:
+ msg = "TLS requires updated"
+ if module.check_mode:
+ return {'changed': True, 'msg': msg, 'password_changed': password_changed}
+ if not old_user_mgmt:
+ pre_query = "ALTER USER"
+ else:
+ pre_query = "GRANT %s ON *.* TO" % ",".join(get_grants(cursor, user, host))
+
+ if tls_requires is not None:
+ query = " ".join((pre_query, "%s@%s"))
+ query_with_args = mogrify_requires(query, (user, host), tls_requires)
+ else:
+ query = " ".join((pre_query, "%s@%s REQUIRE NONE"))
+ query_with_args = query, (user, host)
+
+ cursor.execute(*query_with_args)
+ changed = True
+
+ return {'changed': changed, 'msg': msg, 'password_changed': password_changed}
+
+
+def user_delete(cursor, user, host, host_all, check_mode):
+ if check_mode:
+ return True
+
+ if host_all:
+ hostnames = user_get_hostnames(cursor, user)
+ else:
+ hostnames = [host]
+
+ for hostname in hostnames:
+ try:
+ cursor.execute("DROP USER IF EXISTS %s@%s", (user, hostname))
+ except Exception:
+ cursor.execute("DROP USER %s@%s", (user, hostname))
+
+ return True
+
+
+def user_get_hostnames(cursor, user):
+ cursor.execute("SELECT Host FROM mysql.user WHERE user = %s", (user,))
+ hostnames_raw = cursor.fetchall()
+ hostnames = []
+
+ for hostname_raw in hostnames_raw:
+ hostnames.append(hostname_raw[0])
+
+ return hostnames
+
+
+def privileges_get(cursor, user, host, maria_role=False):
+ """ MySQL doesn't have a better method of getting privileges aside from the
+ SHOW GRANTS query syntax, which requires us to then parse the returned string.
+ Here's an example of the string that is returned from MySQL:
+
+ GRANT USAGE ON *.* TO 'user'@'localhost' IDENTIFIED BY 'pass';
+
+ This function makes the query and returns a dictionary containing the results.
+ The dictionary format is the same as that returned by privileges_unpack() below.
+ """
+ output = {}
+ if not maria_role:
+ cursor.execute("SHOW GRANTS FOR %s@%s", (user, host))
+ else:
+ cursor.execute("SHOW GRANTS FOR %s", (user,))
+ grants = cursor.fetchall()
+
+ def pick(x):
+ if x == 'ALL PRIVILEGES':
+ return 'ALL'
+ else:
+ return x
+
+ for grant in grants:
+ if not maria_role:
+ res = re.match("""GRANT (.+) ON (.+) TO (['`"]).*\\3@(['`"]).*\\4( IDENTIFIED BY PASSWORD (['`"]).+\\6)? ?(.*)""", grant[0])
+ else:
+ res = re.match("""GRANT (.+) ON (.+) TO (['`"]).*\\3""", grant[0])
+
+ if res is None:
+ # If a user has roles assigned, we'll have one of priv tuples looking like
+ # GRANT `admin`@`%` TO `user1`@`localhost`
+ # which will result None as res value.
+ # As we use the mysql_role module to manipulate roles
+ # we just ignore such privs below:
+ res = re.match("""GRANT (.+) TO (['`"]).*""", grant[0])
+ if not maria_role and res:
+ continue
+
+ raise InvalidPrivsError('unable to parse the MySQL grant string: %s' % grant[0])
+
+ privileges = res.group(1).split(",")
+ privileges = [pick(x.strip()) for x in privileges]
+
+ # Handle cases when there's privs like GRANT SELECT (colA, ...) in privs.
+ # To this point, the privileges list can look like
+ # ['SELECT (`A`', '`B`)', 'INSERT'] that is incorrect (SELECT statement is splitted).
+ # Columns should also be sorted to compare it with desired privileges later.
+ # Determine if there's a case similar to the above:
+ privileges = normalize_col_grants(privileges)
+
+ if not maria_role:
+ if "WITH GRANT OPTION" in res.group(7):
+ privileges.append('GRANT')
+ db = res.group(2)
+ output.setdefault(db, []).extend(privileges)
+ return output
+
+
+def normalize_col_grants(privileges):
+ """Fix and sort grants on columns in privileges list
+
+ Make ['SELECT (A, B)', 'INSERT (A, B)', 'DETELE']
+ from ['SELECT (A', 'B)', 'INSERT (B', 'A)', 'DELETE'].
+ See unit tests in tests/unit/plugins/modules/test_mysql_user.py
+ """
+ for grant in ('SELECT', 'UPDATE', 'INSERT', 'REFERENCES'):
+ start, end = has_grant_on_col(privileges, grant)
+ # If not, either start and end will be None
+ if start is not None:
+ privileges = handle_grant_on_col(privileges, start, end)
+
+ return privileges
+
+
+def has_grant_on_col(privileges, grant):
+ """Check if there is a statement like SELECT (colA, colB)
+ in the privilege list.
+
+ Return (start index, end index).
+ """
+ # Determine elements of privileges where
+ # columns are listed
+ start = None
+ end = None
+ for n, priv in enumerate(privileges):
+ if '%s (' % grant in priv:
+ # We found the start element
+ start = n
+
+ if start is not None and ')' in priv:
+ # We found the end element
+ end = n
+ break
+
+ if start is not None and end is not None:
+ # if the privileges list consist of, for example,
+ # ['SELECT (A', 'B), 'INSERT'], return indexes of related elements
+ return start, end
+ else:
+ # If start and end position is the same element,
+ # it means there's expression like 'SELECT (A)',
+ # so no need to handle it
+ return None, None
+
+
+def handle_grant_on_col(privileges, start, end):
+ """Handle cases when the privs like SELECT (colA, ...) is in the privileges list."""
+ # When the privileges list look like ['SELECT (colA,', 'colB)']
+ # (Notice that the statement is splitted)
+ if start != end:
+ output = list(privileges[:start])
+
+ select_on_col = ', '.join(privileges[start:end + 1])
+
+ select_on_col = sort_column_order(select_on_col)
+
+ output.append(select_on_col)
+
+ output.extend(privileges[end + 1:])
+
+ # When it look like it should be, e.g. ['SELECT (colA, colB)'],
+ # we need to be sure, the columns is sorted
+ else:
+ output = list(privileges)
+ output[start] = sort_column_order(output[start])
+
+ return output
+
+
+def sort_column_order(statement):
+ """Sort column order in grants like SELECT (colA, colB, ...).
+
+ MySQL changes columns order like below:
+ ---------------------------------------
+ mysql> GRANT SELECT (testColA, testColB), INSERT ON `testDb`.`testTable` TO 'testUser'@'localhost';
+ Query OK, 0 rows affected (0.04 sec)
+
+ mysql> flush privileges;
+ Query OK, 0 rows affected (0.00 sec)
+
+ mysql> SHOW GRANTS FOR testUser@localhost;
+ +---------------------------------------------------------------------------------------------+
+ | Grants for testUser@localhost |
+ +---------------------------------------------------------------------------------------------+
+ | GRANT USAGE ON *.* TO 'testUser'@'localhost' |
+ | GRANT SELECT (testColB, testColA), INSERT ON `testDb`.`testTable` TO 'testUser'@'localhost' |
+ +---------------------------------------------------------------------------------------------+
+
+ We should sort columns in our statement, otherwise the module always will return
+ that the state has changed.
+ """
+ # 1. Extract stuff inside ()
+ # 2. Split
+ # 3. Sort
+ # 4. Put between () and return
+
+ # "SELECT/UPDATE/.. (colA, colB) => "colA, colB"
+ tmp = statement.split('(')
+ priv_name = tmp[0]
+ columns = tmp[1].rstrip(')')
+
+ # "colA, colB" => ["colA", "colB"]
+ columns = columns.split(',')
+
+ for i, col in enumerate(columns):
+ col = col.strip()
+ columns[i] = col.strip('`')
+
+ columns.sort()
+ return '%s(%s)' % (priv_name, ', '.join(columns))
+
+
+def privileges_unpack(priv, mode, ensure_usage=True):
+ """ Take a privileges string, typically passed as a parameter, and unserialize
+ it into a dictionary, the same format as privileges_get() above. We have this
+ custom format to avoid using YAML/JSON strings inside YAML playbooks. Example
+ of a privileges string:
+
+ mydb.*:INSERT,UPDATE/anotherdb.*:SELECT/yetanother.*:ALL
+
+ The privilege USAGE stands for no privileges, so we add that in on *.* if it's
+ not specified in the string, as MySQL will always provide this by default.
+ """
+ if mode == 'ANSI':
+ quote = '"'
+ else:
+ quote = '`'
+ output = {}
+ privs = []
+ for item in priv.strip().split('/'):
+ pieces = item.strip().rsplit(':', 1)
+ dbpriv = pieces[0].rsplit(".", 1)
+
+ # Check for FUNCTION or PROCEDURE object types
+ parts = dbpriv[0].split(" ", 1)
+ object_type = ''
+ if len(parts) > 1 and (parts[0] == 'FUNCTION' or parts[0] == 'PROCEDURE'):
+ object_type = parts[0] + ' '
+ dbpriv[0] = parts[1]
+
+ # Do not escape if privilege is for database or table, i.e.
+ # neither quote *. nor .*
+ for i, side in enumerate(dbpriv):
+ if side.strip('`') != '*':
+ dbpriv[i] = '%s%s%s' % (quote, side.strip('`'), quote)
+ pieces[0] = object_type + '.'.join(dbpriv)
+
+ if '(' in pieces[1]:
+ output[pieces[0]] = re.split(r',\s*(?=[^)]*(?:\(|$))', pieces[1].upper())
+ for i in output[pieces[0]]:
+ privs.append(re.sub(r'\s*\(.*\)', '', i))
+ else:
+ output[pieces[0]] = pieces[1].upper().split(',')
+ privs = output[pieces[0]]
+
+ # Handle cases when there's privs like GRANT SELECT (colA, ...) in privs.
+ output[pieces[0]] = normalize_col_grants(output[pieces[0]])
+
+ if ensure_usage and '*.*' not in output:
+ output['*.*'] = ['USAGE']
+
+ return output
+
+
+def privileges_revoke(cursor, user, host, db_table, priv, grant_option, maria_role=False):
+ # Escape '%' since mysql db.execute() uses a format string
+ db_table = db_table.replace('%', '%%')
+ if grant_option:
+ query = ["REVOKE GRANT OPTION ON %s" % db_table]
+ if not maria_role:
+ query.append("FROM %s@%s")
+ else:
+ query.append("FROM %s")
+
+ query = ' '.join(query)
+ cursor.execute(query, (user, host))
+ priv_string = ",".join([p for p in priv if p not in ('GRANT', )])
+
+ if priv_string != "":
+ query = ["REVOKE %s ON %s" % (priv_string, db_table)]
+
+ if not maria_role:
+ query.append("FROM %s@%s")
+ params = (user, host)
+ else:
+ query.append("FROM %s")
+ params = (user,)
+
+ query = ' '.join(query)
+ cursor.execute(query, params)
+ cursor.execute("FLUSH PRIVILEGES")
+
+
+def privileges_grant(cursor, user, host, db_table, priv, tls_requires, maria_role=False):
+ # Escape '%' since mysql db.execute uses a format string and the
+ # specification of db and table often use a % (SQL wildcard)
+ db_table = db_table.replace('%', '%%')
+ priv_string = ",".join([p for p in priv if p not in ('GRANT', )])
+ query = ["GRANT %s ON %s" % (priv_string, db_table)]
+
+ if not maria_role:
+ query.append("TO %s@%s")
+ params = (user, host)
+ else:
+ query.append("TO %s")
+ params = (user)
+
+ if tls_requires and impl.use_old_user_mgmt(cursor):
+ query, params = mogrify_requires(" ".join(query), params, tls_requires)
+ query = [query]
+ if 'GRANT' in priv:
+ query.append("WITH GRANT OPTION")
+ query = ' '.join(query)
+
+ if isinstance(params, str):
+ params = (params,)
+
+ try:
+ cursor.execute(query, params)
+ except (mysql_driver.ProgrammingError, mysql_driver.OperationalError, mysql_driver.InternalError) as e:
+ raise InvalidPrivsError("Error granting privileges, invalid priv string: %s , params: %s, query: %s ,"
+ " exception: %s." % (priv_string, str(params), query, str(e)))
+
+
+def convert_priv_dict_to_str(priv):
+ """Converts privs dictionary to string of certain format.
+
+ Args:
+ priv (dict): Dict of privileges that needs to be converted to string.
+
+ Returns:
+ priv (str): String representation of input argument.
+ """
+ priv_list = ['%s:%s' % (key, val) for key, val in iteritems(priv)]
+
+ return '/'.join(priv_list)
+
+
+# Alter user is supported since MySQL 5.6 and MariaDB 10.2.0
+def server_supports_alter_user(cursor):
+ """Check if the server supports ALTER USER statement or doesn't.
+
+ Args:
+ cursor (cursor): DB driver cursor object.
+
+ Returns: True if supports, False otherwise.
+ """
+ cursor.execute("SELECT VERSION()")
+ version_str = cursor.fetchone()[0]
+ version = version_str.split('.')
+
+ if 'mariadb' in version_str.lower():
+ # MariaDB 10.2 and later
+ if int(version[0]) * 1000 + int(version[1]) >= 10002:
+ return True
+ else:
+ return False
+ else:
+ # MySQL 5.6 and later
+ if int(version[0]) * 1000 + int(version[1]) >= 5006:
+ return True
+ else:
+ return False
+
+
+def get_resource_limits(cursor, user, host):
+ """Get user resource limits.
+
+ Args:
+ cursor (cursor): DB driver cursor object.
+ user (str): User name.
+ host (str): User host name.
+
+ Returns: Dictionary containing current resource limits.
+ """
+
+ query = ('SELECT max_questions AS MAX_QUERIES_PER_HOUR, '
+ 'max_updates AS MAX_UPDATES_PER_HOUR, '
+ 'max_connections AS MAX_CONNECTIONS_PER_HOUR, '
+ 'max_user_connections AS MAX_USER_CONNECTIONS '
+ 'FROM mysql.user WHERE User = %s AND Host = %s')
+ cursor.execute(query, (user, host))
+ res = cursor.fetchone()
+
+ if not res:
+ return None
+
+ current_limits = {
+ 'MAX_QUERIES_PER_HOUR': res[0],
+ 'MAX_UPDATES_PER_HOUR': res[1],
+ 'MAX_CONNECTIONS_PER_HOUR': res[2],
+ 'MAX_USER_CONNECTIONS': res[3],
+ }
+ return current_limits
+
+
+def match_resource_limits(module, current, desired):
+ """Check and match limits.
+
+ Args:
+ module (AnsibleModule): Ansible module object.
+ current (dict): Dictionary with current limits.
+ desired (dict): Dictionary with desired limits.
+
+ Returns: Dictionary containing parameters that need to change.
+ """
+
+ if not current:
+ # It means the user does not exists, so we need
+ # to set all limits after its creation
+ return desired
+
+ needs_to_change = {}
+
+ for key, val in iteritems(desired):
+ if key not in current:
+ # Supported keys are listed in the documentation
+ # and must be determined in the get_resource_limits function
+ # (follow 'AS' keyword)
+ module.fail_json(msg="resource_limits: key '%s' is unsupported." % key)
+
+ try:
+ val = int(val)
+ except Exception:
+ module.fail_json(msg="Can't convert value '%s' to integer." % val)
+
+ if val != current.get(key):
+ needs_to_change[key] = val
+
+ return needs_to_change
+
+
+def limit_resources(module, cursor, user, host, resource_limits, check_mode):
+ """Limit user resources.
+
+ Args:
+ module (AnsibleModule): Ansible module object.
+ cursor (cursor): DB driver cursor object.
+ user (str): User name.
+ host (str): User host name.
+ resource_limit (dict): Dictionary with desired limits.
+ check_mode (bool): Run the function in check mode or not.
+
+ Returns: True, if changed, False otherwise.
+ """
+ if not server_supports_alter_user(cursor):
+ module.fail_json(msg="The server version does not match the requirements "
+ "for resource_limits parameter. See module's documentation.")
+
+ current_limits = get_resource_limits(cursor, user, host)
+
+ needs_to_change = match_resource_limits(module, current_limits, resource_limits)
+
+ if not needs_to_change:
+ return False
+
+ if needs_to_change and check_mode:
+ return True
+
+ # If not check_mode
+ tmp = []
+ for key, val in iteritems(needs_to_change):
+ tmp.append('%s %s' % (key, val))
+
+ query = "ALTER USER %s@%s"
+ query += ' WITH %s' % ' '.join(tmp)
+ cursor.execute(query, (user, host))
+ return True
+
+
+def get_impl(cursor):
+ global impl
+ cursor.execute("SELECT VERSION()")
+ if 'mariadb' in cursor.fetchone()[0].lower():
+ from ansible_collections.community.mysql.plugins.module_utils.implementations.mariadb import user as mariauser
+ impl = mariauser
+ else:
+ from ansible_collections.community.mysql.plugins.module_utils.implementations.mysql import user as mysqluser
+ impl = mysqluser
diff --git a/ansible_collections/community/mysql/plugins/module_utils/version.py b/ansible_collections/community/mysql/plugins/module_utils/version.py
new file mode 100644
index 00000000..94731347
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/module_utils/version.py
@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2021, Felix Fontein <felix@fontein.de>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+"""Provide version object to compare version numbers."""
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+# Once we drop support for ansible-core 2.11, we can
+# remove the _version.py file, and replace the following import by
+#
+# from ansible.module_utils.compat.version import LooseVersion
+
+from ._version import LooseVersion
diff --git a/ansible_collections/community/mysql/plugins/modules/mysql_db.py b/ansible_collections/community/mysql/plugins/modules/mysql_db.py
new file mode 100644
index 00000000..5a8fe3e3
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/modules/mysql_db.py
@@ -0,0 +1,763 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2012, Mark Theunissen <mark.theunissen@gmail.com>
+# Sponsored by Four Kitchens http://fourkitchens.com.
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: mysql_db
+short_description: Add or remove MySQL databases from a remote host
+description:
+- Add or remove MySQL databases from a remote host.
+options:
+ name:
+ description:
+ - Name of the database to add or remove.
+ - I(name=all) may only be provided if I(state) is C(dump) or C(import).
+ - List of databases is provided with I(state=dump), I(state=present) and I(state=absent).
+ - If I(name=all) it works like --all-databases option for mysqldump (Added in 2.0).
+ required: true
+ type: list
+ elements: str
+ aliases: [db]
+ state:
+ description:
+ - The database state.
+ type: str
+ default: present
+ choices: ['absent', 'dump', 'import', 'present']
+ collation:
+ description:
+ - Collation mode (sorting). This only applies to new table/databases and
+ does not update existing ones, this is a limitation of MySQL.
+ type: str
+ default: ''
+ encoding:
+ description:
+ - Encoding mode to use, examples include C(utf8) or C(latin1_swedish_ci),
+ at creation of database, dump or importation of sql script.
+ type: str
+ default: ''
+ target:
+ description:
+ - Location, on the remote host, of the dump file to read from or write to.
+ - Uncompressed SQL files (C(.sql)) as well as bzip2 (C(.bz2)), gzip (C(.gz)) and
+ xz (Added in 2.0) compressed files are supported.
+ type: path
+ single_transaction:
+ description:
+ - Execute the dump in a single transaction.
+ type: bool
+ default: false
+ quick:
+ description:
+ - Option used for dumping large tables.
+ type: bool
+ default: true
+ ignore_tables:
+ description:
+ - A list of table names that will be ignored in the dump
+ of the form database_name.table_name.
+ type: list
+ elements: str
+ default: []
+ hex_blob:
+ description:
+ - Dump binary columns using hexadecimal notation.
+ type: bool
+ default: false
+ version_added: '0.1.0'
+ force:
+ description:
+ - Continue dump or import even if we get an SQL error.
+ - Used only when I(state) is C(dump) or C(import).
+ type: bool
+ default: false
+ version_added: '0.1.0'
+ master_data:
+ description:
+ - Option to dump a master replication server to produce a dump file
+ that can be used to set up another server as a slave of the master.
+ - C(0) to not include master data.
+ - C(1) to generate a 'CHANGE MASTER TO' statement
+ required on the slave to start the replication process.
+ - C(2) to generate a commented 'CHANGE MASTER TO'.
+ - Can be used when I(state=dump).
+ type: int
+ choices: [0, 1, 2]
+ default: 0
+ version_added: '0.1.0'
+ skip_lock_tables:
+ description:
+ - Skip locking tables for read. Used when I(state=dump), ignored otherwise.
+ type: bool
+ default: false
+ version_added: '0.1.0'
+ dump_extra_args:
+ description:
+ - Provide additional arguments for mysqldump.
+ Used when I(state=dump) only, ignored otherwise.
+ type: str
+ version_added: '0.1.0'
+ use_shell:
+ description:
+ - Used to prevent C(Broken pipe) errors when the imported I(target) file is compressed.
+ - If C(yes), the module will internally execute commands via a shell.
+ - Used when I(state=import), ignored otherwise.
+ type: bool
+ default: false
+ version_added: '0.1.0'
+ unsafe_login_password:
+ description:
+ - If C(no), the module will safely use a shell-escaped
+ version of the I(login_password) value.
+ - It makes sense to use C(yes) only if there are special
+ symbols in the value and errors C(Access denied) occur.
+ - Used only when I(state) is C(import) or C(dump) and
+ I(login_password) is passed, ignored otherwise.
+ type: bool
+ default: false
+ version_added: '0.1.0'
+ restrict_config_file:
+ description:
+ - Read only passed I(config_file).
+ - When I(state) is C(dump) or C(import),
+ by default the module passes I(config_file) parameter
+ using C(--defaults-extra-file) command-line argument to C(mysql/mysqldump) utilities
+ under the hood that read named option file in addition to usual option files.
+ - If this behavior is undesirable, use C(yes) to read only named option file.
+ type: bool
+ default: false
+ version_added: '0.1.0'
+ check_implicit_admin:
+ description:
+ - Check if mysql allows login as root/nopassword before trying supplied credentials.
+ - If success, passed I(login_user)/I(login_password) will be ignored.
+ type: bool
+ default: false
+ version_added: '0.1.0'
+ config_overrides_defaults:
+ description:
+ - If C(yes), connection parameters from I(config_file) will override the default
+ values of I(login_host) and I(login_port) parameters.
+ - Used when I(stat) is C(present) or C(absent), ignored otherwise.
+ - It needs Python 3.5+ as the default interpreter on a target host.
+ type: bool
+ default: false
+ version_added: '0.1.0'
+ chdir:
+ description:
+ - Changes the current working directory.
+ - Can be useful, for example, when I(state=import) and a dump file contains relative paths.
+ type: path
+ version_added: '3.4.0'
+ pipefail:
+ description:
+ - Use C(bash) instead of C(sh) and add C(-o pipefail) to catch errors from the
+ mysql_dump command when I(state=import) and compression is used.
+ - The default is C(no) to prevent issues on systems without bash as a default interpreter.
+ - The default will change to C(yes) in community.mysql 4.0.0.
+ type: bool
+ default: false
+ version_added: '3.4.0'
+
+seealso:
+- module: community.mysql.mysql_info
+- module: community.mysql.mysql_variables
+- module: community.mysql.mysql_user
+- module: community.mysql.mysql_replication
+- name: MySQL command-line client reference
+ description: Complete reference of the MySQL command-line client documentation.
+ link: https://dev.mysql.com/doc/refman/8.0/en/mysql.html
+- name: mysqldump reference
+ description: Complete reference of the ``mysqldump`` client utility documentation.
+ link: https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html
+- name: CREATE DATABASE reference
+ description: Complete reference of the CREATE DATABASE command documentation.
+ link: https://dev.mysql.com/doc/refman/8.0/en/create-database.html
+- name: DROP DATABASE reference
+ description: Complete reference of the DROP DATABASE command documentation.
+ link: https://dev.mysql.com/doc/refman/8.0/en/drop-database.html
+author: "Ansible Core Team"
+requirements:
+ - mysql (command line binary)
+ - mysqldump (command line binary)
+notes:
+ - Supports C(check_mode).
+ - Requires the mysql and mysqldump binaries on the remote host.
+ - This module is B(not idempotent) when I(state) is C(import),
+ and will import the dump file each time if run more than once.
+extends_documentation_fragment:
+- community.mysql.mysql
+
+'''
+
+EXAMPLES = r'''
+# If you encounter the "Please explicitly state intended protocol" error,
+# use the login_unix_socket argument
+- name: Create a new database with name 'bobdata'
+ community.mysql.mysql_db:
+ name: bobdata
+ state: present
+ login_unix_socket: /run/mysqld/mysqld.sock
+
+- name: Create new databases with names 'foo' and 'bar'
+ community.mysql.mysql_db:
+ name:
+ - foo
+ - bar
+ state: present
+
+# Copy database dump file to remote host and restore it to database 'my_db'
+- name: Copy database dump file
+ copy:
+ src: dump.sql.bz2
+ dest: /tmp
+
+- name: Restore database
+ community.mysql.mysql_db:
+ name: my_db
+ state: import
+ target: /tmp/dump.sql.bz2
+
+- name: Restore database ignoring errors
+ community.mysql.mysql_db:
+ name: my_db
+ state: import
+ target: /tmp/dump.sql.bz2
+ force: true
+
+- name: Dump multiple databases
+ community.mysql.mysql_db:
+ state: dump
+ name: db_1,db_2
+ target: /tmp/dump.sql
+
+- name: Dump multiple databases
+ community.mysql.mysql_db:
+ state: dump
+ name:
+ - db_1
+ - db_2
+ target: /tmp/dump.sql
+
+- name: Dump all databases to hostname.sql
+ community.mysql.mysql_db:
+ state: dump
+ name: all
+ target: /tmp/dump.sql
+
+- name: Dump all databases to hostname.sql including master data
+ community.mysql.mysql_db:
+ state: dump
+ name: all
+ target: /tmp/dump.sql
+ master_data: 1
+
+# Import of sql script with encoding option
+- name: >
+ Import dump.sql with specific latin1 encoding,
+ similar to mysql -u <username> --default-character-set=latin1 -p <password> < dump.sql
+ community.mysql.mysql_db:
+ state: import
+ name: all
+ encoding: latin1
+ target: /tmp/dump.sql
+
+# Dump of database with encoding option
+- name: >
+ Dump of Databse with specific latin1 encoding,
+ similar to mysqldump -u <username> --default-character-set=latin1 -p <password> <database>
+ community.mysql.mysql_db:
+ state: dump
+ name: db_1
+ encoding: latin1
+ target: /tmp/dump.sql
+
+- name: Delete database with name 'bobdata'
+ community.mysql.mysql_db:
+ name: bobdata
+ state: absent
+
+- name: Make sure there is neither a database with name 'foo', nor one with name 'bar'
+ community.mysql.mysql_db:
+ name:
+ - foo
+ - bar
+ state: absent
+
+# Dump database with argument not directly supported by this module
+# using dump_extra_args parameter
+- name: Dump databases without including triggers
+ community.mysql.mysql_db:
+ state: dump
+ name: foo
+ target: /tmp/dump.sql
+ dump_extra_args: --skip-triggers
+
+- name: Try to create database as root/nopassword first. If not allowed, pass the credentials
+ community.mysql.mysql_db:
+ check_implicit_admin: true
+ login_user: bob
+ login_password: 123456
+ name: bobdata
+ state: present
+
+- name: Dump a database with compression and catch errors from mysqldump with bash pipefail
+ community.mysql.mysql_db:
+ state: dump
+ name: foo
+ target: /tmp/dump.sql.gz
+ pipefail: true
+'''
+
+RETURN = r'''
+db:
+ description: Database names in string format delimited by white space.
+ returned: always
+ type: str
+ sample: "foo bar"
+db_list:
+ description: List of database names.
+ returned: always
+ type: list
+ sample: ["foo", "bar"]
+executed_commands:
+ description: List of commands which tried to run.
+ returned: if executed
+ type: list
+ sample: ["CREATE DATABASE acme"]
+ version_added: '0.1.0'
+'''
+
+import os
+import subprocess
+import traceback
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mysql.plugins.module_utils.database import mysql_quote_identifier
+from ansible_collections.community.mysql.plugins.module_utils.mysql import mysql_connect, mysql_driver, mysql_driver_fail_msg, mysql_common_argument_spec
+from ansible.module_utils.six.moves import shlex_quote
+from ansible.module_utils._text import to_native
+
+executed_commands = []
+
+# ===========================================
+# MySQL module specific support methods.
+#
+
+
+def db_exists(cursor, db):
+ res = 0
+ for each_db in db:
+ res += cursor.execute("SELECT SCHEMA_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME = %s", (each_db,))
+ return res == len(db)
+
+
+def db_delete(cursor, db):
+ if not db:
+ return False
+ for each_db in db:
+ query = "DROP DATABASE %s" % mysql_quote_identifier(each_db, 'database')
+ executed_commands.append(query)
+ cursor.execute(query)
+ return True
+
+
+def db_dump(module, host, user, password, db_name, target, all_databases, port,
+ config_file, socket=None, ssl_cert=None, ssl_key=None, ssl_ca=None,
+ single_transaction=None, quick=None, ignore_tables=None, hex_blob=None,
+ encoding=None, force=False, master_data=0, skip_lock_tables=False,
+ dump_extra_args=None, unsafe_password=False, restrict_config_file=False,
+ check_implicit_admin=False, pipefail=False):
+ cmd = module.get_bin_path('mysqldump', True)
+ # If defined, mysqldump demands --defaults-extra-file be the first option
+ if config_file:
+ if restrict_config_file:
+ cmd += " --defaults-file=%s" % shlex_quote(config_file)
+ else:
+ cmd += " --defaults-extra-file=%s" % shlex_quote(config_file)
+
+ if check_implicit_admin:
+ cmd += " --user=root --password=''"
+ else:
+ if user is not None:
+ cmd += " --user=%s" % shlex_quote(user)
+
+ if password is not None:
+ if not unsafe_password:
+ cmd += " --password=%s" % shlex_quote(password)
+ else:
+ cmd += " --password=%s" % password
+
+ if ssl_cert is not None:
+ cmd += " --ssl-cert=%s" % shlex_quote(ssl_cert)
+ if ssl_key is not None:
+ cmd += " --ssl-key=%s" % shlex_quote(ssl_key)
+ if ssl_ca is not None:
+ cmd += " --ssl-ca=%s" % shlex_quote(ssl_ca)
+ if force:
+ cmd += " --force"
+ if socket is not None:
+ cmd += " --socket=%s" % shlex_quote(socket)
+ else:
+ cmd += " --host=%s --port=%i" % (shlex_quote(host), port)
+
+ if all_databases:
+ cmd += " --all-databases"
+ elif len(db_name) > 1:
+ cmd += " --databases {0}".format(' '.join(db_name))
+ else:
+ cmd += " %s" % shlex_quote(' '.join(db_name))
+
+ if skip_lock_tables:
+ cmd += " --skip-lock-tables"
+ if (encoding is not None) and (encoding != ""):
+ cmd += " --default-character-set=%s" % shlex_quote(encoding)
+ if single_transaction:
+ cmd += " --single-transaction=true"
+ if quick:
+ cmd += " --quick"
+ if ignore_tables:
+ for an_ignored_table in ignore_tables:
+ cmd += " --ignore-table={0}".format(an_ignored_table)
+ if hex_blob:
+ cmd += " --hex-blob"
+ if master_data:
+ cmd += " --master-data=%s" % master_data
+ if dump_extra_args is not None:
+ cmd += " " + dump_extra_args
+
+ path = None
+ if os.path.splitext(target)[-1] == '.gz':
+ path = module.get_bin_path('gzip', True)
+ elif os.path.splitext(target)[-1] == '.bz2':
+ path = module.get_bin_path('bzip2', True)
+ elif os.path.splitext(target)[-1] == '.xz':
+ path = module.get_bin_path('xz', True)
+
+ if path:
+ cmd = '%s | %s > %s' % (cmd, path, shlex_quote(target))
+ if pipefail:
+ cmd = 'set -o pipefail && ' + cmd
+ else:
+ cmd += " > %s" % shlex_quote(target)
+
+ executed_commands.append(cmd)
+
+ if pipefail:
+ rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True, executable='bash')
+ else:
+ rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True)
+
+ return rc, stdout, stderr
+
+
+def db_import(module, host, user, password, db_name, target, all_databases, port, config_file,
+ socket=None, ssl_cert=None, ssl_key=None, ssl_ca=None, encoding=None, force=False,
+ use_shell=False, unsafe_password=False, restrict_config_file=False,
+ check_implicit_admin=False):
+ if not os.path.exists(target):
+ return module.fail_json(msg="target %s does not exist on the host" % target)
+
+ cmd = [module.get_bin_path('mysql', True)]
+ # --defaults-file must go first, or errors out
+ if config_file:
+ if restrict_config_file:
+ cmd.append("--defaults-file=%s" % shlex_quote(config_file))
+ else:
+ cmd.append("--defaults-extra-file=%s" % shlex_quote(config_file))
+
+ if check_implicit_admin:
+ cmd.append("--user=root --password=''")
+ else:
+ if user:
+ cmd.append("--user=%s" % shlex_quote(user))
+
+ if password:
+ if not unsafe_password:
+ cmd.append("--password=%s" % shlex_quote(password))
+ else:
+ cmd.append("--password=%s" % password)
+
+ if ssl_cert is not None:
+ cmd.append("--ssl-cert=%s" % shlex_quote(ssl_cert))
+ if ssl_key is not None:
+ cmd.append("--ssl-key=%s" % shlex_quote(ssl_key))
+ if ssl_ca is not None:
+ cmd.append("--ssl-ca=%s" % shlex_quote(ssl_ca))
+ if force:
+ cmd.append("-f")
+ if socket is not None:
+ cmd.append("--socket=%s" % shlex_quote(socket))
+ else:
+ cmd.append("--host=%s" % shlex_quote(host))
+ cmd.append("--port=%i" % port)
+ if (encoding is not None) and (encoding != ""):
+ cmd.append("--default-character-set=%s" % shlex_quote(encoding))
+ if not all_databases:
+ cmd.append("--one-database")
+ cmd.append(shlex_quote(''.join(db_name)))
+
+ comp_prog_path = None
+ if os.path.splitext(target)[-1] == '.gz':
+ comp_prog_path = module.get_bin_path('gzip', required=True)
+ elif os.path.splitext(target)[-1] == '.bz2':
+ comp_prog_path = module.get_bin_path('bzip2', required=True)
+ elif os.path.splitext(target)[-1] == '.xz':
+ comp_prog_path = module.get_bin_path('xz', required=True)
+ if comp_prog_path:
+ # The line below is for returned data only:
+ executed_commands.append('%s -dc %s | %s' % (comp_prog_path, target, cmd))
+
+ if not use_shell:
+ p1 = subprocess.Popen([comp_prog_path, '-dc', target], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ p2 = subprocess.Popen(cmd, stdin=p1.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+ (stdout2, stderr2) = p2.communicate()
+ p1.stdout.close()
+ p1.wait()
+
+ if p1.returncode != 0:
+ stderr1 = p1.stderr.read()
+ return p1.returncode, '', stderr1
+ else:
+ return p2.returncode, stdout2, stderr2
+ else:
+ # Used to prevent 'Broken pipe' errors that
+ # occasionaly occur when target files are compressed.
+ # FYI: passing the `shell=True` argument to p2 = subprocess.Popen()
+ # doesn't solve the problem.
+ cmd = " ".join(cmd)
+ cmd = "%s -dc %s | %s" % (comp_prog_path, shlex_quote(target), cmd)
+ rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True)
+ return rc, stdout, stderr
+
+ else:
+ cmd = ' '.join(cmd)
+ cmd += " < %s" % shlex_quote(target)
+ executed_commands.append(cmd)
+ rc, stdout, stderr = module.run_command(cmd, use_unsafe_shell=True)
+ return rc, stdout, stderr
+
+
+def db_create(cursor, db, encoding, collation):
+ if not db:
+ return False
+ query_params = dict(enc=encoding, collate=collation)
+ res = 0
+ for each_db in db:
+ # Escape '%' since mysql cursor.execute() uses a format string
+ query = ['CREATE DATABASE %s' % mysql_quote_identifier(each_db, 'database').replace('%', '%%')]
+ if encoding:
+ query.append("CHARACTER SET %(enc)s")
+ if collation:
+ query.append("COLLATE %(collate)s")
+ query = ' '.join(query)
+ res += cursor.execute(query, query_params)
+ try:
+ executed_commands.append(cursor.mogrify(query, query_params))
+ except AttributeError:
+ executed_commands.append(cursor._executed)
+ except Exception:
+ executed_commands.append(query)
+ return res > 0
+
+
+# ===========================================
+# Module execution.
+#
+
+
+def main():
+ argument_spec = mysql_common_argument_spec()
+ argument_spec.update(
+ name=dict(type='list', required=True, aliases=['db']),
+ encoding=dict(type='str', default=''),
+ collation=dict(type='str', default=''),
+ target=dict(type='path'),
+ state=dict(type='str', default='present', choices=['absent', 'dump', 'import', 'present']),
+ single_transaction=dict(type='bool', default=False),
+ quick=dict(type='bool', default=True),
+ ignore_tables=dict(type='list', default=[]),
+ hex_blob=dict(default=False, type='bool'),
+ force=dict(type='bool', default=False),
+ master_data=dict(type='int', default=0, choices=[0, 1, 2]),
+ skip_lock_tables=dict(type='bool', default=False),
+ dump_extra_args=dict(type='str'),
+ use_shell=dict(type='bool', default=False),
+ unsafe_login_password=dict(type='bool', default=False, no_log=True),
+ restrict_config_file=dict(type='bool', default=False),
+ check_implicit_admin=dict(type='bool', default=False),
+ config_overrides_defaults=dict(type='bool', default=False),
+ chdir=dict(type='path'),
+ pipefail=dict(type='bool', default=False),
+ )
+
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True,
+ )
+
+ if mysql_driver is None:
+ module.fail_json(msg=mysql_driver_fail_msg)
+
+ db = module.params["name"]
+ if not db:
+ module.exit_json(changed=False, db=db, db_list=[])
+ db = [each_db.strip() for each_db in db]
+
+ encoding = module.params["encoding"]
+ collation = module.params["collation"]
+ state = module.params["state"]
+ target = module.params["target"]
+ socket = module.params["login_unix_socket"]
+ login_port = module.params["login_port"]
+ if login_port < 0 or login_port > 65535:
+ module.fail_json(msg="login_port must be a valid unix port number (0-65535)")
+ ssl_cert = module.params["client_cert"]
+ ssl_key = module.params["client_key"]
+ ssl_ca = module.params["ca_cert"]
+ check_hostname = module.params["check_hostname"]
+ connect_timeout = module.params['connect_timeout']
+ config_file = module.params['config_file']
+ login_password = module.params["login_password"]
+ unsafe_login_password = module.params["unsafe_login_password"]
+ login_user = module.params["login_user"]
+ login_host = module.params["login_host"]
+ ignore_tables = module.params["ignore_tables"]
+ for a_table in ignore_tables:
+ if a_table == "":
+ module.fail_json(msg="Name of ignored table cannot be empty")
+ single_transaction = module.params["single_transaction"]
+ quick = module.params["quick"]
+ hex_blob = module.params["hex_blob"]
+ force = module.params["force"]
+ master_data = module.params["master_data"]
+ skip_lock_tables = module.params["skip_lock_tables"]
+ dump_extra_args = module.params["dump_extra_args"]
+ use_shell = module.params["use_shell"]
+ restrict_config_file = module.params["restrict_config_file"]
+ check_implicit_admin = module.params['check_implicit_admin']
+ config_overrides_defaults = module.params['config_overrides_defaults']
+ chdir = module.params['chdir']
+ pipefail = module.params['pipefail']
+
+ if chdir:
+ try:
+ os.chdir(chdir)
+ except Exception as e:
+ module.fail_json("Cannot change the current directory to %s: %s" % (chdir, e))
+
+ if len(db) > 1 and state == 'import':
+ module.fail_json(msg="Multiple databases are not supported with state=import")
+ db_name = ' '.join(db)
+
+ all_databases = False
+ if state in ['dump', 'import']:
+ if target is None:
+ module.fail_json(msg="with state=%s target is required" % state)
+ if db == ['all']:
+ all_databases = True
+ else:
+ if db == ['all']:
+ module.fail_json(msg="name is not allowed to equal 'all' unless state equals import, or dump.")
+ try:
+ cursor = None
+ if check_implicit_admin:
+ try:
+ cursor, db_conn = mysql_connect(module, 'root', '', config_file, ssl_cert, ssl_key, ssl_ca,
+ connect_timeout=connect_timeout, check_hostname=check_hostname,
+ config_overrides_defaults=config_overrides_defaults)
+ except Exception as e:
+ check_implicit_admin = False
+ pass
+
+ if not cursor:
+ cursor, db_conn = mysql_connect(module, login_user, login_password, config_file, ssl_cert, ssl_key, ssl_ca,
+ connect_timeout=connect_timeout, config_overrides_defaults=config_overrides_defaults,
+ check_hostname=check_hostname)
+ except Exception as e:
+ if os.path.exists(config_file):
+ module.fail_json(msg="unable to connect to database, check login_user and login_password are correct or %s has the credentials. "
+ "Exception message: %s" % (config_file, to_native(e)))
+ else:
+ module.fail_json(msg="unable to find %s. Exception message: %s" % (config_file, to_native(e)))
+
+ changed = False
+ if not os.path.exists(config_file):
+ config_file = None
+
+ existence_list = []
+ non_existence_list = []
+
+ if not all_databases:
+ for each_database in db:
+ if db_exists(cursor, [each_database]):
+ existence_list.append(each_database)
+ else:
+ non_existence_list.append(each_database)
+
+ if state == "absent":
+ if module.check_mode:
+ module.exit_json(changed=bool(existence_list), db=db_name, db_list=db)
+ try:
+ changed = db_delete(cursor, existence_list)
+ except Exception as e:
+ module.fail_json(msg="error deleting database: %s" % to_native(e))
+ module.exit_json(changed=changed, db=db_name, db_list=db, executed_commands=executed_commands)
+ elif state == "present":
+ if module.check_mode:
+ module.exit_json(changed=bool(non_existence_list), db=db_name, db_list=db)
+ changed = False
+ if non_existence_list:
+ try:
+ changed = db_create(cursor, non_existence_list, encoding, collation)
+ except Exception as e:
+ module.fail_json(msg="error creating database: %s" % to_native(e),
+ exception=traceback.format_exc())
+ module.exit_json(changed=changed, db=db_name, db_list=db, executed_commands=executed_commands)
+ elif state == "dump":
+ if non_existence_list and not all_databases:
+ module.fail_json(msg="Cannot dump database(s) %r - not found" % (', '.join(non_existence_list)))
+ if module.check_mode:
+ module.exit_json(changed=True, db=db_name, db_list=db)
+ rc, stdout, stderr = db_dump(module, login_host, login_user,
+ login_password, db, target, all_databases,
+ login_port, config_file, socket, ssl_cert, ssl_key,
+ ssl_ca, single_transaction, quick, ignore_tables,
+ hex_blob, encoding, force, master_data, skip_lock_tables,
+ dump_extra_args, unsafe_login_password, restrict_config_file,
+ check_implicit_admin, pipefail)
+ if rc != 0:
+ module.fail_json(msg="%s" % stderr)
+ module.exit_json(changed=True, db=db_name, db_list=db, msg=stdout,
+ executed_commands=executed_commands)
+ elif state == "import":
+ if module.check_mode:
+ module.exit_json(changed=True, db=db_name, db_list=db)
+ if non_existence_list and not all_databases:
+ try:
+ db_create(cursor, non_existence_list, encoding, collation)
+ except Exception as e:
+ module.fail_json(msg="error creating database: %s" % to_native(e),
+ exception=traceback.format_exc())
+ rc, stdout, stderr = db_import(module, login_host, login_user,
+ login_password, db, target,
+ all_databases,
+ login_port, config_file,
+ socket, ssl_cert, ssl_key, ssl_ca,
+ encoding, force, use_shell, unsafe_login_password,
+ restrict_config_file, check_implicit_admin)
+ if rc != 0:
+ module.fail_json(msg="%s" % stderr)
+ module.exit_json(changed=True, db=db_name, db_list=db, msg=stdout,
+ executed_commands=executed_commands)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/community/mysql/plugins/modules/mysql_info.py b/ansible_collections/community/mysql/plugins/modules/mysql_info.py
new file mode 100644
index 00000000..11b1a800
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/modules/mysql_info.py
@@ -0,0 +1,605 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: mysql_info
+short_description: Gather information about MySQL servers
+description:
+- Gathers information about MySQL servers.
+
+options:
+ filter:
+ description:
+ - Limit the collected information by comma separated string or YAML list.
+ - Allowable values are C(version), C(databases), C(settings), C(global_status),
+ C(users), C(engines), C(master_status), C(slave_status), C(slave_hosts).
+ - By default, collects all subsets.
+ - You can use '!' before value (for example, C(!settings)) to exclude it from the information.
+ - If you pass including and excluding values to the filter, for example, I(filter=!settings,version),
+ the excluding values, C(!settings) in this case, will be ignored.
+ type: list
+ elements: str
+ login_db:
+ description:
+ - Database name to connect to.
+ - It makes sense if I(login_user) is allowed to connect to a specific database only.
+ type: str
+ exclude_fields:
+ description:
+ - List of fields which are not needed to collect.
+ - "Supports elements: C(db_size). Unsupported elements will be ignored."
+ type: list
+ elements: str
+ version_added: '0.1.0'
+ return_empty_dbs:
+ description:
+ - Includes names of empty databases to returned dictionary.
+ type: bool
+ default: false
+
+notes:
+- Calculating the size of a database might be slow, depending on the number and size of tables in it.
+ To avoid this, use I(exclude_fields=db_size).
+- Supports C(check_mode).
+
+seealso:
+- module: community.mysql.mysql_variables
+- module: community.mysql.mysql_db
+- module: community.mysql.mysql_user
+- module: community.mysql.mysql_replication
+
+author:
+- Andrew Klychkov (@Andersson007)
+- Sebastian Gumprich (@rndmh3ro)
+- Laurent Indermühle (@laurent-indermuehle)
+
+extends_documentation_fragment:
+- community.mysql.mysql
+'''
+
+EXAMPLES = r'''
+# Display info from mysql-hosts group (using creds from ~/.my.cnf to connect):
+# ansible mysql-hosts -m mysql_info
+
+# Display only databases and users info:
+# ansible mysql-hosts -m mysql_info -a 'filter=databases,users'
+
+# Display only slave status:
+# ansible standby -m mysql_info -a 'filter=slave_status'
+
+# Display all info from databases group except settings:
+# ansible databases -m mysql_info -a 'filter=!settings'
+
+# If you encounter the "Please explicitly state intended protocol" error,
+# use the login_unix_socket argument
+- name: Collect all possible information using passwordless root access
+ community.mysql.mysql_info:
+ login_user: root
+ login_unix_socket: /run/mysqld/mysqld.sock
+
+- name: Get MySQL version with non-default credentials
+ community.mysql.mysql_info:
+ login_user: mysuperuser
+ login_password: mysuperpass
+ filter: version
+
+- name: Collect all info except settings and users by root
+ community.mysql.mysql_info:
+ login_user: root
+ login_password: rootpass
+ filter: "!settings,!users"
+
+- name: Collect info about databases and version using ~/.my.cnf as a credential file
+ become: true
+ community.mysql.mysql_info:
+ filter:
+ - databases
+ - version
+
+- name: Collect info about databases and version using ~alice/.my.cnf as a credential file
+ become: true
+ community.mysql.mysql_info:
+ config_file: /home/alice/.my.cnf
+ filter:
+ - databases
+ - version
+
+- name: Collect info about databases including empty and excluding their sizes
+ become: true
+ community.mysql.mysql_info:
+ config_file: /home/alice/.my.cnf
+ filter:
+ - databases
+ exclude_fields: db_size
+ return_empty_dbs: true
+'''
+
+RETURN = r'''
+version:
+ description: Database server version.
+ returned: if not excluded by filter
+ type: dict
+ sample: { "version": { "major": 5, "minor": 5, "release": 60, "suffix": "MariaDB", "full": "5.5.60-MariaDB" } }
+ contains:
+ major:
+ description: Major server version.
+ returned: if not excluded by filter
+ type: int
+ sample: 5
+ minor:
+ description: Minor server version.
+ returned: if not excluded by filter
+ type: int
+ sample: 5
+ release:
+ description: Release server version.
+ returned: if not excluded by filter
+ type: int
+ sample: 60
+ suffix:
+ description: Server suffix, for example MySQL, MariaDB, other or none.
+ returned: if not excluded by filter
+ type: str
+ sample: "MariaDB"
+ full:
+ description: Full server version.
+ returned: if not excluded by filter
+ type: str
+ sample: "5.5.60-MariaDB"
+databases:
+ description: Information about databases.
+ returned: if not excluded by filter
+ type: dict
+ sample:
+ - { "mysql": { "size": 656594 }, "information_schema": { "size": 73728 } }
+ contains:
+ size:
+ description: Database size in bytes.
+ returned: if not excluded by filter
+ type: dict
+ sample: { 'size': 656594 }
+settings:
+ description: Global settings (variables) information.
+ returned: if not excluded by filter
+ type: dict
+ sample:
+ - { "innodb_open_files": 300, innodb_page_size": 16384 }
+global_status:
+ description: Global status information.
+ returned: if not excluded by filter
+ type: dict
+ sample:
+ - { "Innodb_buffer_pool_read_requests": 123, "Innodb_buffer_pool_reads": 32 }
+users:
+ description: Users information.
+ returned: if not excluded by filter
+ type: dict
+ sample:
+ - { "localhost": { "root": { "Alter_priv": "Y", "Alter_routine_priv": "Y" } } }
+engines:
+ description: Information about the server's storage engines.
+ returned: if not excluded by filter
+ type: dict
+ sample:
+ - { "CSV": { "Comment": "CSV storage engine", "Savepoints": "NO", "Support": "YES", "Transactions": "NO", "XA": "NO" } }
+master_status:
+ description: Master status information.
+ returned: if master
+ type: dict
+ sample:
+ - { "Binlog_Do_DB": "", "Binlog_Ignore_DB": "mysql", "File": "mysql-bin.000001", "Position": 769 }
+slave_status:
+ description: Slave status information.
+ returned: if standby
+ type: dict
+ sample:
+ - { "192.168.1.101": { "3306": { "replication_user": { "Connect_Retry": 60, "Exec_Master_Log_Pos": 769, "Last_Errno": 0 } } } }
+slave_hosts:
+ description: Slave status information.
+ returned: if master
+ type: dict
+ sample:
+ - { "2": { "Host": "", "Master_id": 1, "Port": 3306 } }
+connector_name:
+ description: Name of the python connector used by the module. When the connector is not identified, returns C(Unknown).
+ returned: always
+ type: str
+ sample:
+ - "pymysql"
+ - "MySQLdb"
+ version_added: '3.6.0'
+connector_version:
+ description: Version of the python connector used by the module. When the connector is not identified, returns C(Unknown).
+ returned: always
+ type: str
+ sample:
+ - "1.0.2"
+ version_added: '3.6.0'
+'''
+
+from decimal import Decimal
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mysql.plugins.module_utils.mysql import (
+ mysql_connect,
+ mysql_common_argument_spec,
+ mysql_driver,
+ mysql_driver_fail_msg,
+ get_connector_name,
+ get_connector_version,
+)
+from ansible.module_utils.six import iteritems
+from ansible.module_utils._text import to_native
+
+
+# ===========================================
+# MySQL module specific support methods.
+#
+
+class MySQL_Info(object):
+
+ """Class for collection MySQL instance information.
+
+ Arguments:
+ module (AnsibleModule): Object of AnsibleModule class.
+ cursor (pymysql/mysql-python): Cursor class for interaction with
+ the database.
+
+ Note:
+ If you need to add a new subset:
+ 1. add a new key with the same name to self.info attr in self.__init__()
+ 2. add a new private method to get the information
+ 3. add invocation of the new method to self.__collect()
+ 4. add info about the new subset to the DOCUMENTATION block
+ 5. add info about the new subset with an example to RETURN block
+ """
+
+ def __init__(self, module, cursor):
+ self.module = module
+ self.cursor = cursor
+ self.info = {
+ 'version': {},
+ 'databases': {},
+ 'settings': {},
+ 'global_status': {},
+ 'engines': {},
+ 'users': {},
+ 'master_status': {},
+ 'slave_hosts': {},
+ 'slave_status': {},
+ }
+
+ def get_info(self, filter_, exclude_fields, return_empty_dbs):
+ """Get MySQL instance information based on filter_.
+
+ Arguments:
+ filter_ (list): List of collected subsets (e.g., databases, users, etc.),
+ when it is empty, return all available information.
+ """
+
+ inc_list = []
+ exc_list = []
+
+ if filter_:
+ partial_info = {}
+
+ for fi in filter_:
+ if fi.lstrip('!') not in self.info:
+ self.module.warn('filter element: %s is not allowable, ignored' % fi)
+ continue
+
+ if fi[0] == '!':
+ exc_list.append(fi.lstrip('!'))
+
+ else:
+ inc_list.append(fi)
+
+ if inc_list:
+ self.__collect(exclude_fields, return_empty_dbs, set(inc_list))
+
+ for i in self.info:
+ if i in inc_list:
+ partial_info[i] = self.info[i]
+
+ else:
+ not_in_exc_list = list(set(self.info) - set(exc_list))
+ self.__collect(exclude_fields, return_empty_dbs, set(not_in_exc_list))
+
+ for i in self.info:
+ if i not in exc_list:
+ partial_info[i] = self.info[i]
+
+ return partial_info
+
+ else:
+ self.__collect(exclude_fields, return_empty_dbs, set(self.info))
+ return self.info
+
+ def __collect(self, exclude_fields, return_empty_dbs, wanted):
+ """Collect all possible subsets."""
+ if 'version' in wanted or 'settings' in wanted:
+ self.__get_global_variables()
+
+ if 'databases' in wanted:
+ self.__get_databases(exclude_fields, return_empty_dbs)
+
+ if 'global_status' in wanted:
+ self.__get_global_status()
+
+ if 'engines' in wanted:
+ self.__get_engines()
+
+ if 'users' in wanted:
+ self.__get_users()
+
+ if 'master_status' in wanted:
+ self.__get_master_status()
+
+ if 'slave_status' in wanted:
+ self.__get_slave_status()
+
+ if 'slave_hosts' in wanted:
+ self.__get_slaves()
+
+ def __get_engines(self):
+ """Get storage engines info."""
+ res = self.__exec_sql('SHOW ENGINES')
+
+ if res:
+ for line in res:
+ engine = line['Engine']
+ self.info['engines'][engine] = {}
+
+ for vname, val in iteritems(line):
+ if vname != 'Engine':
+ self.info['engines'][engine][vname] = val
+
+ def __convert(self, val):
+ """Convert unserializable data."""
+ try:
+ if isinstance(val, Decimal):
+ val = float(val)
+ else:
+ val = int(val)
+
+ except ValueError:
+ pass
+
+ except TypeError:
+ pass
+
+ return val
+
+ def __get_global_variables(self):
+ """Get global variables (instance settings)."""
+ res = self.__exec_sql('SHOW GLOBAL VARIABLES')
+
+ if res:
+ for var in res:
+ self.info['settings'][var['Variable_name']] = self.__convert(var['Value'])
+
+ # version = ["5", "5," "60-MariaDB]
+ version = self.info['settings']['version'].split('.')
+
+ # full_version = "5.5.60-MariaDB"
+ full = self.info['settings']['version']
+
+ # release = "60"
+ release = version[2].split('-')[0]
+
+ # check if a suffix exists by counting the length
+ if len(version[2].split('-')) > 1:
+ # suffix = "MariaDB"
+ suffix = version[2].split('-', 1)[1]
+ else:
+ suffix = ""
+
+ self.info['version'] = dict(
+ # major = "5"
+ major=int(version[0]),
+ # minor = "5"
+ minor=int(version[1]),
+ release=int(release),
+ suffix=str(suffix),
+ full=str(full),
+ )
+
+ def __get_global_status(self):
+ """Get global status."""
+ res = self.__exec_sql('SHOW GLOBAL STATUS')
+
+ if res:
+ for var in res:
+ self.info['global_status'][var['Variable_name']] = self.__convert(var['Value'])
+
+ def __get_master_status(self):
+ """Get master status if the instance is a master."""
+ res = self.__exec_sql('SHOW MASTER STATUS')
+ if res:
+ for line in res:
+ for vname, val in iteritems(line):
+ self.info['master_status'][vname] = self.__convert(val)
+
+ def __get_slave_status(self):
+ """Get slave status if the instance is a slave."""
+ res = self.__exec_sql('SHOW SLAVE STATUS')
+ if res:
+ for line in res:
+ host = line['Master_Host']
+ if host not in self.info['slave_status']:
+ self.info['slave_status'][host] = {}
+
+ port = line['Master_Port']
+ if port not in self.info['slave_status'][host]:
+ self.info['slave_status'][host][port] = {}
+
+ user = line['Master_User']
+ if user not in self.info['slave_status'][host][port]:
+ self.info['slave_status'][host][port][user] = {}
+
+ for vname, val in iteritems(line):
+ if vname not in ('Master_Host', 'Master_Port', 'Master_User'):
+ self.info['slave_status'][host][port][user][vname] = self.__convert(val)
+
+ def __get_slaves(self):
+ """Get slave hosts info if the instance is a master."""
+ res = self.__exec_sql('SHOW SLAVE HOSTS')
+ if res:
+ for line in res:
+ srv_id = line['Server_id']
+ if srv_id not in self.info['slave_hosts']:
+ self.info['slave_hosts'][srv_id] = {}
+
+ for vname, val in iteritems(line):
+ if vname != 'Server_id':
+ self.info['slave_hosts'][srv_id][vname] = self.__convert(val)
+
+ def __get_users(self):
+ """Get user info."""
+ res = self.__exec_sql('SELECT * FROM mysql.user')
+ if res:
+ for line in res:
+ host = line['Host']
+ if host not in self.info['users']:
+ self.info['users'][host] = {}
+
+ user = line['User']
+ self.info['users'][host][user] = {}
+
+ for vname, val in iteritems(line):
+ if vname not in ('Host', 'User'):
+ self.info['users'][host][user][vname] = self.__convert(val)
+
+ def __get_databases(self, exclude_fields, return_empty_dbs):
+ """Get info about databases."""
+ if not exclude_fields:
+ query = ('SELECT table_schema AS "name", '
+ 'SUM(data_length + index_length) AS "size" '
+ 'FROM information_schema.TABLES GROUP BY table_schema')
+ else:
+ if 'db_size' in exclude_fields:
+ query = ('SELECT table_schema AS "name" '
+ 'FROM information_schema.TABLES GROUP BY table_schema')
+
+ res = self.__exec_sql(query)
+
+ if res:
+ for db in res:
+ self.info['databases'][db['name']] = {}
+
+ if not exclude_fields or 'db_size' not in exclude_fields:
+ if db['size'] is None:
+ db['size'] = 0
+
+ self.info['databases'][db['name']]['size'] = int(db['size'])
+
+ # If empty dbs are not needed in the returned dict, exit from the method
+ if not return_empty_dbs:
+ return None
+
+ # Add info about empty databases (issue #65727):
+ res = self.__exec_sql('SHOW DATABASES')
+ if res:
+ for db in res:
+ if db['Database'] not in self.info['databases']:
+ self.info['databases'][db['Database']] = {}
+
+ if not exclude_fields or 'db_size' not in exclude_fields:
+ self.info['databases'][db['Database']]['size'] = 0
+
+ def __exec_sql(self, query, ddl=False):
+ """Execute SQL.
+
+ Arguments:
+ ddl (bool): If True, return True or False.
+ Used for queries that don't return any rows
+ (mainly for DDL queries) (default False).
+ """
+ try:
+ self.cursor.execute(query)
+
+ if not ddl:
+ res = self.cursor.fetchall()
+ return res
+ return True
+
+ except Exception as e:
+ self.module.fail_json(msg="Cannot execute SQL '%s': %s" % (query, to_native(e)))
+ return False
+
+
+# ===========================================
+# Module execution.
+#
+
+
+def main():
+ argument_spec = mysql_common_argument_spec()
+ argument_spec.update(
+ login_db=dict(type='str'),
+ filter=dict(type='list'),
+ exclude_fields=dict(type='list'),
+ return_empty_dbs=dict(type='bool', default=False),
+ )
+
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True,
+ )
+
+ db = module.params['login_db']
+ connect_timeout = module.params['connect_timeout']
+ login_user = module.params['login_user']
+ login_password = module.params['login_password']
+ ssl_cert = module.params['client_cert']
+ ssl_key = module.params['client_key']
+ ssl_ca = module.params['ca_cert']
+ check_hostname = module.params['check_hostname']
+ config_file = module.params['config_file']
+ filter_ = module.params['filter']
+ exclude_fields = module.params['exclude_fields']
+ return_empty_dbs = module.params['return_empty_dbs']
+
+ if filter_:
+ filter_ = [f.strip() for f in filter_]
+
+ if exclude_fields:
+ exclude_fields = set([f.strip() for f in exclude_fields])
+
+ if mysql_driver is None:
+ module.fail_json(msg=mysql_driver_fail_msg)
+
+ connector_name = get_connector_name(mysql_driver)
+ connector_version = get_connector_version(mysql_driver)
+
+ try:
+ cursor, db_conn = mysql_connect(module, login_user, login_password,
+ config_file, ssl_cert, ssl_key, ssl_ca, db,
+ check_hostname=check_hostname,
+ connect_timeout=connect_timeout, cursor_class='DictCursor')
+ except Exception as e:
+ msg = ('unable to connect to database using %s %s, check login_user '
+ 'and login_password are correct or %s has the credentials. '
+ 'Exception message: %s' % (connector_name, connector_version, config_file, to_native(e)))
+ module.fail_json(msg)
+
+ ###############################
+ # Create object and do main job
+
+ mysql = MySQL_Info(module, cursor)
+
+ module.exit_json(changed=False,
+ connector_name=connector_name,
+ connector_version=connector_version,
+ **mysql.get_info(filter_, exclude_fields, return_empty_dbs))
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/community/mysql/plugins/modules/mysql_query.py b/ansible_collections/community/mysql/plugins/modules/mysql_query.py
new file mode 100644
index 00000000..a3d7ce23
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/modules/mysql_query.py
@@ -0,0 +1,280 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2020, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: mysql_query
+short_description: Run MySQL queries
+description:
+- Runs arbitrary MySQL queries.
+- Pay attention, the module does not support check mode!
+ All queries will be executed in autocommit mode.
+- To run SQL queries from a file, use M(community.mysql.mysql_db) module.
+version_added: '0.1.0'
+options:
+ query:
+ description:
+ - SQL query to run. Multiple queries can be passed using YAML list syntax.
+ - Must be a string or YAML list containing strings.
+ - Note that if you use the C(IF EXISTS/IF NOT EXISTS) clauses in your query
+ and C(mysqlclient) connector, the module will report that
+ the state has been changed even if it has not. If it is important in your
+ workflow, use the C(PyMySQL) connector instead.
+ type: raw
+ required: true
+ positional_args:
+ description:
+ - List of values to be passed as positional arguments to the query.
+ - Mutually exclusive with I(named_args).
+ type: list
+ named_args:
+ description:
+ - Dictionary of key-value arguments to pass to the query.
+ - Mutually exclusive with I(positional_args).
+ type: dict
+ login_db:
+ description:
+ - Name of database to connect to and run queries against.
+ type: str
+ single_transaction:
+ description:
+ - Where passed queries run in a single transaction (C(yes)) or commit them one-by-one (C(no)).
+ type: bool
+ default: false
+seealso:
+- module: community.mysql.mysql_db
+author:
+- Andrew Klychkov (@Andersson007)
+extends_documentation_fragment:
+- community.mysql.mysql
+
+'''
+
+EXAMPLES = r'''
+# If you encounter the "Please explicitly state intended protocol" error,
+# use the login_unix_socket argument
+- name: Simple select query to acme db
+ community.mysql.mysql_query:
+ login_db: acme
+ query: SELECT * FROM orders
+ login_unix_socket: /run/mysqld/mysqld.sock
+
+- name: Select query to db acme with positional arguments
+ community.mysql.mysql_query:
+ login_db: acme
+ query: SELECT * FROM acme WHERE id = %s AND story = %s
+ positional_args:
+ - 1
+ - test
+
+- name: Select query to test_db with named_args
+ community.mysql.mysql_query:
+ login_db: test_db
+ query: SELECT * FROM test WHERE id = %(id_val)s AND story = %(story_val)s
+ named_args:
+ id_val: 1
+ story_val: test
+
+- name: Run several insert queries against db test_db in single transaction
+ community.mysql.mysql_query:
+ login_db: test_db
+ query:
+ - INSERT INTO articles (id, story) VALUES (2, 'my_long_story')
+ - INSERT INTO prices (id, price) VALUES (123, '100.00')
+ single_transaction: true
+'''
+
+RETURN = r'''
+executed_queries:
+ description: List of executed queries.
+ returned: always
+ type: list
+ sample: ['SELECT * FROM bar', 'UPDATE bar SET id = 1 WHERE id = 2']
+query_result:
+ description:
+ - List of lists (sublist for each query) containing dictionaries
+ in column:value form representing returned rows.
+ returned: changed
+ type: list
+ sample: [[{"Column": "Value1"},{"Column": "Value2"}], [{"ID": 1}, {"ID": 2}]]
+rowcount:
+ description: Number of affected rows for each subquery.
+ returned: changed
+ type: list
+ sample: [5, 1]
+'''
+
+import warnings
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mysql.plugins.module_utils.mysql import (
+ mysql_connect,
+ mysql_common_argument_spec,
+ mysql_driver,
+ mysql_driver_fail_msg,
+)
+from ansible.module_utils._text import to_native
+
+DML_QUERY_KEYWORDS = ('INSERT', 'UPDATE', 'DELETE', 'REPLACE')
+# TRUNCATE is not DDL query but it also returns 0 rows affected:
+DDL_QUERY_KEYWORDS = ('CREATE', 'DROP', 'ALTER', 'RENAME', 'TRUNCATE')
+
+
+# ===========================================
+# Module execution.
+#
+
+def main():
+ argument_spec = mysql_common_argument_spec()
+ argument_spec.update(
+ query=dict(type='raw', required=True),
+ login_db=dict(type='str'),
+ positional_args=dict(type='list'),
+ named_args=dict(type='dict'),
+ single_transaction=dict(type='bool', default=False),
+ )
+
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ mutually_exclusive=(
+ ('positional_args', 'named_args'),
+ ),
+ )
+
+ db = module.params['login_db']
+ connect_timeout = module.params['connect_timeout']
+ login_user = module.params['login_user']
+ login_password = module.params['login_password']
+ ssl_cert = module.params['client_cert']
+ ssl_key = module.params['client_key']
+ ssl_ca = module.params['ca_cert']
+ check_hostname = module.params['check_hostname']
+ config_file = module.params['config_file']
+ query = module.params["query"]
+
+ if not isinstance(query, (str, list)):
+ module.fail_json(msg="the query option value must be a string or list, passed %s" % type(query))
+
+ if isinstance(query, str):
+ query = [query]
+
+ for elem in query:
+ if not isinstance(elem, str):
+ module.fail_json(msg="the elements in query list must be strings, passed '%s' %s" % (elem, type(elem)))
+
+ if module.params["single_transaction"]:
+ autocommit = False
+ else:
+ autocommit = True
+ # Prepare args:
+ if module.params.get("positional_args"):
+ arguments = module.params["positional_args"]
+ elif module.params.get("named_args"):
+ arguments = module.params["named_args"]
+ else:
+ arguments = None
+
+ if mysql_driver is None:
+ module.fail_json(msg=mysql_driver_fail_msg)
+
+ # Connect to DB:
+ try:
+ cursor, db_connection = mysql_connect(module, login_user, login_password,
+ config_file, ssl_cert, ssl_key, ssl_ca, db,
+ check_hostname=check_hostname,
+ connect_timeout=connect_timeout,
+ cursor_class='DictCursor', autocommit=autocommit)
+ except Exception as e:
+ module.fail_json(msg="unable to connect to database, check login_user and "
+ "login_password are correct or %s has the credentials. "
+ "Exception message: %s" % (config_file, to_native(e)))
+
+ # Set defaults:
+ changed = False
+
+ max_keyword_len = len(max(DML_QUERY_KEYWORDS + DDL_QUERY_KEYWORDS, key=len))
+
+ # Execute query:
+ query_result = []
+ executed_queries = []
+ rowcount = []
+
+ already_exists = False
+ for q in query:
+ try:
+ with warnings.catch_warnings():
+ warnings.filterwarnings(action='error',
+ message='.*already exists*',
+ category=mysql_driver.Warning)
+
+ try:
+ cursor.execute(q, arguments)
+ except mysql_driver.Warning:
+ # When something is run with IF NOT EXISTS
+ # and there's "already exists" MySQL warning,
+ # set the flag as True.
+ # PyMySQL throws the warning, mysqlclinet does NOT.
+ already_exists = True
+
+ except Exception as e:
+ if not autocommit:
+ db_connection.rollback()
+
+ cursor.close()
+ module.fail_json(msg="Cannot execute SQL '%s' args [%s]: %s" % (q, arguments, to_native(e)))
+
+ try:
+ if not already_exists:
+ query_result.append([dict(row) for row in cursor.fetchall()])
+
+ except Exception as e:
+ if not autocommit:
+ db_connection.rollback()
+
+ module.fail_json(msg="Cannot fetch rows from cursor: %s" % to_native(e))
+
+ # Check DML or DDL keywords in query and set changed accordingly:
+ q = q.lstrip()[0:max_keyword_len].upper()
+ for keyword in DML_QUERY_KEYWORDS:
+ if keyword in q and cursor.rowcount > 0:
+ changed = True
+
+ for keyword in DDL_QUERY_KEYWORDS:
+ if keyword in q:
+ if already_exists:
+ # Indicates the entity already exists
+ changed = False
+ already_exists = False # Reset flag
+ else:
+ changed = True
+ try:
+ executed_queries.append(cursor._last_executed)
+ except AttributeError:
+ # MySQLdb removed cursor._last_executed as a duplicate of cursor._executed
+ executed_queries.append(cursor._executed)
+ rowcount.append(cursor.rowcount)
+
+ # When the module run with the single_transaction == True:
+ if not autocommit:
+ db_connection.commit()
+
+ # Create dict with returned values:
+ kw = {
+ 'changed': changed,
+ 'executed_queries': executed_queries,
+ 'query_result': query_result,
+ 'rowcount': rowcount,
+ }
+
+ # Exit:
+ module.exit_json(**kw)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/community/mysql/plugins/modules/mysql_replication.py b/ansible_collections/community/mysql/plugins/modules/mysql_replication.py
new file mode 100644
index 00000000..5d1a0e53
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/modules/mysql_replication.py
@@ -0,0 +1,655 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2013, Balazs Pocze <banyek@gawker.com>
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# Certain parts are taken from Mark Theunissen's mysqldb module
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+
+DOCUMENTATION = r'''
+---
+module: mysql_replication
+short_description: Manage MySQL replication
+description:
+- Manages MySQL server replication, replica, primary status, get and change primary host.
+author:
+- Balazs Pocze (@banyek)
+- Andrew Klychkov (@Andersson007)
+options:
+ mode:
+ description:
+ - Module operating mode. Could be
+ C(changeprimary) (CHANGE PRIMARY TO),
+ C(getprimary) (SHOW PRIMARY STATUS),
+ C(getreplica) (SHOW REPLICA),
+ C(startreplica) (START REPLICA),
+ C(stopreplica) (STOP REPLICA),
+ C(resetprimary) (RESET PRIMARY) - supported since community.mysql 0.1.0,
+ C(resetreplica) (RESET REPLICA),
+ C(resetreplicaall) (RESET REPLICA ALL).
+ type: str
+ choices:
+ - changeprimary
+ - getprimary
+ - getreplica
+ - startreplica
+ - stopreplica
+ - resetprimary
+ - resetreplica
+ - resetreplicaall
+ default: getreplica
+ primary_host:
+ description:
+ - Same as the C(MASTER_HOST) mysql variable.
+ type: str
+ aliases: [master_host]
+ primary_user:
+ description:
+ - Same as the C(MASTER_USER) mysql variable.
+ type: str
+ aliases: [master_user]
+ primary_password:
+ description:
+ - Same as the C(MASTER_PASSWORD) mysql variable.
+ type: str
+ aliases: [master_password]
+ primary_port:
+ description:
+ - Same as the C(MASTER_PORT) mysql variable.
+ type: int
+ aliases: [master_port]
+ primary_connect_retry:
+ description:
+ - Same as the C(MASTER_CONNECT_RETRY) mysql variable.
+ type: int
+ aliases: [master_connect_retry]
+ primary_log_file:
+ description:
+ - Same as the C(MASTER_LOG_FILE) mysql variable.
+ type: str
+ aliases: [master_log_file]
+ primary_log_pos:
+ description:
+ - Same as the C(MASTER_LOG_POS) mysql variable.
+ type: int
+ aliases: [master_log_pos]
+ relay_log_file:
+ description:
+ - Same as mysql variable.
+ type: str
+ relay_log_pos:
+ description:
+ - Same as mysql variable.
+ type: int
+ primary_ssl:
+ description:
+ - Same as the C(MASTER_SSL) mysql variable.
+ - When setting it to C(yes), the connection attempt only succeeds
+ if an encrypted connection can be established.
+ - For details, refer to
+ L(MySQL encrypted replication documentation,https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-encrypted-connections.html).
+ - The default is C(false).
+ type: bool
+ aliases: [master_ssl]
+ primary_ssl_ca:
+ description:
+ - Same as the C(MASTER_SSL_CA) mysql variable.
+ - For details, refer to
+ L(MySQL encrypted replication documentation,https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-encrypted-connections.html).
+ type: str
+ aliases: [master_ssl_ca]
+ primary_ssl_capath:
+ description:
+ - Same as the C(MASTER_SSL_CAPATH) mysql variable.
+ - For details, refer to
+ L(MySQL encrypted replication documentation,https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-encrypted-connections.html).
+ type: str
+ aliases: [master_ssl_capath]
+ primary_ssl_cert:
+ description:
+ - Same as the C(MASTER_SSL_CERT) mysql variable.
+ - For details, refer to
+ L(MySQL encrypted replication documentation,https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-encrypted-connections.html).
+ type: str
+ aliases: [master_ssl_cert]
+ primary_ssl_key:
+ description:
+ - Same as the C(MASTER_SSL_KEY) mysql variable.
+ - For details, refer to
+ L(MySQL encrypted replication documentation,https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-encrypted-connections.html).
+ type: str
+ aliases: [master_ssl_key]
+ primary_ssl_cipher:
+ description:
+ - Same as the C(MASTER_SSL_CIPHER) mysql variable.
+ - Specifies a colon-separated list of one or more ciphers permitted by the replica for the replication connection.
+ - For details, refer to
+ L(MySQL encrypted replication documentation,https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-encrypted-connections.html).
+ type: str
+ aliases: [master_ssl_cipher]
+ primary_ssl_verify_server_cert:
+ description:
+ - Same as mysql variable.
+ type: bool
+ default: false
+ version_added: '3.5.0'
+ primary_auto_position:
+ description:
+ - Whether the host uses GTID based replication or not.
+ - Same as the C(MASTER_AUTO_POSITION) mysql variable.
+ type: bool
+ default: false
+ aliases: [master_auto_position]
+ primary_use_gtid:
+ description:
+ - Configures the replica to use the MariaDB Global Transaction ID.
+ - C(disabled) equals MASTER_USE_GTID=no command.
+ - To find information about available values see
+ U(https://mariadb.com/kb/en/library/change-master-to/#master_use_gtid).
+ - Available since MariaDB 10.0.2.
+ choices: [current_pos, replica_pos, disabled]
+ type: str
+ version_added: '0.1.0'
+ aliases: [master_use_gtid]
+ primary_delay:
+ description:
+ - Time lag behind the primary's state (in seconds).
+ - Same as the C(MASTER_DELAY) mysql variable.
+ - Available from MySQL 5.6.
+ - For more information see U(https://dev.mysql.com/doc/refman/8.0/en/replication-delayed.html).
+ type: int
+ version_added: '0.1.0'
+ aliases: [master_delay]
+ connection_name:
+ description:
+ - Name of the primary connection.
+ - Supported from MariaDB 10.0.1.
+ - Mutually exclusive with I(channel).
+ - For more information see U(https://mariadb.com/kb/en/library/multi-source-replication/).
+ type: str
+ version_added: '0.1.0'
+ channel:
+ description:
+ - Name of replication channel.
+ - Multi-source replication is supported from MySQL 5.7.
+ - Mutually exclusive with I(connection_name).
+ - For more information see U(https://dev.mysql.com/doc/refman/8.0/en/replication-multi-source.html).
+ type: str
+ version_added: '0.1.0'
+ fail_on_error:
+ description:
+ - Fails on error when calling mysql.
+ type: bool
+ default: false
+ version_added: '0.1.0'
+
+notes:
+- If an empty value for the parameter of string type is needed, use an empty string.
+
+extends_documentation_fragment:
+- community.mysql.mysql
+
+
+seealso:
+- module: community.mysql.mysql_info
+- name: MySQL replication reference
+ description: Complete reference of the MySQL replication documentation.
+ link: https://dev.mysql.com/doc/refman/8.0/en/replication.html
+- name: MySQL encrypted replication reference.
+ description: Setting up MySQL replication to use encrypted connection.
+ link: https://dev.mysql.com/doc/refman/8.0/en/replication-solutions-encrypted-connections.html
+- name: MariaDB replication reference
+ description: Complete reference of the MariaDB replication documentation.
+ link: https://mariadb.com/kb/en/library/setting-up-replication/
+'''
+
+EXAMPLES = r'''
+# If you encounter the "Please explicitly state intended protocol" error,
+# use the login_unix_socket argument
+- name: Stop mysql replica thread
+ community.mysql.mysql_replication:
+ mode: stopreplica
+ login_unix_socket: /run/mysqld/mysqld.sock
+
+- name: Get primary binlog file name and binlog position
+ community.mysql.mysql_replication:
+ mode: getprimary
+
+- name: Change primary to primary server 192.0.2.1 and use binary log 'mysql-bin.000009' with position 4578
+ community.mysql.mysql_replication:
+ mode: changeprimary
+ primary_host: 192.0.2.1
+ primary_log_file: mysql-bin.000009
+ primary_log_pos: 4578
+
+- name: Check replica status using port 3308
+ community.mysql.mysql_replication:
+ mode: getreplica
+ login_host: ansible.example.com
+ login_port: 3308
+
+- name: On MariaDB change primary to use GTID current_pos
+ community.mysql.mysql_replication:
+ mode: changeprimary
+ primary_use_gtid: current_pos
+
+- name: Change primary to use replication delay 3600 seconds
+ community.mysql.mysql_replication:
+ mode: changeprimary
+ primary_host: 192.0.2.1
+ primary_delay: 3600
+
+- name: Start MariaDB replica with connection name primary-1
+ community.mysql.mysql_replication:
+ mode: startreplica
+ connection_name: primary-1
+
+- name: Stop replication in channel primary-1
+ community.mysql.mysql_replication:
+ mode: stopreplica
+ channel: primary-1
+
+- name: >
+ Run RESET MASTER command which will delete all existing binary log files
+ and reset the binary log index file on the primary
+ community.mysql.mysql_replication:
+ mode: resetprimary
+
+- name: Run start replica and fail the task on errors
+ community.mysql.mysql_replication:
+ mode: startreplica
+ connection_name: primary-1
+ fail_on_error: true
+
+- name: Change primary and fail on error (like when replica thread is running)
+ community.mysql.mysql_replication:
+ mode: changeprimary
+ fail_on_error: true
+
+'''
+
+RETURN = r'''
+queries:
+ description: List of executed queries which modified DB's state.
+ returned: always
+ type: list
+ sample: ["CHANGE MASTER TO MASTER_HOST='primary2.example.com',MASTER_PORT=3306"]
+ version_added: '0.1.0'
+'''
+
+import os
+import warnings
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mysql.plugins.module_utils.mysql import (
+ mysql_connect,
+ mysql_driver,
+ mysql_driver_fail_msg,
+ mysql_common_argument_spec,
+)
+from ansible.module_utils._text import to_native
+from ansible_collections.community.mysql.plugins.module_utils.version import LooseVersion
+
+executed_queries = []
+
+
+def get_primary_status(cursor):
+ # TODO: when it's available to change on MySQL's side,
+ # change MASTER to PRIMARY using the approach from
+ # get_replica_status() function. Same for other functions.
+ cursor.execute("SHOW MASTER STATUS")
+ primarystatus = cursor.fetchone()
+ return primarystatus
+
+
+def get_replica_status(cursor, connection_name='', channel='', term='REPLICA'):
+ if connection_name:
+ query = "SHOW %s '%s' STATUS" % (term, connection_name)
+ else:
+ query = "SHOW %s STATUS" % term
+
+ if channel:
+ query += " FOR CHANNEL '%s'" % channel
+
+ cursor.execute(query)
+ replica_status = cursor.fetchone()
+ return replica_status
+
+
+def stop_replica(module, cursor, connection_name='', channel='', fail_on_error=False, term='REPLICA'):
+ if connection_name:
+ query = "STOP %s '%s'" % (term, connection_name)
+ else:
+ query = 'STOP %s' % term
+
+ if channel:
+ query += " FOR CHANNEL '%s'" % channel
+
+ try:
+ executed_queries.append(query)
+ cursor.execute(query)
+ stopped = True
+ except mysql_driver.Warning as e:
+ stopped = False
+ except Exception as e:
+ if fail_on_error:
+ module.fail_json(msg="STOP REPLICA failed: %s" % to_native(e))
+ stopped = False
+ return stopped
+
+
+def reset_replica(module, cursor, connection_name='', channel='', fail_on_error=False, term='REPLICA'):
+ if connection_name:
+ query = "RESET %s '%s'" % (term, connection_name)
+ else:
+ query = 'RESET %s' % term
+
+ if channel:
+ query += " FOR CHANNEL '%s'" % channel
+
+ try:
+ executed_queries.append(query)
+ cursor.execute(query)
+ reset = True
+ except mysql_driver.Warning as e:
+ reset = False
+ except Exception as e:
+ if fail_on_error:
+ module.fail_json(msg="RESET REPLICA failed: %s" % to_native(e))
+ reset = False
+ return reset
+
+
+def reset_replica_all(module, cursor, connection_name='', channel='', fail_on_error=False, term='REPLICA'):
+ if connection_name:
+ query = "RESET %s '%s' ALL" % (term, connection_name)
+ else:
+ query = 'RESET %s ALL' % term
+
+ if channel:
+ query += " FOR CHANNEL '%s'" % channel
+
+ try:
+ executed_queries.append(query)
+ cursor.execute(query)
+ reset = True
+ except mysql_driver.Warning as e:
+ reset = False
+ except Exception as e:
+ if fail_on_error:
+ module.fail_json(msg="RESET REPLICA ALL failed: %s" % to_native(e))
+ reset = False
+ return reset
+
+
+def reset_primary(module, cursor, fail_on_error=False):
+ query = 'RESET MASTER'
+ try:
+ executed_queries.append(query)
+ cursor.execute(query)
+ reset = True
+ except mysql_driver.Warning as e:
+ reset = False
+ except Exception as e:
+ if fail_on_error:
+ module.fail_json(msg="RESET MASTER failed: %s" % to_native(e))
+ reset = False
+ return reset
+
+
+def start_replica(module, cursor, connection_name='', channel='', fail_on_error=False, term='REPLICA'):
+ if connection_name:
+ query = "START %s '%s'" % (term, connection_name)
+ else:
+ query = 'START %s' % term
+
+ if channel:
+ query += " FOR CHANNEL '%s'" % channel
+
+ try:
+ executed_queries.append(query)
+ cursor.execute(query)
+ started = True
+ except mysql_driver.Warning as e:
+ started = False
+ except Exception as e:
+ if fail_on_error:
+ module.fail_json(msg="START REPLICA failed: %s" % to_native(e))
+ started = False
+ return started
+
+
+def changeprimary(cursor, chm, connection_name='', channel=''):
+ if connection_name:
+ query = "CHANGE MASTER '%s' TO %s" % (connection_name, ','.join(chm))
+ else:
+ query = 'CHANGE MASTER TO %s' % ','.join(chm)
+
+ if channel:
+ query += " FOR CHANNEL '%s'" % channel
+
+ executed_queries.append(query)
+ cursor.execute(query)
+
+
+def main():
+ argument_spec = mysql_common_argument_spec()
+ argument_spec.update(
+ mode=dict(type='str', default='getreplica', choices=[
+ 'getprimary',
+ 'getreplica',
+ 'changeprimary',
+ 'stopreplica',
+ 'startreplica',
+ 'resetprimary',
+ 'resetreplica',
+ 'resetreplicaall']),
+ primary_auto_position=dict(type='bool', default=False, aliases=['master_auto_position']),
+ primary_host=dict(type='str', aliases=['master_host']),
+ primary_user=dict(type='str', aliases=['master_user']),
+ primary_password=dict(type='str', no_log=True, aliases=['master_password']),
+ primary_port=dict(type='int', aliases=['master_port']),
+ primary_connect_retry=dict(type='int', aliases=['master_connect_retry']),
+ primary_log_file=dict(type='str', aliases=['master_log_file']),
+ primary_log_pos=dict(type='int', aliases=['master_log_pos']),
+ relay_log_file=dict(type='str'),
+ relay_log_pos=dict(type='int'),
+ primary_ssl=dict(type='bool', aliases=['master_ssl']),
+ primary_ssl_ca=dict(type='str', aliases=['master_ssl_ca']),
+ primary_ssl_capath=dict(type='str', aliases=['master_ssl_capath']),
+ primary_ssl_cert=dict(type='str', aliases=['master_ssl_cert']),
+ primary_ssl_key=dict(type='str', no_log=False, aliases=['master_ssl_key']),
+ primary_ssl_cipher=dict(type='str', aliases=['master_ssl_cipher']),
+ primary_ssl_verify_server_cert=dict(type='bool', default=False),
+ primary_use_gtid=dict(type='str', choices=[
+ 'current_pos', 'replica_pos', 'disabled'], aliases=['master_use_gtid']),
+ primary_delay=dict(type='int', aliases=['master_delay']),
+ connection_name=dict(type='str'),
+ channel=dict(type='str'),
+ fail_on_error=dict(type='bool', default=False),
+ )
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ mutually_exclusive=[
+ ['connection_name', 'channel']
+ ],
+ )
+ mode = module.params["mode"]
+ primary_host = module.params["primary_host"]
+ primary_user = module.params["primary_user"]
+ primary_password = module.params["primary_password"]
+ primary_port = module.params["primary_port"]
+ primary_connect_retry = module.params["primary_connect_retry"]
+ primary_log_file = module.params["primary_log_file"]
+ primary_log_pos = module.params["primary_log_pos"]
+ relay_log_file = module.params["relay_log_file"]
+ relay_log_pos = module.params["relay_log_pos"]
+ primary_ssl = module.params["primary_ssl"]
+ primary_ssl_ca = module.params["primary_ssl_ca"]
+ primary_ssl_capath = module.params["primary_ssl_capath"]
+ primary_ssl_cert = module.params["primary_ssl_cert"]
+ primary_ssl_key = module.params["primary_ssl_key"]
+ primary_ssl_cipher = module.params["primary_ssl_cipher"]
+ primary_ssl_verify_server_cert = module.params["primary_ssl_verify_server_cert"]
+ primary_auto_position = module.params["primary_auto_position"]
+ ssl_cert = module.params["client_cert"]
+ ssl_key = module.params["client_key"]
+ ssl_ca = module.params["ca_cert"]
+ check_hostname = module.params["check_hostname"]
+ connect_timeout = module.params['connect_timeout']
+ config_file = module.params['config_file']
+ primary_delay = module.params['primary_delay']
+ if module.params.get("primary_use_gtid") == 'disabled':
+ primary_use_gtid = 'no'
+ else:
+ primary_use_gtid = module.params["primary_use_gtid"]
+ connection_name = module.params["connection_name"]
+ channel = module.params['channel']
+ fail_on_error = module.params['fail_on_error']
+
+ if mysql_driver is None:
+ module.fail_json(msg=mysql_driver_fail_msg)
+ else:
+ warnings.filterwarnings('error', category=mysql_driver.Warning)
+
+ login_password = module.params["login_password"]
+ login_user = module.params["login_user"]
+
+ try:
+ cursor, db_conn = mysql_connect(module, login_user, login_password, config_file,
+ ssl_cert, ssl_key, ssl_ca, None, cursor_class='DictCursor',
+ connect_timeout=connect_timeout, check_hostname=check_hostname)
+ except Exception as e:
+ if os.path.exists(config_file):
+ module.fail_json(msg="unable to connect to database, check login_user and "
+ "login_password are correct or %s has the credentials. "
+ "Exception message: %s" % (config_file, to_native(e)))
+ else:
+ module.fail_json(msg="unable to find %s. Exception message: %s" % (config_file, to_native(e)))
+
+ cursor.execute("SELECT VERSION()")
+ if 'mariadb' in cursor.fetchone()["VERSION()"].lower():
+ from ansible_collections.community.mysql.plugins.module_utils.implementations.mariadb import replication as impl
+ else:
+ from ansible_collections.community.mysql.plugins.module_utils.implementations.mysql import replication as impl
+
+ # Since MySQL 8.0.22 and MariaDB 10.5.1,
+ # "REPLICA" must be used instead of "SLAVE"
+ if impl.uses_replica_terminology(cursor):
+ replica_term = 'REPLICA'
+ else:
+ replica_term = 'SLAVE'
+ if primary_use_gtid == 'replica_pos':
+ primary_use_gtid = 'slave_pos'
+
+ if mode == 'getprimary':
+ status = get_primary_status(cursor)
+ if not isinstance(status, dict):
+ status = dict(Is_Primary=False,
+ msg="Server is not configured as mysql primary")
+ else:
+ status['Is_Primary'] = True
+
+ module.exit_json(queries=executed_queries, **status)
+
+ elif mode == "getreplica":
+ status = get_replica_status(cursor, connection_name, channel, replica_term)
+ if not isinstance(status, dict):
+ status = dict(Is_Replica=False, msg="Server is not configured as mysql replica")
+ else:
+ status['Is_Replica'] = True
+
+ module.exit_json(queries=executed_queries, **status)
+
+ elif mode == 'changeprimary':
+ chm = []
+ result = {}
+ if primary_host is not None:
+ chm.append("MASTER_HOST='%s'" % primary_host)
+ if primary_user is not None:
+ chm.append("MASTER_USER='%s'" % primary_user)
+ if primary_password is not None:
+ chm.append("MASTER_PASSWORD='%s'" % primary_password)
+ if primary_port is not None:
+ chm.append("MASTER_PORT=%s" % primary_port)
+ if primary_connect_retry is not None:
+ chm.append("MASTER_CONNECT_RETRY=%s" % primary_connect_retry)
+ if primary_log_file is not None:
+ chm.append("MASTER_LOG_FILE='%s'" % primary_log_file)
+ if primary_log_pos is not None:
+ chm.append("MASTER_LOG_POS=%s" % primary_log_pos)
+ if primary_delay is not None:
+ chm.append("MASTER_DELAY=%s" % primary_delay)
+ if relay_log_file is not None:
+ chm.append("RELAY_LOG_FILE='%s'" % relay_log_file)
+ if relay_log_pos is not None:
+ chm.append("RELAY_LOG_POS=%s" % relay_log_pos)
+ if primary_ssl is not None:
+ if primary_ssl:
+ chm.append("MASTER_SSL=1")
+ else:
+ chm.append("MASTER_SSL=0")
+ if primary_ssl_ca is not None:
+ chm.append("MASTER_SSL_CA='%s'" % primary_ssl_ca)
+ if primary_ssl_capath is not None:
+ chm.append("MASTER_SSL_CAPATH='%s'" % primary_ssl_capath)
+ if primary_ssl_cert is not None:
+ chm.append("MASTER_SSL_CERT='%s'" % primary_ssl_cert)
+ if primary_ssl_key is not None:
+ chm.append("MASTER_SSL_KEY='%s'" % primary_ssl_key)
+ if primary_ssl_cipher is not None:
+ chm.append("MASTER_SSL_CIPHER='%s'" % primary_ssl_cipher)
+ if primary_ssl_verify_server_cert:
+ chm.append("SOURCE_SSL_VERIFY_SERVER_CERT=1")
+ if primary_auto_position:
+ chm.append("MASTER_AUTO_POSITION=1")
+ if primary_use_gtid is not None:
+ chm.append("MASTER_USE_GTID=%s" % primary_use_gtid)
+ try:
+ changeprimary(cursor, chm, connection_name, channel)
+ except mysql_driver.Warning as e:
+ result['warning'] = to_native(e)
+ except Exception as e:
+ module.fail_json(msg='%s. Query == CHANGE MASTER TO %s' % (to_native(e), chm))
+ result['changed'] = True
+ module.exit_json(queries=executed_queries, **result)
+ elif mode == "startreplica":
+ started = start_replica(module, cursor, connection_name, channel, fail_on_error, replica_term)
+ if started is True:
+ module.exit_json(msg="Replica started ", changed=True, queries=executed_queries)
+ else:
+ module.exit_json(msg="Replica already started (Or cannot be started)", changed=False, queries=executed_queries)
+ elif mode == "stopreplica":
+ stopped = stop_replica(module, cursor, connection_name, channel, fail_on_error, replica_term)
+ if stopped is True:
+ module.exit_json(msg="Replica stopped", changed=True, queries=executed_queries)
+ else:
+ module.exit_json(msg="Replica already stopped", changed=False, queries=executed_queries)
+ elif mode == 'resetprimary':
+ reset = reset_primary(module, cursor, fail_on_error)
+ if reset is True:
+ module.exit_json(msg="Primary reset", changed=True, queries=executed_queries)
+ else:
+ module.exit_json(msg="Primary already reset", changed=False, queries=executed_queries)
+ elif mode == "resetreplica":
+ reset = reset_replica(module, cursor, connection_name, channel, fail_on_error, replica_term)
+ if reset is True:
+ module.exit_json(msg="Replica reset", changed=True, queries=executed_queries)
+ else:
+ module.exit_json(msg="Replica already reset", changed=False, queries=executed_queries)
+ elif mode == "resetreplicaall":
+ reset = reset_replica_all(module, cursor, connection_name, channel, fail_on_error, replica_term)
+ if reset is True:
+ module.exit_json(msg="Replica reset", changed=True, queries=executed_queries)
+ else:
+ module.exit_json(msg="Replica already reset", changed=False, queries=executed_queries)
+
+ warnings.simplefilter("ignore")
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/community/mysql/plugins/modules/mysql_role.py b/ansible_collections/community/mysql/plugins/modules/mysql_role.py
new file mode 100644
index 00000000..070d7939
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/modules/mysql_role.py
@@ -0,0 +1,1095 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2021, Andrew Klychkov <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: mysql_role
+
+short_description: Adds, removes, or updates a MySQL role
+
+description:
+ - Adds, removes, or updates a MySQL role.
+ - Roles are supported since MySQL 8.0.0 and MariaDB 10.0.5.
+
+version_added: '2.2.0'
+
+options:
+ name:
+ description:
+ - Name of the role to add or remove.
+ type: str
+ required: true
+
+ admin:
+ description:
+ - Supported by B(MariaDB).
+ - Name of the admin user of the role (the I(login_user), by default).
+ type: str
+
+ priv:
+ description:
+ - "MySQL privileges string in the format: C(db.table:priv1,priv2)."
+ - "You can specify multiple privileges by separating each one using
+ a forward slash: C(db.table:priv/db.table:priv)."
+ - The format is based on MySQL C(GRANT) statement.
+ - Database and table names can be quoted, MySQL-style.
+ - If column privileges are used, the C(priv1,priv2) part must be
+ exactly as returned by a C(SHOW GRANT) statement. If not followed,
+ the module will always report changes. It includes grouping columns
+ by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))).
+ - Can be passed as a dictionary (see the examples).
+ - Supports GRANTs for procedures and functions
+ (see the examples for the M(community.mysql.mysql_user) module).
+ type: raw
+
+ append_privs:
+ description:
+ - Append the privileges defined by the I(priv) option to the existing ones
+ for this role instead of overwriting them. Mutually exclusive with I(subtract_privs).
+ type: bool
+ default: false
+
+ subtract_privs:
+ description:
+ - Revoke the privileges defined by the I(priv) option and keep other existing privileges.
+ If set, invalid privileges in I(priv) are ignored.
+ Mutually exclusive with I(append_privs).
+ version_added: '3.2.0'
+ type: bool
+ default: false
+
+ members:
+ description:
+ - List of members of the role.
+ - For users, use the format C(username@hostname).
+ Always specify the hostname part explicitly.
+ - For roles, use the format C(rolename).
+ - Mutually exclusive with I(admin).
+ type: list
+ elements: str
+
+ append_members:
+ description:
+ - Add members defined by the I(members) option to the existing ones
+ for this role instead of overwriting them.
+ - Mutually exclusive with the I(detach_members) and I(admin) option.
+ type: bool
+ default: false
+
+ detach_members:
+ description:
+ - Detaches members defined by the I(members) option from the role
+ instead of overwriting all the current members.
+ - Mutually exclusive with the I(append_members) and I(admin) option.
+ type: bool
+ default: false
+
+ set_default_role_all:
+ description:
+ - Is not supported by MariaDB and is silently ignored when working with MariaDB.
+ - If C(yes), runs B(SET DEFAULT ROLE ALL TO) each of the I(members) when changed.
+ - If you want to avoid this behavior, set this option to C(no) explicitly.
+ type: bool
+ default: true
+
+ state:
+ description:
+ - If C(present) and the role does not exist, creates the role.
+ - If C(present) and the role exists, does nothing or updates its attributes.
+ - If C(absent), removes the role.
+ type: str
+ choices: [ absent, present ]
+ default: present
+
+ check_implicit_admin:
+ description:
+ - Check if mysql allows login as root/nopassword before trying supplied credentials.
+ - If success, passed I(login_user)/I(login_password) will be ignored.
+ type: bool
+ default: false
+
+ members_must_exist:
+ description:
+ - When C(yes), the module fails if any user in I(members) does not exist.
+ - When C(no), users in I(members) which don't exist are simply skipped.
+ type: bool
+ default: true
+
+notes:
+ - Pay attention that the module runs C(SET DEFAULT ROLE ALL TO)
+ all the I(members) passed by default when the state has changed.
+ If you want to avoid this behavior, set I(set_default_role_all) to C(no).
+ - Supports C(check_mode).
+
+seealso:
+ - module: community.mysql.mysql_user
+ - name: MySQL role reference
+ description: Complete reference of the MySQL role documentation.
+ link: https://dev.mysql.com/doc/refman/8.0/en/create-role.html
+
+author:
+ - Andrew Klychkov (@Andersson007)
+ - Felix Hamme (@betanummeric)
+
+extends_documentation_fragment:
+ - community.mysql.mysql
+'''
+
+EXAMPLES = r'''
+# If you encounter the "Please explicitly state intended protocol" error,
+# use the login_unix_socket argument, for example, login_unix_socket: /run/mysqld/mysqld.sock
+
+# Example of a .my.cnf file content for setting a root password
+# [client]
+# user=root
+# password=n<_665{vS43y
+#
+# Example of a privileges dictionary passed through the priv option
+# priv:
+# 'mydb.*': 'INSERT,UPDATE'
+# 'anotherdb.*': 'SELECT'
+# 'yetanotherdb.*': 'ALL'
+#
+# You can also use the string format like in the community.mysql.mysql_user module, for example
+# mydb.*:INSERT,UPDATE/anotherdb.*:SELECT/yetanotherdb.*:ALL
+#
+# For more examples on how to specify privileges, refer to the community.mysql.mysql_user module
+
+# Create a role developers with all database privileges
+# and add alice and bob as members.
+# The statement 'SET DEFAULT ROLE ALL' to them will be run.
+- name: Create role developers, add members
+ community.mysql.mysql_role:
+ name: developers
+ state: present
+ priv: '*.*:ALL'
+ members:
+ - 'alice@%'
+ - 'bob@%'
+
+- name: Same as above but do not run SET DEFAULT ROLE ALL TO each member
+ community.mysql.mysql_role:
+ name: developers
+ state: present
+ priv: '*.*:ALL'
+ members:
+ - 'alice@%'
+ - 'bob@%'
+ set_default_role_all: false
+
+# Assuming that the role developers exists,
+# add john to the current members
+- name: Add members to an existing role
+ community.mysql.mysql_role:
+ name: developers
+ state: present
+ append_members: true
+ members:
+ - 'joe@localhost'
+
+# Create role readers with the SELECT privilege
+# on all tables in the fiction database
+- name: Create role developers, add members
+ community.mysql.mysql_role:
+ name: readers
+ state: present
+ priv: 'fiction.*:SELECT'
+
+# Assuming that the role readers exists,
+# add the UPDATE privilege to the role on all tables in the fiction database
+- name: Create role developers, add members
+ community.mysql.mysql_role:
+ name: readers
+ state: present
+ priv: 'fiction.*:UPDATE'
+ append_privs: true
+
+- name: Create role with the 'SELECT' and 'UPDATE' privileges in db1 and db2
+ community.mysql.mysql_role:
+ state: present
+ name: foo
+ priv:
+ 'db1.*': 'SELECT,UPDATE'
+ 'db2.*': 'SELECT,UPDATE'
+
+- name: Remove joe from readers
+ community.mysql.mysql_role:
+ state: present
+ name: readers
+ members:
+ - 'joe@localhost'
+ detach_members: true
+
+- name: Remove the role readers if exists
+ community.mysql.mysql_role:
+ state: absent
+ name: readers
+
+- name: Example of using login_unix_socket to connect to the server
+ community.mysql.mysql_role:
+ name: readers
+ state: present
+ login_unix_socket: /var/run/mysqld/mysqld.sock
+
+# Pay attention that the admin cannot be changed later
+# and will be ignored if a role currently exists.
+# To change members, you need to run a separate task using the admin
+# of the role as the login_user.
+- name: On MariaDB, create the role readers with alice as its admin
+ community.mysql.mysql_role:
+ state: present
+ name: readers
+ admin: 'alice@%'
+
+- name: Create the role business, add the role marketing to members
+ community.mysql.mysql_role:
+ state: present
+ name: business
+ members:
+ - marketing
+
+- name: Ensure the role foo does not have the DELETE privilege
+ community.mysql.mysql_role:
+ state: present
+ name: foo
+ subtract_privs: true
+ priv:
+ 'db1.*': DELETE
+
+- name: Add some members to a role and skip not-existent users
+ community.mysql.mysql_role:
+ state: present
+ name: foo
+ append_members: true
+ members_must_exist: false
+ members:
+ - 'existing_user@localhost'
+ - 'not_existing_user@localhost'
+
+- name: Detach some members from a role and ignore not-existent users
+ community.mysql.mysql_role:
+ state: present
+ name: foo
+ detach_members: true
+ members_must_exist: false
+ members:
+ - 'existing_user@localhost'
+ - 'not_existing_user@localhost'
+'''
+
+RETURN = '''#'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mysql.plugins.module_utils.mysql import (
+ mysql_connect,
+ mysql_driver,
+ mysql_driver_fail_msg,
+ mysql_common_argument_spec
+)
+from ansible_collections.community.mysql.plugins.module_utils.user import (
+ convert_priv_dict_to_str,
+ get_impl,
+ get_mode,
+ user_mod,
+ privileges_grant,
+ privileges_unpack,
+)
+from ansible.module_utils._text import to_native
+from ansible.module_utils.six import iteritems
+
+
+def normalize_users(module, users, is_mariadb=False):
+ """Normalize passed user names.
+
+ Example of transformation:
+ ['user0'] => [('user0', '')] / ['user0'] => [('user0', '%')]
+ ['user0@host0'] => [('user0', 'host0')]
+
+ Args:
+ module (AnsibleModule): Object of the AnsibleModule class.
+ users (list): List of user names.
+ is_mariadb (bool): Flag indicating we are working with MariaDB
+
+ Returns:
+ list: List of tuples like [('user0', ''), ('user0', 'host0')].
+ """
+ normalized_users = []
+
+ for user in users:
+ try:
+ tmp = user.split('@')
+
+ if tmp[0] == '':
+ module.fail_json(msg="Member's name cannot be empty.")
+
+ if len(tmp) == 1:
+ if not is_mariadb:
+ normalized_users.append((tmp[0], '%'))
+ else:
+ normalized_users.append((tmp[0], ''))
+
+ elif len(tmp) == 2:
+ normalized_users.append((tmp[0], tmp[1]))
+
+ except Exception as e:
+ msg = ('Error occured while parsing the name "%s": %s. '
+ 'It must be in the format "username" or '
+ '"username@hostname" ' % (user, to_native(e)))
+ module.fail_json(msg=msg)
+
+ return normalized_users
+
+
+class DbServer():
+ """Class to fetch information from a database.
+
+ Args:
+ module (AnsibleModule): Object of the AnsibleModule class.
+ cursor (cursor): Cursor object of a database Python connector.
+
+ Attributes:
+ module (AnsibleModule): Object of the AnsibleModule class.
+ cursor (cursor): Cursor object of a database Python connector.
+ role_impl (library): Corresponding library depending
+ on a server type (MariaDB or MySQL)
+ mariadb (bool): True if MariaDB, False otherwise.
+ roles_supported (bool): True if roles are supported, False otherwise.
+ users (set): Set of users existing in a DB in the form (username, hostname).
+ """
+ def __init__(self, module, cursor):
+ self.module = module
+ self.cursor = cursor
+ self.role_impl = self.get_implementation()
+ self.mariadb = self.role_impl.is_mariadb()
+ self.roles_supported = self.role_impl.supports_roles(self.cursor)
+ self.users = set(self.__get_users())
+
+ def is_mariadb(self):
+ """Get info whether a DB server is a MariaDB instance.
+
+ Returns:
+ self.mariadb: Attribute value.
+ """
+ return self.mariadb
+
+ def supports_roles(self):
+ """Get info whether a DB server supports roles.
+
+ Returns:
+ self.roles_supported: Attribute value.
+ """
+ return self.roles_supported
+
+ def get_implementation(self):
+ """Get a current server implementation depending on its type.
+
+ Returns:
+ library: Depending on a server type (MySQL or MariaDB).
+ """
+ self.cursor.execute("SELECT VERSION()")
+
+ if 'mariadb' in self.cursor.fetchone()[0].lower():
+ import ansible_collections.community.mysql.plugins.module_utils.implementations.mariadb.role as role_impl
+ else:
+ import ansible_collections.community.mysql.plugins.module_utils.implementations.mysql.role as role_impl
+
+ return role_impl
+
+ def check_users_in_db(self, users):
+ """Check if users exist in a database.
+
+ Args:
+ users (list): List of tuples (username, hostname) to check.
+ """
+ for user in users:
+ if user not in self.users:
+ msg = 'User / role `%s` with host `%s` does not exist' % (user[0], user[1])
+ self.module.fail_json(msg=msg)
+
+ def filter_existing_users(self, users):
+ for user in users:
+ if user in self.users:
+ yield user
+
+ def __get_users(self):
+ """Get users.
+
+ Returns:
+ list: List of tuples (username, hostname).
+ """
+ self.cursor.execute('SELECT User, Host FROM mysql.user')
+ return self.cursor.fetchall()
+
+ def get_users(self):
+ """Get set of tuples (username, hostname) existing in a DB.
+
+ Returns:
+ self.users: Attribute value.
+ """
+ return self.users
+
+ def get_grants(self, user, host):
+ """Get grants.
+
+ Args:
+ user (str): User name
+ host (str): Host name
+
+ Returns:
+ list: List of tuples like [(grant1,), (grant2,), ... ].
+ """
+ if host:
+ self.cursor.execute('SHOW GRANTS FOR %s@%s', (user, host))
+ else:
+ self.cursor.execute('SHOW GRANTS FOR %s', (user,))
+
+ return self.cursor.fetchall()
+
+
+class MySQLQueryBuilder():
+ """Class to build and return queries specific to MySQL.
+
+ Args:
+ name (str): Role name.
+ host (str): Role host.
+
+ Attributes:
+ name (str): Role name.
+ host (str): Role host.
+ """
+ def __init__(self, name, host):
+ self.name = name
+ self.host = host
+
+ def role_exists(self):
+ """Return a query to check if a role with self.name and self.host exists in a database.
+
+ Returns:
+ tuple: (query_string, tuple_containing_parameters).
+ """
+ return 'SELECT count(*) FROM mysql.user WHERE user = %s AND host = %s', (self.name, self.host)
+
+ def role_grant(self, user):
+ """Return a query to grant a role to a user or a role.
+
+ Args:
+ user (tuple): User / role to grant the role to in the form (username, hostname).
+
+ Returns:
+ tuple: (query_string, tuple_containing_parameters).
+ """
+ if user[1]:
+ return 'GRANT %s@%s TO %s@%s', (self.name, self.host, user[0], user[1])
+ else:
+ return 'GRANT %s@%s TO %s', (self.name, self.host, user[0])
+
+ def role_revoke(self, user):
+ """Return a query to revoke a role from a user or role.
+
+ Args:
+ user (tuple): User / role to revoke the role from in the form (username, hostname).
+
+ Returns:
+ tuple: (query_string, tuple_containing_parameters).
+ """
+ if user[1]:
+ return 'REVOKE %s@%s FROM %s@%s', (self.name, self.host, user[0], user[1])
+ else:
+ return 'REVOKE %s@%s FROM %s', (self.name, self.host, user[0])
+
+ def role_create(self, admin=None):
+ """Return a query to create a role.
+
+ Args:
+ admin (tuple): Admin user in the form (username, hostname).
+ Because it is not supported by MySQL, we ignore it.
+
+ Returns:
+ tuple: (query_string, tuple_containing_parameters).
+ """
+ return 'CREATE ROLE %s', (self.name,)
+
+
+class MariaDBQueryBuilder():
+ """Class to build and return queries specific to MariaDB.
+
+ Args:
+ name (str): Role name.
+
+ Attributes:
+ name (str): Role name.
+ """
+ def __init__(self, name):
+ self.name = name
+
+ def role_exists(self):
+ """Return a query to check if a role with self.name exists in a database.
+
+ Returns:
+ tuple: (query_string, tuple_containing_parameters).
+ """
+ return "SELECT count(*) FROM mysql.user WHERE user = %s AND is_role = 'Y'", (self.name,)
+
+ def role_grant(self, user):
+ """Return a query to grant a role to a user or role.
+
+ Args:
+ user (tuple): User / role to grant the role to in the form (username, hostname).
+
+ Returns:
+ tuple: (query_string, tuple_containing_parameters).
+ """
+ if user[1]:
+ return 'GRANT %s TO %s@%s', (self.name, user[0], user[1])
+ else:
+ return 'GRANT %s TO %s', (self.name, user[0])
+
+ def role_revoke(self, user):
+ """Return a query to revoke a role from a user or role.
+
+ Args:
+ user (tuple): User / role to revoke the role from in the form (username, hostname).
+
+ Returns:
+ tuple: (query_string, tuple_containing_parameters).
+ """
+ if user[1]:
+ return 'REVOKE %s FROM %s@%s', (self.name, user[0], user[1])
+ else:
+ return 'REVOKE %s FROM %s', (self.name, user[0])
+
+ def role_create(self, admin=None):
+ """Return a query to create a role.
+
+ Args:
+ admin (tuple): Admin user in the form (username, hostname).
+
+ Returns:
+ tuple: (query_string, tuple_containing_parameters).
+ """
+ if not admin:
+ return 'CREATE ROLE %s', (self.name,)
+
+ if admin[1]:
+ return 'CREATE ROLE %s WITH ADMIN %s@%s', (self.name, admin[0], admin[1])
+ else:
+ return 'CREATE ROLE %s WITH ADMIN %s', (self.name, admin[0])
+
+
+class MySQLRoleImpl():
+ """Class to work with MySQL role implementation.
+
+ Args:
+ module (AnsibleModule): Object of the AnsibleModule class.
+ cursor (cursor): Cursor object of a database Python connector.
+ name (str): Role name.
+ host (str): Role host.
+
+ Attributes:
+ module (AnsibleModule): Object of the AnsibleModule class.
+ cursor (cursor): Cursor object of a database Python connector.
+ name (str): Role name.
+ host (str): Role host.
+ """
+ def __init__(self, module, cursor, name, host):
+ self.module = module
+ self.cursor = cursor
+ self.name = name
+ self.host = host
+
+ def set_default_role_all(self, user):
+ """Run 'SET DEFAULT ROLE ALL TO' a user.
+
+ Args:
+ user (tuple): User / role to run the command against in the form (username, hostname).
+ """
+ if user[1]:
+ self.cursor.execute('SET DEFAULT ROLE ALL TO %s@%s', (user[0], user[1]))
+ else:
+ self.cursor.execute('SET DEFAULT ROLE ALL TO %s', (user[0],))
+
+ def get_admin(self):
+ """Get a current admin of a role.
+
+ Not supported by MySQL, so ignored here.
+ """
+ pass
+
+ def set_admin(self, admin):
+ """Set an admin of a role.
+
+ Not supported by MySQL, so ignored here.
+
+ TODO: Implement the feature if this gets supported.
+
+ Args:
+ admin (tuple): Admin user of the role in the form (username, hostname).
+ """
+ pass
+
+
+class MariaDBRoleImpl():
+ """Class to work with MariaDB role implementation.
+
+ Args:
+ module (AnsibleModule): Object of the AnsibleModule class.
+ cursor (cursor): Cursor object of a database Python connector.
+ name (str): Role name.
+
+ Attributes:
+ module (AnsibleModule): Object of the AnsibleModule class.
+ cursor (cursor): Cursor object of a database Python connector.
+ name (str): Role name.
+ """
+ def __init__(self, module, cursor, name):
+ self.module = module
+ self.cursor = cursor
+ self.name = name
+
+ def set_default_role_all(self, user):
+ """Run 'SET DEFAULT ROLE ALL TO' a user.
+
+ The command is not supported by MariaDB, ignored.
+
+ Args:
+ user (tuple): User / role to run the command against in the form (username, hostname).
+ """
+ pass
+
+ def get_admin(self):
+ """Get a current admin of a role.
+
+ Returns:
+ tuple: Of the form (username, hostname).
+ """
+ query = ("SELECT User, Host FROM mysql.roles_mapping "
+ "WHERE Role = %s and Admin_option = 'Y'")
+
+ self.cursor.execute(query, (self.name,))
+ return self.cursor.fetchone()
+
+ def set_admin(self, admin):
+ """Set an admin of a role.
+
+ TODO: Implement changing when ALTER ROLE statement to
+ change role's admin gets supported.
+
+ Args:
+ admin (tuple): Admin user of the role in the form (username, hostname).
+ """
+ admin_user = admin[0]
+ admin_host = admin[1]
+ current_admin = self.get_admin()
+
+ if (admin_user, admin_host) != current_admin:
+ msg = ('The "admin" option value and the current '
+ 'roles admin (%s@%s) don not match. Ignored. '
+ 'To change the admin, you need to drop and create the '
+ 'role again.' % (current_admin[0], current_admin[1]))
+ self.module.warn(msg)
+
+
+class Role():
+ """Class to work with MySQL role objects.
+
+ Args:
+ module (AnsibleModule): Object of the AnsibleModule class.
+ cursor (cursor): Cursor object of a database Python connector.
+ name (str): Role name.
+ server (DbServer): Object of the DbServer class.
+
+ Attributes:
+ module (AnsibleModule): Object of the AnsibleModule class.
+ cursor (cursor): Cursor object of a database Python connector.
+ name (str): Role name.
+ server (DbServer): Object of the DbServer class.
+ host (str): Role's host.
+ full_name (str): Role's full name.
+ exists (bool): Indicates if a role exists or not.
+ members (set): Set of current role's members.
+ """
+ def __init__(self, module, cursor, name, server):
+ self.module = module
+ self.cursor = cursor
+ self.name = name
+ self.server = server
+ self.is_mariadb = self.server.is_mariadb()
+
+ if self.is_mariadb:
+ self.q_builder = MariaDBQueryBuilder(self.name)
+ self.role_impl = MariaDBRoleImpl(self.module, self.cursor, self.name)
+ self.full_name = '`%s`' % self.name
+ self.host = ''
+ else:
+ self.host = '%'
+ self.q_builder = MySQLQueryBuilder(self.name, self.host)
+ self.role_impl = MySQLRoleImpl(self.module, self.cursor, self.name, self.host)
+ self.full_name = '`%s`@`%s`' % (self.name, self.host)
+
+ self.exists = self.__role_exists()
+ self.members = set()
+
+ if self.exists:
+ self.members = self.__get_members()
+
+ def __role_exists(self):
+ """Check if a role exists.
+
+ Returns:
+ bool: True if the role exists, False if it does not.
+ """
+ self.cursor.execute(*self.q_builder.role_exists())
+ return self.cursor.fetchone()[0] > 0
+
+ def add(self, users, privs, check_mode=False, admin=False,
+ set_default_role_all=True):
+ """Add a role.
+
+ Args:
+ users (list): Role members.
+ privs (str): String containing privileges.
+ check_mode (bool): If True, just checks and does nothing.
+ admin (tuple): Role's admin. Contains (username, hostname).
+ set_default_role_all (bool): If True, runs SET DEFAULT ROLE ALL TO each member.
+
+ Returns:
+ bool: True if the state has changed, False if has not.
+ """
+ if check_mode:
+ if not self.exists:
+ return True
+ return False
+
+ self.cursor.execute(*self.q_builder.role_create(admin))
+
+ if users:
+ self.update_members(users, set_default_role_all=set_default_role_all)
+
+ if privs:
+ for db_table, priv in iteritems(privs):
+ privileges_grant(self.cursor, self.name, self.host,
+ db_table, priv, tls_requires=None,
+ maria_role=self.is_mariadb)
+
+ return True
+
+ def drop(self, check_mode=False):
+ """Drop a role.
+
+ Args:
+ check_mode (bool): If True, just checks and does nothing.
+
+ Returns:
+ bool: True if the state has changed, False if has not.
+ """
+ if not self.exists:
+ return False
+
+ if check_mode and self.exists:
+ return True
+
+ self.cursor.execute('DROP ROLE %s', (self.name,))
+ return True
+
+ def update_members(self, users, check_mode=False, append_members=False,
+ set_default_role_all=True):
+ """Add users to a role.
+
+ Args:
+ users (list): Role members.
+ check_mode (bool): If True, just checks and does nothing.
+ append_members (bool): If True, adds new members passed through users
+ not touching current members.
+ set_default_role_all (bool): If True, runs SET DEFAULT ROLE ALL TO each member.
+
+ Returns:
+ bool: True if the state has changed, False if has not.
+ """
+ if not users:
+ return False
+
+ changed = False
+ for user in users:
+ if user not in self.members:
+ if check_mode:
+ return True
+
+ self.cursor.execute(*self.q_builder.role_grant(user))
+
+ if set_default_role_all:
+ self.role_impl.set_default_role_all(user)
+
+ changed = True
+
+ if append_members:
+ return changed
+
+ for user in self.members:
+ if user not in users and user != ('root', 'localhost'):
+ changed = self.__remove_member(user, check_mode)
+
+ return changed
+
+ def remove_members(self, users, check_mode=False):
+ """Remove members from a role.
+
+ Args:
+ users (list): Role members.
+ check_mode (bool): If True, just checks and does nothing.
+
+ Returns:
+ bool: True if the state has changed, False if has not.
+ """
+ if not users:
+ return False
+
+ changed = False
+ for user in users:
+ if user in self.members:
+ changed = self.__remove_member(user, check_mode)
+
+ return changed
+
+ def __remove_member(self, user, check_mode=False):
+ """Remove a member from a role.
+
+ Args:
+ user (str): Role member to remove.
+ check_mode (bool): If True, just returns True and does nothing.
+
+ Returns:
+ bool: True if the state has changed, False if has not.
+ """
+ if check_mode:
+ return True
+
+ self.cursor.execute(*self.q_builder.role_revoke(user))
+
+ return True
+
+ def update(self, users, privs, check_mode=False,
+ append_privs=False, subtract_privs=False,
+ append_members=False, detach_members=False,
+ admin=False, set_default_role_all=True):
+ """Update a role.
+
+ Update a role if needed.
+
+ Todo: Implement changing of role's admin when ALTER ROLE statement
+ to do that gets supported.
+
+ Args:
+ users (list): Role members.
+ privs (str): String containing privileges.
+ check_mode (bool): If True, just checks and does nothing.
+ append_privs (bool): If True, adds new privileges passed through privs
+ not touching current privileges.
+ subtract_privs (bool): If True, revoke the privileges passed through privs
+ not touching other existing privileges.
+ append_members (bool): If True, adds new members passed through users
+ not touching current members.
+ detach_members (bool): If True, removes members passed through users from a role.
+ admin (tuple): Role's admin. Contains (username, hostname).
+ set_default_role_all (bool): If True, runs SET DEFAULT ROLE ALL TO each member.
+
+ Returns:
+ bool: True if the state has changed, False if has not.
+ """
+ changed = False
+ members_changed = False
+
+ if users:
+ if detach_members:
+ members_changed = self.remove_members(users, check_mode=check_mode)
+
+ else:
+ members_changed = self.update_members(users, check_mode=check_mode,
+ append_members=append_members,
+ set_default_role_all=set_default_role_all)
+
+ if privs:
+ result = user_mod(self.cursor, self.name, self.host,
+ None, None, None, None, None, None,
+ privs, append_privs, subtract_privs, None,
+ self.module, role=True, maria_role=self.is_mariadb)
+ changed = result['changed']
+
+ if admin:
+ self.role_impl.set_admin(admin)
+
+ changed = changed or members_changed
+
+ return changed
+
+ def __get_members(self):
+ """Get current role's members.
+
+ Returns:
+ set: Members.
+ """
+ if self.is_mariadb:
+ self.cursor.execute('select user, host from mysql.roles_mapping where role = %s', (self.name,))
+ else:
+ self.cursor.execute('select TO_USER as user, TO_HOST as host from mysql.role_edges where FROM_USER = %s', (self.name,))
+ return set(self.cursor.fetchall())
+
+
+def main():
+ argument_spec = mysql_common_argument_spec()
+ argument_spec.update(
+ name=dict(type='str', required=True),
+ state=dict(type='str', default='present', choices=['absent', 'present']),
+ admin=dict(type='str'),
+ priv=dict(type='raw'),
+ append_privs=dict(type='bool', default=False),
+ subtract_privs=dict(type='bool', default=False),
+ members=dict(type='list', elements='str'),
+ append_members=dict(type='bool', default=False),
+ detach_members=dict(type='bool', default=False),
+ check_implicit_admin=dict(type='bool', default=False),
+ set_default_role_all=dict(type='bool', default=True),
+ members_must_exist=dict(type='bool', default=True)
+ )
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True,
+ mutually_exclusive=(
+ ('append_members', 'detach_members'),
+ ('admin', 'members'),
+ ('admin', 'append_members'),
+ ('admin', 'detach_members'),
+ ('append_privs', 'subtract_privs'),
+ ),
+ )
+
+ login_user = module.params['login_user']
+ login_password = module.params['login_password']
+ name = module.params['name']
+ state = module.params['state']
+ admin = module.params['admin']
+ priv = module.params['priv']
+ check_implicit_admin = module.params['check_implicit_admin']
+ connect_timeout = module.params['connect_timeout']
+ config_file = module.params['config_file']
+ append_privs = module.params['append_privs']
+ subtract_privs = module.boolean(module.params['subtract_privs'])
+ members = module.params['members']
+ append_members = module.params['append_members']
+ detach_members = module.params['detach_members']
+ ssl_cert = module.params['client_cert']
+ ssl_key = module.params['client_key']
+ ssl_ca = module.params['ca_cert']
+ check_hostname = module.params['check_hostname']
+ db = ''
+ set_default_role_all = module.params['set_default_role_all']
+ members_must_exist = module.params['members_must_exist']
+
+ if priv and not isinstance(priv, (str, dict)):
+ msg = ('The "priv" parameter must be str or dict '
+ 'but %s was passed' % type(priv))
+ module.fail_json(msg=msg)
+
+ if priv and isinstance(priv, dict):
+ priv = convert_priv_dict_to_str(priv)
+
+ if mysql_driver is None:
+ module.fail_json(msg=mysql_driver_fail_msg)
+
+ cursor = None
+ try:
+ if check_implicit_admin:
+ try:
+ cursor, db_conn = mysql_connect(module, 'root', '', config_file,
+ ssl_cert, ssl_key, ssl_ca, db,
+ connect_timeout=connect_timeout,
+ check_hostname=check_hostname,
+ autocommit=True)
+ except Exception:
+ pass
+
+ if not cursor:
+ cursor, db_conn = mysql_connect(module, login_user, login_password,
+ config_file, ssl_cert, ssl_key,
+ ssl_ca, db, connect_timeout=connect_timeout,
+ check_hostname=check_hostname,
+ autocommit=True)
+
+ except Exception as e:
+ module.fail_json(msg='unable to connect to database, '
+ 'check login_user and login_password '
+ 'are correct or %s has the credentials. '
+ 'Exception message: %s' % (config_file, to_native(e)))
+
+ # Set defaults
+ changed = False
+
+ get_impl(cursor)
+
+ if priv is not None:
+ try:
+ mode = get_mode(cursor)
+ except Exception as e:
+ module.fail_json(msg=to_native(e))
+
+ try:
+ priv = privileges_unpack(priv, mode, ensure_usage=not subtract_privs)
+ except Exception as e:
+ module.fail_json(msg='Invalid privileges string: %s' % to_native(e))
+
+ server = DbServer(module, cursor)
+
+ # Check if the server supports roles
+ if not server.supports_roles():
+ msg = ('Roles are not supported by the server. '
+ 'Minimal versions are MySQL 8.0.0 or MariaDB 10.0.5.')
+ module.fail_json(msg=msg)
+
+ if admin:
+ if not server.is_mariadb():
+ module.fail_json(msg='The "admin" option can be used only with MariaDB.')
+
+ admin = normalize_users(module, [admin])[0]
+ server.check_users_in_db([admin])
+
+ if members:
+ members = normalize_users(module, members, server.is_mariadb())
+ if members_must_exist:
+ server.check_users_in_db(members)
+ else:
+ members = list(server.filter_existing_users(members))
+
+ # Main job starts here
+ role = Role(module, cursor, name, server)
+
+ try:
+ if state == 'present':
+ if not role.exists:
+ if subtract_privs:
+ priv = None # avoid granting unwanted privileges
+ if detach_members:
+ members = None # avoid adding unwanted members
+ changed = role.add(members, priv, module.check_mode, admin,
+ set_default_role_all)
+
+ else:
+ changed = role.update(members, priv, module.check_mode, append_privs, subtract_privs,
+ append_members, detach_members, admin,
+ set_default_role_all)
+
+ elif state == 'absent':
+ changed = role.drop(module.check_mode)
+
+ except Exception as e:
+ module.fail_json(msg=to_native(e))
+
+ module.exit_json(changed=changed)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/community/mysql/plugins/modules/mysql_user.py b/ansible_collections/community/mysql/plugins/modules/mysql_user.py
new file mode 100644
index 00000000..e1808c89
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/modules/mysql_user.py
@@ -0,0 +1,528 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2012, Mark Theunissen <mark.theunissen@gmail.com>
+# Sponsored by Four Kitchens http://fourkitchens.com.
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: mysql_user
+short_description: Adds or removes a user from a MySQL database
+description:
+ - Adds or removes a user from a MySQL database.
+options:
+ name:
+ description:
+ - Name of the user (role) to add or remove.
+ type: str
+ required: true
+ password:
+ description:
+ - Set the user's password. Only for C(mysql_native_password) authentication.
+ For other authentication plugins see the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string).
+ type: str
+ encrypted:
+ description:
+ - Indicate that the 'password' field is a `mysql_native_password` hash.
+ type: bool
+ default: false
+ host:
+ description:
+ - The 'host' part of the MySQL username.
+ type: str
+ default: localhost
+ host_all:
+ description:
+ - Override the host option, making ansible apply changes
+ to all hostnames for a given user.
+ - This option cannot be used when creating users.
+ type: bool
+ default: false
+ priv:
+ description:
+ - "MySQL privileges string in the format: C(db.table:priv1,priv2)."
+ - "Multiple privileges can be specified by separating each one using
+ a forward slash: C(db.table1:priv/db.table2:priv)."
+ - The format is based on MySQL C(GRANT) statement.
+ - Database and table names can be quoted, MySQL-style.
+ - If column privileges are used, the C(priv1,priv2) part must be
+ exactly as returned by a C(SHOW GRANT) statement. If not followed,
+ the module will always report changes. It includes grouping columns
+ by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))).
+ - Can be passed as a dictionary (see the examples).
+ - Supports GRANTs for procedures and functions (see the examples).
+ - "Note: If you pass the same C(db.table) combination to this parameter
+ two or more times with different privileges,
+ for example, C('*.*:SELECT/*.*:SHOW VIEW'), only the last one will be applied,
+ in this example, it will be C(SHOW VIEW) respectively.
+ Use C('*.*:SELECT,SHOW VIEW') instead to apply both."
+ type: raw
+ append_privs:
+ description:
+ - Append the privileges defined by priv to the existing ones for this
+ user instead of overwriting existing ones. Mutually exclusive with I(subtract_privs).
+ type: bool
+ default: false
+ subtract_privs:
+ description:
+ - Revoke the privileges defined by the I(priv) option and keep other existing privileges.
+ If set, invalid privileges in I(priv) are ignored.
+ Mutually exclusive with I(append_privs).
+ version_added: '3.2.0'
+ type: bool
+ default: false
+ tls_requires:
+ description:
+ - Set requirement for secure transport as a dictionary of requirements (see the examples).
+ - Valid requirements are SSL, X509, SUBJECT, ISSUER, CIPHER.
+ - SUBJECT, ISSUER and CIPHER are complementary, and mutually exclusive with SSL and X509.
+ - U(https://mariadb.com/kb/en/securing-connections-for-client-and-server/#requiring-tls).
+ type: dict
+ version_added: 1.0.0
+ sql_log_bin:
+ description:
+ - Whether binary logging should be enabled or disabled for the connection.
+ type: bool
+ default: true
+ force_context:
+ description:
+ - Sets the С(mysql) system database as context for the executed statements (it will be used
+ as a database to connect to). Useful if you use binlog / replication filters in MySQL as
+ per default the statements can not be caught by a binlog / replication filter, they require
+ a database to be set to work, otherwise the replication can break down.
+ - See U(https://dev.mysql.com/doc/refman/8.0/en/replication-options-binary-log.html#option_mysqld_binlog-ignore-db)
+ for a description on how binlog filters work (filtering on the primary).
+ - See U(https://dev.mysql.com/doc/refman/8.0/en/replication-options-replica.html#option_mysqld_replicate-ignore-db)
+ for a description on how replication filters work (filtering on the replica).
+ type: bool
+ default: false
+ version_added: '3.1.0'
+ state:
+ description:
+ - Whether the user should exist.
+ - When C(absent), removes the user.
+ type: str
+ choices: [ absent, present ]
+ default: present
+ check_implicit_admin:
+ description:
+ - Check if mysql allows login as root/nopassword before trying supplied credentials.
+ - If success, passed I(login_user)/I(login_password) will be ignored.
+ type: bool
+ default: false
+ update_password:
+ description:
+ - C(always) will update passwords if they differ. This affects I(password) and the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string).
+ - C(on_create) will only set the password or the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string) for newly created users.
+ - "C(on_new_username) works like C(on_create), but it tries to reuse an existing password: If one different user
+ with the same username exists, or multiple different users with the same username and equal C(plugin) and
+ C(authentication_string) attribute, the existing C(plugin) and C(authentication_string) are used for the
+ new user instead of the I(password), I(plugin), I(plugin_hash_string) or I(plugin_auth_string) argument."
+ type: str
+ choices: [ always, on_create, on_new_username ]
+ default: always
+ plugin:
+ description:
+ - User's plugin to authenticate (``CREATE USER user IDENTIFIED WITH plugin``).
+ type: str
+ version_added: '0.1.0'
+ plugin_hash_string:
+ description:
+ - User's plugin hash string (``CREATE USER user IDENTIFIED WITH plugin AS plugin_hash_string``).
+ type: str
+ version_added: '0.1.0'
+ plugin_auth_string:
+ description:
+ - User's plugin auth_string (``CREATE USER user IDENTIFIED WITH plugin BY plugin_auth_string``).
+ - If I(plugin) is ``pam`` (MariaDB) or ``auth_pam`` (MySQL) an optional I(plugin_auth_string) can be used to choose a specific PAM service.
+ type: str
+ version_added: '0.1.0'
+ resource_limits:
+ description:
+ - Limit the user for certain server resources. Provided since MySQL 5.6 / MariaDB 10.2.
+ - "Available options are C(MAX_QUERIES_PER_HOUR: num), C(MAX_UPDATES_PER_HOUR: num),
+ C(MAX_CONNECTIONS_PER_HOUR: num), C(MAX_USER_CONNECTIONS: num)."
+ - Used when I(state=present), ignored otherwise.
+ type: dict
+ version_added: '0.1.0'
+ session_vars:
+ description:
+ - "Dictionary of session variables in form of C(variable: value) to set at the beginning of module execution."
+ - Cannot be used to set global variables, use the M(community.mysql.mysql_variables) module instead.
+ type: dict
+ version_added: '3.6.0'
+
+notes:
+ - "MySQL server installs with default I(login_user) of C(root) and no password.
+ To secure this user as part of an idempotent playbook, you must create at least two tasks:
+ 1) change the root user's password, without providing any I(login_user)/I(login_password) details,
+ 2) drop a C(~/.my.cnf) file containing the new root credentials.
+ Subsequent runs of the playbook will then succeed by reading the new credentials from the file."
+ - Currently, there is only support for the C(mysql_native_password) encrypted password hash module.
+ - Supports (check_mode).
+
+seealso:
+- module: community.mysql.mysql_info
+- name: MySQL access control and account management reference
+ description: Complete reference of the MySQL access control and account management documentation.
+ link: https://dev.mysql.com/doc/refman/8.0/en/access-control.html
+- name: MySQL provided privileges reference
+ description: Complete reference of the MySQL provided privileges documentation.
+ link: https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html
+
+author:
+- Jonathan Mainguy (@Jmainguy)
+- Benjamin Malynovytch (@bmalynovytch)
+- Lukasz Tomaszkiewicz (@tomaszkiewicz)
+extends_documentation_fragment:
+- community.mysql.mysql
+
+'''
+
+EXAMPLES = r'''
+# If you encounter the "Please explicitly state intended protocol" error,
+# use the login_unix_socket argument
+- name: Removes anonymous user account for localhost
+ community.mysql.mysql_user:
+ name: ''
+ host: localhost
+ state: absent
+ login_unix_socket: /run/mysqld/mysqld.sock
+
+- name: Removes all anonymous user accounts
+ community.mysql.mysql_user:
+ name: ''
+ host_all: true
+ state: absent
+
+- name: Create database user with name 'bob' and password '12345' with all database privileges
+ community.mysql.mysql_user:
+ name: bob
+ password: 12345
+ priv: '*.*:ALL'
+ state: present
+
+- name: Create database user using hashed password with all database privileges
+ community.mysql.mysql_user:
+ name: bob
+ password: '*EE0D72C1085C46C5278932678FBE2C6A782821B4'
+ encrypted: true
+ priv: '*.*:ALL'
+ state: present
+
+# Set session var wsrep_on=off before creating the user
+- name: Create database user with password and all database privileges and 'WITH GRANT OPTION'
+ community.mysql.mysql_user:
+ name: bob
+ password: 12345
+ priv: '*.*:ALL,GRANT'
+ state: present
+ session_vars:
+ wsrep_on: off
+
+- name: Create user with password, all database privileges and 'WITH GRANT OPTION' in db1 and db2
+ community.mysql.mysql_user:
+ state: present
+ name: bob
+ password: 12345dd
+ priv:
+ 'db1.*': 'ALL,GRANT'
+ 'db2.*': 'ALL,GRANT'
+
+# Use 'PROCEDURE' instead of 'FUNCTION' to apply GRANTs for a MySQL procedure instead.
+- name: Grant a user the right to execute a function
+ community.mysql.mysql_user:
+ name: readonly
+ password: 12345
+ priv:
+ FUNCTION my_db.my_function: EXECUTE
+ state: present
+
+- name: Modify user to require TLS connection with a valid client certificate
+ community.mysql.mysql_user:
+ name: bob
+ tls_requires:
+ x509:
+ state: present
+
+- name: Modify user to require TLS connection with a specific client certificate and cipher
+ community.mysql.mysql_user:
+ name: bob
+ tls_requires:
+ subject: '/CN=alice/O=MyDom, Inc./C=US/ST=Oregon/L=Portland'
+ cipher: 'ECDHE-ECDSA-AES256-SHA384'
+
+- name: Modify user to no longer require SSL
+ community.mysql.mysql_user:
+ name: bob
+ tls_requires:
+
+- name: Ensure no user named 'sally'@'localhost' exists, also passing in the auth credentials
+ community.mysql.mysql_user:
+ login_user: root
+ login_password: 123456
+ name: sally
+ state: absent
+
+# check_implicit_admin example
+- name: >
+ Ensure no user named 'sally'@'localhost' exists, also passing in the auth credentials.
+ If mysql allows root/nopassword login, try it without the credentials first.
+ If it's not allowed, pass the credentials
+ community.mysql.mysql_user:
+ check_implicit_admin: true
+ login_user: root
+ login_password: 123456
+ name: sally
+ state: absent
+
+- name: Ensure no user named 'sally' exists at all
+ community.mysql.mysql_user:
+ name: sally
+ host_all: true
+ state: absent
+
+- name: Specify grants composed of more than one word
+ community.mysql.mysql_user:
+ name: replication
+ password: 12345
+ priv: "*.*:REPLICATION CLIENT"
+ state: present
+
+- name: Revoke all privileges for user 'bob' and password '12345'
+ community.mysql.mysql_user:
+ name: bob
+ password: 12345
+ priv: "*.*:USAGE"
+ state: present
+
+# Example privileges string format
+# mydb.*:INSERT,UPDATE/anotherdb.*:SELECT/yetanotherdb.*:ALL
+
+- name: Example using login_unix_socket to connect to server
+ community.mysql.mysql_user:
+ name: root
+ password: abc123
+ login_unix_socket: /var/run/mysqld/mysqld.sock
+
+- name: Example of skipping binary logging while adding user 'bob'
+ community.mysql.mysql_user:
+ name: bob
+ password: 12345
+ priv: "*.*:USAGE"
+ state: present
+ sql_log_bin: false
+
+- name: Create user 'bob' authenticated with plugin 'AWSAuthenticationPlugin'
+ community.mysql.mysql_user:
+ name: bob
+ plugin: AWSAuthenticationPlugin
+ plugin_hash_string: RDS
+ priv: '*.*:ALL'
+ state: present
+
+- name: Limit bob's resources to 10 queries per hour and 5 connections per hour
+ community.mysql.mysql_user:
+ name: bob
+ resource_limits:
+ MAX_QUERIES_PER_HOUR: 10
+ MAX_CONNECTIONS_PER_HOUR: 5
+
+- name: Ensure bob does not have the DELETE privilege
+ community.mysql.mysql_user:
+ name: bob
+ subtract_privs: true
+ priv:
+ 'db1.*': DELETE
+
+# Example .my.cnf file for setting the root password
+# [client]
+# user=root
+# password=n<_665{vS43y
+'''
+
+RETURN = '''#'''
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mysql.plugins.module_utils.database import SQLParseError
+from ansible_collections.community.mysql.plugins.module_utils.mysql import (
+ mysql_connect,
+ mysql_driver,
+ mysql_driver_fail_msg,
+ mysql_common_argument_spec,
+ set_session_vars,
+)
+from ansible_collections.community.mysql.plugins.module_utils.user import (
+ convert_priv_dict_to_str,
+ get_impl,
+ get_mode,
+ InvalidPrivsError,
+ limit_resources,
+ privileges_unpack,
+ sanitize_requires,
+ user_add,
+ user_delete,
+ user_exists,
+ user_mod,
+)
+from ansible.module_utils._text import to_native
+
+
+# ===========================================
+# Module execution.
+#
+
+
+def main():
+ argument_spec = mysql_common_argument_spec()
+ argument_spec.update(
+ user=dict(type='str', required=True, aliases=['name']),
+ password=dict(type='str', no_log=True),
+ encrypted=dict(type='bool', default=False),
+ host=dict(type='str', default='localhost'),
+ host_all=dict(type="bool", default=False),
+ state=dict(type='str', default='present', choices=['absent', 'present']),
+ priv=dict(type='raw'),
+ tls_requires=dict(type='dict'),
+ append_privs=dict(type='bool', default=False),
+ subtract_privs=dict(type='bool', default=False),
+ check_implicit_admin=dict(type='bool', default=False),
+ update_password=dict(type='str', default='always', choices=['always', 'on_create', 'on_new_username'], no_log=False),
+ sql_log_bin=dict(type='bool', default=True),
+ plugin=dict(default=None, type='str'),
+ plugin_hash_string=dict(default=None, type='str'),
+ plugin_auth_string=dict(default=None, type='str'),
+ resource_limits=dict(type='dict'),
+ force_context=dict(type='bool', default=False),
+ session_vars=dict(type='dict'),
+ )
+ module = AnsibleModule(
+ argument_spec=argument_spec,
+ supports_check_mode=True,
+ mutually_exclusive=(('append_privs', 'subtract_privs'),)
+ )
+ login_user = module.params["login_user"]
+ login_password = module.params["login_password"]
+ user = module.params["user"]
+ password = module.params["password"]
+ encrypted = module.boolean(module.params["encrypted"])
+ host = module.params["host"].lower()
+ host_all = module.params["host_all"]
+ state = module.params["state"]
+ priv = module.params["priv"]
+ tls_requires = sanitize_requires(module.params["tls_requires"])
+ check_implicit_admin = module.params["check_implicit_admin"]
+ connect_timeout = module.params["connect_timeout"]
+ config_file = module.params["config_file"]
+ append_privs = module.boolean(module.params["append_privs"])
+ subtract_privs = module.boolean(module.params['subtract_privs'])
+ update_password = module.params['update_password']
+ ssl_cert = module.params["client_cert"]
+ ssl_key = module.params["client_key"]
+ ssl_ca = module.params["ca_cert"]
+ check_hostname = module.params["check_hostname"]
+ db = ''
+ if module.params["force_context"]:
+ db = 'mysql'
+ sql_log_bin = module.params["sql_log_bin"]
+ plugin = module.params["plugin"]
+ plugin_hash_string = module.params["plugin_hash_string"]
+ plugin_auth_string = module.params["plugin_auth_string"]
+ resource_limits = module.params["resource_limits"]
+ session_vars = module.params["session_vars"]
+
+ if priv and not isinstance(priv, (str, dict)):
+ module.fail_json(msg="priv parameter must be str or dict but %s was passed" % type(priv))
+
+ if priv and isinstance(priv, dict):
+ priv = convert_priv_dict_to_str(priv)
+
+ if mysql_driver is None:
+ module.fail_json(msg=mysql_driver_fail_msg)
+
+ cursor = None
+ try:
+ if check_implicit_admin:
+ try:
+ cursor, db_conn = mysql_connect(module, "root", "", config_file, ssl_cert, ssl_key, ssl_ca, db,
+ connect_timeout=connect_timeout, check_hostname=check_hostname, autocommit=True)
+ except Exception:
+ pass
+
+ if not cursor:
+ cursor, db_conn = mysql_connect(module, login_user, login_password, config_file, ssl_cert, ssl_key, ssl_ca, db,
+ connect_timeout=connect_timeout, check_hostname=check_hostname, autocommit=True)
+ except Exception as e:
+ module.fail_json(msg="unable to connect to database, check login_user and login_password are correct or %s has the credentials. "
+ "Exception message: %s" % (config_file, to_native(e)))
+
+ if not sql_log_bin:
+ cursor.execute("SET SQL_LOG_BIN=0;")
+
+ if session_vars:
+ set_session_vars(module, cursor, session_vars)
+
+ get_impl(cursor)
+
+ if priv is not None:
+ try:
+ mode = get_mode(cursor)
+ except Exception as e:
+ module.fail_json(msg=to_native(e))
+ priv = privileges_unpack(priv, mode, ensure_usage=not subtract_privs)
+ password_changed = False
+ if state == "present":
+ if user_exists(cursor, user, host, host_all):
+ try:
+ if update_password == "always":
+ result = user_mod(cursor, user, host, host_all, password, encrypted,
+ plugin, plugin_hash_string, plugin_auth_string,
+ priv, append_privs, subtract_privs, tls_requires, module)
+
+ else:
+ result = user_mod(cursor, user, host, host_all, None, encrypted,
+ None, None, None,
+ priv, append_privs, subtract_privs, tls_requires, module)
+ changed = result['changed']
+ msg = result['msg']
+ password_changed = result['password_changed']
+
+ except (SQLParseError, InvalidPrivsError, mysql_driver.Error) as e:
+ module.fail_json(msg=to_native(e))
+ else:
+ if host_all:
+ module.fail_json(msg="host_all parameter cannot be used when adding a user")
+ try:
+ if subtract_privs:
+ priv = None # avoid granting unwanted privileges
+ reuse_existing_password = update_password == 'on_new_username'
+ result = user_add(cursor, user, host, host_all, password, encrypted,
+ plugin, plugin_hash_string, plugin_auth_string,
+ priv, tls_requires, module.check_mode, reuse_existing_password)
+ changed = result['changed']
+ password_changed = result['password_changed']
+ if changed:
+ msg = "User added"
+
+ except (SQLParseError, InvalidPrivsError, mysql_driver.Error) as e:
+ module.fail_json(msg=to_native(e))
+
+ if resource_limits:
+ changed = limit_resources(module, cursor, user, host, resource_limits, module.check_mode) or changed
+
+ elif state == "absent":
+ if user_exists(cursor, user, host, host_all):
+ changed = user_delete(cursor, user, host, host_all, module.check_mode)
+ msg = "User deleted"
+ else:
+ changed = False
+ msg = "User doesn't exist"
+ module.exit_json(changed=changed, user=user, msg=msg, password_changed=password_changed)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/community/mysql/plugins/modules/mysql_variables.py b/ansible_collections/community/mysql/plugins/modules/mysql_variables.py
new file mode 100644
index 00000000..f404d5aa
--- /dev/null
+++ b/ansible_collections/community/mysql/plugins/modules/mysql_variables.py
@@ -0,0 +1,271 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# Copyright: (c) 2013, Balazs Pocze <banyek@gawker.com>
+# Certain parts are taken from Mark Theunissen's mysqldb module
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+from __future__ import absolute_import, division, print_function
+__metaclass__ = type
+
+DOCUMENTATION = r'''
+---
+module: mysql_variables
+
+short_description: Manage MySQL global variables
+description:
+- Query / Set MySQL variables.
+author:
+- Balazs Pocze (@banyek)
+options:
+ variable:
+ description:
+ - Variable name to operate.
+ type: str
+ required: true
+ value:
+ description:
+ - If set, then sets variable value to this.
+ type: str
+ mode:
+ description:
+ - C(global) assigns C(value) to a global system variable which will be changed at runtime
+ but won't persist across server restarts.
+ - C(persist) assigns C(value) to a global system variable and persists it to
+ the mysqld-auto.cnf option file in the data directory
+ (the variable will survive service restarts).
+ - C(persist_only) persists C(value) to the mysqld-auto.cnf option file in the data directory
+ but without setting the global variable runtime value
+ (the value will be changed after the next service restart).
+ - Supported by MySQL 8.0 or later.
+ - For more information see U(https://dev.mysql.com/doc/refman/8.0/en/set-variable.html).
+ type: str
+ choices: ['global', 'persist', 'persist_only']
+ default: global
+ version_added: '0.1.0'
+
+notes:
+- Does not support C(check_mode).
+
+seealso:
+- module: community.mysql.mysql_info
+- name: MySQL SET command reference
+ description: Complete reference of the MySQL SET command documentation.
+ link: https://dev.mysql.com/doc/refman/8.0/en/set-statement.html
+
+extends_documentation_fragment:
+- community.mysql.mysql
+'''
+
+EXAMPLES = r'''
+# If you encounter the "Please explicitly state intended protocol" error,
+# use the login_unix_socket argument
+- name: Check for sync_binlog setting
+ community.mysql.mysql_variables:
+ variable: sync_binlog
+ login_unix_socket: /run/mysqld/mysqld.sock
+
+- name: Set read_only variable to 1 persistently
+ community.mysql.mysql_variables:
+ variable: read_only
+ value: 1
+ mode: persist
+'''
+
+RETURN = r'''
+queries:
+ description: List of executed queries which modified DB's state.
+ returned: if executed
+ type: list
+ sample: ["SET GLOBAL `read_only` = 1"]
+ version_added: '0.1.0'
+'''
+
+import os
+import warnings
+from re import match
+
+from ansible.module_utils.basic import AnsibleModule
+from ansible_collections.community.mysql.plugins.module_utils.database import SQLParseError, mysql_quote_identifier
+from ansible_collections.community.mysql.plugins.module_utils.mysql import mysql_connect, mysql_driver, mysql_driver_fail_msg, mysql_common_argument_spec
+from ansible.module_utils._text import to_native
+
+executed_queries = []
+
+
+def check_mysqld_auto(module, cursor, mysqlvar):
+ """Check variable's value in mysqld-auto.cnf."""
+ query = ("SELECT VARIABLE_VALUE "
+ "FROM performance_schema.persisted_variables "
+ "WHERE VARIABLE_NAME = %s")
+ try:
+ cursor.execute(query, (mysqlvar,))
+ res = cursor.fetchone()
+ except Exception as e:
+ if "Table 'performance_schema.persisted_variables' doesn't exist" in str(e):
+ module.fail_json(msg='Server version must be 8.0 or greater.')
+
+ if res:
+ return res[0]
+ else:
+ return None
+
+
+def typedvalue(value):
+ """
+ Convert value to number whenever possible, return same value
+ otherwise.
+
+ >>> typedvalue('3')
+ 3
+ >>> typedvalue('3.0')
+ 3.0
+ >>> typedvalue('foobar')
+ 'foobar'
+
+ """
+ try:
+ return int(value)
+ except ValueError:
+ pass
+
+ try:
+ return float(value)
+ except ValueError:
+ pass
+
+ return value
+
+
+def getvariable(cursor, mysqlvar):
+ cursor.execute("SHOW VARIABLES WHERE Variable_name = %s", (mysqlvar,))
+ mysqlvar_val = cursor.fetchall()
+ if len(mysqlvar_val) == 1:
+ return mysqlvar_val[0][1]
+ else:
+ return None
+
+
+def setvariable(cursor, mysqlvar, value, mode='global'):
+ """ Set a global mysql variable to a given value
+
+ The DB driver will handle quoting of the given value based on its
+ type, thus numeric strings like '3.0' or '8' are illegal, they
+ should be passed as numeric literals.
+
+ """
+ if mode == 'persist':
+ query = "SET PERSIST %s = " % mysql_quote_identifier(mysqlvar, 'vars')
+ elif mode == 'global':
+ query = "SET GLOBAL %s = " % mysql_quote_identifier(mysqlvar, 'vars')
+ elif mode == 'persist_only':
+ query = "SET PERSIST_ONLY %s = " % mysql_quote_identifier(mysqlvar, 'vars')
+
+ try:
+ cursor.execute(query + "%s", (value,))
+ executed_queries.append(query + "%s" % value)
+ cursor.fetchall()
+ result = True
+ except Exception as e:
+ result = to_native(e)
+
+ return result
+
+
+def main():
+ argument_spec = mysql_common_argument_spec()
+ argument_spec.update(
+ variable=dict(type='str'),
+ value=dict(type='str'),
+ mode=dict(type='str', choices=['global', 'persist', 'persist_only'], default='global'),
+ )
+
+ module = AnsibleModule(
+ argument_spec=argument_spec
+ )
+ user = module.params["login_user"]
+ password = module.params["login_password"]
+ connect_timeout = module.params['connect_timeout']
+ ssl_cert = module.params["client_cert"]
+ ssl_key = module.params["client_key"]
+ ssl_ca = module.params["ca_cert"]
+ check_hostname = module.params["check_hostname"]
+ config_file = module.params['config_file']
+ db = 'mysql'
+
+ mysqlvar = module.params["variable"]
+ value = module.params["value"]
+ mode = module.params["mode"]
+
+ if mysqlvar is None:
+ module.fail_json(msg="Cannot run without variable to operate with")
+ if match('^[0-9A-Za-z_.]+$', mysqlvar) is None:
+ module.fail_json(msg="invalid variable name \"%s\"" % mysqlvar)
+ if mysql_driver is None:
+ module.fail_json(msg=mysql_driver_fail_msg)
+ else:
+ warnings.filterwarnings('error', category=mysql_driver.Warning)
+
+ try:
+ cursor, db_conn = mysql_connect(module, user, password, config_file, ssl_cert, ssl_key, ssl_ca, db,
+ connect_timeout=connect_timeout, check_hostname=check_hostname)
+ except Exception as e:
+ if os.path.exists(config_file):
+ module.fail_json(msg=("unable to connect to database, check login_user and "
+ "login_password are correct or %s has the credentials. "
+ "Exception message: %s" % (config_file, to_native(e))))
+ else:
+ module.fail_json(msg="unable to find %s. Exception message: %s" % (config_file, to_native(e)))
+
+ mysqlvar_val = None
+ var_in_mysqld_auto_cnf = None
+
+ mysqlvar_val = getvariable(cursor, mysqlvar)
+ if mysqlvar_val is None:
+ module.fail_json(msg="Variable not available \"%s\"" % mysqlvar, changed=False)
+
+ if value is None:
+ module.exit_json(msg=mysqlvar_val)
+
+ if mode in ('persist', 'persist_only'):
+ var_in_mysqld_auto_cnf = check_mysqld_auto(module, cursor, mysqlvar)
+
+ if mode == 'persist_only':
+ if var_in_mysqld_auto_cnf is None:
+ mysqlvar_val = False
+ else:
+ mysqlvar_val = var_in_mysqld_auto_cnf
+
+ # Type values before using them
+ value_wanted = typedvalue(value)
+ value_actual = typedvalue(mysqlvar_val)
+ value_in_auto_cnf = None
+ if var_in_mysqld_auto_cnf is not None:
+ value_in_auto_cnf = typedvalue(var_in_mysqld_auto_cnf)
+
+ if value_wanted == value_actual and mode in ('global', 'persist'):
+ if mode == 'persist' and value_wanted == value_in_auto_cnf:
+ module.exit_json(msg="Variable is already set to requested value globally"
+ "and stored into mysqld-auto.cnf file.", changed=False)
+
+ elif mode == 'global':
+ module.exit_json(msg="Variable is already set to requested value.", changed=False)
+
+ if mode == 'persist_only' and value_wanted == value_in_auto_cnf:
+ module.exit_json(msg="Variable is already stored into mysqld-auto.cnf "
+ "with requested value.", changed=False)
+
+ try:
+ result = setvariable(cursor, mysqlvar, value_wanted, mode)
+ except SQLParseError as e:
+ result = to_native(e)
+
+ if result is True:
+ module.exit_json(msg="Variable change succeeded prev_value=%s" % value_actual,
+ changed=True, queries=executed_queries)
+ else:
+ module.fail_json(msg=result, changed=False)
+
+
+if __name__ == '__main__':
+ main()
diff --git a/ansible_collections/community/mysql/simplified_bsd.txt b/ansible_collections/community/mysql/simplified_bsd.txt
new file mode 100644
index 00000000..6810e04e
--- /dev/null
+++ b/ansible_collections/community/mysql/simplified_bsd.txt
@@ -0,0 +1,8 @@
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
diff --git a/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/aliases b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/aliases
new file mode 100644
index 00000000..1065935f
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/aliases
@@ -0,0 +1,7 @@
+destructive
+unsupported # these tests conflict with mysql_replication tests and do not run on changes to the mysql_replication module
+skip/aix
+skip/osx
+skip/freebsd
+skip/rhel
+needs/root
diff --git a/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/defaults/main.yml b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/defaults/main.yml
new file mode 100644
index 00000000..3751f4ef
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/defaults/main.yml
@@ -0,0 +1,7 @@
+master_port: 3306
+standby_port: 3307
+test_db: test_db
+replication_user: replication_user
+replication_pass: replication_pass
+dump_path: /tmp/dump.sql
+conn_name: master-1
diff --git a/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/meta/main.yml b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/meta/main.yml
new file mode 100644
index 00000000..71986171
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+- setup_mariadb
diff --git a/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/main.yml b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/main.yml
new file mode 100644
index 00000000..4ea76a9e
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/main.yml
@@ -0,0 +1,21 @@
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+# Initial CI tests of mysql_replication module
+- import_tasks: mariadb_replication_initial.yml
+ when:
+ - ansible_facts.distribution == 'CentOS'
+ - ansible_facts.distribution_major_version is version('7', '>=')
+
+# Tests of master_use_gtid parameter
+# https://github.com/ansible/ansible/pull/62648
+- import_tasks: mariadb_master_use_gtid.yml
+ when:
+ - ansible_facts.distribution == 'CentOS'
+ - ansible_facts.distribution_major_version is version('7', '>=')
+
+# Tests of connection_name parameter
+- import_tasks: mariadb_replication_connection_name.yml
+ when:
+ - ansible_facts.distribution == 'CentOS'
+ - ansible_facts.distribution_major_version is version('7', '>=')
diff --git a/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_master_use_gtid.yml b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_master_use_gtid.yml
new file mode 100644
index 00000000..e3e76058
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_master_use_gtid.yml
@@ -0,0 +1,173 @@
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+# Tests for master_use_gtid parameter.
+# https://github.com/ansible/ansible/pull/62648
+
+#############################
+# master_use_gtid: "disabled"
+#############################
+
+# Auxiliary step:
+- name: Get master status
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ primary_db.port }}"
+ mode: getmaster
+ register: primary_status
+
+# Set master_use_gtid disabled:
+- name: Run replication
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: changemaster
+ master_host: 127.0.0.1
+ master_port: "{{ primary_db.port }}"
+ master_user: "{{ replication_user }}"
+ master_password: "{{ replication_pass }}"
+ master_log_file: mysql-bin.000001
+ master_log_pos: '{{ primary_status.Position }}'
+ master_use_gtid: disabled
+ register: result
+
+- assert:
+ that:
+ - result is changed
+
+# Start standby for further tests:
+- name: Start standby
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ primary_db.port }}"
+ mode: startslave
+
+- name: Get standby status
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: getslave
+ register: slave_status
+
+- assert:
+ that:
+ - slave_status.Using_Gtid == 'No'
+
+# Stop standby for further tests:
+- name: Stop standby
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: stopslave
+
+################################
+# master_use_gtid: "current_pos"
+################################
+
+# Auxiliary step:
+- name: Get master status
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ primary_db.port }}"
+ mode: getmaster
+ register: primary_status
+
+# Set master_use_gtid current_pos:
+- name: Run replication
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: changemaster
+ master_host: 127.0.0.1
+ master_port: "{{ primary_db.port }}"
+ master_user: "{{ replication_user }}"
+ master_password: "{{ replication_pass }}"
+ master_log_file: mysql-bin.000001
+ master_log_pos: '{{ primary_status.Position }}'
+ master_use_gtid: current_pos
+ register: result
+
+- assert:
+ that:
+ - result is changed
+
+# Start standby for further tests:
+- name: Start standby
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ primary_db.port }}"
+ mode: startslave
+
+- name: Get standby status
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: getslave
+ register: slave_status
+
+- assert:
+ that:
+ - slave_status.Using_Gtid == 'Current_Pos'
+
+# Stop standby for further tests:
+- name: Stop standby
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: stopslave
+
+##############################
+# master_use_gtid: "slave_pos"
+##############################
+
+# Auxiliary step:
+- name: Get master status
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ primary_db.port }}"
+ mode: getmaster
+ register: primary_status
+
+# Set master_use_gtid slave_pos:
+- name: Run replication
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: changemaster
+ master_host: 127.0.0.1
+ master_port: "{{ primary_db.port }}"
+ master_user: "{{ replication_user }}"
+ master_password: "{{ replication_pass }}"
+ master_log_file: mysql-bin.000001
+ master_log_pos: '{{ primary_status.Position }}'
+ master_use_gtid: slave_pos
+ register: result
+
+- assert:
+ that:
+ - result is changed
+
+# Start standby for further tests:
+- name: Start standby
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ primary_db.port }}"
+ mode: startslave
+
+- name: Get standby status
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: getslave
+ register: slave_status
+
+- assert:
+ that:
+ - slave_status.Using_Gtid == 'Slave_Pos'
+
+# Stop standby for further tests:
+- name: Stop standby
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: stopslave
diff --git a/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_replication_connection_name.yml b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_replication_connection_name.yml
new file mode 100644
index 00000000..98fa5fe6
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_replication_connection_name.yml
@@ -0,0 +1,118 @@
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+# Needs for further tests:
+- name: Stop slave
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: stopslave
+
+- name: Reset slave all
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: resetslaveall
+
+# Get master log pos:
+- name: Get master status
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ primary_db.port }}"
+ mode: getmaster
+ register: primary_status
+
+# Test changemaster mode:
+- name: Run replication with connection_name
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: changemaster
+ master_host: 127.0.0.1
+ master_port: "{{ primary_db.port }}"
+ master_user: "{{ replication_user }}"
+ master_password: "{{ replication_pass }}"
+ master_log_file: mysql-bin.000001
+ master_log_pos: '{{ primary_status.Position }}'
+ connection_name: '{{ conn_name }}'
+ register: result
+
+- assert:
+ that:
+ - result is changed
+ - result.queries[0] is match("CHANGE MASTER ('\S+' )?TO MASTER_HOST='[0-9.]+',MASTER_USER='\w+',MASTER_PASSWORD='[*]{8}',MASTER_PORT=\d+,MASTER_LOG_FILE='mysql-bin.000001',MASTER_LOG_POS=\d+")
+
+# Test startslave mode:
+- name: Start slave with connection_name
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: startslave
+ connection_name: "{{ conn_name }}"
+ register: result
+
+- assert:
+ that:
+ - result is changed
+ - result.queries == ["START SLAVE \'{{ conn_name }}\'"]
+
+# Test getslave mode:
+- name: Get standby statu with connection_name
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: getslave
+ connection_name: "{{ conn_name }}"
+ register: slave_status
+
+- assert:
+ that:
+ - slave_status.Is_Slave == true
+ - slave_status.Master_Host == '127.0.0.1'
+ - slave_status.Exec_Master_Log_Pos == primary_status.Position
+ - slave_status.Master_Port == {{ primary_db.port }}
+ - slave_status.Last_IO_Errno == 0
+ - slave_status.Last_IO_Error == ''
+ - slave_status is not changed
+
+# Test stopslave mode:
+- name: Stop slave with connection_name
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: stopslave
+ connection_name: "{{ conn_name }}"
+ register: result
+
+- assert:
+ that:
+ - result is changed
+ - result.queries == ["STOP SLAVE \'{{ conn_name }}\'"]
+
+# Test reset
+- name: Reset slave with connection_name
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: resetslave
+ connection_name: "{{ conn_name }}"
+ register: result
+
+- assert:
+ that:
+ - result is changed
+ - result.queries == ["RESET SLAVE \'{{ conn_name }}\'"]
+
+# Test reset all
+- name: Reset slave all with connection_name
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: resetslaveall
+ connection_name: "{{ conn_name }}"
+ register: result
+
+- assert:
+ that:
+ - result is changed
+ - result.queries == ["RESET SLAVE \'{{ conn_name }}\' ALL"]
diff --git a/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_replication_initial.yml b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_replication_initial.yml
new file mode 100644
index 00000000..86a67606
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/old_mariadb_replication/tasks/mariadb_replication_initial.yml
@@ -0,0 +1,96 @@
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+# Preparation:
+- name: Create user for replication
+ shell: "echo \"GRANT REPLICATION SLAVE ON *.* TO '{{ replication_user }}'@'localhost' IDENTIFIED BY '{{ replication_pass }}'; FLUSH PRIVILEGES;\" | mysql -P {{ primary_db.port }} -h 127.0.0.1"
+
+- name: Create test database
+ mysql_db:
+ login_host: 127.0.0.1
+ login_port: '{{ primary_db.port }}'
+ state: present
+ name: '{{ test_db }}'
+
+- name: Dump all databases from the master
+ shell: 'mysqldump -P {{ primary_db.port }} -h 127.0.01 --all-databases --master-data=2 > {{ dump_path }}'
+
+- name: Restore the dump to the replica
+ shell: 'mysql -P {{ replica_db.port }} -h 127.0.0.1 < {{ dump_path }}'
+
+# Test getmaster mode:
+- name: Get master status
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ primary_db.port }}"
+ mode: getmaster
+ register: master_status
+
+- assert:
+ that:
+ - master_status.Is_Master == true
+ - master_status.Position != 0
+ - master_status is not changed
+
+# Test changemaster mode:
+- name: Run replication
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: changemaster
+ master_host: 127.0.0.1
+ master_port: "{{ primary_db.port }}"
+ master_user: "{{ replication_user }}"
+ master_password: "{{ replication_pass }}"
+ master_log_file: mysql-bin.000001
+ master_log_pos: '{{ master_status.Position }}'
+ register: result
+
+- assert:
+ that:
+ - result is changed
+ - result.queries[0] is match("CHANGE MASTER ('\S+' )?TO MASTER_HOST='[0-9.]+',MASTER_USER='\w+',MASTER_PASSWORD='[*]{8}',MASTER_PORT=\d+,MASTER_LOG_FILE='mysql-bin.000001',MASTER_LOG_POS=\d+")
+
+# Test startslave mode:
+- name: Start slave
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: startslave
+ register: result
+
+- assert:
+ that:
+ - result is changed
+ - result.queries == ["START SLAVE"]
+
+# Test getslave mode:
+- name: Get replica status
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: getslave
+ register: slave_status
+
+- assert:
+ that:
+ - slave_status.Is_Slave == true
+ - slave_status.Master_Host == '127.0.0.1'
+ - slave_status.Exec_Master_Log_Pos == master_status.Position
+ - slave_status.Master_Port == {{ primary_db.port }}
+ - slave_status.Last_IO_Errno == 0
+ - slave_status.Last_IO_Error == ''
+ - slave_status is not changed
+
+# Test stopslave mode:
+- name: Stop slave
+ mysql_replication:
+ login_host: 127.0.0.1
+ login_port: "{{ replica_db.port }}"
+ mode: stopslave
+ register: result
+
+- assert:
+ that:
+ - result is changed
+ - result.queries == ["STOP SLAVE"]
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/defaults/main.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/defaults/main.yml
new file mode 100644
index 00000000..cceb8f54
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/defaults/main.yml
@@ -0,0 +1,18 @@
+dbdeployer_version: 1.64.0
+dbdeployer_home_dir: /opt/dbdeployer
+
+home_dir: /root
+
+mariadb_install: false
+
+mysql_version: 8.0.22
+mariadb_version: 10.5.4
+
+mysql_base_port: 3306
+
+percona_client_package: >-
+ {%- if mariadb_install -%}
+ mariadb-client
+ {%- else -%}
+ percona-server-client-5.7
+ {%- endif -%}
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/handlers/main.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/handlers/main.yml
new file mode 100644
index 00000000..8f751ee4
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+- name: "{{ role_name }} | handler | create dbdeployer installed file"
+ template:
+ src: installed_file.j2
+ dest: "{{ dbdeployer_installed_file }}"
+ listen: create zookeeper installed file
+ tags:
+ - setup_mysql
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/config.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/config.yml
new file mode 100644
index 00000000..2b27e273
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/config.yml
@@ -0,0 +1,15 @@
+---
+- name: "{{ role_name }} | config | download mysql tarball"
+ get_url:
+ url: "{{ install_src }}"
+ dest: "{{ dbdeployer_sandbox_download_dir }}/{{ install_tarball }}"
+
+- name: "{{ role_name }} | config | run unpack tarball"
+ shell:
+ cmd: "dbdeployer unpack {{ dbdeployer_sandbox_download_dir }}/{{ install_tarball }} --flavor {{ install_type }}"
+ creates: "{{ dbdeployer_sandbox_binary_dir }}/{{ install_version }}"
+
+- name: "{{ role_name }} | config | setup replication topology"
+ shell:
+ cmd: "dbdeployer deploy multiple {{ install_version }} --flavor {{ install_type }} --base-port {{ mysql_base_port }} --my-cnf-options=\"master_info_repository='TABLE'\" --my-cnf-options=\"relay_log_info_repository='TABLE'\""
+ creates: "{{ dbdeployer_sandbox_home_dir }}/multi_msb_{{ install_version|replace('.','_') }}"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/dir.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/dir.yml
new file mode 100644
index 00000000..dc028799
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/dir.yml
@@ -0,0 +1,11 @@
+---
+- name: "{{ role_name }} | dir | create dbdeployer directories"
+ file:
+ state: directory
+ path: "{{ item }}"
+ loop:
+ - "{{ dbdeployer_home_dir }}"
+ - "{{ dbdeployer_install_dir }}"
+ - "{{ dbdeployer_sandbox_download_dir }}"
+ - "{{ dbdeployer_sandbox_binary_dir }}"
+ - "{{ dbdeployer_sandbox_home_dir }}"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/install.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/install.yml
new file mode 100644
index 00000000..b64af25d
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/install.yml
@@ -0,0 +1,90 @@
+---
+- name: "{{ role_name }} | install | add apt signing key for percona"
+ apt_key:
+ keyserver: keyserver.ubuntu.com
+ id: 4D1BB29D63D98E422B2113B19334A25F8507EFA5
+ state: present
+ when: install_type == 'mysql'
+
+- name: "{{ role_name }} | install | add percona repositories"
+ apt_repository:
+ repo: deb http://repo.percona.com/percona/apt {{ ansible_lsb.codename }} main
+ state: present
+ when: install_type == 'mysql'
+
+- name: "{{ role_name }} | install | add apt signing key for mariadb"
+ apt_key:
+ keyserver: keyserver.ubuntu.com
+ id: F1656F24C74CD1D8
+ state: present
+ when: install_type == 'mariadb'
+
+- name: "{{ role_name }} | install | add mariadb repositories"
+ apt_repository:
+ repo: "deb [arch=amd64,arm64] https://downloads.mariadb.com/MariaDB/mariadb-{{ mysql_major_version }}/repo/ubuntu {{ ansible_lsb.codename }} main"
+ state: present
+ when: install_type == 'mariadb'
+
+- name: "{{ role_name }} | install | install packages required by percona"
+ apt:
+ name: "{{ percona_mysql_packages }}"
+ state: present
+ environment:
+ DEBIAN_FRONTEND: noninteractive
+
+- name: "{{ role_name }} | install | install packages required by mysql connector"
+ apt:
+ name: "{{ install_python_prereqs }}"
+ state: present
+ environment:
+ DEBIAN_FRONTEND: noninteractive
+
+- name: "{{ role_name }} | install | install python packages"
+ pip:
+ name: "{{ python_packages }}"
+ register: connector
+
+- name: Extract connector.name.0 content
+ set_fact:
+ connector_name: "{{ connector.name.0 }}"
+
+- name: Debug connector_name content
+ debug:
+ msg: '{{ connector_name }}'
+
+- name: Extract connector version
+ set_fact:
+ connector_ver: "{{ connector_name.split('=')[2].strip() }}"
+
+- name: Debug connector_ver var content
+ debug:
+ msg: '{{ connector_ver }}'
+
+- name: "{{ role_name }} | install | install packages required by mysql"
+ apt:
+ name: "{{ install_prereqs }}"
+ state: present
+ environment:
+ DEBIAN_FRONTEND: noninteractive
+
+- name: "{{ role_name }} | install | download and unpack dbdeployer"
+ unarchive:
+ remote_src: true
+ src: "{{ dbdeployer_src }}"
+ dest: "{{ dbdeployer_install_dir }}"
+ creates: "{{ dbdeployer_installed_file }}"
+ register: dbdeployer_tarball_install
+ notify:
+ - create zookeeper installed file
+ until: dbdeployer_tarball_install is not failed
+ retries: 6
+ delay: 5
+
+- name: "{{ role_name }} | install | create symlink"
+ file:
+ src: "{{ dbdeployer_install_dir }}/dbdeployer-{{ dbdeployer_version }}.linux"
+ dest: /usr/local/bin/dbdeployer
+ follow: false
+ state: link
+
+- meta: flush_handlers
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/main.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/main.yml
new file mode 100644
index 00000000..47a5ee00
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+####################################################################
+# WARNING: These are designed specifically for Ansible tests #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- import_tasks: setvars.yml
+ tags:
+ - setup_mysql
+- import_tasks: dir.yml
+ tags:
+ - setup_mysql
+- import_tasks: install.yml
+ tags:
+ - setup_mysql
+- import_tasks: config.yml
+ tags:
+ - setup_mysql
+- import_tasks: verify.yml
+ tags:
+ - setup_mysql
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/setvars.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/setvars.yml
new file mode 100644
index 00000000..cfc90c1b
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/setvars.yml
@@ -0,0 +1,33 @@
+---
+- name: "{{ role_name }} | setvars | split mysql version in parts"
+ set_fact:
+ mysql_version_parts: >-
+ {%- if mariadb_install -%}
+ {{ mariadb_version.split('.') }}
+ {%- else -%}
+ {{ mysql_version.split('.') }}
+ {%- endif -%}
+
+- name: "{{ role_name }} | setvars | get mysql major version"
+ set_fact:
+ mysql_major_version: "{{ mysql_version_parts[0] + '.' + mysql_version_parts[1] }}"
+
+- name: "{{ role_name }} | setvars | set the appropriate extension dependent on the mysql version"
+ set_fact:
+ mysql_compression_extension: "{{ mysql_version is version('8.0.0', '<') | ternary('gz', 'xz') }}"
+
+- name: "{{ role_name }} | setvars | set the install type"
+ set_fact:
+ install_type: "{{ mariadb_install | ternary('mariadb', 'mysql') }}"
+
+- name: "{{ role_name }} | setvars | set install_version"
+ set_fact:
+ install_version: "{{ lookup('vars', install_type + '_version') }}"
+
+- name: "{{ role_name }} | setvars | set install_tarball"
+ set_fact:
+ install_tarball: "{{ lookup('vars', install_type + '_tarball') }}"
+
+- name: "{{ role_name }} | setvars | set install_src"
+ set_fact:
+ install_src: "{{ lookup('vars', install_type + '_src') }}"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/verify.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/verify.yml
new file mode 100644
index 00000000..ca383d98
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/tasks/verify.yml
@@ -0,0 +1,27 @@
+---
+- name: "{{ role_name }} | verify | confirm primary is running and get the port"
+ shell: "{{ dbdeployer_sandbox_home_dir }}/multi_msb_{{ install_version|replace('.','_') }}/n1 -BNe'select @@port'"
+ register: primary_port
+
+- name: "{{ role_name }} | verify | confirm replica1 is running and get the port"
+ shell: "{{ dbdeployer_sandbox_home_dir }}/multi_msb_{{ install_version|replace('.','_') }}/n2 -BNe'select @@port'"
+ register: replica1_port
+
+- name: "{{ role_name }} | verify | confirm replica2 is running and get the port"
+ shell: "{{ dbdeployer_sandbox_home_dir }}/multi_msb_{{ install_version|replace('.','_') }}/n3 -BNe'select @@port'"
+ register: replica2_port
+
+- name: "{{ role_name }} | verify | confirm primary is running on expected port"
+ assert:
+ that:
+ - primary_port.stdout|int == 3307
+
+- name: "{{ role_name }} | verify | confirm replica1 is running on expected port"
+ assert:
+ that:
+ - replica1_port.stdout|int == 3308
+
+- name: "{{ role_name }} | verify | confirm replica2 is running on expected port"
+ assert:
+ that:
+ - replica2_port.stdout|int == 3309
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/templates/installed_file.j2 b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/templates/installed_file.j2
new file mode 100644
index 00000000..862a357a
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/templates/installed_file.j2
@@ -0,0 +1 @@
+{{ dbdeployer_version }}
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/vars/main.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/vars/main.yml
new file mode 100644
index 00000000..8fbcd905
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_mysql/vars/main.yml
@@ -0,0 +1,30 @@
+---
+dbdeployer_install_dir: "{{ dbdeployer_home_dir }}/dbdeployer_{{ dbdeployer_version }}"
+dbdeployer_src: "https://github.com/datacharmer/dbdeployer/releases/download/v{{ dbdeployer_version }}/dbdeployer-{{ dbdeployer_version }}.linux.tar.gz"
+dbdeployer_installed_file: "{{ dbdeployer_home_dir }}/dbdeployer_installed"
+
+dbdeployer_sandbox_download_dir: "{{ home_dir }}/downloads"
+dbdeployer_sandbox_binary_dir: "{{ home_dir }}/opt/mysql"
+dbdeployer_sandbox_home_dir: "{{ home_dir }}/sandboxes"
+
+percona_mysql_packages:
+ - "{{ percona_client_package }}"
+
+python_packages: [pymysql == 0.9.3]
+
+install_prereqs:
+ - libaio1
+ - libnuma1
+ - libncurses5
+
+install_python_prereqs:
+ - python3-dev
+ - python3-cryptography
+ - default-libmysqlclient-dev
+ - build-essential
+
+mysql_tarball: "mysql-{{ mysql_version }}-linux-glibc2.12-x86_64.tar.{{ mysql_compression_extension }}"
+mysql_src: "https://cdn.mysql.com/archives/mysql-{{ mysql_major_version }}/{{ mysql_tarball }}"
+mariadb_url_subdir: "linux"
+mariadb_tarball: "mariadb-{{ mariadb_version }}-{{ mariadb_url_subdir }}-x86_64.tar.gz"
+mariadb_src: "https://downloads.mariadb.com/MariaDB/mariadb-{{ mariadb_version }}/bintar-{{ mariadb_url_subdir }}-x86_64/{{ mariadb_tarball }}"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/handlers/main.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/handlers/main.yml
new file mode 100644
index 00000000..39f3239c
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/handlers/main.yml
@@ -0,0 +1,9 @@
+- name: delete temporary directory
+ include_tasks: default-cleanup.yml
+ tags:
+ - setup_remote_tmp_dir
+
+- name: delete temporary directory (windows)
+ include_tasks: windows-cleanup.yml
+ tags:
+ - setup_remote_tmp_dir
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml
new file mode 100644
index 00000000..39872d74
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/default-cleanup.yml
@@ -0,0 +1,5 @@
+- name: delete temporary directory
+ file:
+ path: "{{ remote_tmp_dir }}"
+ state: absent
+ no_log: yes
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/default.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/default.yml
new file mode 100644
index 00000000..1e0f51b8
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/default.yml
@@ -0,0 +1,11 @@
+- name: create temporary directory
+ tempfile:
+ state: directory
+ suffix: .test
+ register: remote_tmp_dir
+ notify:
+ - delete temporary directory
+
+- name: record temporary directory
+ set_fact:
+ remote_tmp_dir: "{{ remote_tmp_dir.path }}"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/main.yml b/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/main.yml
new file mode 100644
index 00000000..5d898abe
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/setup_remote_tmp_dir/tasks/main.yml
@@ -0,0 +1,19 @@
+####################################################################
+# WARNING: These are designed specifically for Ansible tests #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- name: make sure we have the ansible_os_family and ansible_distribution_version facts
+ setup:
+ gather_subset: distribution
+ when: ansible_facts == {}
+ tags:
+ - setup_remote_tmp_dir
+
+- include_tasks: "{{ lookup('first_found', files)}}"
+ vars:
+ files:
+ - "{{ ansible_os_family | lower }}.yml"
+ - "default.yml"
+ tags:
+ - setup_remote_tmp_dir
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/defaults/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/defaults/main.yml
new file mode 100644
index 00000000..6448e156
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/defaults/main.yml
@@ -0,0 +1,27 @@
+---
+# defaults file for test_mysql_db
+mysql_user: root
+mysql_password: msandbox
+mysql_primary_port: 3307
+
+# Database names
+db_names:
+ - "data"
+ - "db%"
+
+# Database formats
+db_formats:
+ - { format_type: "sql", file: "dbdata.sql", format_msg_type: "ASCII", file2: "dump2.sql", file3: "dump3.sql", file4: "dump4.sql" }
+ - { format_type: "gz", file: "dbdata.gz", format_msg_type: "gzip", file2: "dump2.gz", file3: "dump3.gz", file4: "dump4.gz" }
+ - { format_type: "bz2", file: "dbdata.bz2", format_msg_type: "bzip2", file2: "dump2.bz2", file3: "dump3.bz2", file4: "dump4.bz2" }
+
+db_name2: 'data2'
+db_user1: 'datauser1'
+db_user2: 'datauser2'
+
+tmp_dir: '/tmp'
+db_latin1_name: 'db_latin1'
+file4: 'latin1_file'
+
+user_name_1: 'db_user1'
+user_password_1: 'gadfFDSdtTU^Sdfuj'
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/meta/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/meta/main.yml
new file mode 100644
index 00000000..f1174ff2
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - setup_mysql
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml
new file mode 100644
index 00000000..c2fda2ad
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml
@@ -0,0 +1,122 @@
+- set_fact:
+ db_to_create: testdb1
+ config_file: "/root/.my1.cnf"
+ fake_port: 9999
+ fake_host: "blahblah.local"
+ include_dir: "/root/mycnf.d"
+
+- name: Create custom config file
+ shell: 'echo "[client]" > {{ config_file }}'
+
+- name: Add fake port to config file
+ shell: 'echo "port = {{ fake_port }}" >> {{ config_file }}'
+
+- name: Add blank line
+ shell: 'echo "" >> {{ config_file }}'
+ when:
+ - >
+ connector_name is not search('pymysql')
+ or (
+ connector_name is search('pymysql')
+ and connector_ver is version('0.9.3', '>=')
+ )
+
+- name: Create include_dir
+ file:
+ path: '{{ include_dir }}'
+ state: directory
+ mode: '0777'
+ when:
+ - >
+ connector_name is not search('pymysql')
+ or (
+ connector_name is search('pymysql')
+ and connector_ver is version('0.9.3', '>=')
+ )
+
+- name: Add include_dir
+ lineinfile:
+ path: '{{ config_file }}'
+ line: '!includedir {{ include_dir }}'
+ insertafter: EOF
+ when:
+ - >
+ connector_name is not search('pymysql')
+ or (
+ connector_name is search('pymysql')
+ and connector_ver is version('0.9.3', '>=')
+ )
+
+- name: Create database using fake port to connect to, must fail
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_to_create }}'
+ state: present
+ check_implicit_admin: yes
+ config_file: '{{ config_file }}'
+ config_overrides_defaults: yes
+ ignore_errors: yes
+ register: result
+
+- name: Must fail because login_port default has beed overriden by wrong value from config file
+ assert:
+ that:
+ - result is failed
+ - result.msg is search("unable to connect to database")
+
+- name: Create database using default port
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_to_create }}'
+ state: present
+ check_implicit_admin: yes
+ config_file: '{{ config_file }}'
+ config_overrides_defaults: no
+ register: result
+
+- name: Must not fail because of the default of login_port is correct
+ assert:
+ that:
+ - result is changed
+
+- name: Reinit custom config file
+ shell: 'echo "[client]" > {{ config_file }}'
+
+- name: Add fake host to config file
+ shell: 'echo "host = {{ fake_host }}" >> {{ config_file }}'
+
+- name: Remove database using fake login_host
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_to_create }}'
+ state: absent
+ config_file: '{{ config_file }}'
+ config_overrides_defaults: yes
+ register: result
+ ignore_errors: yes
+
+- name: Must fail because login_host default has beed overriden by wrong value from config file
+ assert:
+ that:
+ - result is failed
+ - result.msg is search("Can't connect to MySQL server on '{{ fake_host }}'") or result.msg is search("Unknown MySQL server host '{{ fake_host }}'")
+
+# Clean up
+- name: Remove test db
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_to_create }}'
+ state: absent
+ check_implicit_admin: yes
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/encoding_dump_import.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/encoding_dump_import.yml
new file mode 100644
index 00000000..9ef3af57
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/encoding_dump_import.yml
@@ -0,0 +1,99 @@
+---
+
+- set_fact:
+ latin1_file1: "{{tmp_dir}}/{{file}}"
+
+- name: Deleting Latin1 encoded Database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_latin1_name }}'
+ state: absent
+
+- name: create Latin1 encoded database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_latin1_name }}'
+ state: present
+ encoding: latin1
+
+- name: create a table in Latin1 database
+ command: "{{ mysql_command }} {{ db_latin1_name }} -e \"create table testlatin1(id int, name varchar(100))\""
+
+
+# Inserting a string in latin1 into table, , this string be tested later,
+# so report any change of content in the test too
+- name: inserting data into Latin1 database
+ command: "{{ mysql_command }} {{ db_latin1_name }} -e \"insert into testlatin1 value(47,'Amédée Bôlüt')\""
+
+- name: selecting table
+ command: "{{ mysql_command }} {{ db_latin1_name }} -e \"select * from testlatin1\""
+ register: output
+
+- name: Dumping a table in Latin1 database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: "{{ db_latin1_name }}"
+ encoding: latin1
+ target: "{{ latin1_file1 }}"
+ state: dump
+ register: result
+
+- assert:
+ that:
+ - result is changed
+
+- name: state dump - file name should exist
+ file:
+ name: '{{ latin1_file1 }}'
+ state: file
+
+- name: od the file and check of latin1 encoded string is present
+ shell: grep -a 47 {{ latin1_file1 }} | od -c |grep "A m 351 d 351 e B 364\|A m 303 251 d 303 251 e B 303"
+
+- name: Dropping {{ db_latin1_name }} database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_latin1_name }}'
+ state: absent
+
+- name: Importing the latin1 mysql script
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ state: import
+ encoding: latin1
+ name: '{{ db_latin1_name }}'
+ target: "{{ latin1_file1 }}"
+ register: result
+
+- assert:
+ that:
+ - result is changed
+
+- name: check encoding of table
+ shell: "{{ mysql_command }} {{ db_latin1_name }} -e \"SHOW FULL COLUMNS FROM testlatin1\""
+ register: output
+ failed_when: '"latin1_swedish_ci" not in output.stdout'
+
+- name: remove database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_latin1_name }}'
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/issue-28.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/issue-28.yml
new file mode 100644
index 00000000..64fe9d5b
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/issue-28.yml
@@ -0,0 +1,84 @@
+---
+- name: set fact tls_enabled
+ command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
+ register: result
+- set_fact:
+ tls_enabled: "{{ 'YES' in result.stdout | bool | default('false', true) }}"
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ when: tls_enabled
+ block:
+
+ # ============================================================
+ - name: get server certificate
+ copy:
+ content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+ dest: /tmp/cert.pem
+ delegate_to: localhost
+
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: yes
+
+ - name: create user with ssl requirement
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ priv: '*.*:ALL,GRANT'
+ tls_requires:
+ SSL:
+
+ - name: attempt connection with newly created user (expect failure)
+ mysql_db:
+ name: '{{ db_name }}'
+ state: absent
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+ when: connector_name is search('pymysql')
+
+ - assert:
+ that:
+ - result is succeeded
+ when: connector_name is not search('pymysql')
+
+ - name: attempt connection with newly created user ignoring hostname
+ mysql_db:
+ name: '{{ db_name }}'
+ state: absent
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ check_hostname: no
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+ - name: Drop mysql user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ host: 127.0.0.1
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/issue_256_mysqldump_errors.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/issue_256_mysqldump_errors.yml
new file mode 100644
index 00000000..58285b32
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/issue_256_mysqldump_errors.yml
@@ -0,0 +1,148 @@
+---
+
+# When mysqldump encountered an issue, mysql_db was still happy. But the
+# dump produced was empty or worse, only contained `DROP TABLE IF EXISTS...`
+
+- module_defaults:
+ community.mysql.mysql_db: &mysql_defaults
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ community.mysql.mysql_query: *mysql_defaults
+
+ block:
+
+ - name: Dumps errors | Setup test | Create 2 schemas
+ community.mysql.mysql_db:
+ name:
+ - "db1"
+ - "db2"
+ state: present
+
+ - name: Dumps errors | Setup test | Create 2 tables
+ community.mysql.mysql_query:
+ query:
+ - "CREATE TABLE db1.t1 (id int)"
+ - "CREATE TABLE db1.t2 (id int)"
+ - "CREATE VIEW db2.v1 AS SELECT id from db1.t1"
+
+ - name: Dumps errors | Full dump without compression
+ community.mysql.mysql_db:
+ state: dump
+ name: all
+ target: /tmp/full-dump.sql
+ register: full_dump
+
+ - name: Dumps errors | Full dump with gunzip
+ community.mysql.mysql_db:
+ state: dump
+ name: all
+ target: /tmp/full-dump.sql.gz
+ register: full_dump_gz
+
+ - name: Dumps errors | Distinct dump without compression
+ community.mysql.mysql_db:
+ state: dump
+ name: db2
+ target: /tmp/dump-db2.sql
+ register: dump_db2
+
+ - name: Dumps errors | Distinct dump with gunzip
+ community.mysql.mysql_db:
+ state: dump
+ name: db2
+ target: /tmp/dump-db2.sql.gz
+ register: dump_db2_gz
+
+ - name: Dumps errors | Check distinct dumps are changed
+ ansible.builtin.assert:
+ that:
+ - dump_db2 is changed
+ - dump_db2_gz is changed
+
+ # Now db2.v1 targets an inexistant table so mysqldump will fail
+ - name: Dumps errors | Drop t1
+ community.mysql.mysql_query:
+ query:
+ - "DROP TABLE db1.t1"
+
+ - name: Dumps errors | Full dump after drop t1 without compression
+ community.mysql.mysql_db:
+ state: dump
+ name: all
+ target: /tmp/full-dump-without-t1.sql
+ pipefail: true # This should do nothing
+ register: full_dump_without_t1
+ ignore_errors: true
+
+ - name: Dumps errors | Full dump after drop t1 with gzip without the fix
+ community.mysql.mysql_db:
+ state: dump
+ name: all
+ target: /tmp/full-dump-without-t1.sql.gz
+ register: full_dump_without_t1_gz_without_fix
+ ignore_errors: true
+
+ - name: Dumps errors | Full dump after drop t1 with gzip with the fix
+ community.mysql.mysql_db:
+ state: dump
+ name: all
+ target: /tmp/full-dump-without-t1.sql.gz
+ pipefail: true
+ register: full_dump_without_t1_gz_with_fix
+ ignore_errors: true
+
+ - name: Dumps errors | Check full dump
+ ansible.builtin.assert:
+ that:
+ - full_dump_without_t1 is failed
+ - full_dump_without_t1.msg is search(
+ 'references invalid table')
+ - full_dump_without_t1_gz_without_fix is changed
+ - full_dump_without_t1_gz_with_fix is failed
+ - full_dump_without_t1_gz_with_fix.msg is search(
+ 'references invalid table')
+
+ - name: Dumps errors | Distinct dump after drop t1 without compression
+ community.mysql.mysql_db:
+ state: dump
+ name: db2
+ target: /tmp/dump-db2-without_t1.sql
+ pipefail: true # This should do nothing
+ register: dump_db2_without_t1
+ ignore_errors: true
+
+ - name: Dumps errors | Distinct dump after drop t1 with gzip without the fix
+ community.mysql.mysql_db:
+ state: dump
+ name: db2
+ target: /tmp/dump-db2-without_t1.sql.gz
+ register: dump_db2_without_t1_gz_without_fix
+ ignore_errors: true
+
+ - name: Dumps errors | Distinct dump after drop t1 with gzip with the fix
+ community.mysql.mysql_db:
+ state: dump
+ name: db2
+ target: /tmp/dump-db2-without_t1.sql.gz
+ pipefail: true
+ register: dump_db2_without_t1_gz_with_fix
+ ignore_errors: true
+
+ - name: Dumps errors | Check distinct dump
+ ansible.builtin.assert:
+ that:
+ - dump_db2_without_t1 is failed
+ - dump_db2_without_t1.msg is search(
+ 'references invalid table')
+ - dump_db2_without_t1_gz_without_fix is changed
+ - dump_db2_without_t1_gz_with_fix is failed
+ - dump_db2_without_t1_gz_with_fix.msg is search(
+ 'references invalid table')
+ - name: Dumps errors | Cleanup
+ community.mysql.mysql_db:
+ name:
+ - "db1"
+ - "db2"
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/main.yml
new file mode 100644
index 00000000..df6bb077
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/main.yml
@@ -0,0 +1,68 @@
+####################################################################
+# WARNING: These are designed specifically for Ansible tests #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+# test code for the mysql_db module
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+- name: alias mysql command to include default options
+ set_fact:
+ mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
+
+- name: Check state present/absent
+ include_tasks: state_present_absent.yml
+ vars:
+ db_name: "{{ item }}"
+ loop: "{{ db_names }}"
+
+- name: Check state dump/import
+ include_tasks: state_dump_import.yml
+ vars:
+ db_name: "{{ item.0 }}"
+ file: "{{ item.1.file }}"
+ file2: "{{ item.1.file2 }}"
+ file3: "{{ item.1.file3 }}"
+ file4: "{{ item.1.file4 }}"
+ format_msg_type: "{{ item.1.format_msg_type }}"
+ format_type: "{{ item.1.format_type }}"
+ with_nested:
+ - "{{ db_names }}"
+ - "{{ db_formats }}"
+
+- name: Check state present/absent with multiple databases
+ include_tasks: multi_db_create_delete.yml
+
+- name: Check state dump/import with encoding
+ include_tasks: encoding_dump_import.yml
+ vars:
+ file: "latin1.sql"
+ format_msg_type: "ASCII"
+
+- name: Check MySQL config file
+ include_tasks: config_overrides_defaults.yml
+ when: ansible_python.version_info[0] >= 3
+
+- name: Check issue 28
+ include_tasks: issue-28.yml
+ vars:
+ db_name: "{{ item }}"
+ loop: "{{ db_names }}"
+
+- name: Check errors from mysqldump are seen issue 256
+ ansible.builtin.include_tasks: issue_256_mysqldump_errors.yml
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/multi_db_create_delete.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/multi_db_create_delete.yml
new file mode 100644
index 00000000..c2eb13c4
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/multi_db_create_delete.yml
@@ -0,0 +1,638 @@
+# Copyright (c) 2019, Pratik Gadiya <pratikgadiya1@gmail.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- set_fact:
+ db1_name: "database1"
+ db2_name: "database2"
+ db3_name: "database3"
+ db4_name: "database4"
+ db5_name: "database5"
+ dump1_file: "/tmp/dump1_file.sql"
+ dump2_file: "/tmp/all.sql"
+
+# ============================== CREATE TEST ===============================
+#
+# ==========================================================================
+# Initial check - To confirm that database does not exist before executing check mode tasks
+- name: Drop databases before test
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db1_name }}'
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ state: absent
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases does not exist
+ assert:
+ that:
+ - "'{{ db1_name }}' not in mysql_result.stdout"
+ - "'{{ db2_name }}' not in mysql_result.stdout"
+ - "'{{ db3_name }}' not in mysql_result.stdout"
+
+# ==========================================================================
+# Create multiple databases that does not exists (check mode)
+- name: Create multiple databases that does not exists (check mode)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db1_name }}'
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ state: present
+ register: check_mode_result
+ check_mode: yes
+
+- name: assert successful completion of create database using check_mode since databases does not exist prior
+ assert:
+ that:
+ - check_mode_result is changed
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases does not exist (since created via check mode)
+ assert:
+ that:
+ - "'{{ db1_name }}' not in mysql_result.stdout"
+ - "'{{ db2_name }}' not in mysql_result.stdout"
+ - "'{{ db3_name }}' not in mysql_result.stdout"
+
+# ==========================================================================
+# Create multiple databases
+- name: Create multiple databases
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db1_name }}'
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ state: present
+ register: result
+
+- name: assert successful completion of create database
+ assert:
+ that:
+ - result is changed
+ - result.db_list == ['{{ db1_name }}', '{{ db2_name }}', '{{ db3_name }}']
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases exist after creation
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+
+# =========================================================================
+# Recreate already existing databases (check mode)
+- name: Recreate already existing databases (check mode)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db1_name }}'
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ state: present
+ register: check_mode_result
+ check_mode: yes
+
+- name: assert that recreation of existing databases does not make change (since recreated using check mode)
+ assert:
+ that:
+ - check_mode_result is not changed
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases exist (since performed recreation of existing databases via check mode)
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+
+# ==========================================================================
+# Recreate same databases
+- name: Recreate multiple databases
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db1_name }}'
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ state: present
+ register: result
+
+- name: assert that recreation of existing databases does not make change
+ assert:
+ that:
+ - result is not changed
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases does priorly exist
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+
+# ==========================================================================
+# Delete one of the databases (db2 here)
+- name: Delete db2 database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db2_name }}'
+ state: absent
+ register: result
+
+- name: assert successful completion of deleting database
+ assert:
+ that:
+ - result is changed
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that only db2 database does not exist
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' not in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+
+# =========================================================================
+# Recreate multiple databases in which few databases does not exists (check mode)
+- name: Recreate multiple databases in which few databases does not exists (check mode)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db1_name }}'
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ state: present
+ register: check_mode_result
+ check_mode: yes
+
+- name: assert successful completion of recreation of partially existing database using check mode
+ assert:
+ that:
+ - check_mode_result is changed
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that recreated non existing databases does not exist (since created via check mode)
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' not in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+
+# ==========================================================================
+# Create multiple databases
+- name: Create multiple databases
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db1_name }}'
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ state: present
+ register: result
+
+- name: assert successful completion of create database
+ assert:
+ that:
+ - result is changed
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases exist
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+
+# ============================== DUMP TEST =================================
+#
+# ==========================================================================
+# Check that dump file does not exist
+- name: Dump file does not exist
+ file:
+ name: '{{ dump1_file }}'
+ state: absent
+
+# ==========================================================================
+# Dump existing databases (check mode)
+- name: Dump existing databases (check mode)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db1_name }}'
+ - '{{ db3_name }}'
+ state: dump
+ target: '{{ dump1_file }}'
+ register: check_mode_dump_result
+ check_mode: yes
+
+- name: assert successful completion of dump operation using check mode
+ assert:
+ that:
+ - check_mode_dump_result is changed
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases exist (check mode)
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+
+- name: state dump - file name should not exist (since dumped via check mode)
+ file:
+ name: '{{ dump1_file }}'
+ state: absent
+
+# ==========================================================================
+# Dump existing and non-existing databases (check mode)
+- name: Dump existing and non-existing databases (check mode)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - "{{ db1_name }}"
+ - "{{ db4_name }}"
+ - "{{ db3_name }}"
+ state: dump
+ target: "{{ dump1_file }}"
+ register: check_mode_dump_result
+ ignore_errors: True
+ check_mode: yes
+
+- name: assert that dump operation of existing and non existing databases does not make change (using check mode)
+ assert:
+ that:
+ - "'Cannot dump database' in check_mode_dump_result['msg']"
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases exist (since check mode)
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+ - "'{{ db4_name }}' not in mysql_result.stdout"
+
+- name: state dump - file name should not exist (since prior dump operation performed via check mode)
+ file:
+ name: '{{ dump1_file }}'
+ state: absent
+
+# ==========================================================================
+# Dump non-existing databases (check mode)
+- name: Dump non-existing databases (check mode)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - "{{ db4_name }}"
+ - "{{ db5_name }}"
+ state: dump
+ target: "{{ dump1_file }}"
+ register: check_mode_dump_result
+ ignore_errors: True
+ check_mode: yes
+
+- name: assert successful completion of dump operation using check mode
+ assert:
+ that:
+ - "'Cannot dump database' in check_mode_dump_result['msg']"
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases exist (since delete via check mode)
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+ - "'{{ db4_name }}' not in mysql_result.stdout"
+ - "'{{ db5_name }}' not in mysql_result.stdout"
+
+- name: state dump - file name should not exist (since prior dump operation performed via check mode)
+ file:
+ name: '{{ dump1_file }}'
+ state: absent
+
+# ==========================================================================
+# Dump existing databases
+- name: Dump existing databases
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db1_name }}'
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ state: dump
+ target: '{{ dump1_file }}'
+ register: dump_result
+
+- name: assert successful completion of dump operation
+ assert:
+ that:
+ - dump_result is changed
+ - dump_result.db_list == ['{{ db1_name }}', '{{ db2_name }}', '{{ db3_name }}']
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases exist
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+
+- name: state dump - file name should exist
+ file:
+ name: '{{ dump1_file }}'
+ state: file
+
+- name: Check if db1 database create command is present in the dumped file
+ shell: "grep -i 'CREATE DATABASE.*`{{ db1_name }}`' {{ dump1_file }}"
+
+- name: Check if db2 database create command is present in the dumped file
+ shell: "grep -i 'CREATE DATABASE.*`{{ db2_name }}`' {{ dump1_file }}"
+
+- name: Check if db3 database create command is present in the dumped file
+ shell: "grep -i 'CREATE DATABASE.*`{{ db3_name }}`' {{ dump1_file }}"
+
+# ==========================================================================
+# Dump all databases
+
+- name: state dump - dump2 file name should not exist
+ file:
+ name: '{{ dump2_file }}'
+ state: absent
+
+- name: Dump existing databases
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: all
+ state: dump
+ target: '{{ dump2_file }}'
+ register: dump_result
+
+- name: assert successful completion of dump operation
+ assert:
+ that:
+ - dump_result is changed
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases exist
+ assert:
+ that:
+ - "'{{ db1_name }}' in mysql_result.stdout"
+ - "'{{ db2_name }}' in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+ - "'{{ db4_name }}' not in mysql_result.stdout"
+ - "'{{ db5_name }}' not in mysql_result.stdout"
+
+- name: state dump - file name should exist
+ file:
+ name: '{{ dump2_file }}'
+ state: file
+
+# ============================ DELETE TEST =================================
+#
+# ==========================================================================
+# Delete multiple databases which already exists (check mode)
+- name: Delete multiple databases which already exists (check mode)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ state: absent
+ register: check_mode_result
+ check_mode: yes
+
+- name: assert successful completion of delete databases which already exists using check mode
+ assert:
+ that:
+ - check_mode_result is changed
+
+- name: run command to test state=absent for a database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases exist even after deleting (since deleted via check mode)
+ assert:
+ that:
+ - "'{{ db2_name }}' in mysql_result.stdout"
+ - "'{{ db3_name }}' in mysql_result.stdout"
+
+# ==========================================================================
+# Delete multiple databases
+- name: Delete multiple databases
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ state: absent
+ register: result
+
+- name: assert successful completion of deleting database
+ assert:
+ that:
+ - result is changed
+ - result.db_list == ['{{ db2_name }}', '{{ db3_name }}']
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases does not exist
+ assert:
+ that:
+ - "'{{ db2_name }}' not in mysql_result.stdout"
+ - "'{{ db3_name }}' not in mysql_result.stdout"
+
+# ==========================================================================
+# Delete non existing databases (check mode)
+- name: Delete non existing databases (check mode)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db2_name }}'
+ - '{{ db4_name }}'
+ state: absent
+ register: check_mode_result
+ check_mode: yes
+
+- name: assert that deletion of non existing databases does not make change (using check mode)
+ assert:
+ that:
+ - check_mode_result is not changed
+
+- name: run command to test state=absent for a database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases does not exist since were deleted priorly (check mode)
+ assert:
+ that:
+ - "'{{ db2_name }}' not in mysql_result.stdout"
+ - "'{{ db4_name }}' not in mysql_result.stdout"
+
+# ==========================================================================
+# Delete already deleted databases
+- name: Delete already deleted databases
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db2_name }}'
+ - '{{ db4_name }}'
+ state: absent
+ register: result
+
+- name: assert that deletion of non existing databases does not make change
+ assert:
+ that:
+ - result is not changed
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that databases does not exists
+ assert:
+ that:
+ - "'{{ db2_name }}' not in mysql_result.stdout"
+ - "'{{ db4_name }}' not in mysql_result.stdout"
+
+# ==========================================================================
+# Delete all databases
+- name: Delete all databases
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db1_name }}'
+ - '{{ db2_name }}'
+ - '{{ db3_name }}'
+ - '{{ db4_name }}'
+ - '{{ db5_name }}'
+ state: absent
+ register: result
+
+- name: assert successful completion of deleting database
+ assert:
+ that:
+ - result is changed
+
+- name: run command to list databases like specified database name
+ command: "{{ mysql_command }} \"-e show databases like 'database%'\""
+ register: mysql_result
+
+- name: assert that specific databases does not exist
+ assert:
+ that:
+ - "'{{ db1_name }}' not in mysql_result.stdout"
+ - "'{{ db2_name }}' not in mysql_result.stdout"
+ - "'{{ db3_name }}' not in mysql_result.stdout"
+ - "'{{ db4_name }}' not in mysql_result.stdout"
+ - "'{{ db5_name }}' not in mysql_result.stdout"
+
+- name: state dump - dump 1 file name should be removed
+ file:
+ name: '{{ dump1_file }}'
+ state: absent
+
+- name: state dump - dump 2 file name should be removed
+ file:
+ name: '{{ dump2_file }}'
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/state_dump_import.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/state_dump_import.yml
new file mode 100644
index 00000000..724dd186
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/state_dump_import.yml
@@ -0,0 +1,504 @@
+# test code for state dump and import for mysql_db module
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+- set_fact:
+ db_file_name: "{{ tmp_dir }}/{{ file }}"
+ wrong_sql_file: "{{ tmp_dir }}/wrong.sql"
+ dump_file1: "{{ tmp_dir }}/{{ file2 }}"
+ dump_file2: "{{ tmp_dir }}/{{ file3 }}"
+ db_user: "test"
+ db_user_unsafe_password: "pass!word"
+ config_file: "/root/.my.cnf"
+
+- name: create custom config file
+ shell: 'echo "[client]" > {{ config_file }}'
+
+- name: create user for test unsafe_login_password parameter
+ mysql_user:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_user }}'
+ password: '{{ db_user_unsafe_password }}'
+ priv: '*.*:ALL'
+ state: present
+
+- name: state dump/import - create database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: present
+ check_implicit_admin: yes
+
+- name: create database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name2 }}'
+ state: present
+ check_implicit_admin: no
+
+- name: state dump/import - create table department
+ command: "{{ mysql_command }} {{ db_name }} \"-e create table department(id int, name varchar(100))\""
+
+- name: state dump/import - create table employee
+ command: "{{ mysql_command }} {{ db_name }} \"-e create table employee(id int, name varchar(100))\""
+
+- name: state dump/import - insert data into table employee
+ command: "{{ mysql_command }} {{ db_name }} \"-e insert into employee value(47,'Joe Smith')\""
+
+- name: state dump/import - insert data into table department
+ command: "{{ mysql_command }} {{ db_name }} \"-e insert into department value(2,'Engineering')\""
+
+- name: state dump/import - file name should not exist
+ file:
+ name: '{{ db_file_name }}'
+ state: absent
+
+- name: database dump file1 should not exist
+ file:
+ name: '{{ dump_file1 }}'
+ state: absent
+
+- name: database dump file2 should not exist
+ file:
+ name: '{{ dump_file2 }}'
+ state: absent
+
+- name: state dump without department table.
+ mysql_db:
+ login_user: '{{ db_user }}'
+ login_password: '{{ db_user_unsafe_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ unsafe_login_password: yes
+ name: '{{ db_name }}'
+ state: dump
+ target: '{{ db_file_name }}'
+ ignore_tables:
+ - "{{ db_name }}.department"
+ force: yes
+ master_data: 1
+ skip_lock_tables: yes
+ dump_extra_args: --skip-triggers
+ config_file: '{{ config_file }}'
+ restrict_config_file: yes
+ check_implicit_admin: no
+ register: result
+
+- name: assert successful completion of dump operation
+ assert:
+ that:
+ - result is changed
+ - result.executed_commands[0] is search("mysqldump --defaults-file={{ config_file }} --user={{ db_user }} --password=\*\*\*\*\*\*\*\* --force --host=127.0.0.1 --port={{ mysql_primary_port }} {{ db_name }} --skip-lock-tables --quick --ignore-table={{ db_name }}.department --master-data=1 --skip-triggers")
+
+- name: state dump/import - file name should exist
+ file:
+ name: '{{ db_file_name }}'
+ state: file
+
+- name: state dump with multiple databases in comma separated form.
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: "{{ db_name }},{{ db_name2 }}"
+ state: dump
+ target: '{{ dump_file1 }}'
+ check_implicit_admin: yes
+ register: dump_result1
+
+- name: assert successful completion of dump operation (with multiple databases in comma separated form)
+ assert:
+ that:
+ - dump_result1 is changed
+ - dump_result1.executed_commands[0] is search(" --user=root --password=\*\*\*\*\*\*\*\*")
+
+- name: state dump - dump file1 should exist
+ file:
+ name: '{{ dump_file1 }}'
+ state: file
+
+- name: state dump with multiple databases in list form via check_mode
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db_name }}'
+ - '{{ db_name2 }}'
+ state: dump
+ target: '{{ dump_file2 }}'
+ register: dump_result
+ check_mode: yes
+
+- name: assert successful completion of dump operation (with multiple databases in list form) via check mode
+ assert:
+ that:
+ - dump_result is changed
+
+- name: database dump file2 should not exist
+ stat:
+ path: '{{ dump_file2 }}'
+ register: stat_result
+
+- name: assert that check_mode does not create dump file for databases
+ assert:
+ that:
+ - stat_result.stat.exists is defined and not stat_result.stat.exists
+
+- name: state dump with multiple databases in list form.
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name:
+ - '{{ db_name }}'
+ - '{{ db_name2 }}'
+ state: dump
+ target: '{{ dump_file2 }}'
+ register: dump_result2
+
+- name: assert successful completion of dump operation (with multiple databases in list form)
+ assert:
+ that:
+ - dump_result2 is changed
+
+- name: state dump - dump file2 should exist
+ file:
+ name: '{{ dump_file2 }}'
+ state: file
+
+- name: state dump/import - remove database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: absent
+
+- name: remove database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name2 }}'
+ state: absent
+
+- name: test state=import to restore the database of type {{ format_type }} (expect changed=true)
+ mysql_db:
+ login_user: '{{ db_user }}'
+ login_password: '{{ db_user_unsafe_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ unsafe_login_password: yes
+ name: '{{ db_name }}'
+ state: import
+ target: '{{ db_file_name }}'
+ use_shell: yes
+ register: result
+
+- name: show the tables
+ command: "{{ mysql_command }} {{ db_name }} \"-e show tables\""
+ register: result
+
+- name: assert that the department table is absent.
+ assert:
+ that:
+ - "'department' not in result.stdout"
+
+- name: test state=import to restore a database from multiple database dumped file1
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name2 }}'
+ state: import
+ target: '{{ dump_file1 }}'
+ use_shell: no
+ register: import_result
+
+- name: assert output message restored a database from dump file1
+ assert:
+ that:
+ - import_result is changed
+
+- name: remove database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name2 }}'
+ state: absent
+
+- name: run command to list databases
+ command: "{{ mysql_command }} \"-e show databases like 'data%'\""
+ register: mysql_result
+
+- name: assert that db_name2 database does not exist
+ assert:
+ that:
+ - "'{{ db_name2 }}' not in mysql_result.stdout"
+
+- name: test state=import to restore a database from dumped file2 (check mode)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name2 }}'
+ state: import
+ target: '{{ dump_file2 }}'
+ register: check_import_result
+ check_mode: yes
+
+- name: assert output message restored a database from dump file2 (check mode)
+ assert:
+ that:
+ - check_import_result is changed
+
+- name: run command to list databases
+ command: "{{ mysql_command }} \"-e show databases like 'data%'\""
+ register: mysql_result
+
+- name: assert that db_name2 database does not exist (check mode)
+ assert:
+ that:
+ - "'{{ db_name2 }}' not in mysql_result.stdout"
+
+- name: test state=import to restore a database from multiple database dumped file2
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name2 }}'
+ state: import
+ target: '{{ dump_file2 }}'
+ register: import_result2
+
+- name: assert output message restored a database from dump file2
+ assert:
+ that:
+ - import_result2 is changed
+ - import_result2.db_list == ['{{ db_name2 }}']
+
+- name: run command to list databases
+ command: "{{ mysql_command }} \"-e show databases like 'data%'\""
+ register: mysql_result
+
+- name: assert that db_name2 database does exist after import
+ assert:
+ that:
+ - "'{{ db_name2 }}' in mysql_result.stdout"
+
+- name: test state=dump to backup the database of type {{ format_type }} (expect changed=true)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: dump
+ target: '{{ db_file_name }}'
+ register: result
+
+- name: assert output message backup the database
+ assert:
+ that:
+ - result is changed
+ - "result.db =='{{ db_name }}'"
+
+# - name: assert database was backed up successfully
+# command: "file {{ db_file_name }}"
+# register: result
+#
+# - name: assert file format type
+# assert:
+# that:
+# - "'{{ format_msg_type }}' in result.stdout"
+
+- name: update database table employee
+ command: "{{ mysql_command }} {{ db_name }} \"-e update employee set name='John Doe' where id=47\""
+
+- name: test state=import to restore the database of type {{ format_type }} (expect changed=true)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: import
+ target: '{{ db_file_name }}'
+ register: result
+
+- name: assert output message restore the database
+ assert:
+ that:
+ - result is changed
+
+- name: select data from table employee
+ command: "{{ mysql_command }} {{ db_name }} \"-e select * from employee\""
+ register: result
+
+- name: assert data in database is from the restore database
+ assert:
+ that:
+ - "'47' in result.stdout"
+ - "'Joe Smith' in result.stdout"
+
+##########################
+# Test ``force`` parameter
+##########################
+
+- name: create wrong sql file
+ shell: echo 'CREATE TABLE hello (id int); CREATE ELBAT ehlo (int id);' >> '{{ wrong_sql_file }}'
+
+- name: try to import without force parameter, must fail
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: import
+ target: '{{ wrong_sql_file }}'
+ force: no
+ register: result
+ ignore_errors: yes
+
+- assert:
+ that:
+ - result is failed
+
+- name: try to import with force parameter
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: import
+ target: '{{ wrong_sql_file }}'
+ force: yes
+ register: result
+
+- assert:
+ that:
+ - result is changed
+
+########################
+# Test import with chdir
+
+- name: Create dir
+ file:
+ path: ~/subdir
+ state: directory
+
+- name: Create test dump
+ shell: 'echo "SOURCE ./subdir_test.sql" > ~/original_test.sql'
+
+- name: Create test source
+ shell: 'echo "SELECT 1" > ~/subdir/subdir_test.sql'
+
+- name: Try to restore without chdir argument, must fail
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: import
+ target: '~/original_test.sql'
+ ignore_errors: yes
+ register: result
+- assert:
+ that:
+ - result is failed
+ - result.msg is search('Failed to open file')
+
+- name: Restore with chdir argument, must pass
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: import
+ target: '~/original_test.sql'
+ chdir: ~/subdir
+ register: result
+- assert:
+ that:
+ - result is succeeded
+
+##########
+# Clean up
+##########
+
+- name: remove database name
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: absent
+
+- name: remove database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name2 }}'
+ state: absent
+
+- name: remove file name
+ file:
+ name: '{{ db_file_name }}'
+ state: absent
+
+- name: remove file name
+ file:
+ name: '{{ wrong_sql_file }}'
+ state: absent
+
+- name: remove dump file1
+ file:
+ name: '{{ dump_file1 }}'
+ state: absent
+
+- name: remove dump file2
+ file:
+ name: '{{ dump_file2 }}'
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/state_present_absent.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/state_present_absent.yml
new file mode 100644
index 00000000..5b6e871d
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_db/tasks/state_present_absent.yml
@@ -0,0 +1,300 @@
+# test code for mysql_db module with database name containing special chars
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+- name: remove database if it exists
+ command: >
+ "{{ mysql_command }} -sse 'DROP DATABASE IF EXISTS {{ db_name }}'"
+ ignore_errors: true
+
+- name: make sure the test database is not there
+ command: "{{ mysql_command }} {{ db_name }}"
+ register: mysql_db_check
+ failed_when: "'1049' not in mysql_db_check.stderr"
+
+- name: test state=present for a database name (expect changed=true)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: present
+ register: result
+
+- name: assert output message that database exist
+ assert:
+ that:
+ - result is changed
+ - result.db == '{{ db_name }}'
+ - result.executed_commands == ["CREATE DATABASE `{{ db_name }}`"]
+
+- name: run command to test state=present for a database name (expect db_name in stdout)
+ command: "{{ mysql_command }} -e \"show databases like '{{ db_name | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
+ register: result
+
+- name: assert database exist
+ assert:
+ that:
+ - "'{{ db_name }}' in result.stdout"
+
+# ============================================================
+- name: test state=absent for a database name (expect changed=true)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: absent
+ register: result
+
+- name: assert output message that database does not exist
+ assert:
+ that:
+ - result is changed
+ - result.db == '{{ db_name }}'
+ - result.executed_commands == ["DROP DATABASE `{{ db_name }}`"]
+
+- name: run command to test state=absent for a database name (expect db_name not in stdout)
+ command: "{{ mysql_command }} -e \"show databases like '{{ db_name | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
+ register: result
+
+- name: assert database does not exist
+ assert:
+ that:
+ - "'{{ db_name }}' not in result.stdout"
+
+# ============================================================
+- name: test mysql_db encoding param not valid - issue 8075
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: datanotvalid
+ state: present
+ encoding: notvalid
+ register: result
+ ignore_errors: true
+
+- name: assert test mysql_db encoding param not valid - issue 8075 (failed=true)
+ assert:
+ that:
+ - result is failed
+ - "'Traceback' not in result.msg"
+ - "'Unknown character set' in result.msg"
+
+# ============================================================
+- name: test mysql_db using a valid encoding utf8 (expect changed=true)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: 'en{{ db_name }}'
+ state: present
+ encoding: utf8
+ register: result
+
+- name: assert output message created a database
+ assert:
+ that:
+ - result is changed
+ - result.executed_commands == ["CREATE DATABASE `en{{ db_name }}` CHARACTER SET 'utf8'"]
+
+- name: test database was created
+ command: "{{ mysql_command }} -e \"SHOW CREATE DATABASE `en{{ db_name }}`\""
+ register: result
+
+- name: assert created database is of encoding utf8
+ assert:
+ that:
+ - "'utf8' in result.stdout"
+
+- name: remove database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: 'en{{ db_name }}'
+ state: absent
+
+# ============================================================
+- name: test mysql_db using valid encoding binary (expect changed=true)
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: 'en{{ db_name }}'
+ state: present
+ encoding: binary
+ register: result
+
+- name: assert output message that database was created
+ assert:
+ that:
+ - result is changed
+ - result.executed_commands == ["CREATE DATABASE `en{{ db_name }}` CHARACTER SET 'binary'"]
+
+- name: run command to test database was created
+ command: "{{ mysql_command }} -e \"SHOW CREATE DATABASE `en{{ db_name }}`\""
+ register: result
+
+- name: assert created database is of encoding binary
+ assert:
+ that:
+ - "'binary' in result.stdout"
+
+- name: remove database
+ mysql_db:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: 'en{{ db_name }}'
+ state: absent
+
+# ============================================================
+- name: create user1 to access database dbuser1
+ mysql_user:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: user1
+ password: 'Hfd6fds^dfA8Ga'
+ priv: '*.*:ALL'
+ state: present
+
+- name: create database dbuser1 using user1
+ mysql_db:
+ login_user: user1
+ login_password: 'Hfd6fds^dfA8Ga'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_user1 }}'
+ state: present
+ register: result
+
+- name: assert output message that database was created
+ assert:
+ that:
+ - result is changed
+
+- name: run command to test database was created using user1
+ command: "{{ mysql_command }} -e \"show databases like '{{ db_user1 | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
+ register: result
+
+- name: assert database exist
+ assert:
+ that:
+ - "'{{ db_user1 }}' in result.stdout"
+
+# ============================================================
+- name: create user2 to access database with privilege select only
+ mysql_user:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: user2
+ password: 'kjsfd&F7safjad'
+ priv: '*.*:SELECT'
+ state: present
+
+- name: create database dbuser2 using user2 with no privilege to create (expect failed=true)
+ mysql_db:
+ login_user: user2
+ login_password: 'kjsfd&F7safjad'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_user2 }}'
+ state: present
+ register: result
+ ignore_errors: true
+
+- name: assert output message that database was not created using dbuser2
+ assert:
+ that:
+ - result is failed
+ - "'Access denied' in result.msg"
+
+- name: run command to test that database was not created
+ command: "{{ mysql_command }} -e \"show databases like '{{ db_user2 | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
+ register: result
+
+- name: assert database does not exist
+ assert:
+ that:
+ - "'{{ db_user2 }}' not in result.stdout"
+
+# ============================================================
+- name: delete database using user2 with no privilege to delete (expect failed=true)
+ mysql_db:
+ login_user: user2
+ login_password: 'kjsfd&F7safjad'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_user1 }}'
+ state: absent
+ register: result
+ ignore_errors: true
+
+- name: assert output message that database was not deleted using dbuser2
+ assert:
+ that:
+ - result is failed
+ - "'Access denied' in result.msg"
+
+- name: run command to test database was not deleted
+ command: "{{ mysql_command }} -e \"show databases like '{{ db_user1 | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
+ register: result
+
+- name: assert database still exist
+ assert:
+ that:
+ - "'{{ db_user1 }}' in result.stdout"
+
+# ============================================================
+- name: delete database using user1 with all privilege to delete a database (expect changed=true)
+ mysql_db:
+ login_user: user1
+ login_password: 'Hfd6fds^dfA8Ga'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_user1 }}'
+ state: absent
+ register: result
+ ignore_errors: true
+
+- name: assert output message that database was deleted using user1
+ assert:
+ that:
+ - result is changed
+ - result.executed_commands == ["DROP DATABASE `{{ db_user1 }}`"]
+
+- name: run command to test database was deleted using user1
+ command: "{{ mysql_command }} -e \"show databases like '{{ db_name | regex_replace(\"([%_\\\\])\", \"\\\\\\1\") }}'\""
+ register: result
+
+- name: assert database does not exist
+ assert:
+ that:
+ - "'{{ db_user1 }}' not in result.stdout"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/defaults/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/defaults/main.yml
new file mode 100644
index 00000000..e1b932cc
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/defaults/main.yml
@@ -0,0 +1,11 @@
+---
+# defaults file for test_mysql_info
+mysql_user: root
+mysql_password: msandbox
+mysql_host: 127.0.0.1
+mysql_primary_port: 3307
+
+db_name: data
+
+user_name_1: 'db_user1'
+user_password_1: 'gadfFDSdtTU^Sdfuj'
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/meta/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/meta/main.yml
new file mode 100644
index 00000000..a7ace5d1
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+ - setup_mysql
+ - setup_remote_tmp_dir
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/connector_info.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/connector_info.yml
new file mode 100644
index 00000000..ba76f59b
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/connector_info.yml
@@ -0,0 +1,32 @@
+---
+# Added in 3.6.0 in
+# https://github.com/ansible-collections/community.mysql/pull/497
+
+# TODO: Refactor in PR490.
+- name: Connector info | Assert connector_name exists and has expected values
+ ansible.builtin.assert:
+ that:
+ - result.connector_name is defined
+ - result.connector_name is in ['pymysql', 'MySQLdb']
+ success_msg: >-
+ Assertions passed, result.connector_name is {{ result.connector_name }}
+ fail_msg: >-
+ Assertion failed, result.connector_name is
+ {{ result.connector_name | d('Unknown')}} which is different than expected
+ pymysql or MySQLdb
+
+# TODO: Refactor in PR490.
+- name: Connector info | Assert connector_version exists and has expected values
+ ansible.builtin.assert:
+ that:
+ - result.connector_version is defined
+ - >
+ result.connector_version == 'Unknown'
+ or result.connector_version is version(connector_ver, '==')
+ success_msg: >-
+ Assertions passed, result.connector_version is
+ {{ result.connector_version }}
+ fail_msg: >-
+ Assertion failed, result.connector_version is
+ {{ result.connector_version }} which is different than expected
+ {{ connector_ver }}
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/issue-28.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/issue-28.yml
new file mode 100644
index 00000000..bf4576f5
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/issue-28.yml
@@ -0,0 +1,85 @@
+---
+- name: alias mysql command to include default options
+ set_fact:
+ mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
+
+- name: set fact tls_enabled
+ command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
+ register: result
+- set_fact:
+ tls_enabled: "{{ 'YES' in result.stdout | bool | default('false', true) }}"
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ when: tls_enabled
+ block:
+
+ # ============================================================
+ - name: get server certificate
+ copy:
+ content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+ dest: /tmp/cert.pem
+ delegate_to: localhost
+
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: yes
+
+ - name: create user with ssl requirement
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ tls_requires:
+ SSL:
+
+ - name: attempt connection with newly created user (expect failure)
+ mysql_info:
+ filter: version
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+ when: connector_name is search('pymysql')
+
+ - assert:
+ that:
+ - result is succeeded
+ when: connector_name is not search('pymysql')
+
+ - name: attempt connection with newly created user ignoring hostname
+ mysql_info:
+ filter: version
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ check_hostname: no
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+ - name: Drop mysql user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ host: 127.0.0.1
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/main.yml
new file mode 100644
index 00000000..a5428e32
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/tasks/main.yml
@@ -0,0 +1,219 @@
+####################################################################
+# WARNING: These are designed specifically for Ansible tests #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+# Test code for mysql_info module
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+###################
+# Prepare for tests
+#
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ # Create default MySQL config file with credentials
+ - name: mysql_info - create default config file
+ template:
+ src: my.cnf.j2
+ dest: /root/.my.cnf
+ mode: '0400'
+
+ # Create non-default MySQL config file with credentials
+ - name: mysql_info - create non-default config file
+ template:
+ src: my.cnf.j2
+ dest: /root/non-default_my.cnf
+ mode: '0400'
+
+ ###############
+ # Do tests
+
+ # Access by default cred file
+ - name: mysql_info - collect default cred file
+ mysql_info:
+ login_user: '{{ mysql_user }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - "mysql_version in result.version.full or mariadb_version in result.version.full"
+ - result.settings != {}
+ - result.global_status != {}
+ - result.databases != {}
+ - result.engines != {}
+ - result.users != {}
+
+ - name: mysql_info - Test connector informations display
+ ansible.builtin.import_tasks:
+ file: connector_info.yml
+
+ # Access by non-default cred file
+ - name: mysql_info - check non-default cred file
+ mysql_info:
+ login_user: '{{ mysql_user }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ config_file: /root/non-default_my.cnf
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.version != {}
+
+ # Remove cred files
+ - name: mysql_info - remove cred files
+ file:
+ path: '{{ item }}'
+ state: absent
+ with_items:
+ - /root/.my.cnf
+ - /root/non-default_my.cnf
+
+ # Access with password
+ - name: mysql_info - check access with password
+ mysql_info:
+ <<: *mysql_params
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.version != {}
+
+ # Test excluding
+ - name: Collect all info except settings and users
+ mysql_info:
+ <<: *mysql_params
+ filter: '!settings,!users'
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.version != {}
+ - result.global_status != {}
+ - result.databases != {}
+ - result.engines != {}
+ - result.settings is not defined
+ - result.users is not defined
+
+ # Test including
+ - name: Collect info only about version and databases
+ mysql_info:
+ <<: *mysql_params
+ filter:
+ - version
+ - databases
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.version != {}
+ - result.databases != {}
+ - result.engines is not defined
+ - result.settings is not defined
+ - result.global_status is not defined
+ - result.users is not defined
+
+ # Test exclude_fields: db_size
+ # 'unsupported' element is passed to check that an unsupported value
+ # won't break anything (will be ignored regarding to the module's documentation).
+ - name: Collect info about databases excluding their sizes
+ mysql_info:
+ <<: *mysql_params
+ filter:
+ - databases
+ exclude_fields:
+ - db_size
+ - unsupported
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.databases != {}
+ - result.databases.mysql == {}
+
+ ########################################################
+ # Issue #65727, empty databases must be in returned dict
+ #
+ - name: Create empty database acme
+ mysql_db:
+ <<: *mysql_params
+ name: acme
+
+ - name: Collect info about databases
+ mysql_info:
+ <<: *mysql_params
+ filter:
+ - databases
+ return_empty_dbs: true
+ register: result
+
+ # Check acme is in returned dict
+ - assert:
+ that:
+ - result is not changed
+ - result.databases.acme.size == 0
+ - result.databases.mysql != {}
+
+ - name: Collect info about databases excluding their sizes
+ mysql_info:
+ <<: *mysql_params
+ filter:
+ - databases
+ exclude_fields:
+ - db_size
+ return_empty_dbs: true
+ register: result
+
+ # Check acme is in returned dict
+ - assert:
+ that:
+ - result is not changed
+ - result.databases.acme == {}
+ - result.databases.mysql == {}
+
+ - name: Remove acme database
+ mysql_db:
+ <<: *mysql_params
+ name: acme
+ state: absent
+
+ - include: issue-28.yml
+
+ # https://github.com/ansible-collections/community.mysql/issues/204
+ - name: Create database containing only views
+ mysql_db:
+ <<: *mysql_params
+ name: allviews
+
+ - name: Create view
+ mysql_query:
+ <<: *mysql_params
+ login_db: allviews
+ query: 'CREATE VIEW v_today (today) AS SELECT CURRENT_DATE'
+
+ - name: Fetch info
+ mysql_info:
+ <<: *mysql_params
+ register: result
+
+ - name: Check
+ assert:
+ that:
+ - result.databases.allviews.size == 0
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/templates/my.cnf.j2 b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/templates/my.cnf.j2
new file mode 100644
index 00000000..7d159a21
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_info/templates/my.cnf.j2
@@ -0,0 +1,5 @@
+[client]
+user={{ mysql_user }}
+password={{ mysql_password }}
+host={{ mysql_host }}
+port={{ mysql_primary_port }}
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/defaults/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/defaults/main.yml
new file mode 100644
index 00000000..4ee25ffe
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/defaults/main.yml
@@ -0,0 +1,14 @@
+mysql_user: root
+mysql_password: msandbox
+mysql_primary_port: 3307
+
+db_name: data
+test_db: testdb
+test_table1: test1
+test_table2: test2
+test_table3: test3
+test_table4: test4
+test_script_path: /tmp/test.sql
+
+user_name_1: 'db_user1'
+user_password_1: 'gadfFDSdtTU^Sdfuj'
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/meta/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/meta/main.yml
new file mode 100644
index 00000000..ce08dc4a
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+- setup_mysql
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/issue-28.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/issue-28.yml
new file mode 100644
index 00000000..a61e07ff
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/issue-28.yml
@@ -0,0 +1,85 @@
+---
+- name: alias mysql command to include default options
+ set_fact:
+ mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
+
+- name: set fact tls_enabled
+ command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
+ register: result
+- set_fact:
+ tls_enabled: "{{ 'YES' in result.stdout | bool | default('false', true) }}"
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ when: tls_enabled
+ block:
+
+ # ============================================================
+ - name: get server certificate
+ copy:
+ content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+ dest: /tmp/cert.pem
+ delegate_to: localhost
+
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: yes
+
+ - name: create user with ssl requirement
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ tls_requires:
+ SSL:
+
+ - name: attempt connection with newly created user (expect failure)
+ mysql_query:
+ query: 'SHOW DATABASES'
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+ when: connector_name is search('pymysql')
+
+ - assert:
+ that:
+ - result is succeeded
+ when: connector_name is not search('pymysql')
+
+ - name: attempt connection with newly created user ignoring hostname
+ mysql_query:
+ query: 'SHOW DATABASES'
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ check_hostname: no
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+ - name: Drop mysql user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ host: 127.0.0.1
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/main.yml
new file mode 100644
index 00000000..6d17308f
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/main.yml
@@ -0,0 +1,9 @@
+####################################################################
+# WARNING: These are designed specifically for Ansible tests #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+# mysql_query module initial CI tests
+- import_tasks: mysql_query_initial.yml
+
+- include: issue-28.yml
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/mysql_query_initial.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/mysql_query_initial.yml
new file mode 100644
index 00000000..cbb7b533
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_query/tasks/mysql_query_initial.yml
@@ -0,0 +1,366 @@
+# Test code for mysql_query module
+# Copyright: (c) 2020, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ - name: Create db {{ test_db }}
+ mysql_query:
+ <<: *mysql_params
+ query: 'CREATE DATABASE {{ test_db }}'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.executed_queries == ['CREATE DATABASE {{ test_db }}']
+
+ - name: Create {{ test_table1 }}
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'CREATE TABLE {{ test_table1 }} (id int)'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.executed_queries == ['CREATE TABLE {{ test_table1 }} (id int)']
+
+ - name: Insert test data
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query:
+ - 'INSERT INTO {{ test_table1 }} VALUES (1), (2)'
+ - 'INSERT INTO {{ test_table1 }} VALUES (3)'
+ single_transaction: yes
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.rowcount == [2, 1]
+ - result.executed_queries == ['INSERT INTO {{ test_table1 }} VALUES (1), (2)', 'INSERT INTO {{ test_table1 }} VALUES (3)']
+
+ - name: Check data in {{ test_table1 }}
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'SELECT * FROM {{ test_table1 }}'
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.executed_queries == ['SELECT * FROM {{ test_table1 }}']
+ - result.rowcount == [3]
+ - result.query_result[0][0].id == 1
+ - result.query_result[0][1].id == 2
+ - result.query_result[0][2].id == 3
+
+ - name: Check data in {{ test_table1 }} using positional args
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'SELECT * FROM {{ test_table1 }} WHERE id = %s'
+ positional_args:
+ - 1
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.executed_queries == ["SELECT * FROM {{ test_table1 }} WHERE id = 1"]
+ - result.rowcount == [1]
+ - result.query_result[0][0].id == 1
+
+ - name: Check data in {{ test_table1 }} using named args
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'SELECT * FROM {{ test_table1 }} WHERE id = %(some_id)s'
+ named_args:
+ some_id: 1
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.executed_queries == ["SELECT * FROM {{ test_table1 }} WHERE id = 1"]
+ - result.rowcount == [1]
+ - result.query_result[0][0].id == 1
+
+ - name: Update data in {{ test_table1 }}
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'UPDATE {{ test_table1 }} SET id = %(new_id)s WHERE id = %(current_id)s'
+ named_args:
+ current_id: 1
+ new_id: 0
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.executed_queries == ['UPDATE {{ test_table1 }} SET id = 0 WHERE id = 1']
+ - result.rowcount == [1]
+
+ - name: Check the prev update - row with value 1 does not exist anymore
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'SELECT * FROM {{ test_table1 }} WHERE id = %(some_id)s'
+ named_args:
+ some_id: 1
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.executed_queries == ['SELECT * FROM {{ test_table1 }} WHERE id = 1']
+ - result.rowcount == [0]
+
+ - name: Check the prev update - row with value - exist
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'SELECT * FROM {{ test_table1 }} WHERE id = %(some_id)s'
+ named_args:
+ some_id: 0
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.executed_queries == ['SELECT * FROM {{ test_table1 }} WHERE id = 0']
+ - result.rowcount == [1]
+
+ - name: Update data in {{ test_table1 }} again
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'UPDATE {{ test_table1 }} SET id = %(new_id)s WHERE id = %(current_id)s'
+ named_args:
+ current_id: 1
+ new_id: 0
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.executed_queries == ['UPDATE {{ test_table1 }} SET id = 0 WHERE id = 1']
+ - result.rowcount == [0]
+
+ - name: Delete data from {{ test_table1 }}
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query:
+ - 'DELETE FROM {{ test_table1 }} WHERE id = 0'
+ - 'SELECT * FROM {{ test_table1 }} WHERE id = 0'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.executed_queries == ['DELETE FROM {{ test_table1 }} WHERE id = 0', 'SELECT * FROM {{ test_table1 }} WHERE id = 0']
+ - result.rowcount == [1, 0]
+
+ - name: Delete data from {{ test_table1 }} again
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'DELETE FROM {{ test_table1 }} WHERE id = 0'
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ - result.executed_queries == ['DELETE FROM {{ test_table1 }} WHERE id = 0']
+ - result.rowcount == [0]
+
+ - name: Truncate {{ test_table1 }}
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query:
+ - 'TRUNCATE {{ test_table1 }}'
+ - 'SELECT * FROM {{ test_table1 }}'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.executed_queries == ['TRUNCATE {{ test_table1 }}', 'SELECT * FROM {{ test_table1 }}']
+ - result.rowcount == [0, 0]
+
+ - name: Rename {{ test_table1 }}
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'RENAME TABLE {{ test_table1 }} TO {{ test_table2 }}'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.executed_queries == ['RENAME TABLE {{ test_table1 }} TO {{ test_table2 }}']
+ - result.rowcount == [0]
+
+ - name: Check the prev rename
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'SELECT * FROM {{ test_table1 }}'
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+
+ - name: Check the prev rename
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'SELECT * FROM {{ test_table2 }}'
+ register: result
+
+ - assert:
+ that:
+ - result.rowcount == [0]
+
+ - name: Create {{ test_table3 }}
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'CREATE TABLE {{ test_table3 }} (id int, story text)'
+
+ - name: Add data to {{ test_table3 }}
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: "INSERT INTO {{ test_table3 }} (id, story) VALUES (1, 'first'), (2, 'second')"
+
+ - name: Select from {{ test_table3 }}
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'SELECT id, story FROM {{ test_table3 }}'
+ register: result
+
+ - assert:
+ that:
+ - result.rowcount == [2]
+
+ - name: Pass wrong query type
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: {'this type is': 'wrong'}
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+ - result.msg is search('the query option value must be a string or list')
+
+ - name: Pass wrong query element
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query:
+ - 'SELECT now()'
+ - {'this type is': 'wrong'}
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+ - result.msg is search('the elements in query list must be strings')
+
+ - name: Create {{ test_table4 }}
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'CREATE TABLE {{ test_table4 }} (id int primary key, story text)'
+
+ - name: Insert test data using replace statement
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: "REPLACE INTO {{ test_table4 }} VALUES (1, 'first')"
+ single_transaction: yes
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.rowcount == [1]
+
+ - name: Replace test data
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: "REPLACE INTO {{ test_table4 }} VALUES (1, 'one')"
+ single_transaction: yes
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.rowcount == [2]
+
+ # Issue https://github.com/ansible-collections/community.mysql/issues/268
+ - name: Create table
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: "CREATE TABLE issue268 (id int)"
+ single_transaction: yes
+
+ # Issue https://github.com/ansible-collections/community.mysql/issues/268
+ - name: Create table with IF NOT EXISTS
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: "CREATE TABLE IF NOT EXISTS issue268 (id int)"
+ single_transaction: yes
+ register: result
+
+ # Issue https://github.com/ansible-collections/community.mysql/issues/268
+ - assert:
+ that:
+ # PyMySQL driver throws a warning, so the following is correct
+ - result is not changed
+ when: connector_name is search('pymysql')
+
+ # Issue https://github.com/ansible-collections/community.mysql/issues/268
+ - assert:
+ that:
+ # mysqlclient driver throws nothing, so it's impossible to figure out
+ # if the state was changed or not.
+ # We assume that it was for DDL queryes by default in the code
+ - result is changed
+ when: connector_name is search('mysqlclient')
+
+ - name: Drop db {{ test_db }}
+ mysql_query:
+ <<: *mysql_params
+ query: 'DROP DATABASE {{ test_db }}'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.executed_queries == ['DROP DATABASE {{ test_db }}']
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/defaults/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/defaults/main.yml
new file mode 100644
index 00000000..d2d20808
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/defaults/main.yml
@@ -0,0 +1,17 @@
+mysql_user: root
+mysql_password: msandbox
+mysql_host: 127.0.0.1
+mysql_primary_port: 3307
+mysql_replica1_port: 3308
+mysql_replica2_port: 3309
+
+test_db: test_db
+test_table: test_table
+test_primary_delay: 60
+replication_user: replication_user
+replication_pass: replication_pass
+dump_path: /tmp/dump.sql
+test_channel: test_channel-1
+
+user_name_1: 'db_user1'
+user_password_1: 'gadfFDSdtTU^Sdfuj'
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/meta/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/meta/main.yml
new file mode 100644
index 00000000..36e111c3
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+- setup_mysql
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/issue-265.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/issue-265.yml
new file mode 100644
index 00000000..24232f35
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/issue-265.yml
@@ -0,0 +1,165 @@
+---
+- name: alias mysql command to include default options
+ set_fact:
+ mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} --protocol=tcp"
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ block:
+
+ # start replica so it is available for testing
+
+ - name: Start replica
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: startreplica
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["START SLAVE"] or result.queries == ["START REPLICA"]
+
+ - name: Drop {{ user_name_1 }} if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: yes
+
+ # First test
+ # check if user creation works with force_context and is replicated
+ - name: create user with force_context
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ priv: '*.*:ALL,GRANT'
+ force_context: yes
+
+ - name: attempt connection on replica1 with newly created user (expect success)
+ mysql_replication:
+ mode: getprimary
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_replica1_port }}'
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is succeeded
+
+ - name: Drop user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ force_context: yes
+
+ - name: attempt connection on replica with freshly removed user (expect failure)
+ mysql_replication:
+ mode: getprimary
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_replica1_port }}'
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+
+ # Prepare replica1 for testing with a replication filter in place
+ # Stop replication, create a filter and restart replication on replica1.
+ - name: Stop replica
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: stopreplica
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["STOP SLAVE"] or result.queries == ["STOP REPLICA"]
+
+ - name: Create replication filter MySQL
+ shell: "echo \"CHANGE REPLICATION FILTER REPLICATE_IGNORE_DB = (mysql);\" | {{ mysql_command }} -P{{ mysql_replica1_port }}"
+ when: install_type == 'mysql'
+
+ - name: Create replication filter MariaDB
+ shell: "echo \"SET GLOBAL replicate_ignore_db = 'mysql';\" | {{ mysql_command }} -P{{ mysql_replica1_port }}"
+ when: install_type == 'mariadb'
+
+ - name: Start replica
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: startreplica
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["START SLAVE"] or result.queries == ["START REPLICA"]
+
+ # Second test
+ # Filter in place, ready to test if user creation is filtered with force_context
+ - name: create user with force_context
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ priv: '*.*:ALL,GRANT'
+ force_context: yes
+
+ - name: attempt connection on replica with newly created user (expect failure)
+ mysql_replication:
+ mode: getprimary
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_replica1_port }}'
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+
+ - name: Drop user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ force_context: yes
+
+ # restore normal replica1 operation
+ # Stop replication and remove the filter
+ - name: Stop replica
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: stopreplica
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["STOP SLAVE"] or result.queries == ["STOP REPLICA"]
+
+ - name: Remove replication filter MySQL
+ shell: "echo \"CHANGE REPLICATION FILTER REPLICATE_IGNORE_DB = ();\" | {{ mysql_command }} -P{{ mysql_replica1_port }}"
+ when: install_type == 'mysql'
+
+ - name: Remove replication filter MariaDB
+ shell: "echo \"SET GLOBAL replicate_ignore_db = '';\" | {{ mysql_command }} -P{{ mysql_replica1_port }}"
+ when: install_type == 'mariadb'
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml
new file mode 100644
index 00000000..e6333f0a
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml
@@ -0,0 +1,86 @@
+---
+- name: alias mysql command to include default options
+ set_fact:
+ mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
+
+- name: set fact tls_enabled
+ command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
+ register: result
+- set_fact:
+ tls_enabled: "{{ 'YES' in result.stdout | bool | default('false', true) }}"
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ when: tls_enabled
+ block:
+
+ # ============================================================
+ - name: get server certificate
+ copy:
+ content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+ dest: /tmp/cert.pem
+ delegate_to: localhost
+
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: yes
+
+ - name: create user with ssl requirement
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ priv: '*.*:ALL,GRANT'
+ tls_requires:
+ SSL:
+
+ - name: attempt connection with newly created user (expect failure)
+ mysql_replication:
+ mode: getprimary
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+ when: connector_name is search('pymysql')
+
+ - assert:
+ that:
+ - result is succeeded
+ when: connector_name is not search('pymysql')
+
+ - name: attempt connection with newly created user ignoring hostname
+ mysql_replication:
+ mode: getprimary
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ check_hostname: no
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+ - name: Drop mysql user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ host: 127.0.0.1
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/main.yml
new file mode 100644
index 00000000..044787ab
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/main.yml
@@ -0,0 +1,26 @@
+####################################################################
+# WARNING: These are designed specifically for Ansible tests #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+# Initial CI tests of mysql_replication module:
+- import_tasks: mysql_replication_initial.yml
+
+# Tests of replication filters and force_context
+- include: issue-265.yml
+
+# Tests of primary_delay parameter:
+- import_tasks: mysql_replication_primary_delay.yml
+
+# Tests of channel parameter:
+- import_tasks: mysql_replication_channel.yml
+ when:
+ - install_type == 'mysql' # FIXME: mariadb introduces FOR CHANNEL in 10.7
+
+# Tests of resetprimary mode:
+- import_tasks: mysql_replication_resetprimary_mode.yml
+
+- include: issue-28.yml
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_channel.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_channel.yml
new file mode 100644
index 00000000..e314aaeb
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_channel.yml
@@ -0,0 +1,127 @@
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- vars:
+ mysql_params: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+
+ block:
+ # Get primary log file and log pos:
+ - name: Get primary status
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_primary_port }}'
+ mode: getprimary
+ register: mysql_primary_status
+
+ # Test changeprimary mode:
+ - name: Run replication with channel
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica2_port }}'
+ mode: changeprimary
+ primary_host: '{{ mysql_host }}'
+ primary_port: '{{ mysql_primary_port }}'
+ primary_user: '{{ replication_user }}'
+ primary_password: '{{ replication_pass }}'
+ primary_log_file: '{{ mysql_primary_status.File }}'
+ primary_log_pos: '{{ mysql_primary_status.Position }}'
+ channel: '{{ test_channel }}'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["CHANGE MASTER TO MASTER_HOST='{{ mysql_host }}',MASTER_USER='{{ replication_user }}',MASTER_PASSWORD='********',MASTER_PORT={{ mysql_primary_port }},MASTER_LOG_FILE='{{ mysql_primary_status.File }}',MASTER_LOG_POS={{ mysql_primary_status.Position }} FOR CHANNEL '{{ test_channel }}'"]
+
+ # Test startreplica mode:
+ - name: Start replica with channel
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica2_port }}'
+ mode: startreplica
+ channel: '{{ test_channel }}'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["START SLAVE FOR CHANNEL '{{ test_channel }}'"] or result.queries == ["START REPLICA FOR CHANNEL '{{ test_channel }}'"]
+
+ # Test getreplica mode:
+ - name: Get standby status with channel
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica2_port }}'
+ mode: getreplica
+ channel: '{{ test_channel }}'
+ register: replica_status
+
+ - assert:
+ that:
+ - replica_status.Is_Replica == true
+ - replica_status.Master_Host == '{{ mysql_host }}'
+ - replica_status.Exec_Master_Log_Pos == mysql_primary_status.Position
+ - replica_status.Master_Port == {{ mysql_primary_port }}
+ - replica_status.Last_IO_Errno == 0
+ - replica_status.Last_IO_Error == ''
+ - replica_status.Channel_Name == '{{ test_channel }}'
+ - replica_status is not changed
+ when: mysql8022_and_higher == false
+
+ - assert:
+ that:
+ - replica_status.Is_Replica == true
+ - replica_status.Source_Host == '{{ mysql_host }}'
+ - replica_status.Exec_Source_Log_Pos == mysql_primary_status.Position
+ - replica_status.Source_Port == {{ mysql_primary_port }}
+ - replica_status.Last_IO_Errno == 0
+ - replica_status.Last_IO_Error == ''
+ - replica_status.Channel_Name == '{{ test_channel }}'
+ - replica_status is not changed
+ when: mysql8022_and_higher == true
+
+
+ # Test stopreplica mode:
+ - name: Stop replica with channel
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica2_port }}'
+ mode: stopreplica
+ channel: '{{ test_channel }}'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["STOP SLAVE FOR CHANNEL '{{ test_channel }}'"] or result.queries == ["STOP REPLICA FOR CHANNEL '{{ test_channel }}'"]
+
+ # Test reset
+ - name: Reset replica with channel
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica2_port }}'
+ mode: resetreplica
+ channel: '{{ test_channel }}'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["RESET SLAVE FOR CHANNEL '{{ test_channel }}'"] or result.queries == ["RESET REPLICA FOR CHANNEL '{{ test_channel }}'"]
+
+ # Test reset all
+ - name: Reset replica all with channel
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica2_port }}'
+ mode: resetreplicaall
+ channel: '{{ test_channel }}'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["RESET SLAVE ALL FOR CHANNEL '{{ test_channel }}'"] or result.queries == ["RESET REPLICA ALL FOR CHANNEL '{{ test_channel }}'"]
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml
new file mode 100644
index 00000000..78206fc8
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_initial.yml
@@ -0,0 +1,275 @@
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- vars:
+ mysql_params: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+
+ block:
+ - name: find out the database version
+ mysql_info:
+ <<: *mysql_params
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: db
+
+ - name: Set mysql8022_and_higher
+ set_fact:
+ mysql8022_and_higher: false
+
+ - name: Set mysql8022_and_higher
+ set_fact:
+ mysql8022_and_higher: true
+ when:
+ - db.version.major > 8 or (db.version.major == 8 and db.version.minor > 0) or (db.version.major == 8 and db.version.minor == 0 and db.version.release >= 22)
+ - install_type == 'mysql'
+
+ - name: alias mysql command to include default options
+ set_fact:
+ mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} --protocol=tcp"
+
+ # Preparation:
+ - name: Create user for mysql replication
+ shell: "echo \"CREATE USER '{{ replication_user }}'@'localhost' IDENTIFIED WITH mysql_native_password BY '{{ replication_pass }}'; GRANT REPLICATION SLAVE ON *.* TO '{{ replication_user }}'@'localhost';\" | {{ mysql_command }} -P{{ mysql_primary_port }}"
+ when: install_type == 'mysql'
+
+ - name: Create user for mariadb replication
+ shell: "echo \"CREATE USER '{{ replication_user }}'@'localhost' IDENTIFIED BY '{{ replication_pass }}'; GRANT REPLICATION SLAVE ON *.* TO '{{ replication_user }}'@'localhost';\" | {{ mysql_command }} -P{{ mysql_primary_port }}"
+ when: install_type == 'mariadb'
+
+ - name: Create test database
+ mysql_db:
+ <<: *mysql_params
+ login_port: '{{ mysql_primary_port }}'
+ state: present
+ name: '{{ test_db }}'
+
+ - name: Dump all databases from the primary
+ shell: 'mysqldump -u{{ mysql_user }} -p{{ mysql_password }} -h{{ mysql_host }} --protocol=tcp -P{{ mysql_primary_port }} --all-databases --ignore-table=mysql.innodb_index_stats --ignore-table=mysql.innodb_table_stats --master-data=2 > {{ dump_path }}'
+
+ - name: Restore the dump to replica1
+ shell: '{{ mysql_command }} -P{{ mysql_replica1_port }} < {{ dump_path }}'
+
+ - name: Restore the dump to replica2
+ shell: '{{ mysql_command }} -P{{ mysql_replica2_port }} < {{ dump_path }}'
+
+ # Test getprimary mode:
+ - name: Get primary status
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_primary_port }}'
+ mode: getprimary
+ register: mysql_primary_status
+
+ - assert:
+ that:
+ - mysql_primary_status.Is_Primary == true
+ - mysql_primary_status.Position != 0
+ - mysql_primary_status is not changed
+
+ # Test startreplica fails without changeprimary first. This needs fail_on_error
+ - name: Start replica and fail because primary is not specified; failing on error as requested
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: startreplica
+ primary_use_gtid: replica_pos
+ fail_on_error: yes
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+
+ # Test startreplica doesn't fail if fail_on_error: no
+ - name: Start replica and fail without propagating it to ansible as we were asked not to
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: startreplica
+ fail_on_error: no
+ register: result
+
+ - assert:
+ that:
+ - result is not failed
+
+ # Test startreplica doesn't fail if there is no fail_on_error.
+ # This is suboptimal because nothing happens, but it's the old behavior.
+ - name: Start replica and fail without propagating it to ansible as previous versions did not fail on error
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: startreplica
+ register: result
+
+ - assert:
+ that:
+ - result is not failed
+
+ # Test changeprimary mode:
+ # primary_ssl_ca will be set as '' to check the module's behaviour for #23976,
+ # must be converted to an empty string
+ - name: Run replication
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: changeprimary
+ primary_host: '{{ mysql_host }}'
+ primary_port: '{{ mysql_primary_port }}'
+ primary_user: '{{ replication_user }}'
+ primary_password: '{{ replication_pass }}'
+ primary_log_file: '{{ mysql_primary_status.File }}'
+ primary_log_pos: '{{ mysql_primary_status.Position }}'
+ primary_ssl_ca: ''
+ primary_ssl: no
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["CHANGE MASTER TO MASTER_HOST='{{ mysql_host }}',MASTER_USER='{{ replication_user }}',MASTER_PASSWORD='********',MASTER_PORT={{ mysql_primary_port }},MASTER_LOG_FILE='{{ mysql_primary_status.File }}',MASTER_LOG_POS={{ mysql_primary_status.Position }},MASTER_SSL=0,MASTER_SSL_CA=''"]
+
+ # Test startreplica mode:
+ - name: Start replica
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: startreplica
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["START SLAVE"] or result.queries == ["START REPLICA"]
+
+ # Test getreplica mode:
+ - name: Get replica status
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: getreplica
+ register: replica_status
+
+ - assert:
+ that:
+ - replica_status.Is_Replica == true
+ - replica_status.Master_Host == '{{ mysql_host }}'
+ - replica_status.Exec_Master_Log_Pos == mysql_primary_status.Position
+ - replica_status.Master_Port == {{ mysql_primary_port }}
+ - replica_status.Last_IO_Errno == 0
+ - replica_status.Last_IO_Error == ''
+ - replica_status is not changed
+ when: mysql8022_and_higher == false
+
+ - assert:
+ that:
+ - replica_status.Is_Replica == true
+ - replica_status.Source_Host == '{{ mysql_host }}'
+ - replica_status.Exec_Source_Log_Pos == mysql_primary_status.Position
+ - replica_status.Source_Port == {{ mysql_primary_port }}
+ - replica_status.Last_IO_Errno == 0
+ - replica_status.Last_IO_Error == ''
+ - replica_status is not changed
+ when: mysql8022_and_higher == true
+
+ # Create test table and add data to it:
+ - name: Create test table
+ shell: "echo \"CREATE TABLE {{ test_table }} (id int);\" | {{ mysql_command }} -P{{ mysql_primary_port }} {{ test_db }}"
+
+ - name: Insert data
+ shell: "echo \"INSERT INTO {{ test_table }} (id) VALUES (1), (2), (3); FLUSH LOGS;\" | {{ mysql_command }} -P{{ mysql_primary_port }} {{ test_db }}"
+
+ - name: Small pause to be sure the bin log, which was flushed previously, reached the replica
+ ansible.builtin.wait_for:
+ timeout: 2
+
+ # Test primary log pos has been changed:
+ - name: Get replica status
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: getreplica
+ register: replica_status
+
+ # mysql_primary_status.Position is not actual and it has been changed by the prev step,
+ # so replica_status.Exec_Master_Log_Pos must be different:
+ - assert:
+ that:
+ - replica_status.Exec_Master_Log_Pos != mysql_primary_status.Position
+ when: mysql8022_and_higher == false
+
+ - assert:
+ that:
+ - replica_status.Exec_Source_Log_Pos != mysql_primary_status.Position
+ when: mysql8022_and_higher == true
+
+ - shell: pip show pymysql | awk '/Version/ {print $2}'
+ register: pymysql_version
+
+ - name: Start replica that is already running
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: startreplica
+ fail_on_error: true
+ register: result
+
+ # mysqlclient 2.0.1 always return "changed"
+ - assert:
+ that:
+ - result is not changed
+ when:
+ - connector_name == 'pymysql'
+
+ # Test stopreplica mode:
+ - name: Stop replica
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: stopreplica
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["STOP SLAVE"] or result.queries == ["STOP REPLICA"]
+
+ - name: Pause for 2 seconds to let the replication stop
+ ansible.builtin.wait_for:
+ timeout: 2
+
+ # Test stopreplica mode:
+ # mysqlclient 2.0.1 always return "changed"
+ - name: Stop replica that is no longer running
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: stopreplica
+ fail_on_error: true
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+ when:
+ - connector_name == 'pymysql'
+
+ # master / slave related choices were removed in 3.0.0
+ # https://github.com/ansible-collections/community.mysql/pull/252
+ - name: Test invoking the module with unsupported choice
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: stopslave
+ fail_on_error: true
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result.msg == "value of mode must be one of{{ ":" }} getprimary, getreplica, changeprimary, stopreplica, startreplica, resetprimary, resetreplica, resetreplicaall, got{{ ":" }} stopslave"
+ - result is failed
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_primary_delay.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_primary_delay.yml
new file mode 100644
index 00000000..ecdcc816
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_primary_delay.yml
@@ -0,0 +1,45 @@
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- vars:
+ mysql_params: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+
+ block:
+
+ # Test primary_delay mode:
+ - name: Run replication
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: changeprimary
+ primary_delay: '{{ test_primary_delay }}'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["CHANGE MASTER TO MASTER_DELAY=60"]
+
+ # Auxiliary step:
+ - name: Start replica
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: startreplica
+ register: result
+
+ # Check primary_delay:
+ - name: Get standby status
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: getreplica
+ register: replica_status
+
+ - assert:
+ that:
+ - replica_status.SQL_Delay == {{ test_primary_delay }}
+ - replica_status is not changed
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_resetprimary_mode.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_resetprimary_mode.yml
new file mode 100644
index 00000000..a4ed75e1
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_replication/tasks/mysql_replication_resetprimary_mode.yml
@@ -0,0 +1,56 @@
+# Copyright: (c) 2019, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- vars:
+ mysql_params: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+
+ block:
+
+ # Needs for further tests:
+ - name: Stop replica
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: stopreplica
+
+ - name: Reset replica all
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_replica1_port }}'
+ mode: resetreplicaall
+
+ # Get primary initial status:
+ - name: Get primary status
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_primary_port }}'
+ mode: getprimary
+ register: mysql_primary_initial_status
+
+ # Test resetprimary mode:
+ - name: Reset primary
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_primary_port }}'
+ mode: resetprimary
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["RESET MASTER"]
+
+ # Get primary final status:
+ - name: Get primary status
+ mysql_replication:
+ <<: *mysql_params
+ login_port: '{{ mysql_primary_port }}'
+ mode: getprimary
+ register: mysql_primary_final_status
+
+ - assert:
+ that:
+ - mysql_primary_initial_status.File != mysql_primary_final_status.File
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/defaults/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/defaults/main.yml
new file mode 100644
index 00000000..544f0983
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/defaults/main.yml
@@ -0,0 +1,18 @@
+mysql_user: root
+mysql_password: msandbox
+mysql_primary_port: 3307
+
+test_db: test_db
+test_table: test_table
+test_db1: test_db1
+test_db2: test_db2
+
+user0: user0
+user1: user1
+user2: user2
+nonexistent: user3
+
+role0: role0
+role1: role1
+role2: role2
+role3: role3 \ No newline at end of file
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/meta/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/meta/main.yml
new file mode 100644
index 00000000..ce08dc4a
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+- setup_mysql
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/main.yml
new file mode 100644
index 00000000..952bf6f0
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/main.yml
@@ -0,0 +1,17 @@
+####################################################################
+# WARNING: These are designed specifically for Ansible tests #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- name: alias mysql command to include default options
+ set_fact:
+ mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
+
+
+# mysql_role module initial CI tests
+- import_tasks: mysql_role_initial.yml
+
+# Test that subtract_privs will only revoke the grants given by priv
+# (https://github.com/ansible-collections/community.mysql/issues/331)
+- include: test_priv_subtract.yml enable_check_mode=no
+- include: test_priv_subtract.yml enable_check_mode=yes
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
new file mode 100644
index 00000000..36f2418a
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
@@ -0,0 +1,1649 @@
+# Test code for mysql_role module
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ task_parameters: &task_params
+ register: result
+
+ block:
+
+ - name: Get server version
+ mysql_info:
+ <<: *mysql_params
+ register: srv
+
+ - name: When run with unsupported server versions, must fail
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: test
+ ignore_errors: yes
+
+ - name: Must fail when meet unsupported version
+ assert:
+ that:
+ - result is failed
+ - result is search('Roles are not supported by the server')
+ when:
+ - srv['version']['major'] < 8
+
+ # Skip unsupported versions
+ - meta: end_play
+ when: srv['version']['major'] < 8
+
+ #########
+ # Prepare
+ - name: Create db {{ test_db }}
+ <<: *task_params
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ test_db }}'
+
+ - name: Create table {{ test_table }}
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'DROP TABLE IF EXISTS {{ test_table }}'
+
+ - name: Create table {{ test_table }}
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ test_db }}'
+ query: 'CREATE TABLE IF NOT EXISTS {{ test_table }} (id int)'
+
+ - name: Create users
+ <<: *task_params
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ item }}'
+ password: '{{ mysql_password }}'
+ loop:
+ - '{{ user0 }}'
+ - '{{ user1 }}'
+ - '{{ user2 }}'
+
+ ###########
+ # Run tests
+
+ - name: Create role {{ role0 }} in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ user0 }}@localhost'
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check in DB
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
+
+ - name: Check
+ assert:
+ that:
+ - result.rowcount.0 == 0
+
+ # It must fail because of check_mode
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
+
+ #=====================
+
+ - name: Check that the user have no active roles
+ <<: *task_params
+ mysql_query:
+ login_user: '{{ user0 }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ query: 'SELECT COALESCE(current_role(), "NONE") as "current_role()"'
+
+ - name: Check
+ assert:
+ that:
+ - result.query_result.0.0["current_role()"] == "NONE"
+
+ - name: Create role {{ role0 }}
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ user0 }}@localhost'
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check in DB
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
+
+ - name: Check
+ assert:
+ that:
+ - result.rowcount.0 == 1
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ - name: Check that the role is active
+ <<: *task_params
+ mysql_query:
+ login_user: '{{ user0 }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ query: 'SELECT current_role()'
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - "'{{ role0 }}' in result.query_result.0.0['current_role()']"
+ when: install_type == 'mysql'
+
+ - name: Check that the role is active (mariadb)
+ <<: *task_params
+ mysql_query:
+ login_user: '{{ user0 }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ query:
+ - 'SET ROLE {{ role0 }}'
+ - 'SELECT current_role()'
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - "'{{ role0 }}' in result.query_result.1.0['current_role()']"
+ when: install_type == 'mariadb'
+
+ #========================
+
+ - name: Create role {{ role0 }} again in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ - name: Check in DB
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
+
+ - name: Check
+ assert:
+ that:
+ - result.rowcount.0 == 1
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ #========================
+
+ - name: Create role {{ role0 }} again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ - name: Check in DB
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
+
+ - name: Check
+ assert:
+ that:
+ - result.rowcount.0 == 1
+
+ #========================
+
+ - name: Drop role {{ role0 }} in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: absent
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check in DB
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
+
+ - name: Check
+ assert:
+ that:
+ - result.rowcount.0 == 1
+
+ # Must pass because of check_mode
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ # Must pass because of check_mode
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ #========================
+
+ - name: Drop role {{ role0 }}
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: absent
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check in DB
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
+
+ - name: Check
+ assert:
+ that:
+ - result.rowcount.0 == 0
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
+
+ #========================
+
+ - name: Drop role {{ role0 }} again in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: absent
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ - name: Drop role {{ role0 }} again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: absent
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ # ==================
+
+ - name: Create role {{ role0 }} in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ user0 }}@localhost'
+ priv:
+ '*.*': 'SELECT,INSERT'
+ 'mysql.*': 'UPDATE'
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check in DB
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
+
+ - name: Check
+ assert:
+ that:
+ - result.rowcount.0 == 0
+
+ #========================
+
+ - name: Create role {{ role0 }}
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ user0 }}@localhost'
+ priv:
+ '*.*': 'SELECT,INSERT'
+ 'mysql.*': 'UPDATE'
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check in DB
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}'"
+
+ - name: Check
+ assert:
+ that:
+ - result.rowcount.0 == 1
+
+ #========================
+
+ - name: Create role {{ role0 }} in check_mode again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ user0 }}@localhost'
+ priv:
+ '*.*': 'SELECT,INSERT'
+ 'mysql.*': 'UPDATE'
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ #========================
+
+ - name: Create role {{ role0 }} again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ user0 }}@localhost'
+ priv:
+ '*.*': 'SELECT,INSERT'
+ 'mysql.*': 'UPDATE'
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ # ##############################################
+ # Test rewriting / appending / detaching members
+ # ##############################################
+
+ - name: Create role {{ role1 }}
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role1 }}'
+ state: present
+
+ # Rewriting members
+ - name: Rewrite members in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ user1 }}@localhost'
+ - '{{ user2 }}@localhost'
+ - '{{ role1 }}'
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ # user0 is still a member because of check_mode
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ # user0 is still a member because of check_mode
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ # user1, user2, and role1 are not members because of check_mode
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ role1 }} USING '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ role1 }}' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
+
+ #========================
+
+ - name: Rewrite members
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ user1 }}@localhost'
+ - '{{ user2 }}@localhost'
+ - '{{ role1 }}'
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ # user0 is not a member any more
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is failed
+ when: install_type == 'mysql'
+
+ # user0 is not a member any more
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - "'{{ role0 }}' not in result.query_result.0.0['Grants for user0@localhost']"
+ when: install_type == 'mariadb'
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ role1 }} USING '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ role1 }}' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+
+ #==========================
+
+ - name: Rewrite members again in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ user1 }}@localhost'
+ - '{{ user2 }}@localhost'
+ - '{{ role1 }}'
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ #==========================
+
+ - name: Rewrite members again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ user1 }}@localhost'
+ - '{{ user2 }}@localhost'
+ - '{{ role1 }}'
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ #==========================
+
+ # Append members
+ - name: Append a member in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ append_members: yes
+ members:
+ - '{{ user0 }}@localhost'
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
+ #=====================
+
+ - name: Append a member
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ append_members: yes
+ members:
+ - '{{ user0 }}@localhost'
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ # user1 and user2 must still be in DB because we are appending
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ #========================
+
+ - name: Append a member again in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ append_members: yes
+ members:
+ - '{{ user0 }}@localhost'
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ #========================
+
+ - name: Append a member again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ append_members: yes
+ members:
+ - '{{ user0 }}@localhost'
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ ##############
+ # Detach users
+ - name: Detach users in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ detach_members: yes
+ members:
+ - '{{ user1 }}@localhost'
+ - '{{ user2 }}@localhost'
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ # They must be there because of check_mode
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ #========================
+
+ - name: Detach users
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ detach_members: yes
+ members:
+ - '{{ user1 }}@localhost'
+ - '{{ user2 }}@localhost'
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user0 }}@localhost USING '{{ role0 }}'"
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is succeeded
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user0 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 1
+ when: install_type == 'mariadb'
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user1 }}@localhost USING '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user1 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
+
+ - name: Check in DB, if not granted, the query will fail
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user2 }}@localhost USING '{{ role0 }}'"
+ ignore_errors: yes
+ when: install_type == 'mysql'
+
+ - name: Check
+ assert:
+ that:
+ - result is failed
+ when: install_type == 'mysql'
+
+ - name: Check in DB (mariadb)
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT count(User) as user_roles FROM mysql.roles_mapping WHERE User = '{{ user2 }}' AND Host = 'localhost' AND Role = '{{ role0 }}'"
+ when: install_type == 'mariadb'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0['user_roles'] == 0
+ when: install_type == 'mariadb'
+
+ #=====================
+
+ - name: Detach users in check_mode again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ detach_members: yes
+ members:
+ - '{{ user1 }}@localhost'
+ - '{{ user2 }}@localhost'
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ - name: Detach users again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ detach_members: yes
+ members:
+ - '{{ user1 }}@localhost'
+ - '{{ user2 }}@localhost'
+
+ - name: Check
+ assert:
+ that:
+ - result is not changed
+
+ - name: '"detach" users when creating a new role'
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role3 }}'
+ state: present
+ detach_members: yes
+ members:
+ - '{{ user1 }}@localhost'
+
+ - name: Check the role was created
+ assert:
+ that:
+ - result is changed
+
+ - name: Check grants
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ user1 }}@localhost"
+
+ - name: asssert detach_members did not add a user to the role
+ assert:
+ that:
+ - "'{{ role3 }}' not in result.query_result.0.0['Grants for {{ user1 }}@localhost']"
+
+ # test members_must_exist
+ - name: try failing on not-existing user in check-mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members_must_exist: yes
+ append_members: yes
+ members:
+ - 'not_existent@localhost'
+ ignore_errors: yes
+ check_mode: yes
+ - name: assert failure
+ assert:
+ that:
+ - result is failed
+
+ - name: try failing on not-existing user in check-mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members_must_exist: no
+ append_members: yes
+ members:
+ - 'not_existent@localhost'
+ check_mode: yes
+ - name: Check for lack of change
+ assert:
+ that:
+ - result is not changed
+
+ - name: try failing on not-existing user
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members_must_exist: yes
+ append_members: yes
+ members:
+ - 'not_existent@localhost'
+ ignore_errors: yes
+ - name: assert failure
+ assert:
+ that:
+ - result is failed
+
+ - name: try failing on not-existing user
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members_must_exist: no
+ append_members: yes
+ members:
+ - 'not_existent@localhost'
+ - name: Check for lack of change
+ assert:
+ that:
+ - result is not changed
+
+ # ##########
+ # Test privs
+ # ##########
+
+ - name: Create test DBs
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: 'CREATE DATABASE {{ item }}'
+ loop:
+ - '{{ test_db1 }}'
+ - '{{ test_db2 }}'
+
+ - name: Create table {{ test_table }}
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ login_db: '{{ item }}'
+ query: 'CREATE TABLE {{ test_table }} (id int)'
+ loop:
+ - '{{ test_db1 }}'
+ - '{{ test_db2 }}'
+
+ - name: Check grants
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ role0 }}"
+
+ - name: Check
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`"
+ - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`"
+ - result.rowcount.0 == 2
+ when: install_type == 'mysql'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`"
+ - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`"
+ - result.rowcount.0 == 2
+ when: install_type == 'mariadb'
+
+ - name: Append privs in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ priv: '{{ test_db1 }}.{{ test_table }}:SELECT,INSERT/{{ test_db2 }}.{{ test_table }}:DELETE'
+ append_privs: yes
+ check_mode: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check grants
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ role0 }}"
+
+ - name: Check
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`"
+ - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`"
+ - result.rowcount.0 == 2
+ when: install_type == 'mysql'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`"
+ - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`"
+ - result.rowcount.0 == 2
+ when: install_type == 'mariadb'
+
+ - name: Append privs
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ priv: '{{ test_db1 }}.{{ test_table }}:SELECT,INSERT/{{ test_db2 }}.{{ test_table }}:DELETE'
+ append_privs: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check grants
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ role0 }}"
+
+ - name: Check
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT, INSERT ON *.* TO `role0`@`%`"
+ - result.query_result.0.1["Grants for role0@%"] == "GRANT UPDATE ON `mysql`.* TO `role0`@`%`"
+ - result.query_result.0.2["Grants for role0@%"] == "GRANT SELECT, INSERT ON `test_db1`.`test_table` TO `role0`@`%`"
+ - result.query_result.0.3["Grants for role0@%"] == "GRANT DELETE ON `test_db2`.`test_table` TO `role0`@`%`"
+ - result.rowcount.0 == 4
+ when: install_type == 'mysql'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0"] == "GRANT SELECT, INSERT ON *.* TO `role0`"
+ - result.query_result.0.1["Grants for role0"] == "GRANT UPDATE ON `mysql`.* TO `role0`"
+ - result.query_result.0.2["Grants for role0"] == "GRANT SELECT, INSERT ON `test_db1`.`test_table` TO `role0`"
+ - result.query_result.0.3["Grants for role0"] == "GRANT DELETE ON `test_db2`.`test_table` TO `role0`"
+ - result.rowcount.0 == 4
+ when: install_type == 'mariadb'
+
+ - name: Append privs again in check_mode
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ priv: '{{ test_db1 }}.{{ test_table }}:SELECT,INSERT/{{ test_db2 }}.{{ test_table }}:DELETE'
+ append_privs: yes
+ check_mode: yes
+
+ # TODO it must be changed. The module uses user_mod function
+ # taken from mysql_user module. It's a bug / expected behavior
+ # because I added a similar tasks to mysql_user tests
+ # https://github.com/ansible-collections/community.mysql/issues/50#issuecomment-871216825
+ # and it's also failed. Create an issue after the module is merged to avoid conflicts.
+ # TODO Fix this after user_mod is fixed.
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Append privs again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ priv: '{{ test_db1 }}.{{ test_table }}:SELECT,INSERT/{{ test_db2 }}.{{ test_table }}:DELETE'
+ append_privs: yes
+
+ - name: Check that there's no change
+ assert:
+ that:
+ - result is not changed
+
+ - name: Rewrite privs
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ priv:
+ '*.*': 'SELECT'
+
+ - name: Check
+ assert:
+ that:
+ - result is changed
+
+ - name: Check grants
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SHOW GRANTS FOR {{ role0 }}"
+
+ - name: Check
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0@%"] == "GRANT SELECT ON *.* TO `role0`@`%`"
+ - result.rowcount.0 == 1
+ when: install_type == 'mysql'
+
+ - name: Check (mariadb)
+ assert:
+ that:
+ - result.query_result.0.0["Grants for role0"] == "GRANT SELECT ON *.* TO `role0`"
+ - result.rowcount.0 == 1
+ when: install_type == 'mariadb'
+
+ # #################
+ # Test admin option
+ # #################
+
+ - name: Drop role
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: absent
+
+ - name: Create role with admin
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ admin: '{{ user0 }}@localhost'
+ ignore_errors: yes
+
+ - name: Check with MySQL
+ assert:
+ that:
+ - result is failed
+ - result.msg is search('option can be used only with MariaDB')
+ when: install_type == 'mysql'
+
+ - name: Check with MariaDB
+ assert:
+ that:
+ - result is changed
+ when: install_type == 'mariadb'
+
+ - name: Check in DB
+ <<: *task_params
+ mysql_query:
+ <<: *mysql_params
+ query: "SELECT 1 FROM mysql.user WHERE User = '{{ role0 }}' AND Host = ''"
+ when: install_type == 'mariadb'
+
+ - name: Check
+ assert:
+ that:
+ - result.rowcount.0 == 1
+ when: install_type == 'mariadb'
+
+ - name: Create role with admin again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ admin: '{{ user0 }}@localhost'
+ ignore_errors: yes
+
+ - name: Check with MySQL
+ assert:
+ that:
+ - result is failed
+ - result.msg is search('option can be used only with MariaDB')
+ when: install_type == 'mysql'
+
+ - name: Check with MariaDB
+ assert:
+ that:
+ - result is not changed
+ when: install_type == 'mariadb'
+
+ # Try to grant a role to a user who does not exist
+ - name: Create role with admin again
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role0 }}'
+ state: present
+ members:
+ - '{{ nonexistent }}@localhost'
+ ignore_errors: yes
+
+ - name: Check
+ assert:
+ that:
+ - result is failed
+ - result.msg is search('does not exist')
+
+ always:
+ # Clean up
+ - name: Drop DBs
+ mysql_query:
+ <<: *mysql_params
+ query: 'DROP DATABASE {{ item }}'
+ loop:
+ - '{{ test_db }}'
+ - '{{ test_db1 }}'
+ - '{{ test_db2 }}'
+
+ - name: Drop users
+ <<: *task_params
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: absent
+ loop:
+ - '{{ user0 }}'
+ - '{{ user1 }}'
+ - '{{ user2 }}'
+
+ - name: Drop roles
+ <<: *task_params
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: absent
+ loop:
+ - '{{ role0 }}'
+ - test
+ - '{{ role3 }}'
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/test_priv_subtract.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/test_priv_subtract.yml
new file mode 100644
index 00000000..95d2f1d1
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_role/tasks/test_priv_subtract.yml
@@ -0,0 +1,168 @@
+# Test code to ensure that subtracting privileges will not result in unnecessary changes.
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ - name: Create test databases
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: present
+ loop:
+ - data1
+
+ - name: Create a role with an initial set of privileges
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role2 }}'
+ priv: 'data1.*:SELECT,INSERT'
+ state: present
+
+ - name: Run command to show privileges for role (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
+ register: result
+
+ - name: Assert that the initial set of privileges matches what is expected
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+
+ - name: Subtract privileges that are not in the current privileges, which should be a no-op
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role2 }}'
+ priv: 'data1.*:DELETE'
+ subtract_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+
+ - name: Assert that there wasn't a change in permissions
+ assert:
+ that:
+ - result is not changed
+
+ - name: Run command to show privileges for role (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
+ register: result
+
+ - name: Assert that the permissions still match what was originally granted
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+
+ - name: Subtract existing and not-existing privileges, but not all
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role2 }}'
+ priv: 'data1.*:INSERT,DELETE'
+ subtract_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+
+ - name: Assert that there was a change because permissions were/would be revoked on data1.*
+ assert:
+ that:
+ - result is changed
+
+ - name: Run command to show privileges for role (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
+ register: result
+
+ - name: Assert that the permissions were not changed if check_mode is set to 'yes'
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'yes'
+
+ - name: Assert that only DELETE was revoked if check_mode is set to 'no'
+ assert:
+ that:
+ - "'GRANT SELECT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'no'
+
+ - name: Try to subtract invalid privileges
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role2 }}'
+ priv: 'data1.*:INVALID'
+ subtract_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+
+ - name: Assert that there was no change because invalid permissions are ignored
+ assert:
+ that:
+ - result is not changed
+
+ - name: Run command to show privileges for role (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
+ register: result
+
+ - name: Assert that the permissions were not changed with check_mode=='yes'
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'yes'
+
+ - name: Assert that the permissions were not changed with check_mode=='no'
+ assert:
+ that:
+ - "'GRANT SELECT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'no'
+
+ - name: trigger failure by trying to subtract and append privileges at the same time
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role2 }}'
+ priv: 'data1.*:SELECT'
+ subtract_privs: yes
+ append_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+ ignore_errors: true
+
+ - name: Assert the previous execution failed
+ assert:
+ that:
+ - result is failed
+
+ - name: Run command to show privileges for role (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ role2 }}'\""
+ register: result
+
+ - name: Assert that the permissions stayed the same, with check_mode=='yes'
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'yes'
+
+ - name: Assert that the permissions stayed the same, with check_mode=='no'
+ assert:
+ that:
+ - "'GRANT SELECT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'no'
+
+ ##########
+ # Clean up
+ - name: Drop test databases
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: present
+ loop:
+ - data1
+
+ - name: Drop test role
+ mysql_role:
+ <<: *mysql_params
+ name: '{{ role2 }}'
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/defaults/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/defaults/main.yml
new file mode 100644
index 00000000..5cf9074b
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/defaults/main.yml
@@ -0,0 +1,26 @@
+---
+# defaults file for test_mysql_user
+mysql_user: root
+mysql_password: msandbox
+mysql_host: 127.0.0.1
+mysql_primary_port: 3307
+
+db_name: 'data'
+user_name_1: 'db_user1'
+user_name_2: 'db_user2'
+user_name_3: 'db_user3'
+user_name_4: 'db_user4'
+
+user_password_1: 'gadfFDSdtTU^Sdfuj'
+user_password_2: 'jkFKUdfhdso78yi&td'
+user_password_3: 'jkFKUdfhdso78yi&tk'
+user_password_4: 's2R#7pLV31!ZJrXPa3'
+
+root_password: 'zevuR6oPh7'
+
+db_names:
+ - clientdb
+ - employeedb
+ - providerdb
+
+tmp_dir: '/tmp'
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/files/create-function.sql b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/files/create-function.sql
new file mode 100644
index 00000000..d16118cd
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/files/create-function.sql
@@ -0,0 +1,8 @@
+USE foo;
+DELIMITER ;;
+CREATE FUNCTION `function` () RETURNS tinyint(4) DETERMINISTIC
+BEGIN
+ DECLARE NAME_FOUND tinyint DEFAULT 0;
+ RETURN NAME_FOUND;
+END;;
+DELIMITER ;
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/files/create-procedure.sql b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/files/create-procedure.sql
new file mode 100644
index 00000000..d0d45aa4
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/files/create-procedure.sql
@@ -0,0 +1,5 @@
+USE bar;
+DELIMITER ;;
+CREATE PROCEDURE `procedure` ()
+SELECT * FROM bar;;
+DELIMITER ;
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/meta/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/meta/main.yml
new file mode 100644
index 00000000..a7ace5d1
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+ - setup_mysql
+ - setup_remote_tmp_dir
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_no_user.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_no_user.yml
new file mode 100644
index 00000000..98610842
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_no_user.yml
@@ -0,0 +1,25 @@
+# test code to assert no mysql user
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+- name: run command to query for mysql user
+ command: "{{ mysql_command }} -e \"SELECT User FROM mysql.user where user='{{ user_name }}'\""
+ register: result
+
+- name: assert mysql user is not present
+ assert: { that: "'{{ user_name }}' not in result.stdout" }
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_user.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_user.yml
new file mode 100644
index 00000000..d95d9d21
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_user.yml
@@ -0,0 +1,38 @@
+# test code to assert mysql user
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+- name: run command to query for mysql user
+ command: "{{ mysql_command }} -e \"SELECT User FROM mysql.user where user='{{ user_name }}'\""
+ register: result
+
+- name: assert mysql user is present
+ assert:
+ that:
+ - "'{{ user_name }}' in result.stdout"
+
+- name: run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name }}'@'localhost'\""
+ register: result
+ when: priv is defined
+
+- name: assert user has giving privileges
+ assert:
+ that:
+ - "'GRANT {{priv}} ON *.*' in result.stdout"
+ when: priv is defined
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_user_password.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_user_password.yml
new file mode 100644
index 00000000..ba045eb2
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/assert_user_password.yml
@@ -0,0 +1,24 @@
+- name: "applying user {{ username }}@{{ host }} with update_password={{ update_password }}"
+ mysql_user:
+ login_user: '{{ mysql_parameters.login_user }}'
+ login_password: '{{ mysql_parameters.login_password }}'
+ login_host: '{{ mysql_parameters.login_host }}'
+ login_port: '{{ mysql_parameters.login_port }}'
+ state: present
+ name: "{{ username }}"
+ host: "{{ host }}"
+ password: "{{ password }}"
+ update_password: "{{ update_password }}"
+ register: result
+- name: assert a change occurred
+ assert:
+ that:
+ - "result.changed | bool == {{ expect_change }} | bool"
+ - "result.password_changed == {{ expect_password_change }}"
+- name: query the user
+ command: "{{ mysql_command }} -BNe \"SELECT plugin, authentication_string FROM mysql.user where user='{{ username }}' and host='{{ host }}'\""
+ register: existing_user
+- name: assert the password is as set to expect_hash
+ assert:
+ that:
+ - "'mysql_native_password\t{{ expect_password_hash }}' in existing_user.stdout_lines"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/create_user.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/create_user.yml
new file mode 100644
index 00000000..9984ea99
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/create_user.yml
@@ -0,0 +1,46 @@
+# test code to create mysql user
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: yes
+
+ # ============================================================
+ - name: create mysql user {{user_name}}
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name }}'
+ password: '{{ user_password }}'
+ state: present
+ register: result
+
+ - name: assert output message mysql user was created
+ assert:
+ that:
+ - result is changed
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-121.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-121.yml
new file mode 100644
index 00000000..7d789ef8
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-121.yml
@@ -0,0 +1,76 @@
+---
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ # ============================================================
+
+ - name: get server certificate
+ copy:
+ content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+ dest: /tmp/cert.pem
+ delegate_to: localhost
+
+ - name: get server version
+ mysql_info:
+ <<: *mysql_params
+ filter: version
+ register: db_version
+
+ - set_fact:
+ old_user_mgmt: "{{ db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2 | bool }}"
+
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: absent
+ ignore_errors: yes
+ with_items:
+ - "{{ user_name_1 }}"
+ - "{{ user_name_2 }}"
+
+ - name: create user with REQUIRESSL privilege (expect failure)
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+ - result.msg is search('Error granting privileges')
+
+ - name: create user with both REQUIRESSL privilege and an incompatible tls_requires option
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ priv: '*.*:SELECT,CREATE USER,REQUIRESSL,GRANT'
+ tls_requires:
+ X509:
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+ - result.msg is search('Error granting privileges')
+
+ - name: Drop mysql user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ item }}'
+ host: 127.0.0.1
+ state: absent
+ with_items:
+ - "{{ user_name_1 }}"
+ - "{{ user_name_2 }}"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-265.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-265.yml
new file mode 100644
index 00000000..167b69b7
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-265.yml
@@ -0,0 +1,168 @@
+---
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: yes
+
+ # Tests with force_context: yes
+ # Test user creation
+ - name: create mysql user {{user_name_1}}
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ state: present
+ force_context: yes
+ register: result
+
+ - name: assert output message mysql user was created
+ assert:
+ that:
+ - result is changed
+
+ - include: assert_user.yml user_name={{user_name_1}}
+
+ # Test user removal
+ - name: remove mysql user {{user_name_1}}
+ mysql_user:
+ <<: *mysql_params
+ name: '{{user_name_1}}'
+ password: '{{user_password_1}}'
+ state: absent
+ force_context: yes
+ register: result
+
+ - name: assert output message mysql user was removed
+ assert:
+ that:
+ - result is changed
+
+ # Test blank user removal
+ - name: create blank mysql user to be removed later
+ mysql_user:
+ <<: *mysql_params
+ name: ""
+ state: present
+ force_context: yes
+ password: 'KJFDY&D*Sfuydsgf'
+
+ - name: remove blank mysql user with hosts=all (expect changed)
+ mysql_user:
+ <<: *mysql_params
+ user: ""
+ host_all: true
+ state: absent
+ force_context: yes
+ register: result
+
+ - name: assert changed is true for removing all blank users
+ assert:
+ that:
+ - result is changed
+
+ - name: remove blank mysql user with hosts=all (expect ok)
+ mysql_user:
+ <<: *mysql_params
+ user: ""
+ host_all: true
+ force_context: yes
+ state: absent
+ register: result
+
+ - name: assert changed is true for removing all blank users
+ assert:
+ that:
+ - result is not changed
+
+ - include: assert_no_user.yml user_name={{user_name_1}}
+
+ # Tests with force_context: no
+ # Test user creation
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: yes
+
+ # Tests with force_context: yes
+ # Test user creation
+ - name: create mysql user {{user_name_1}}
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ state: present
+ force_context: yes
+ register: result
+
+ - name: assert output message mysql user was created
+ assert:
+ that:
+ - result is changed
+
+ - include: assert_user.yml user_name={{user_name_1}}
+
+ # Test user removal
+ - name: remove mysql user {{user_name_1}}
+ mysql_user:
+ <<: *mysql_params
+ name: '{{user_name_1}}'
+ password: '{{user_password_1}}'
+ state: absent
+ force_context: no
+ register: result
+
+ - name: assert output message mysql user was removed
+ assert:
+ that:
+ - result is changed
+
+ # Test blank user removal
+ - name: create blank mysql user to be removed later
+ mysql_user:
+ <<: *mysql_params
+ name: ""
+ state: present
+ force_context: no
+ password: 'KJFDY&D*Sfuydsgf'
+
+ - name: remove blank mysql user with hosts=all (expect changed)
+ mysql_user:
+ <<: *mysql_params
+ user: ""
+ host_all: true
+ state: absent
+ force_context: no
+ register: result
+
+ - name: assert changed is true for removing all blank users
+ assert:
+ that:
+ - result is changed
+
+ - name: remove blank mysql user with hosts=all (expect ok)
+ mysql_user:
+ <<: *mysql_params
+ user: ""
+ host_all: true
+ force_context: no
+ state: absent
+ register: result
+
+ - name: assert changed is true for removing all blank users
+ assert:
+ that:
+ - result is not changed
+
+ - include: assert_no_user.yml user_name={{user_name_1}}
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-28.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-28.yml
new file mode 100644
index 00000000..d56965a6
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-28.yml
@@ -0,0 +1,89 @@
+---
+- name: set fact tls_enabled
+ command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
+ register: result
+- set_fact:
+ tls_enabled: "{{ 'YES' in result.stdout | bool | default('false', true) }}"
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ when: tls_enabled
+ block:
+
+ # ============================================================
+ - name: get server certificate
+ copy:
+ content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+ dest: /tmp/cert.pem
+ delegate_to: localhost
+
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: yes
+
+ - name: create user with ssl requirement
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ priv: '*.*:ALL,GRANT'
+ tls_requires:
+ SSL:
+
+ - name: attempt connection with newly created user (expect failure)
+ mysql_user:
+ name: "{{ user_name_2 }}"
+ password: "{{ user_password_2 }}"
+ host: 127.0.0.1
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+ when: connector_name is search('pymysql')
+
+ - assert:
+ that:
+ - result is succeeded
+ when: connector_name is not search('pymysql')
+
+ - name: attempt connection with newly created user ignoring hostname
+ mysql_user:
+ name: "{{ user_name_2 }}"
+ password: "{{ user_password_2 }}"
+ host: 127.0.0.1
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ check_hostname: no
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+ - name: Drop mysql user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ item }}'
+ host: 127.0.0.1
+ state: absent
+ with_items:
+ - "{{ user_name_1 }}"
+ - "{{ user_name_2 }}"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-29511.yaml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-29511.yaml
new file mode 100644
index 00000000..31e6edfe
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-29511.yaml
@@ -0,0 +1,86 @@
+---
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ - name: Issue test setup - drop database
+ mysql_db:
+ <<: *mysql_params
+ name: "{{ item }}"
+ state: absent
+ loop:
+ - foo
+ - bar
+
+ - name: Issue test setup - create database
+ mysql_db:
+ <<: *mysql_params
+ name: "{{ item }}"
+ state: present
+ loop:
+ - foo
+ - bar
+
+ - name: Copy SQL scripts to remote
+ copy:
+ src: "{{ item }}"
+ dest: "{{ remote_tmp_dir }}/{{ item | basename }}"
+ with_items:
+ - create-function.sql
+ - create-procedure.sql
+
+ - name: Create function for test
+ shell: "{{ mysql_command }} < {{ remote_tmp_dir }}/create-function.sql"
+
+ - name: Create procedure for test
+ shell: "{{ mysql_command }} < {{ remote_tmp_dir }}/create-procedure.sql"
+
+ - name: Create user with FUNCTION and PROCEDURE privileges
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ state: present
+ priv: 'FUNCTION foo.function:EXECUTE/foo.*:SELECT/PROCEDURE bar.procedure:EXECUTE'
+ register: result
+
+ - name: Assert Create user with FUNCTION and PROCEDURE privileges
+ assert:
+ that:
+ - result is success
+ - result is changed
+
+ - name: Create user with FUNCTION and PROCEDURE privileges - Idempotent check
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ state: present
+ priv: 'FUNCTION foo.function:EXECUTE/foo.*:SELECT/PROCEDURE bar.procedure:EXECUTE'
+ register: result
+
+ - name: Assert Create user with FUNCTION and PROCEDURE privileges
+ assert:
+ that:
+ - result is success
+ - result is not changed
+
+ - name: Remove user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ state: absent
+
+ - name: Issue test teardown - cleanup databases
+ mysql_db:
+ <<: *mysql_params
+ name: "{{ item }}"
+ state: absent
+ loop:
+ - foo
+ - bar
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-64560.yaml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-64560.yaml
new file mode 100644
index 00000000..1c0af682
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/issue-64560.yaml
@@ -0,0 +1,49 @@
+---
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ - name: Set root password
+ mysql_user:
+ <<: *mysql_params
+ name: root
+ password: '{{ root_password }}'
+ check_implicit_admin: yes
+ register: result
+
+ - name: assert root password is changed
+ assert:
+ that:
+ - result is changed
+
+ - name: Set root password again
+ mysql_user:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ root_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: root
+ password: '{{ root_password }}'
+ check_implicit_admin: yes
+ register: result
+
+ - name: Assert root password is not changed
+ assert:
+ that:
+ - result is not changed
+
+ - name: Set root password again
+ mysql_user:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ root_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ name: root
+ password: '{{ mysql_password }}'
+ check_implicit_admin: yes
+ register: result
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/main.yml
new file mode 100644
index 00000000..5a029b8b
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/main.yml
@@ -0,0 +1,326 @@
+####################################################################
+# WARNING: These are designed specifically for Ansible tests #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+# test code for the mysql_user module
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 dof the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+# create mysql user and verify user is added to mysql database
+#
+- name: alias mysql command to include default options
+ set_fact:
+ mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ - include: issue-121.yml
+
+ - include: issue-28.yml
+
+ - include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+ - include: resource_limits.yml
+
+ - include: assert_user.yml user_name={{user_name_1}}
+
+ - include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+ - include: assert_no_user.yml user_name={{user_name_1}}
+
+ # ============================================================
+ # Create mysql user that already exist on mysql database
+ #
+ - include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+ - name: create mysql user that already exist (expect changed=false)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{user_name_1}}'
+ password: '{{user_password_1}}'
+ state: present
+ session_vars:
+ sort_buffer_size: 1024
+ register: result
+
+ - name: assert output message mysql user was not created
+ assert:
+ that:
+ - result is not changed
+
+ # Try to set wrong session variable, must fail
+ - name: create mysql user trying to set global variable which is forbidden
+ mysql_user:
+ <<: *mysql_params
+ name: '{{user_name_1}}'
+ password: '{{user_password_1}}'
+ state: present
+ session_vars:
+ max_connections: 1000
+ register: result
+ ignore_errors: true
+
+ - name: we cannot set a global variable
+ assert:
+ that:
+ - result is failed
+ - result.msg is search('is a GLOBAL variable')
+
+ # ============================================================
+ # remove mysql user and verify user is removed from mysql database
+ #
+ - name: remove mysql user state=absent (expect changed=true)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ state: absent
+ register: result
+
+ - name: assert output message mysql user was removed
+ assert:
+ that:
+ - result is changed
+
+ - include: assert_no_user.yml user_name={{user_name_1}}
+
+ # ============================================================
+ # remove mysql user that does not exist on mysql database
+ #
+ - name: remove mysql user that does not exist state=absent (expect changed=false)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ state: absent
+ register: result
+
+ - name: assert output message mysql user that does not exist
+ assert:
+ that:
+ - result is not changed
+
+ - include: assert_no_user.yml user_name={{user_name_1}}
+
+ # ============================================================
+ # Create user with no privileges and verify default privileges are assign
+ #
+ - name: create user with select privilege state=present (expect changed=true)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ state: present
+ register: result
+
+ - include: assert_user.yml user_name={{user_name_1}} priv=USAGE
+
+ - include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+ - include: assert_no_user.yml user_name={{user_name_1}}
+
+ # ============================================================
+ # Create user with select privileges and verify select privileges are assign
+ #
+ - name: create user with select privilege state=present (expect changed=true)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ state: present
+ priv: '*.*:SELECT'
+ register: result
+
+ - include: assert_user.yml user_name={{user_name_2}} priv=SELECT
+
+ - include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_2 }}
+
+ - include: assert_no_user.yml user_name={{user_name_2}}
+
+ # ============================================================
+ # Assert user has access to multiple databases
+ #
+ - name: give users access to multiple databases
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ item[0] }}'
+ priv: '{{ item[1] }}.*:ALL'
+ append_privs: yes
+ password: '{{ user_password_1 }}'
+ with_nested:
+ - [ '{{ user_name_1 }}', '{{ user_name_2 }}']
+ - "{{db_names}}"
+
+ - name: show grants access for user1 on multiple database
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
+ register: result
+
+ - name: assert grant access for user1 on multiple database
+ assert:
+ that:
+ - "'{{ item }}' in result.stdout"
+ with_items: "{{db_names}}"
+
+ - name: show grants access for user2 on multiple database
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost'\""
+ register: result
+
+ - name: assert grant access for user2 on multiple database
+ assert:
+ that:
+ - "'{{ item }}' in result.stdout"
+ with_items: "{{db_names}}"
+
+ - include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+ - include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
+
+ - name: give user access to database via wildcard
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ priv: '%db.*:SELECT'
+ append_privs: yes
+ password: '{{ user_password_1 }}'
+
+ - name: show grants access for user1 on multiple database
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
+ register: result
+
+ - name: assert grant access for user1 on multiple database
+ assert:
+ that:
+ - "'%db' in result.stdout"
+ - "'SELECT' in result.stdout"
+
+ - name: test priv type check, must fail
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ priv:
+ - unsuitable
+ - type
+ append_privs: yes
+ host_all: yes
+ password: '{{ user_password_1 }}'
+ register: result
+ ignore_errors: yes
+
+ - name: check fail message
+ assert:
+ that:
+ - result is failed
+ - result.msg is search('priv parameter must be str or dict')
+
+ - name: change user access to database via wildcard
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ priv: '%db.*:INSERT'
+ append_privs: yes
+ host_all: yes
+ password: '{{ user_password_1 }}'
+
+ - name: show grants access for user1 on multiple database
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost'\""
+ register: result
+
+ - name: assert grant access for user1 on multiple database
+ assert:
+ that:
+ - "'%db' in result.stdout"
+ - "'INSERT' in result.stdout"
+
+ - include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+ # ============================================================
+ # Test plaintext and encrypted password scenarios.
+ #
+ - include: test_user_password.yml
+
+ # ============================================================
+ # Test plugin authentication scenarios.
+ #
+ # FIXME: mariadb sql syntax for create/update user is not compatible
+ - include: test_user_plugin_auth.yml
+ when: install_type == 'mysql'
+
+ # ============================================================
+ # Assert create user with SELECT privileges, attempt to create database and update privileges to create database
+ #
+ - include: test_privs.yml current_privilege=SELECT current_append_privs=no
+
+ # ============================================================
+ # Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
+ #
+ - include: test_privs.yml current_privilege=DROP current_append_privs=yes
+
+ # ============================================================
+ # Assert create user with SELECT privileges, attempt to create database and update privileges to create database
+ #
+ - include: test_privs.yml current_privilege='UPDATE,ALTER' current_append_privs=no
+
+ # ============================================================
+ # Assert creating user with SELECT privileges, attempt to create database and append privileges to create database
+ #
+ - include: test_privs.yml current_privilege='INSERT,DELETE' current_append_privs=yes
+
+ # Tests for the priv parameter with dict value (https://github.com/ansible/ansible/issues/57533)
+ - include: test_priv_dict.yml
+
+ # Test that append_privs will not attempt to make a change where current privileges are a superset of new privileges
+ # (https://github.com/ansible-collections/community.mysql/issues/69)
+ - include: test_priv_append.yml enable_check_mode=no
+ - include: test_priv_append.yml enable_check_mode=yes
+
+ # Test that subtract_privs will only revoke the grants given by priv
+ # (https://github.com/ansible-collections/community.mysql/issues/331)
+ - include: test_priv_subtract.yml enable_check_mode=no
+ - include: test_priv_subtract.yml enable_check_mode=yes
+
+ - import_tasks: test_privs_issue_465.yml
+ tags:
+ - issue_465
+
+ # Tests for the TLS requires dictionary
+ - include: tls_requirements.yml
+
+ - import_tasks: issue-29511.yaml
+ tags:
+ - issue-29511
+
+ - import_tasks: issue-64560.yaml
+ tags:
+ - issue-64560
+
+ # Test that mysql_user still works with force_context enabled (database set to "mysql")
+ # (https://github.com/ansible-collections/community.mysql/issues/265)
+ - include: issue-265.yml
+
+ # https://github.com/ansible-collections/community.mysql/issues/231
+ - include: test_user_grants_with_roles_applied.yml
+
+ - include: revoke_only_grant.yml \ No newline at end of file
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/remove_user.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/remove_user.yml
new file mode 100644
index 00000000..7a2c9e96
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/remove_user.yml
@@ -0,0 +1,74 @@
+# test code to remove mysql user
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ # ============================================================
+ - name: remove mysql user {{user_name}}
+ mysql_user:
+ <<: *mysql_params
+ name: '{{user_name}}'
+ password: '{{user_password}}'
+ state: absent
+ register: result
+
+ - name: assert output message mysql user was removed
+ assert:
+ that:
+ - result is changed
+
+ # ============================================================
+ - name: create blank mysql user to be removed later
+ mysql_user:
+ <<: *mysql_params
+ name: ""
+ state: present
+ password: 'KJFDY&D*Sfuydsgf'
+
+ - name: remove blank mysql user with hosts=all (expect changed)
+ mysql_user:
+ <<: *mysql_params
+ user: ""
+ host_all: true
+ state: absent
+ register: result
+
+ - name: assert changed is true for removing all blank users
+ assert:
+ that:
+ - result is changed
+
+ - name: remove blank mysql user with hosts=all (expect ok)
+ mysql_user:
+ <<: *mysql_params
+ user: ""
+ host_all: true
+ state: absent
+ register: result
+
+ - name: assert changed is true for removing all blank users
+ assert:
+ that:
+ - result is not changed
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/resource_limits.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/resource_limits.yml
new file mode 100644
index 00000000..736adb33
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/resource_limits.yml
@@ -0,0 +1,118 @@
+# test code for resource_limits parameter
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ - name: Drop mysql user {{ user_name_1 }} if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+
+ - name: Create mysql user {{ user_name_1 }} with resource limits in check_mode
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ state: present
+ resource_limits:
+ MAX_QUERIES_PER_HOUR: 10
+ MAX_CONNECTIONS_PER_HOUR: 5
+ check_mode: yes
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+
+ - name: Create mysql user {{ user_name_1 }} with resource limits in actual mode
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ state: present
+ resource_limits:
+ MAX_QUERIES_PER_HOUR: 10
+ MAX_CONNECTIONS_PER_HOUR: 5
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+
+ - name: Check
+ mysql_query:
+ <<: *mysql_params
+ query: >
+ SELECT User FROM mysql.user WHERE User = '{{ user_name_1 }}' AND Host = 'localhost'
+ AND max_questions = 10 AND max_connections = 5
+ register: result
+
+ - assert:
+ that:
+ - result.rowcount[0] == 1
+
+ - name: Try to set the same limits again in check mode
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ state: present
+ resource_limits:
+ MAX_QUERIES_PER_HOUR: 10
+ MAX_CONNECTIONS_PER_HOUR: 5
+ check_mode: yes
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+
+ - name: Try to set the same limits again in actual mode
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ state: present
+ resource_limits:
+ MAX_QUERIES_PER_HOUR: 10
+ MAX_CONNECTIONS_PER_HOUR: 5
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+
+ - name: Change limits
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ state: present
+ resource_limits:
+ MAX_QUERIES_PER_HOUR: 5
+ MAX_CONNECTIONS_PER_HOUR: 5
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+
+ - name: Check
+ mysql_query:
+ <<: *mysql_params
+ query: >
+ SELECT User FROM mysql.user WHERE User = '{{ user_name_1 }}' AND Host = 'localhost'
+ AND max_questions = 5 AND max_connections = 5
+ register: result
+
+ - assert:
+ that:
+ - result.rowcount[0] == 1
+
+ when: (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version >= '18') or (ansible_distribution == 'CentOS' and ansible_distribution_major_version >= '8')
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml
new file mode 100644
index 00000000..19b9b6a9
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/revoke_only_grant.yml
@@ -0,0 +1,58 @@
+---
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ block:
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: true
+
+ - name: create user with two grants
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ update_password: on_create
+ priv: '*.*:SELECT,GRANT'
+
+ - name: user must have only on priv, grant priv must be dropped
+ register: result
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ update_password: on_create
+ priv: '*.*:SELECT'
+
+ - assert:
+ that:
+ - result is not failed
+ - result is changed
+
+ - name: immutable - user must have only on priv, grant priv must be dropped
+ register: result
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ update_password: on_create
+ priv: '*.*:SELECT'
+
+ - assert:
+ that:
+ - result is not failed
+ - result is not changed
+
+ always:
+ - name: drop user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: true
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_append.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_append.yml
new file mode 100644
index 00000000..583f7c06
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_append.yml
@@ -0,0 +1,133 @@
+# Test code to ensure that appending privileges will not result in unnecessary changes when the current privileges
+# are a superset of the new privileges that have been defined.
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ - name: Create test databases
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: present
+ loop:
+ - data1
+ - data2
+
+ - name: Create a user with an initial set of privileges
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ password: '{{ user_password_4 }}'
+ priv: 'data1.*:SELECT,INSERT/data2.*:SELECT,DELETE'
+ state: present
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
+ register: result
+
+ - name: Assert that the initial set of privileges matches what is expected
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+ - "'GRANT SELECT, DELETE ON `data2`.*' in result.stdout"
+
+ - name: Append privileges that are a subset of the current privileges, which should be a no-op
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ password: '{{ user_password_4 }}'
+ priv: 'data1.*:SELECT/data2.*:SELECT'
+ append_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+
+ - name: Assert that there wasn't a change in permissions
+ assert:
+ that:
+ - result is not changed
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
+ register: result
+
+ - name: Assert that the permissions still match what was originally granted
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+ - "'GRANT SELECT, DELETE ON `data2`.*' in result.stdout"
+
+ - name: Append privileges that are not included in the current set of privileges to test that privileges are updated
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ password: '{{ user_password_4 }}'
+ priv: 'data1.*:DELETE/data2.*:SELECT'
+ append_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+
+ - name: Assert that there was a change because permissions were added to data1.*
+ assert:
+ that:
+ - result is changed
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
+ register: result
+
+ - name: Assert that the permissions were changed as expected if check_mode is set to 'no'
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT, DELETE ON `data1`.*' in result.stdout"
+ - "'GRANT SELECT, DELETE ON `data2`.*' in result.stdout"
+ when: enable_check_mode == 'no'
+
+ - name: Assert that the permissions were not actually changed if check_mode is set to 'yes'
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+ - "'GRANT SELECT, DELETE ON `data2`.*' in result.stdout"
+ when: enable_check_mode == 'yes'
+
+ - name: Try to append invalid privileges
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ password: '{{ user_password_4 }}'
+ priv: 'data1.*:INVALID/data2.*:SELECT'
+ append_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+ ignore_errors: true
+
+ - name: Assert that there wasn't a change in privileges if check_mode is set to 'no'
+ assert:
+ that:
+ - result is failed
+ - "'Error granting privileges' in result.msg"
+ when: enable_check_mode == 'no'
+
+ ##########
+ # Clean up
+ - name: Drop test databases
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: present
+ loop:
+ - data1
+ - data2
+
+ - name: Drop test user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_dict.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_dict.yml
new file mode 100644
index 00000000..d54c9467
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_dict.yml
@@ -0,0 +1,152 @@
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ # Tests for priv parameter value passed as a dict
+ - name: Create test databases
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: present
+ loop:
+ - data1
+ - data2
+ - data3
+
+ - name: Create user with privileges
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ password: '{{ user_password_3 }}'
+ priv:
+ "data1.*": "SELECT"
+ "data2.*": "SELECT"
+ state: present
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
+ register: result
+
+ - name: Assert user has giving privileges
+ assert:
+ that:
+ - "'GRANT SELECT ON `data1`.*' in result.stdout"
+ - "'GRANT SELECT ON `data2`.*' in result.stdout"
+
+ # Issue https://github.com/ansible-collections/community.mysql/issues/99
+ - name: Create test table test_table_issue99
+ mysql_query:
+ <<: *mysql_params
+ query: "CREATE TABLE IF NOT EXISTS data3.test_table_issue99 (a INT, b INT, c INT)"
+
+ - name: Grant select on a column
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ priv:
+ 'data3.test_table_issue99': 'SELECT (a)'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+
+ - name: Grant select on the column again
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ priv:
+ 'data3.test_table_issue99': 'SELECT (a)'
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+
+
+ - name: Grant select on columns
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ priv:
+ 'data3.test_table_issue99': 'SELECT (a, b),INSERT'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+
+ - name: Grant select on columns again
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ priv:
+ 'data3.test_table_issue99': 'SELECT (a, b),INSERT'
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+
+ - name: Grant privs on columns
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ priv:
+ 'data3.test_table_issue99': 'SELECT (a, b), INSERT (a, b), UPDATE'
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+
+ - name: Grant same privs on columns again, note that the column order is different
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ priv:
+ 'data3.test_table_issue99': 'SELECT (a, b), UPDATE, INSERT (b, a)'
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
+ register: result
+
+ - name: Assert user has giving privileges
+ assert:
+ that:
+ - "'GRANT SELECT (`A`, `B`), INSERT (`A`, `B`), UPDATE' in result.stdout"
+ when: "'(`A`, `B`)' in result.stdout"
+
+ - name: Assert user has giving privileges
+ assert:
+ that:
+ - "'GRANT SELECT (A, B), INSERT (A, B), UPDATE' in result.stdout"
+ when: "'(`A`, `B`)' not in result.stdout"
+
+ ##########
+ # Clean up
+ - name: Drop test databases
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: present
+ loop:
+ - data1
+ - data2
+ - data3
+
+ - name: Drop test user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml
new file mode 100644
index 00000000..75952432
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_priv_subtract.yml
@@ -0,0 +1,173 @@
+# Test code to ensure that subtracting privileges will not result in unnecessary changes.
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ - name: Create test databases
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: present
+ loop:
+ - data1
+
+ - name: Create a user with an initial set of privileges
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ password: '{{ user_password_4 }}'
+ priv: 'data1.*:SELECT,INSERT'
+ state: present
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
+ register: result
+
+ - name: Assert that the initial set of privileges matches what is expected
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+
+ - name: Subtract privileges that are not in the current privileges, which should be a no-op
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ password: '{{ user_password_4 }}'
+ priv: 'data1.*:DELETE'
+ subtract_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+
+ - name: Assert that there wasn't a change in permissions
+ assert:
+ that:
+ - result is not changed
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
+ register: result
+
+ - name: Assert that the permissions still match what was originally granted
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+
+ - name: Subtract existing and not-existing privileges, but not all
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ password: '{{ user_password_4 }}'
+ priv: 'data1.*:INSERT,DELETE'
+ subtract_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+
+ - name: Assert that there was a change because permissions were/would be revoked on data1.*
+ assert:
+ that:
+ - result is changed
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
+ register: result
+
+ - name: Assert that the permissions were not changed if check_mode is set to 'yes'
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'yes'
+
+ - name: Assert that only DELETE was revoked if check_mode is set to 'no'
+ assert:
+ that:
+ - "'GRANT SELECT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'no'
+
+ - name: Try to subtract invalid privileges
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ password: '{{ user_password_4 }}'
+ priv: 'data1.*:INVALID'
+ subtract_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+
+ - name: Assert that there was no change because invalid permissions are ignored
+ assert:
+ that:
+ - result is not changed
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
+ register: result
+
+ - name: Assert that the permissions were not changed with check_mode=='yes'
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'yes'
+
+ - name: Assert that the permissions were not changed with check_mode=='no'
+ assert:
+ that:
+ - "'GRANT SELECT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'no'
+
+ - name: trigger failure by trying to subtract and append privileges at the same time
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ password: '{{ user_password_4 }}'
+ priv: 'data1.*:SELECT'
+ subtract_privs: yes
+ append_privs: yes
+ state: present
+ check_mode: '{{ enable_check_mode }}'
+ register: result
+ ignore_errors: true
+
+ - name: Assert the previous execution failed
+ assert:
+ that:
+ - result is failed
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_4 }}'@'localhost'\""
+ register: result
+
+ - name: Assert that the permissions stayed the same, with check_mode=='yes'
+ assert:
+ that:
+ - "'GRANT SELECT, INSERT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'yes'
+
+ - name: Assert that the permissions stayed the same, with check_mode=='no'
+ assert:
+ that:
+ - "'GRANT SELECT ON `data1`.*' in result.stdout"
+ when: enable_check_mode == 'no'
+
+ ##########
+ # Clean up
+ - name: Drop test databases
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: present
+ loop:
+ - data1
+
+ - name: Drop test user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_4 }}'
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_privs.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_privs.yml
new file mode 100644
index 00000000..b9581f73
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_privs.yml
@@ -0,0 +1,264 @@
+# test code for privileges for mysql_user module
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ # ============================================================
+ - name: create user with basic select privileges
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ priv: '*.*:SELECT'
+ state: present
+ when: current_append_privs == "yes"
+
+ - include: assert_user.yml user_name={{user_name_2}} priv='SELECT'
+ when: current_append_privs == "yes"
+
+ - name: create user with current privileges (expect changed=true)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ priv: '*.*:{{current_privilege}}'
+ append_privs: '{{current_append_privs}}'
+ state: present
+ register: result
+
+ - name: assert output message for current privileges
+ assert:
+ that:
+ - result is changed
+
+ - name: run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{user_name_2}}'@'localhost'\""
+ register: result
+
+ - name: assert user has correct privileges
+ assert:
+ that:
+ - "'GRANT {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout"
+ when: current_append_privs == "no"
+
+ - name: assert user has correct privileges
+ assert:
+ that:
+ - "'GRANT SELECT, {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout"
+ when: current_append_privs == "yes"
+
+ - name: create database using user current privileges
+ mysql_db:
+ login_user: '{{ user_name_2 }}'
+ login_password: '{{ user_password_2 }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: present
+ ignore_errors: true
+
+ - name: run command to test that database was not created
+ command: "{{ mysql_command }} -e \"show databases like '{{ db_name }}'\""
+ register: result
+
+ - name: assert database was not created
+ assert:
+ that:
+ - "'{{ db_name }}' not in result.stdout"
+
+ # ============================================================
+ - name: Add privs to a specific table (expect changed)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ priv: 'jmainguy.jmainguy:ALL'
+ state: present
+ register: result
+
+ - name: Assert that priv changed
+ assert:
+ that:
+ - result is changed
+
+ - name: Add privs to a specific table (expect ok)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ priv: 'jmainguy.jmainguy:ALL'
+ state: present
+ register: result
+
+ - name: Assert that priv did not change
+ assert:
+ that:
+ - result is not changed
+
+ # ============================================================
+ - name: update user with all privileges
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ priv: '*.*:ALL'
+ state: present
+
+ # - include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'
+
+ - name: create database using user
+ mysql_db:
+ login_user: '{{ user_name_2 }}'
+ login_password: '{{ user_password_2 }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: present
+
+ - name: run command to test database was created using user new privileges
+ command: "{{ mysql_command }} -e \"SHOW CREATE DATABASE {{ db_name }}\""
+
+ - name: drop database using user
+ mysql_db:
+ login_user: '{{ user_name_2 }}'
+ login_password: '{{ user_password_2 }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ name: '{{ db_name }}'
+ state: absent
+
+ # ============================================================
+ - name: update user with a long privileges list (mysql has a special multiline grant output)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
+ state: present
+ register: result
+
+ - name: Assert that priv changed
+ assert:
+ that:
+ - result is changed
+
+ - name: Test idempotency with a long privileges list (expect ok)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
+ state: present
+ register: result
+
+ # FIXME: on mysql >=8 and mariadb >=10.5.2 there's always a change because
+ # the REPLICATION CLIENT privilege was renamed to BINLOG MONITOR
+ - name: Assert that priv did not change
+ assert:
+ that:
+ - result is not changed
+
+ - name: remove username
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ state: absent
+
+ # ============================================================
+ - name: grant all privileges with grant option
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ priv: '*.*:ALL,GRANT'
+ state: present
+ register: result
+
+ - name: Assert that priv changed
+ assert:
+ that:
+ - result is changed
+
+ - name: Collect user info by host
+ community.mysql.mysql_info:
+ <<: *mysql_params
+ filter: "users"
+ register: mysql_info_about_users
+
+ - name: Assert that 'GRANT' permission is present
+ assert:
+ that:
+ - mysql_info_about_users.users.localhost.{{ user_name_2 }}.Grant_priv == 'Y'
+
+ - name: Test idempotency (expect ok)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ priv: '*.*:ALL,GRANT'
+ state: present
+ register: result
+
+ # FIXME: on mysql >=8 there's always a change (ALL PRIVILEGES -> specific privileges)
+ - name: Assert that priv did not change
+ assert:
+ that:
+ - result is not changed
+
+ - name: Collect user info by host
+ community.mysql.mysql_info:
+ <<: *mysql_params
+ filter: "users"
+ register: mysql_info_about_users
+
+ - name: Assert that 'GRANT' permission is present
+ assert:
+ that:
+ - mysql_info_about_users.users.localhost.{{ user_name_2 }}.Grant_priv == 'Y'
+
+ # ============================================================
+ - name: update user with invalid privileges
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ priv: '*.*:INVALID'
+ state: present
+ register: result
+ ignore_errors: yes
+
+ - name: Assert that priv did not change
+ assert:
+ that:
+ - result is failed
+ - "'Error granting privileges' in result.msg"
+
+ - name: remove username
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_2 }}'
+ password: '{{ user_password_2 }}'
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_privs_issue_465.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_privs_issue_465.yml
new file mode 100644
index 00000000..edf4a0f3
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_privs_issue_465.yml
@@ -0,0 +1,31 @@
+---
+# test code for privileges for mysql_user module - issue 465
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ # ============================================================
+ - name: create a user with parameters that will always cause an exception
+ mysql_user:
+ <<: *mysql_params
+ name: user_issue_465
+ password: a_test_password_465
+ priv: '*.{{ db_name }}:SELECT'
+ state: present
+ ignore_errors: true
+ register: result
+
+ - name: assert output message for current privileges
+ assert:
+ that:
+ - result is failed
+ - result.msg is search('invalid priv string')
+ - result.msg is search('params')
+ - result.msg is search('query')
+ - result.msg is search('exception')
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_update_password.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_update_password.yml
new file mode 100644
index 00000000..c9b74bbc
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_update_password.yml
@@ -0,0 +1,128 @@
+# Tests scenarios for both plaintext and encrypted user passwords.
+
+- vars:
+ mysql_parameters:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ test_password1: kbB9tcx5WOGVGfzV
+ test_password1_hash: '*AF6A7F9D038475C17EE46564F154104877EE5037'
+ test_password2: XBYjpHmjIctMxl1y
+ test_password2_hash: '*9E22D1B35C68BDDF398B8F28AE482E5A865BAC0A'
+ test_password3: tem33JfR5Yx98BB
+ test_password3_hash: '*C7E7C2710702F20336F8D93BC0670C8FB66BDBC7'
+
+
+ block:
+ - include_tasks: assert_user_password.yml
+ vars:
+ username: "{{ item.username }}"
+ host: '127.0.0.1'
+ update_password: "{{ item.update_password }}"
+ password: "{{ test_password1 }}"
+ expect_change: "{{ item.expect_change }}"
+ expect_password_change: "{{ item.expect_change }}"
+ expect_password_hash: "{{ test_password1_hash }}"
+ loop:
+ # all variants set the password when nothing exists
+ - username: test1
+ update_password: always
+ expect_change: true
+ - username: test2
+ update_password: on_create
+ expect_change: true
+ - username: test3
+ update_password: on_new_username
+ expect_change: true
+
+ # assert idempotency
+ - username: test1
+ update_password: always
+ expect_change: false
+ - username: test2
+ update_password: on_create
+ expect_change: false
+ - username: test3
+ update_password: on_new_username
+ expect_change: false
+
+ # same user, new password
+ - include_tasks: assert_user_password.yml
+ vars:
+ username: "{{ item.username }}"
+ host: '127.0.0.1'
+ update_password: "{{ item.update_password }}"
+ password: "{{ test_password2 }}"
+ expect_change: "{{ item.expect_change }}"
+ expect_password_change: "{{ item.expect_change }}"
+ expect_password_hash: "{{ item.expect_password_hash }}"
+ loop:
+ - username: test1
+ update_password: always
+ expect_change: true
+ expect_password_hash: "{{ test_password2_hash }}"
+ - username: test2
+ update_password: on_create
+ expect_change: false
+ expect_password_hash: "{{ test_password1_hash }}"
+ - username: test3
+ update_password: on_new_username
+ expect_change: false
+ expect_password_hash: "{{ test_password1_hash }}"
+
+ # new user, new password
+ - include_tasks: assert_user_password.yml
+ vars:
+ username: "{{ item.username }}"
+ host: '::1'
+ update_password: "{{ item.update_password }}"
+ password: "{{ item.password }}"
+ expect_change: "{{ item.expect_change }}"
+ expect_password_change: "{{ item.expect_password_change }}"
+ expect_password_hash: "{{ item.expect_password_hash }}"
+ loop:
+ - username: test1
+ update_password: always
+ expect_change: true
+ expect_password_change: true
+ password: "{{ test_password1 }}"
+ expect_password_hash: "{{ test_password1_hash }}"
+ - username: test2
+ update_password: on_create
+ expect_change: true
+ expect_password_change: true
+ password: "{{ test_password2 }}"
+ expect_password_hash: "{{ test_password2_hash }}"
+ - username: test3
+ update_password: on_new_username
+ expect_change: true
+ expect_password_change: false
+ password: "{{ test_password2 }}"
+ expect_password_hash: "{{ test_password1_hash }}"
+
+ # prepare for next test: ensure all users have varying passwords
+ - username: test3
+ update_password: always
+ expect_change: true
+ expect_password_change: true
+ password: "{{ test_password2 }}"
+ expect_password_hash: "{{ test_password2_hash }}"
+
+ # another new user, another new password and multiple existing users with varying passwords
+ - include_tasks: assert_user_password.yml
+ vars:
+ username: "{{ item.username }}"
+ host: '2001:db8::1'
+ update_password: "{{ item.update_password }}"
+ password: "{{ test_password3 }}"
+ expect_change: true
+ expect_password_change: true
+ expect_password_hash: "{{ test_password3_hash }}"
+ loop:
+ - username: test1
+ update_password: always
+ - username: test2
+ update_password: on_create
+ - username: test3
+ update_password: on_new_username
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_grants_with_roles_applied.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_grants_with_roles_applied.yml
new file mode 100644
index 00000000..8ee738ec
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_grants_with_roles_applied.yml
@@ -0,0 +1,95 @@
+# https://github.com/ansible-collections/community.mysql/issues/231
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+ - name: Get server version
+ mysql_info:
+ <<: *mysql_params
+ register: srv
+
+ # Skip unsupported versions
+ - meta: end_play
+ when: srv['version']['major'] < 8
+
+ - name: Create test databases
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: present
+ loop:
+ - data1
+ - data2
+
+ - name: Create user with privileges
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ password: '{{ user_password_3 }}'
+ priv:
+ "data1.*": "SELECT"
+ "data2.*": "SELECT"
+ state: present
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
+ register: result
+
+ - name: Assert user has giving privileges
+ assert:
+ that:
+ - "'GRANT SELECT ON `data1`.*' in result.stdout"
+ - "'GRANT SELECT ON `data2`.*' in result.stdout"
+
+ - name: Create role
+ mysql_role:
+ <<: *mysql_params
+ name: test231
+ members:
+ - '{{ user_name_3 }}@localhost'
+
+ - name: Try to change privs
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ priv:
+ "data1.*": "INSERT"
+ "data2.*": "INSERT"
+ state: present
+
+ - name: Run command to show privileges for user (expect privileges in stdout)
+ command: "{{ mysql_command }} -e \"SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost'\""
+ register: result
+
+ - name: Assert user has giving privileges
+ assert:
+ that:
+ - "'GRANT INSERT ON `data1`.*' in result.stdout"
+ - "'GRANT INSERT ON `data2`.*' in result.stdout"
+
+ ##########
+ # Clean up
+ - name: Drop test databases
+ mysql_db:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: present
+ loop:
+ - data1
+ - data2
+
+ - name: Drop test user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_3 }}'
+ state: absent
+
+ - name: Drop test role
+ mysql_role:
+ <<: *mysql_params
+ name: test231
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_password.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_password.yml
new file mode 100644
index 00000000..57d8d295
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_password.yml
@@ -0,0 +1,269 @@
+# Tests scenarios for both plaintext and encrypted user passwords.
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ test_user_name: 'test_user_password'
+ initial_password: 'a5C8SN*DBa0%a75sGz'
+ initial_password_encrypted: '*0A12D4DF68C2A50716111674E565CA3D7D68B048'
+ new_password: 'NkN&qECv33vuQzf3bJg'
+ new_password_encrypted: '*B6559186FAD0953589F54383AD8EE9E9172296DA'
+ test_default_priv_type: 'SELECT'
+ test_default_priv: '*.*:{{ test_default_priv_type }}'
+
+ block:
+
+ # ============================================================
+ # Test setting plaintext password and changing it.
+ #
+
+ - name: Create user with initial password
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ password: '{{ initial_password }}'
+ priv: '{{ test_default_priv }}'
+ state: present
+ register: result
+
+ - name: Assert that a change occurred because the user was added
+ assert:
+ that:
+ - result is changed
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Get the MySQL version using the newly created used creds
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: '{{ initial_password }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+ ignore_errors: true
+
+ - name: Assert that mysql_info was successful
+ assert:
+ that:
+ - result is succeeded
+
+ - name: Run mysql_user again without any changes
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ password: '{{ initial_password }}'
+ priv: '{{ test_default_priv }}'
+ state: present
+ register: result
+
+ - name: Assert that there weren't any changes because username/password didn't change
+ assert:
+ that:
+ - result is not changed
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Update the user password
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ password: '{{ new_password }}'
+ state: present
+ register: result
+
+ - name: Assert that a change occurred because the password was updated
+ assert:
+ that:
+ - result is changed
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Get the MySQL version data using the original password (should fail)
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: '{{ initial_password }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+ ignore_errors: true
+
+ - name: Assert that the mysql_info module failed because we used the old password
+ assert:
+ that:
+ - result is failed
+
+ - name: Get the MySQL version data using the new password (should work)
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: '{{ new_password }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+ ignore_errors: true
+
+ - name: Assert that the mysql_info module succeeded because we used the new password
+ assert:
+ that:
+ - result is succeeded
+
+ # Cleanup
+ - include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
+
+ # ============================================================
+ # Test setting a plaintext password and then the same password encrypted to ensure there isn't a change detected.
+ #
+
+ - name: Create user with initial password
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ password: '{{ initial_password }}'
+ priv: '{{ test_default_priv }}'
+ state: present
+ register: result
+
+ - name: Assert that a change occurred because the user was added
+ assert:
+ that:
+ - result is changed
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Pass in the same password as before, but in the encrypted form (no change expected)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ password: '{{ initial_password_encrypted }}'
+ encrypted: yes
+ priv: '{{ test_default_priv }}'
+ state: present
+ register: result
+
+ - name: Assert that there weren't any changes because username/password didn't change
+ assert:
+ that:
+ - result is not changed
+
+ # Cleanup
+ - include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
+
+ # ============================================================
+ # Test setting an encrypted password and then the same password in plaintext to ensure there isn't a change.
+ #
+
+ - name: Create user with initial password
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ password: '{{ initial_password_encrypted }}'
+ encrypted: yes
+ priv: '{{ test_default_priv }}'
+ state: present
+ register: result
+
+ - name: Assert that a change occurred because the user was added
+ assert:
+ that:
+ - result is changed
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Get the MySQL version data using the new creds
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: '{{ initial_password }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+ ignore_errors: true
+
+ - name: Assert that the mysql_info module succeeded because we used the new password
+ assert:
+ that:
+ - result is succeeded
+
+ - name: Pass in the same password as before, but in the encrypted form (no change expected)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ password: '{{ initial_password }}'
+ state: present
+ register: result
+
+ - name: Assert that there weren't any changes because username/password didn't change
+ assert:
+ that:
+ - result is not changed
+
+ # Cleanup
+ - include: remove_user.yml user_name={{ test_user_name }} user_password={{ new_password }}
+
+ # ============================================================
+ # Test setting an empty password.
+ #
+
+ - name: Create user with empty password
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ priv: '{{ test_default_priv }}'
+ state: present
+ register: result
+
+ - name: Assert that a change occurred because the user was added
+ assert:
+ that:
+ - result is changed
+
+ - name: Get the MySQL version using an empty password for the newly created user
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: ''
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+ ignore_errors: true
+
+ - name: Assert that mysql_info was successful
+ assert:
+ that:
+ - result is succeeded
+
+ - name: Get the MySQL version using an non-empty password (should fail)
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: 'some_password'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+ ignore_errors: true
+
+ - name: Assert that mysql_info failed
+ assert:
+ that:
+ - result is failed
+
+ - name: Update the user without changing the password
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ priv: '{{ test_default_priv }}'
+ state: present
+ register: result
+
+ - name: Assert that the user wasn't changed because the password is still empty
+ assert:
+ that:
+ - result is not changed
+
+ # Cleanup
+ - include: remove_user.yml user_name={{ test_user_name }} user_password=''
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml
new file mode 100644
index 00000000..264d8bd3
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml
@@ -0,0 +1,420 @@
+# Test user plugin auth scenarios.
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ test_user_name: 'test_user_plugin_auth'
+ test_plugin_type: 'mysql_native_password'
+ test_plugin_hash: '*0CB5B86F23FDC24DB19A29B8854EB860CBC47793'
+ test_plugin_auth_string: 'Fdt8fd^34ds'
+ test_plugin_new_hash: '*E74368AC90460FA669F6D41BFB7F2A877DB73745'
+ test_plugin_new_auth_string: 'c$K01LsmK7nJnIR4!h'
+ test_default_priv_type: 'SELECT'
+ test_default_priv: '*.*:{{ test_default_priv_type }}'
+
+ block:
+
+ # ============================================================
+ # Test plugin auth initially setting a hash and then changing to a different hash.
+ #
+
+ - name: Create user with plugin auth (with hash string)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ plugin_hash_string: '{{ test_plugin_hash }}'
+ priv: '{{ test_default_priv }}'
+ register: result
+
+ - name: Get user information
+ command: "{{ mysql_command }} -e \"SELECT user, host, plugin FROM mysql.user WHERE user = '{{ test_user_name }}' and host = 'localhost'\""
+ register: show_create_user
+
+ - name: Check that the module made a change
+ assert:
+ that:
+ - result is changed
+
+ - name: Check that the expected plugin type is set
+ assert:
+ that:
+ - "'{{ test_plugin_type }}' in show_create_user.stdout"
+ when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Get the MySQL version using the newly created creds
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: '{{ test_plugin_auth_string }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+
+ - name: Assert that mysql_info was successful
+ assert:
+ that:
+ - result is succeeded
+
+ - name: Update the user with a different hash
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ plugin_hash_string: '{{ test_plugin_new_hash }}'
+ register: result
+
+ - name: Check that the module makes the change because the hash changed
+ assert:
+ that:
+ - result is changed
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Getting the MySQL info with the new password should work
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: '{{ test_plugin_new_auth_string }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+
+ - name: Assert that mysql_info was successful
+ assert:
+ that:
+ - result is succeeded
+
+ # Cleanup
+ - include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_new_auth_string }}
+
+ # ============================================================
+ # Test plugin auth initially setting a hash and then switching to a plaintext auth string.
+ #
+
+ - name: Create user with plugin auth (with hash string)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ plugin_hash_string: '{{ test_plugin_hash }}'
+ priv: '{{ test_default_priv }}'
+ register: result
+
+ - name: Get user information
+ command: "{{ mysql_command }} -e \"SELECT user, host, plugin FROM mysql.user WHERE user = '{{ test_user_name }}' and host = 'localhost'\""
+ register: show_create_user
+
+ - name: Check that the module made a change
+ assert:
+ that:
+ - result is changed
+
+ - name: Check that the expected plugin type is set
+ assert:
+ that:
+ - "'{{ test_plugin_type }}' in show_create_user.stdout"
+ when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Get the MySQL version using the newly created creds
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: '{{ test_plugin_auth_string }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+
+ - name: Assert that mysql_info was successful
+ assert:
+ that:
+ - result is succeeded
+
+ - name: Update the user with the same hash (no change expected)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ plugin_hash_string: '{{ test_plugin_hash }}'
+ register: result
+
+ # FIXME: on mariadb 10.2 there's always a change
+ - name: Check that the module doesn't make a change when the same hash is passed in
+ assert:
+ that:
+ - result is not changed
+ when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Change the user using the same plugin, but switch to the same auth string in plaintext form
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ plugin_auth_string: '{{ test_plugin_auth_string }}'
+ register: result
+
+ # Expecting a change is currently by design (see comment in source).
+ - name: Check that the module did not change the password
+ assert:
+ that:
+ - result is changed
+
+ - name: Getting the MySQL info should still work
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: '{{ test_plugin_auth_string }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+
+ - name: Assert that mysql_info was successful
+ assert:
+ that:
+ - result is succeeded
+
+ # Cleanup
+ - include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
+
+ # ============================================================
+ # Test plugin auth initially setting a plaintext auth string and then switching to a hash.
+ #
+
+ - name: Create user with plugin auth (with auth string)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ plugin_auth_string: '{{ test_plugin_auth_string }}'
+ priv: '{{ test_default_priv }}'
+ register: result
+
+ - name: Get user information
+ command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
+ register: show_create_user
+
+ - name: Check that the module made a change
+ assert:
+ that:
+ - result is changed
+
+ - name: Check that the expected plugin type is set
+ assert:
+ that:
+ - "'{{ test_plugin_type }}' in show_create_user.stdout"
+ when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Get the MySQL version using the newly created creds
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: '{{ test_plugin_auth_string }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+
+ - name: Assert that mysql_info was successful
+ assert:
+ that:
+ - result is succeeded
+
+ - name: Update the user with the same auth string
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ plugin_auth_string: '{{ test_plugin_auth_string }}'
+ register: result
+
+ # This is the current expected behavior because there isn't a reliable way to hash the password in the mysql_user
+ # module in order to be able to compare this password with the stored hash. See the source for more info.
+ - name: The module should detect a change even though the password is the same
+ assert:
+ that:
+ - result is changed
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Change the user using the same plugin, but switch to the same auth string in hash form
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ plugin_hash_string: '{{ test_plugin_hash }}'
+ register: result
+
+ - name: Check that the module did not change the password
+ assert:
+ that:
+ - result is not changed
+
+ - name: Get the MySQL version using the newly created creds
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: '{{ test_plugin_auth_string }}'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+
+ - name: Assert that mysql_info was successful
+ assert:
+ that:
+ - result is succeeded
+
+ # Cleanup
+ - include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
+
+ # ============================================================
+ # Test plugin auth with an empty auth string.
+ #
+
+ - name: Create user with plugin auth (empty auth string)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ priv: '{{ test_default_priv }}'
+ register: result
+
+ - name: Get user information
+ command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
+ register: show_create_user
+
+ - name: Check that the module made a change
+ assert:
+ that:
+ - result is changed
+
+ - name: Check that the expected plugin type is set
+ assert:
+ that:
+ - "'{{ test_plugin_type }}' in show_create_user.stdout"
+ when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Get the MySQL version using an empty password for the newly created user
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: ''
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+ ignore_errors: true
+
+ - name: Assert that mysql_info was successful
+ assert:
+ that:
+ - result is succeeded
+
+ - name: Get the MySQL version using an non-empty password (should fail)
+ mysql_info:
+ login_user: '{{ test_user_name }}'
+ login_password: 'some_password'
+ login_host: '{{ mysql_host }}'
+ login_port: '{{ mysql_primary_port }}'
+ filter: version
+ register: result
+ ignore_errors: true
+
+ - name: Assert that mysql_info failed
+ assert:
+ that:
+ - result is failed
+
+ - name: Update the user without changing the auth mechanism
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ state: present
+ register: result
+
+ - name: Assert that the user wasn't changed because the auth string is still empty
+ assert:
+ that:
+ - result is not changed
+
+ # Cleanup
+ - include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
+
+ # ============================================================
+ # Test plugin auth switching from one type of plugin to another without an auth string or hash. The only other
+ # plugins that are loaded by default are sha2*, but these aren't compatible with pymysql < 0.9, so skip these tests
+ # for those versions.
+ #
+ - name: Test plugin auth switching which doesn't work on pymysql < 0.9
+ when:
+ - >
+ connector_name is not search('pymysql')
+ or (
+ connector_name is search('pymysql')
+ and connector_ver is version('0.9', '>=')
+ )
+ block:
+
+ - name: Create user with plugin auth (empty auth string)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: '{{ test_plugin_type }}'
+ priv: '{{ test_default_priv }}'
+ register: result
+
+ - name: Get user information
+ command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
+ register: show_create_user
+
+ - name: Check that the module made a change
+ assert:
+ that:
+ - result is changed
+
+ - name: Check that the expected plugin type is set
+ assert:
+ that:
+ - "'{{ test_plugin_type }}' in show_create_user.stdout"
+ when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ - name: Switch user to sha256_password auth plugin
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ test_user_name }}'
+ plugin: sha256_password
+ priv: '{{ test_default_priv }}'
+ register: result
+
+ - name: Get user information
+ command: "{{ mysql_command }} -e \"SHOW CREATE USER '{{ test_user_name }}'@'localhost'\""
+ register: show_create_user
+
+ - name: Check that the module made a change
+ assert:
+ that:
+ - result is changed
+
+ - name: Check that the expected plugin type is set
+ assert:
+ that:
+ - "'sha256_password' in show_create_user.stdout"
+ when: install_type == 'mysql' or (install_type == 'mariadb' and mariadb_version is version('10.3', '>='))
+
+ - include: assert_user.yml user_name={{ test_user_name }} priv={{ test_default_priv_type }}
+
+ # Cleanup
+ - include: remove_user.yml user_name={{ test_user_name }} user_password={{ test_plugin_auth_string }}
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/tls_requirements.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/tls_requirements.yml
new file mode 100644
index 00000000..7bf142ec
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_user/tasks/tls_requirements.yml
@@ -0,0 +1,187 @@
+---
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ # ============================================================
+ - name: find out the database version
+ mysql_info:
+ <<: *mysql_params
+ filter: version
+ register: db_version
+
+ - name: Drop mysql user {{ item }} if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ item }}'
+ state: absent
+ with_items: ['{{ user_name_1 }}', '{{ user_name_2 }}', '{{ user_name_3 }}']
+
+ - name: create user with TLS requirements in check mode (expect changed=true)
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ tls_requires:
+ SSL:
+ check_mode: yes
+ register: result
+
+ - name: Assert check mode user create reports changed state
+ assert:
+ that:
+ - result is changed
+
+ - include: assert_no_user.yml user_name={{user_name_1}}
+
+ - name: create user with TLS requirements state=present (expect changed=true)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ item[0] }}'
+ password: '{{ user_password_1 }}'
+ tls_requires: '{{ item[1] }}'
+ with_together:
+ - [ '{{ user_name_1 }}', '{{ user_name_2 }}', '{{ user_name_3 }}']
+ -
+ - SSL:
+ - X509:
+ - subject: '/CN=alice/O=MyDom, Inc./C=US/ST=Oregon/L=Portland'
+ cipher: 'ECDHE-ECDSA-AES256-SHA384'
+ issuer: '/CN=org/O=MyDom, Inc./C=US/ST=Oregon/L=Portland'
+
+ - block:
+ - name: retrieve TLS requirements for users in old database version
+ command: "{{ mysql_command }} -L -N -s -e \"SHOW GRANTS for '{{ item }}'@'localhost'\""
+ register: old_result
+ with_items: ['{{ user_name_1 }}', '{{ user_name_2 }}', '{{ user_name_3 }}']
+
+ - name: set old database separator
+ set_fact:
+ separator: '\n'
+ # Semantically: when mysql version <= 5.6 or MariaDB version <= 10.1
+ when: db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2
+
+ - block:
+ - name: retrieve TLS requirements for users in new database version
+ command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ item }}'@'localhost'\""
+ register: new_result
+ with_items: ['{{ user_name_1 }}', '{{ user_name_2 }}', '{{ user_name_3 }}']
+
+ - name: set new database separator
+ set_fact:
+ separator: 'PASSWORD'
+ # Semantically: when mysql version >= 5.7 or MariaDB version >= 10.2
+ when: db_version.version.major == 5 and db_version.version.minor >= 7 or db_version.version.major > 5 and db_version.version.major < 10 or db_version.version.major == 10 and db_version.version.minor >= 2
+
+ - block:
+ - name: assert user1 TLS requirements
+ assert:
+ that:
+ - "'SSL' in reqs"
+ vars:
+ - reqs: "{{((old_result.results[0] is skipped | ternary(new_result, old_result)).results | selectattr('item', 'contains', user_name_1) | first).stdout.split('REQUIRE')[1].split(separator)[0].strip()}}"
+
+ - name: assert user2 TLS requirements
+ assert:
+ that:
+ - "'X509' in reqs"
+ vars:
+ - reqs: "{{((old_result.results[0] is skipped | ternary(new_result, old_result)).results | selectattr('item', 'contains', user_name_2) | first).stdout.split('REQUIRE')[1].split(separator)[0].strip()}}"
+
+ - name: assert user3 TLS requirements
+ assert:
+ that:
+ - "'/CN=alice/O=MyDom, Inc./C=US/ST=Oregon/L=Portland' in (reqs | select('contains', 'SUBJECT') | first)"
+ - "'/CN=org/O=MyDom, Inc./C=US/ST=Oregon/L=Portland' in (reqs | select('contains', 'ISSUER') | first)"
+ - "'ECDHE-ECDSA-AES256-SHA384' in (reqs | select('contains', 'CIPHER') | first)"
+ vars:
+ - reqs: "{{((old_result.results[0] is skipped | ternary(new_result, old_result)).results | selectattr('item', 'contains', user_name_3) | first).stdout.split('REQUIRE')[1].split(separator)[0].replace(\"' \", \"':\").split(\":\")}}"
+ # CentOS 6 uses an older version of jinja that does not provide the selectattr filter.
+ when: ansible_distribution != 'CentOS' or ansible_distribution_major_version != '6'
+
+ - name: modify user with TLS requirements state=present in check mode (expect changed=true)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ tls_requires:
+ X509:
+ check_mode: yes
+ register: result
+
+ - name: Assert check mode user update reports changed state
+ assert:
+ that:
+ - result is changed
+
+ - name: retrieve TLS requirements for users in old database version
+ command: "{{ mysql_command }} -L -N -s -e \"SHOW GRANTS for '{{ user_name_1 }}'@'localhost'\""
+ register: old_result
+ when: db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2
+
+ - name: retrieve TLS requirements for users in new database version
+ command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
+ register: new_result
+ when: db_version.version.major == 5 and db_version.version.minor >= 7 or db_version.version.major > 5 and db_version.version.major < 10 or db_version.version.major == 10 and db_version.version.minor >= 2
+
+ - name: assert user1 TLS requirements was not changed
+ assert:
+ that: "'SSL' in reqs"
+ vars:
+ - reqs: "{{(old_result is skipped | ternary(new_result, old_result)).stdout.split('REQUIRE')[1].split(separator)[0].strip()}}"
+
+ - name: modify user with TLS requirements state=present (expect changed=true)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ tls_requires:
+ X509:
+
+ - name: retrieve TLS requirements for users in old database version
+ command: "{{ mysql_command }} -L -N -s -e \"SHOW GRANTS for '{{ user_name_1 }}'@'localhost'\""
+ register: old_result
+ when: db_version.version.major <= 5 and db_version.version.minor <= 6 or db_version.version.major == 10 and db_version.version.minor < 2
+
+ - name: retrieve TLS requirements for users in new database version
+ command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
+ register: new_result
+ when: db_version.version.major == 5 and db_version.version.minor >= 7 or db_version.version.major > 5 and db_version.version.major < 10 or db_version.version.major == 10 and db_version.version.minor >= 2
+
+ - name: assert user1 TLS requirements
+ assert:
+ that: "'X509' in reqs"
+ vars:
+ - reqs: "{{(old_result is skipped | ternary(new_result, old_result)).stdout.split('REQUIRE')[1].split(separator)[0].strip()}}"
+
+ - name: remove TLS requirements from user (expect changed=true)
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ password: '{{ user_password_1 }}'
+ tls_requires:
+
+ - name: retrieve TLS requirements for users
+ command: "{{ mysql_command }} -L -N -s -e \"SHOW CREATE USER '{{ user_name_1 }}'@'localhost'\""
+ register: result
+
+ - name: assert user1 TLS requirements
+ assert:
+ that: "'REQUIRE ' not in result.stdout or 'REQUIRE NONE' in result.stdout"
+
+ - include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }}
+
+ - include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }}
+
+ - include: remove_user.yml user_name={{user_name_3}} user_password={{ user_password_1 }}
+
+ - include: assert_no_user.yml user_name={{user_name_1}}
+
+ - include: assert_no_user.yml user_name={{user_name_2}}
+
+ - include: assert_no_user.yml user_name={{user_name_3}}
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/defaults/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/defaults/main.yml
new file mode 100644
index 00000000..6d0e2ec8
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+# defaults file for test_mysql_variables
+mysql_user: root
+mysql_password: msandbox
+mysql_primary_port: 3307
+
+user_name_1: 'db_user1'
+user_password_1: 'gadfFDSdtTU^Sdfuj'
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/meta/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/meta/main.yml
new file mode 100644
index 00000000..f1174ff2
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+ - setup_mysql
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_fail_msg.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_fail_msg.yml
new file mode 100644
index 00000000..a09bcdba
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_fail_msg.yml
@@ -0,0 +1,25 @@
+# test code to assert message in mysql_variables module
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+# Assert message failure and confirm failed=true
+#
+- name: assert message failure (expect failed=true)
+ assert:
+ that:
+ - output is failed
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_var.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_var.yml
new file mode 100644
index 00000000..96d196dd
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_var.yml
@@ -0,0 +1,36 @@
+# test code to assert variables in mysql_variables module
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+# Assert mysql variable name and value from mysql database
+#
+- name: assert output message changed value
+ assert:
+ that:
+ - "output.changed | bool == changed | bool"
+
+- name: run mysql command to show variable
+ command: "{{ mysql_command }} \"-e show variables like '{{ var_name }}'\""
+ register: result
+
+- name: assert output mysql variable name and value
+ assert:
+ that:
+ - result is changed
+ - "'{{ var_name }}' in result.stdout"
+ - "'{{ var_value }}' in result.stdout"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_var_output.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_var_output.yml
new file mode 100644
index 00000000..6f26386c
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/assert_var_output.yml
@@ -0,0 +1,40 @@
+# test code to assert variables in mysql_variables module
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+# Assert output variable name/value match mysql variable name/value
+#
+- name: assert output message changed value
+ assert:
+ that:
+ - "output.changed | bool == changed | bool"
+
+- set_fact:
+ key_name: "{{ var_name }}"
+ key_value: "{{ output.msg[0][0] }}"
+
+- name: run mysql command to show variable
+ command: "{{ mysql_command }} \"-e show variables like '{{var_name}}'\""
+ register: result
+
+- name: assert output variable info match mysql variable info
+ assert:
+ that:
+ - result is changed
+ - "key_name in result.stdout"
+ - "key_value in result.stdout"
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml
new file mode 100644
index 00000000..aa01ddbf
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml
@@ -0,0 +1,82 @@
+---
+- name: set fact tls_enabled
+ command: "{{ mysql_command }} \"-e SHOW VARIABLES LIKE 'have_ssl';\""
+ register: result
+- set_fact:
+ tls_enabled: "{{ 'YES' in result.stdout | bool | default('false', true) }}"
+
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ when: tls_enabled
+ block:
+
+ # ============================================================
+ - name: get server certificate
+ copy:
+ content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
+ dest: /tmp/cert.pem
+ delegate_to: localhost
+
+ - name: Drop mysql user if exists
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ state: absent
+ ignore_errors: yes
+
+ - name: create user with ssl requirement
+ mysql_user:
+ <<: *mysql_params
+ name: "{{ user_name_1 }}"
+ password: "{{ user_password_1 }}"
+ priv: '*.*:ALL,GRANT'
+ tls_requires:
+ SSL:
+
+ - name: attempt connection with newly created user (expect failure)
+ mysql_variables:
+ variable: '{{ set_name }}'
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is failed
+ when: connector_name is search('pymysql')
+
+ - assert:
+ that:
+ - result is succeeded
+ when: connector_name is not search('pymysql')
+
+ - name: attempt connection with newly created user ignoring hostname
+ mysql_variables:
+ variable: '{{ set_name }}'
+ login_user: '{{ user_name_1 }}'
+ login_password: '{{ user_password_1 }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ ca_cert: /tmp/cert.pem
+ check_hostname: no
+ register: result
+ ignore_errors: yes
+
+ - assert:
+ that:
+ - result is succeeded or 'pymysql >= 0.7.11 is required' in result.msg
+
+ - name: Drop mysql user
+ mysql_user:
+ <<: *mysql_params
+ name: '{{ user_name_1 }}'
+ host: 127.0.0.1
+ state: absent
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/main.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/main.yml
new file mode 100644
index 00000000..9c4cd7d5
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/main.yml
@@ -0,0 +1,8 @@
+####################################################################
+# WARNING: These are designed specifically for Ansible tests #
+# and should not be used as examples of how to write Ansible roles #
+####################################################################
+
+- import_tasks: mysql_variables.yml
+
+- include: issue-28.yml
diff --git a/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml
new file mode 100644
index 00000000..ed34966c
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml
@@ -0,0 +1,378 @@
+# test code for the mysql_variables module
+# (c) 2014, Wayne Rosario <wrosario@ansible.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+# ============================================================
+# Verify mysql_variable successfully queries a variable
+#
+- vars:
+ mysql_parameters: &mysql_params
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+
+ block:
+
+ - name: alias mysql command to include default options
+ set_fact:
+ mysql_command: "mysql -u{{ mysql_user }} -p{{ mysql_password }} -P{{ mysql_primary_port }} --protocol=tcp"
+
+ - set_fact:
+ set_name: 'version'
+
+ - name: read mysql variables (expect changed=false)
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ register: result
+
+ - include: assert_var_output.yml changed=false output={{ result }} var_name={{ set_name }}
+
+ # ============================================================
+ # Verify mysql_variable successfully updates a variable (issue:4568)
+ #
+ - set_fact:
+ set_name: 'delay_key_write'
+ set_value: 'ON'
+
+ - name: set mysql variable
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+
+ - name: update mysql variable to same value (expect changed=false)
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+ register: result
+
+ - include: assert_var.yml changed=false output={{ result }} var_name={{ set_name }} var_value={{ set_value }}
+
+ # ============================================================
+ # Verify mysql_variable successfully updates a variable using single quotes
+ #
+ - set_fact:
+ set_name: 'wait_timeout'
+ set_value: '300'
+
+ - name: set mysql variable to a temp value
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '200'
+
+ - name: update mysql variable value (expect changed=true)
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+ register: result
+
+ - assert:
+ that:
+ - result.queries == ["SET GLOBAL `{{ set_name }}` = {{ set_value }}"]
+
+ - include: assert_var.yml changed=true output={{ result }} var_name={{ set_name }} var_value='{{ set_value }}'
+
+ # ============================================================
+ # Verify mysql_variable successfully updates a variable using double quotes
+ #
+ - set_fact:
+ set_name: "wait_timeout"
+ set_value: "400"
+
+ - name: set mysql variable to a temp value
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: "200"
+
+ - name: update mysql variable value (expect changed=true)
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+ register: result
+
+ - include: assert_var.yml changed=true output={{ result }} var_name={{ set_name }} var_value='{{ set_value }}'
+
+ # ============================================================
+ # Verify mysql_variable successfully updates a variable using no quotes
+ #
+ - set_fact:
+ set_name: wait_timeout
+ set_value: 500
+
+ - name: set mysql variable to a temp value
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: 200
+
+ - name: update mysql variable value (expect changed=true)
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+ register: result
+
+ - include: assert_var.yml changed=true output={{ result }} var_name={{ set_name }} var_value='{{ set_value }}'
+
+ # ============================================================
+ # Verify mysql_variable successfully updates a variable using an expression (e.g. 1024*4)
+ #
+ - name: set mysql variable value to an expression
+ mysql_variables:
+ <<: *mysql_params
+ variable: max_connect_errors
+ value: "1024*4"
+ register: result
+ ignore_errors: true
+
+ - include: assert_fail_msg.yml output={{ result }} msg='Incorrect argument type to variable'
+
+ # ============================================================
+ # Verify mysql_variable fails when setting an incorrect value (out of range)
+ #
+ - name: set mysql variable value to a number out of range
+ mysql_variables:
+ <<: *mysql_params
+ variable: max_connect_errors
+ value: '-1'
+ register: oor_result
+ ignore_errors: true
+
+ - include: assert_var.yml changed=true output={{ oor_result }} var_name=max_connect_errors var_value=1
+ when: connector_name is not search('pymysql')
+
+ - include: assert_fail_msg.yml output={{ oor_result }} msg='Truncated incorrect'
+ when: connector_name is search('pymysql')
+
+ # ============================================================
+ # Verify mysql_variable fails when setting an incorrect value (incorrect type)
+ #
+ - name: set mysql variable value to a non-valid value number
+ mysql_variables:
+ <<: *mysql_params
+ variable: max_connect_errors
+ value: TEST
+ register: nvv_result
+ ignore_errors: true
+
+ - include: assert_fail_msg.yml output={{ nvv_result }} msg='Incorrect argument type to variable'
+
+ # ============================================================
+ # Verify mysql_variable fails when setting an unknown variable
+ #
+ - name: set a non mysql variable
+ mysql_variables:
+ <<: *mysql_params
+ variable: my_sql_variable
+ value: ON
+ register: result
+ ignore_errors: true
+
+ - include: assert_fail_msg.yml output={{ result }} msg='Variable not available'
+
+ # ============================================================
+ # Verify mysql_variable fails when setting a read-only variable
+ #
+ - name: set value of a read only mysql variable
+ mysql_variables:
+ <<: *mysql_params
+ variable: character_set_system
+ value: utf16
+ register: result
+ ignore_errors: true
+
+ - include: assert_fail_msg.yml output={{ result }} msg='read only variable'
+
+ #=============================================================
+ # Verify mysql_variable works with the login_user and login_password parameters
+ #
+ - set_fact:
+ set_name: wait_timeout
+ set_value: 77
+
+ - name: query mysql_variable using login_user and password_password
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ register: result
+
+ - include: assert_var_output.yml changed=false output={{ result }} var_name={{ set_name }}
+
+ - name: set mysql variable to temp value using user login and password (expect changed=true)
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: 20
+ register: result
+
+ - name: update mysql variable value using user login and password (expect changed=true)
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{set_name}}'
+ value: '{{set_value}}'
+ register: result
+
+ - include: assert_var.yml changed=true output={{result}} var_name={{set_name}} var_value='{{set_value}}'
+
+ #============================================================
+ # Verify mysql_variable fails with an incorrect login_password parameter
+ #
+ - set_fact:
+ set_name: connect_timeout
+ set_value: 10
+
+ - name: query mysql_variable using incorrect login_password
+ mysql_variables:
+ login_user: '{{ mysql_user }}'
+ login_password: 'wrongpassword'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ variable: '{{ set_name }}'
+ register: result
+ ignore_errors: true
+
+ - include: assert_fail_msg.yml output={{ result }} msg='unable to connect to database'
+
+ - name: update mysql variable value using incorrect login_password (expect failed=true)
+ mysql_variables:
+ login_user: '{{ mysql_user }}'
+ login_password: 'wrongpassword'
+ login_host: 127.0.0.1
+ login_port: '{{ mysql_primary_port }}'
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+ register: result
+ ignore_errors: true
+
+ - include: assert_fail_msg.yml output={{ result }} msg='unable to connect to database'
+
+ #============================================================
+ # Verify mysql_variable fails with an incorrect login_host parameter
+ #
+ - name: query mysql_variable using incorrect login_host
+ mysql_variables:
+ login_user: '{{ mysql_user }}'
+ login_password: '{{ mysql_password }}'
+ login_host: '12.0.0.9'
+ login_port: '{{ mysql_primary_port }}'
+ variable: wait_timeout
+ connect_timeout: 5
+ register: result
+ ignore_errors: true
+
+ - include: assert_fail_msg.yml output={{ result }} msg='unable to connect to database'
+
+ - block:
+
+ #=========================================
+ # Check mode 'persist' and 'persist_only':
+ #
+ - name: update mysql variable value (expect changed=true) in persist mode
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+ mode: persist
+ register: result
+
+ - assert:
+ that:
+ - result.queries == ["SET PERSIST `{{ set_name }}` = {{ set_value }}"]
+
+ - include: assert_var.yml changed=true output={{ result }} var_name={{ set_name }} var_value='{{ set_value }}'
+
+ - name: try to update mysql variable value (expect changed=false) in persist mode again
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+ mode: persist
+ register: result
+
+ - include: assert_var.yml changed=false output={{ result }} var_name={{ set_name }} var_value='{{ set_value }}'
+
+ - name: set mysql variable to a temp value
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '200'
+ mode: persist
+
+ - name: update mysql variable value (expect changed=true) in persist_only mode
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+ mode: persist_only
+ register: result
+
+ - assert:
+ that:
+ - result is changed
+ - result.queries == ["SET PERSIST_ONLY `{{ set_name }}` = {{ set_value }}"]
+
+ - name: try to update mysql variable value (expect changed=false) in persist_only mode again
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+ mode: persist_only
+ register: result
+
+ - assert:
+ that:
+ - result is not changed
+
+ - set_fact:
+ set_name: max_connections
+ set_value: 105
+ def_val: 151
+
+ - name: update mysql variable value (expect changed=true) in persist_only mode
+ mysql_variables:
+ <<: *mysql_params
+ variable: '{{ set_name }}'
+ value: '{{ set_value }}'
+ mode: persist_only
+ register: result
+
+ - include: assert_var.yml changed=true output={{ result }} var_name={{ set_name }} var_value='{{ def_val }}'
+
+ when:
+ - mysql_version is version('8.0', '>=')
+ - install_type == 'mysql'
+
+ # Bugfix of https://github.com/ansible/ansible/issues/54239
+ # - name: set variable containing dot
+ # mysql_variables:
+ # <<: *mysql_params
+ # variable: validate_password.policy
+ # value: LOW
+ # mode: persist_only
+ # register: result
+ #
+ # - assert:
+ # that:
+ # - result is changed
+ # - result.queries == ["SET PERSIST_ONLY `validate_password`.`policy` = LOW"]
diff --git a/ansible_collections/community/mysql/tests/sanity/ignore-2.10.txt b/ansible_collections/community/mysql/tests/sanity/ignore-2.10.txt
new file mode 100644
index 00000000..c0323aff
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/sanity/ignore-2.10.txt
@@ -0,0 +1,8 @@
+plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
+plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_user.py validate-modules:undocumented-parameter
+plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch
diff --git a/ansible_collections/community/mysql/tests/sanity/ignore-2.11.txt b/ansible_collections/community/mysql/tests/sanity/ignore-2.11.txt
new file mode 100644
index 00000000..c0323aff
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/sanity/ignore-2.11.txt
@@ -0,0 +1,8 @@
+plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
+plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_user.py validate-modules:undocumented-parameter
+plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch
diff --git a/ansible_collections/community/mysql/tests/sanity/ignore-2.12.txt b/ansible_collections/community/mysql/tests/sanity/ignore-2.12.txt
new file mode 100644
index 00000000..c0323aff
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/sanity/ignore-2.12.txt
@@ -0,0 +1,8 @@
+plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
+plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_user.py validate-modules:undocumented-parameter
+plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch
diff --git a/ansible_collections/community/mysql/tests/sanity/ignore-2.13.txt b/ansible_collections/community/mysql/tests/sanity/ignore-2.13.txt
new file mode 100644
index 00000000..c0323aff
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/sanity/ignore-2.13.txt
@@ -0,0 +1,8 @@
+plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
+plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_user.py validate-modules:undocumented-parameter
+plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch
diff --git a/ansible_collections/community/mysql/tests/sanity/ignore-2.14.txt b/ansible_collections/community/mysql/tests/sanity/ignore-2.14.txt
new file mode 100644
index 00000000..c0323aff
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/sanity/ignore-2.14.txt
@@ -0,0 +1,8 @@
+plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
+plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_user.py validate-modules:undocumented-parameter
+plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch
diff --git a/ansible_collections/community/mysql/tests/sanity/ignore-2.15.txt b/ansible_collections/community/mysql/tests/sanity/ignore-2.15.txt
new file mode 100644
index 00000000..c0323aff
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/sanity/ignore-2.15.txt
@@ -0,0 +1,8 @@
+plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
+plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_user.py validate-modules:undocumented-parameter
+plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch
diff --git a/ansible_collections/community/mysql/tests/sanity/ignore-2.9.txt b/ansible_collections/community/mysql/tests/sanity/ignore-2.9.txt
new file mode 100644
index 00000000..dabd55d3
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/sanity/ignore-2.9.txt
@@ -0,0 +1,3 @@
+plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
+plugins/modules/mysql_user.py validate-modules:parameter-type-not-in-doc
+plugins/modules/mysql_user.py validate-modules:undocumented-parameter
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/module_utils/__init__.py b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/__init__.py
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mariadb_replication.py b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mariadb_replication.py
new file mode 100644
index 00000000..deb3099c
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mariadb_replication.py
@@ -0,0 +1,24 @@
+# -*- coding: utf-8 -*-
+# Copyright: (c) 2020, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import pytest
+
+from ansible_collections.community.mysql.plugins.module_utils.implementations.mariadb.replication import uses_replica_terminology
+from ..utils import dummy_cursor_class
+
+
+@pytest.mark.parametrize(
+ 'f_output,c_output,c_ret_type',
+ [
+ (False, '10.5.0-mariadb', 'dict'),
+ (True, '10.5.1-mariadb', 'dict'),
+ (True, '10.6.0-mariadb', 'dict'),
+ (True, '11.5.1-mariadb', 'dict'),
+ ]
+)
+def test_uses_replica_terminology(f_output, c_output, c_ret_type):
+ cursor = dummy_cursor_class(c_output, c_ret_type)
+ assert uses_replica_terminology(cursor) == f_output
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mariadb_user_implementation.py b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mariadb_user_implementation.py
new file mode 100644
index 00000000..a6fbff9a
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mariadb_user_implementation.py
@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import pytest
+
+from ansible_collections.community.mysql.plugins.module_utils.implementations.mariadb.user import (
+ supports_identified_by_password,
+)
+from ..utils import dummy_cursor_class
+
+
+@pytest.mark.parametrize(
+ 'function_return,cursor_output,cursor_ret_type',
+ [
+ (True, '10.5.0-mariadb', 'dict'),
+ (True, '10.5.1-mariadb', 'dict'),
+ (True, '10.6.0-mariadb', 'dict'),
+ (True, '11.5.1-mariadb', 'dict'),
+ ]
+)
+def test_supports_identified_by_password(function_return, cursor_output, cursor_ret_type):
+ """
+ Tests whether 'CREATE USER %s@%s IDENTIFIED BY PASSWORD %s' is supported,
+ which is currently supported by everything besides MySQL >= 8.0.
+ """
+ cursor = dummy_cursor_class(cursor_output, cursor_ret_type)
+ assert supports_identified_by_password(cursor) == function_return
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql.py b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql.py
new file mode 100644
index 00000000..ac4de24f
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql.py
@@ -0,0 +1,24 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import pytest
+
+from ansible_collections.community.mysql.plugins.module_utils.mysql import get_server_version
+from ..utils import dummy_cursor_class
+
+
+@pytest.mark.parametrize(
+ 'cursor_return_version,cursor_return_type',
+ [
+ ('5.7.0-mysql', 'dict'),
+ ('8.0.0-mysql', 'list'),
+ ('10.5.0-mariadb', 'dict'),
+ ('10.5.1-mariadb', 'list'),
+ ]
+)
+def test_get_server_version(cursor_return_version, cursor_return_type):
+ """
+ Test that server versions are handled properly by get_server_version() whether they're returned as a list or dict.
+ """
+ cursor = dummy_cursor_class(cursor_return_version, cursor_return_type)
+ assert get_server_version(cursor) == cursor_return_version
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_replication.py b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_replication.py
new file mode 100644
index 00000000..96d4d9ac
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_replication.py
@@ -0,0 +1,28 @@
+# -*- coding: utf-8 -*-
+# Copyright: (c) 2020, Andrew Klychkov (@Andersson007) <aaklychkov@mail.ru>
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import pytest
+
+from ansible_collections.community.mysql.plugins.module_utils.implementations.mysql.replication import uses_replica_terminology
+from ..utils import dummy_cursor_class
+
+
+@pytest.mark.parametrize(
+ 'f_output,c_output,c_ret_type',
+ [
+ (False, '5.5.1-mysql', 'list'),
+ (False, '5.7.0-mysql', 'dict'),
+ (False, '8.0.0-mysql', 'list'),
+ (False, '8.0.11-mysql', 'dict'),
+ (False, '8.0.21-mysql', 'list'),
+ (True, '8.0.22-mysql', 'list'),
+ (True, '8.1.2-mysql', 'dict'),
+ (True, '9.0.0-mysql', 'list'),
+ ]
+)
+def test_uses_replica_terminology(f_output, c_output, c_ret_type):
+ cursor = dummy_cursor_class(c_output, c_ret_type)
+ assert uses_replica_terminology(cursor) == f_output
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_user.py b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_user.py
new file mode 100644
index 00000000..f0a7b32d
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_user.py
@@ -0,0 +1,99 @@
+# -*- coding: utf-8 -*-
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import pytest
+try:
+ from unittest.mock import MagicMock
+except ImportError:
+ from mock import MagicMock
+
+from ansible_collections.community.mysql.plugins.module_utils.user import (
+ handle_grant_on_col,
+ has_grant_on_col,
+ normalize_col_grants,
+ sort_column_order
+)
+from ..utils import dummy_cursor_class
+
+
+@pytest.mark.parametrize(
+ 'input_list,grant,output_tuple',
+ [
+ (['INSERT', 'DELETE'], 'INSERT', (None, None)),
+ (['SELECT', 'UPDATE'], 'SELECT', (None, None)),
+ (['INSERT', 'UPDATE', 'INSERT', 'DELETE'], 'DELETE', (None, None)),
+ (['just', 'a', 'random', 'text'], 'blabla', (None, None)),
+ (['SELECT (A, B, C)'], 'SELECT', (0, 0)),
+ (['UPDATE', 'SELECT (A, B, C)'], 'SELECT', (1, 1)),
+ (['UPDATE', 'REFERENCES (A, B, C)'], 'REFERENCES', (1, 1)),
+ (['SELECT', 'UPDATE (A, B, C)'], 'UPDATE', (1, 1)),
+ (['INSERT', 'SELECT (A', 'B)'], 'SELECT', (1, 2)),
+ (['SELECT (A', 'B)', 'UPDATE'], 'SELECT', (0, 1)),
+ (['INSERT', 'SELECT (A', 'B)', 'UPDATE'], 'SELECT', (1, 2)),
+ (['INSERT (A, B)', 'SELECT (A', 'B)', 'UPDATE'], 'INSERT', (0, 0)),
+ (['INSERT (A', 'B)', 'SELECT (A', 'B)', 'UPDATE'], 'INSERT', (0, 1)),
+ (['INSERT (A', 'B)', 'SELECT (A', 'B)', 'UPDATE'], 'SELECT', (2, 3)),
+ (['INSERT (A', 'B)', 'SELECT (A', 'C', 'B)', 'UPDATE'], 'SELECT', (2, 4)),
+ ]
+)
+def test_has_grant_on_col(input_list, grant, output_tuple):
+ """Tests has_grant_on_col function."""
+ assert has_grant_on_col(input_list, grant) == output_tuple
+
+
+@pytest.mark.parametrize(
+ 'input_,output',
+ [
+ ('SELECT (A)', 'SELECT (A)'),
+ ('SELECT (`A`)', 'SELECT (A)'),
+ ('UPDATE (B, A)', 'UPDATE (A, B)'),
+ ('INSERT (`A`, `B`)', 'INSERT (A, B)'),
+ ('REFERENCES (B, A)', 'REFERENCES (A, B)'),
+ ('SELECT (`B`, `A`)', 'SELECT (A, B)'),
+ ('SELECT (`B`, `A`, C)', 'SELECT (A, B, C)'),
+ ]
+)
+def test_sort_column_order(input_, output):
+ """Tests sort_column_order function."""
+ assert sort_column_order(input_) == output
+
+
+@pytest.mark.parametrize(
+ 'privileges,start,end,output',
+ [
+ (['UPDATE', 'SELECT (C, B, A)'], 1, 1, ['UPDATE', 'SELECT (A, B, C)']),
+ (['INSERT', 'SELECT (A', 'B)'], 1, 2, ['INSERT', 'SELECT (A, B)']),
+ (
+ ['SELECT (`A`', 'B)', 'UPDATE', 'REFERENCES (B, A)'], 0, 1,
+ ['SELECT (A, B)', 'UPDATE', 'REFERENCES (B, A)']),
+ (
+ ['INSERT', 'REFERENCES (`B`', 'A', 'C)', 'UPDATE (A', 'B)'], 1, 3,
+ ['INSERT', 'REFERENCES (A, B, C)', 'UPDATE (A', 'B)']),
+ ]
+)
+def test_handle_grant_on_col(privileges, start, end, output):
+ """Tests handle_grant_on_col function."""
+ assert handle_grant_on_col(privileges, start, end) == output
+
+
+@pytest.mark.parametrize(
+ 'input_,expected',
+ [
+ (['SELECT'], ['SELECT']),
+ (['SELECT (A, B)'], ['SELECT (A, B)']),
+ (['SELECT (B, A)'], ['SELECT (A, B)']),
+ (['UPDATE', 'SELECT (C, B, A)'], ['UPDATE', 'SELECT (A, B, C)']),
+ (['INSERT', 'SELECT (A', 'B)'], ['INSERT', 'SELECT (A, B)']),
+ (
+ ['SELECT (`A`', 'B)', 'UPDATE', 'REFERENCES (B, A)'],
+ ['SELECT (A, B)', 'UPDATE', 'REFERENCES (A, B)']),
+ (
+ ['INSERT', 'REFERENCES (`B`', 'A', 'C)', 'UPDATE (B', 'A)', 'DELETE'],
+ ['INSERT', 'REFERENCES (A, B, C)', 'UPDATE (A, B)', 'DELETE']),
+ ]
+)
+def test_normalize_col_grants(input_, expected):
+ """Tests normalize_col_grants function."""
+ assert normalize_col_grants(input_) == expected
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_user_implementation.py b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_user_implementation.py
new file mode 100644
index 00000000..c1fe2ee9
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/module_utils/test_mysql_user_implementation.py
@@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import pytest
+
+from ansible_collections.community.mysql.plugins.module_utils.implementations.mysql.user import (
+ supports_identified_by_password,
+)
+from ..utils import dummy_cursor_class
+
+
+@pytest.mark.parametrize(
+ 'function_return,cursor_output,cursor_ret_type',
+ [
+ (True, '5.5.1-mysql', 'list'),
+ (True, '5.7.0-mysql', 'dict'),
+ (False, '8.0.22-mysql', 'list'),
+ (False, '8.1.2-mysql', 'dict'),
+ (False, '9.0.0-mysql', 'list'),
+ (False, '8.0.0-mysql', 'list'),
+ (False, '8.0.11-mysql', 'dict'),
+ (False, '8.0.21-mysql', 'list'),
+ ]
+)
+def test_supports_identified_by_password(function_return, cursor_output, cursor_ret_type):
+ """
+ Tests whether 'CREATE USER %s@%s IDENTIFIED BY PASSWORD %s' is supported,
+ which is currently supported by everything besides MySQL >= 8.0.
+ """
+ cursor = dummy_cursor_class(cursor_output, cursor_ret_type)
+ assert supports_identified_by_password(cursor) == function_return
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/modules/__init__.py b/ansible_collections/community/mysql/tests/unit/plugins/modules/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/modules/__init__.py
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/modules/test_mysql_info.py b/ansible_collections/community/mysql/tests/unit/plugins/modules/test_mysql_info.py
new file mode 100644
index 00000000..7aa9577e
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/modules/test_mysql_info.py
@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import pytest
+
+try:
+ from unittest.mock import MagicMock
+except ImportError:
+ from mock import MagicMock
+
+from ansible_collections.community.mysql.plugins.modules.mysql_info import MySQL_Info
+
+
+@pytest.mark.parametrize(
+ 'suffix,cursor_output',
+ [
+ ('mysql', '5.5.1-mysql'),
+ ('log', '5.7.31-log'),
+ ('mariadb', '10.5.0-mariadb'),
+ ('', '8.0.22'),
+ ]
+)
+def test_get_info_suffix(suffix, cursor_output):
+ def __cursor_return_value(input_parameter):
+ if input_parameter == "SHOW GLOBAL VARIABLES":
+ cursor.fetchall.return_value = [{"Variable_name": "version", "Value": cursor_output}]
+ else:
+ cursor.fetchall.return_value = MagicMock()
+
+ cursor = MagicMock()
+ cursor.execute.side_effect = __cursor_return_value
+
+ info = MySQL_Info(MagicMock(), cursor)
+
+ assert info.get_info([], [], False)['version']['suffix'] == suffix
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/modules/test_mysql_role.py b/ansible_collections/community/mysql/tests/unit/plugins/modules/test_mysql_role.py
new file mode 100644
index 00000000..3c24719a
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/modules/test_mysql_role.py
@@ -0,0 +1,119 @@
+# -*- coding: utf-8 -*-
+
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import pytest
+
+from ansible_collections.community.mysql.plugins.modules.mysql_role import (
+ MariaDBQueryBuilder,
+ MySQLQueryBuilder,
+ normalize_users,
+)
+
+# TODO: Also cover DbServer, Role, MySQLRoleImpl, MariaDBRoleImpl classes
+
+
+class Module():
+ def __init__(self):
+ self.msg = None
+
+ def fail_json(self, msg=None):
+ self.msg = msg
+
+
+module = Module()
+
+
+@pytest.mark.parametrize(
+ 'builder,output',
+ [
+ (MariaDBQueryBuilder('role0'), ("SELECT count(*) FROM mysql.user WHERE user = %s AND is_role = 'Y'", ('role0',))),
+ (MySQLQueryBuilder('role0', '%'), ('SELECT count(*) FROM mysql.user WHERE user = %s AND host = %s', ('role0', '%'))),
+ (MariaDBQueryBuilder('role1'), ("SELECT count(*) FROM mysql.user WHERE user = %s AND is_role = 'Y'", ('role1',))),
+ (MySQLQueryBuilder('role1', 'fake'), ('SELECT count(*) FROM mysql.user WHERE user = %s AND host = %s', ('role1', 'fake'))),
+ ]
+)
+def test_query_builder_role_exists(builder, output):
+ """Test role_exists method of the builder classes."""
+ assert builder.role_exists() == output
+
+
+@pytest.mark.parametrize(
+ 'builder,admin,output',
+ [
+ (MariaDBQueryBuilder('role0'), None, ('CREATE ROLE %s', ('role0',))),
+ (MySQLQueryBuilder('role0', '%'), None, ('CREATE ROLE %s', ('role0',))),
+ (MariaDBQueryBuilder('role1'), None, ('CREATE ROLE %s', ('role1',))),
+ (MySQLQueryBuilder('role1', 'fake'), None, ('CREATE ROLE %s', ('role1',))),
+ (MariaDBQueryBuilder('role0'), ('user0', ''), ('CREATE ROLE %s WITH ADMIN %s', ('role0', 'user0'))),
+ (MySQLQueryBuilder('role0', '%'), ('user0', ''), ('CREATE ROLE %s', ('role0',))),
+ (MariaDBQueryBuilder('role1'), ('user0', 'localhost'), ('CREATE ROLE %s WITH ADMIN %s@%s', ('role1', 'user0', 'localhost'))),
+ (MySQLQueryBuilder('role1', 'fake'), ('user0', 'localhost'), ('CREATE ROLE %s', ('role1',))),
+ ]
+)
+def test_query_builder_role_create(builder, admin, output):
+ """Test role_create method of the builder classes."""
+ assert builder.role_create(admin) == output
+
+
+@pytest.mark.parametrize(
+ 'builder,user,output',
+ [
+ (MariaDBQueryBuilder('role0'), ('user0', ''), ('GRANT %s TO %s', ('role0', 'user0'))),
+ (MySQLQueryBuilder('role0', '%'), ('user0', ''), ('GRANT %s@%s TO %s', ('role0', '%', 'user0'))),
+ (MariaDBQueryBuilder('role1'), ('user0', 'localhost'), ('GRANT %s TO %s@%s', ('role1', 'user0', 'localhost'))),
+ (MySQLQueryBuilder('role1', 'fake'), ('user0', 'localhost'), ('GRANT %s@%s TO %s@%s', ('role1', 'fake', 'user0', 'localhost'))),
+ ]
+)
+def test_query_builder_role_grant(builder, user, output):
+ """Test role_grant method of the builder classes."""
+ assert builder.role_grant(user) == output
+
+
+@pytest.mark.parametrize(
+ 'builder,user,output',
+ [
+ (MariaDBQueryBuilder('role0'), ('user0', ''), ('REVOKE %s FROM %s', ('role0', 'user0'))),
+ (MySQLQueryBuilder('role0', '%'), ('user0', ''), ('REVOKE %s@%s FROM %s', ('role0', '%', 'user0'))),
+ (MariaDBQueryBuilder('role1'), ('user0', 'localhost'), ('REVOKE %s FROM %s@%s', ('role1', 'user0', 'localhost'))),
+ (MySQLQueryBuilder('role1', 'fake'), ('user0', 'localhost'), ('REVOKE %s@%s FROM %s@%s', ('role1', 'fake', 'user0', 'localhost'))),
+ ]
+)
+def test_query_builder_role_revoke(builder, user, output):
+ """Test role_revoke method of the builder classes."""
+ assert builder.role_revoke(user) == output
+
+
+@pytest.mark.parametrize(
+ 'input_,output,is_mariadb',
+ [
+ (['user'], [('user', '')], True),
+ (['user'], [('user', '%')], False),
+ (['user@%'], [('user', '%')], True),
+ (['user@%'], [('user', '%')], False),
+ (['user@localhost'], [('user', 'localhost')], True),
+ (['user@localhost'], [('user', 'localhost')], False),
+ (['user', 'user@%'], [('user', ''), ('user', '%')], True),
+ (['user', 'user@%'], [('user', '%'), ('user', '%')], False),
+ ]
+)
+def test_normalize_users(input_, output, is_mariadb):
+ """Test normalize_users function with expected input."""
+ assert normalize_users(None, input_, is_mariadb) == output
+
+
+@pytest.mark.parametrize(
+ 'input_,is_mariadb,err_msg',
+ [
+ ([''], True, "Member's name cannot be empty."),
+ ([''], False, "Member's name cannot be empty."),
+ ([None], True, "Error occured while parsing"),
+ ([None], False, "Error occured while parsing"),
+ ]
+)
+def test_normalize_users_failing(input_, is_mariadb, err_msg):
+ """Test normalize_users function with wrong input."""
+
+ normalize_users(module, input_, is_mariadb)
+ assert err_msg in module.msg
diff --git a/ansible_collections/community/mysql/tests/unit/plugins/utils.py b/ansible_collections/community/mysql/tests/unit/plugins/utils.py
new file mode 100644
index 00000000..7712d1cd
--- /dev/null
+++ b/ansible_collections/community/mysql/tests/unit/plugins/utils.py
@@ -0,0 +1,19 @@
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+
+class dummy_cursor_class():
+ """Dummy class for returning an answer for SELECT VERSION()."""
+ def __init__(self, output, ret_val_type='dict'):
+ self.output = output
+ self.ret_val_type = ret_val_type
+
+ def execute(self, query):
+ pass
+
+ def fetchone(self):
+ if self.ret_val_type == 'dict':
+ return {'version': self.output}
+
+ elif self.ret_val_type == 'list':
+ return [self.output]