diff options
author | Matt Clay <matt@mystile.com> | 2016-10-13 09:09:25 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-10-13 09:09:25 -0700 |
commit | 75e4645ee70434e2706845ca9fe96d5823616eea (patch) | |
tree | 360f27f11eeb33ba993ae3f30764589b3981e99c /test/integration/targets/mysql_user | |
parent | 374e4348e4d76cff7c0e6e41cb2368799c0ae443 (diff) | |
download | ansible-75e4645ee70434e2706845ca9fe96d5823616eea.tar.gz |
Migrate Linux CI roles to test targets. (#17997)
Diffstat (limited to 'test/integration/targets/mysql_user')
9 files changed, 530 insertions, 0 deletions
diff --git a/test/integration/targets/mysql_user/defaults/main.yml b/test/integration/targets/mysql_user/defaults/main.yml new file mode 100644 index 0000000000..ff7503f8f0 --- /dev/null +++ b/test/integration/targets/mysql_user/defaults/main.yml @@ -0,0 +1,16 @@ +--- +# defaults file for test_mysql_user +db_name: 'data' +user_name_1: 'db_user1' +user_name_2: 'db_user2' + +user_password_1: '12345' +user_password_2: '98765' + +db_names: + - clientdb + - employeedb + - providerdb + +tmp_dir: '/tmp' + diff --git a/test/integration/targets/mysql_user/meta/main.yml b/test/integration/targets/mysql_user/meta/main.yml new file mode 100644 index 0000000000..4aa170dc06 --- /dev/null +++ b/test/integration/targets/mysql_user/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_mysql_db diff --git a/test/integration/targets/mysql_user/tasks/assert_no_user.yml b/test/integration/targets/mysql_user/tasks/assert_no_user.yml new file mode 100644 index 0000000000..4d4a411fe2 --- /dev/null +++ b/test/integration/targets/mysql_user/tasks/assert_no_user.yml @@ -0,0 +1,25 @@ +# test code to assert no mysql user +# (c) 2014, Wayne Rosario <wrosario@ansible.com> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# ============================================================ +- name: run command to query for mysql user + command: mysql "-e SELECT User FROM mysql.user where user='{{ user_name }}';" + register: result + +- name: assert mysql user is not present + assert: { that: "'{{ user_name }}' not in result.stdout" } diff --git a/test/integration/targets/mysql_user/tasks/assert_user.yml b/test/integration/targets/mysql_user/tasks/assert_user.yml new file mode 100644 index 0000000000..7b35a1f350 --- /dev/null +++ b/test/integration/targets/mysql_user/tasks/assert_user.yml @@ -0,0 +1,34 @@ +# test code to assert mysql user +# (c) 2014, Wayne Rosario <wrosario@ansible.com> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# ============================================================ +- name: run command to query for mysql user + command: mysql "-e SELECT User FROM mysql.user where user='{{ user_name }}';" + register: result + +- name: assert mysql user is present + assert: { that: "'{{ user_name }}' in result.stdout" } + +- name: run command to show privileges for user (expect privileges in stdout) + command: mysql "-e SHOW GRANTS FOR '{{ user_name }}'@'localhost';" + register: result + when: priv is defined + +- name: assert user has giving privileges + assert: { that: "'GRANT {{priv}} ON *.*' in result.stdout" } + when: priv is defined diff --git a/test/integration/targets/mysql_user/tasks/create_user.yml b/test/integration/targets/mysql_user/tasks/create_user.yml new file mode 100644 index 0000000000..e7b0d7a33b --- /dev/null +++ b/test/integration/targets/mysql_user/tasks/create_user.yml @@ -0,0 +1,25 @@ +# test code to create mysql user +# (c) 2014, Wayne Rosario <wrosario@ansible.com> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# ============================================================ +- name: create mysql user {{user_name}} + mysql_user: name={{user_name}} password={{user_password}} state=present + register: result + +- name: assert output message mysql user was created + assert: { that: "result.changed == true" } diff --git a/test/integration/targets/mysql_user/tasks/main.yml b/test/integration/targets/mysql_user/tasks/main.yml new file mode 100644 index 0000000000..db6a74dc5c --- /dev/null +++ b/test/integration/targets/mysql_user/tasks/main.yml @@ -0,0 +1,180 @@ +# test code for the mysql_user module +# (c) 2014, Wayne Rosario <wrosario@ansible.com> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 dof the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# ============================================================ +# create mysql user and verify user is added to mysql database +# +- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} + +- include: assert_user.yml user_name={{user_name_1}} + +- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} + +- include: assert_no_user.yml user_name={{user_name_1}} + +# ============================================================ +# Create mysql user that already exist on mysql database +# +- include: create_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} + +- name: create mysql user that already exist (expect changed=false) + mysql_user: name={{user_name_1}} password={{user_password_1}} state=present + register: result + +- name: assert output message mysql user was not created + assert: { that: "result.changed == false" } + +# ============================================================ +# remove mysql user and verify user is removed from mysql database +# +- name: remove mysql user state=absent (expect changed=true) + mysql_user: name={{ user_name_1 }} password={{ user_password_1 }} state=absent + register: result + +- name: assert output message mysql user was removed + assert: { that: "result.changed == true" } + +- include: assert_no_user.yml user_name={{user_name_1}} + +# ============================================================ +# remove mysql user that does not exist on mysql database +# +- name: remove mysql user that does not exist state=absent (expect changed=false) + mysql_user: name={{ user_name_1 }} password={{ user_password_1 }} state=absent + register: result + +- name: assert output message mysql user that does not exist + assert: { that: "result.changed == false" } + +- include: assert_no_user.yml user_name={{user_name_1}} + +# ============================================================ +# Create user with no privileges and verify default privileges are assign +# +- name: create user with select privilege state=present (expect changed=true) + mysql_user: name={{ user_name_1 }} password={{ user_password_1 }} state=present + register: result + +- include: assert_user.yml user_name={{user_name_1}} priv=USAGE + +- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} + +- include: assert_no_user.yml user_name={{user_name_1}} + +# ============================================================ +# Create user with select privileges and verify select privileges are assign +# +- name: create user with select privilege state=present (expect changed=true) + mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} state=present priv=*.*:SELECT + register: result + +- include: assert_user.yml user_name={{user_name_2}} priv=SELECT + +- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_2 }} + +- include: assert_no_user.yml user_name={{user_name_2}} + +# ============================================================ +# Assert user has access to multiple databases +# +- name: give users access to multiple databases + mysql_user: name={{ item[0] }} priv={{ item[1] }}.*:ALL append_privs=yes password={{ user_password_1 }} + with_nested: + - [ '{{ user_name_1 }}' , '{{ user_name_2 }}'] + - "{{db_names}}" + +- name: show grants access for user1 on multiple database + command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';" + register: result + +- name: assert grant access for user1 on multiple database + assert: { that: "'{{ item }}' in result.stdout" } + with_items: "{{db_names}}" + +- name: show grants access for user2 on multiple database + command: mysql "-e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost';" + register: result + +- name: assert grant access for user2 on multiple database + assert: { that: "'{{ item }}' in result.stdout" } + with_items: "{{db_names}}" + +- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} + +- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }} + +- name: give user access to database via wildcard + mysql_user: name={{ user_name_1 }} priv=%db.*:SELECT append_privs=yes password={{ user_password_1 }} + +- name: show grants access for user1 on multiple database + command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';" + register: result + +- name: assert grant access for user1 on multiple database + assert: + that: + - "'%db' in result.stdout" + - "'SELECT' in result.stdout" + +- name: change user access to database via wildcard + mysql_user: name={{ user_name_1 }} priv=%db.*:INSERT append_privs=yes password={{ user_password_1 }} + +- name: show grants access for user1 on multiple database + command: mysql "-e SHOW GRANTS FOR '{{ user_name_1 }}'@'localhost';" + register: result + +- name: assert grant access for user1 on multiple database + assert: + that: + - "'%db' in result.stdout" + - "'INSERT' in result.stdout" + +- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} + +# ============================================================ +# Update user password for a user. +# Assert the user password is updated and old password can no longer be used. +# +- include: user_password_update_test.yml + +# ============================================================ +# Assert create user with SELECT privileges, attempt to create database and update privileges to create database +# +- include: test_privs.yml current_privilege=SELECT current_append_privs=no + +# ============================================================ +# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database +# +- include: test_privs.yml current_privilege=DROP current_append_privs=yes + +# ============================================================ +# Assert create user with SELECT privileges, attempt to create database and update privileges to create database +# +- include: test_privs.yml current_privilege='UPDATE,ALTER' current_append_privs=no + +# ============================================================ +# Assert creating user with SELECT privileges, attempt to create database and append privileges to create database +# +- include: test_privs.yml current_privilege='INSERT,DELETE' current_append_privs=yes + + + + + + + diff --git a/test/integration/targets/mysql_user/tasks/remove_user.yml b/test/integration/targets/mysql_user/tasks/remove_user.yml new file mode 100644 index 0000000000..eed959300a --- /dev/null +++ b/test/integration/targets/mysql_user/tasks/remove_user.yml @@ -0,0 +1,43 @@ +# test code to remove mysql user +# (c) 2014, Wayne Rosario <wrosario@ansible.com> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# ============================================================ +- name: remove mysql user {{user_name}} + mysql_user: name={{user_name}} password={{user_password}} state=absent + register: result + +- name: assert output message mysql user was removed + assert: { that: "result.changed == true" } + +# ============================================================ +- name: create blank mysql user to be removed later + mysql_user: name="" state=present + +- name: remove blank mysql user with hosts=all (expect changed) + mysql_user: user="" host_all=true state=absent + register: result + +- name: assert changed is true for removing all blank users + assert: { that: "result.changed == true" } + +- name: remove blank mysql user with hosts=all (expect ok) + mysql_user: user="" host_all=true state=absent + register: result + +- name: assert changed is true for removing all blank users + assert: { that: "result.changed == false" } diff --git a/test/integration/targets/mysql_user/tasks/test_privs.yml b/test/integration/targets/mysql_user/tasks/test_privs.yml new file mode 100644 index 0000000000..5787501350 --- /dev/null +++ b/test/integration/targets/mysql_user/tasks/test_privs.yml @@ -0,0 +1,88 @@ +# test code for privileges for mysql_user module +# (c) 2014, Wayne Rosario <wrosario@ansible.com> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# ============================================================ +- name: create user with basic select privileges + mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=*.*:SELECT state=present + when: current_append_privs == "yes" + +- include: assert_user.yml user_name={{user_name_2}} priv='SELECT' + when: current_append_privs == "yes" + +- name: create user with current privileges (expect changed=true) + mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=*.*:{{current_privilege}} append_privs={{current_append_privs}} state=present + register: result + +- name: assert output message for current privileges + assert: { that: "result.changed == true" } + +- name: run command to show privileges for user (expect privileges in stdout) + command: mysql "-e SHOW GRANTS FOR '{{user_name_2}}'@'localhost';" + register: result + +- name: assert user has correct privileges + assert: { that: "'GRANT {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout" } + when: current_append_privs == "no" + +- name: assert user has correct privileges + assert: { that: "'GRANT SELECT, {{current_privilege | replace(',', ', ')}} ON *.*' in result.stdout" } + when: current_append_privs == "yes" + +- name: create database using user current privileges + mysql_db: name={{ db_name }} state=present login_user={{ user_name_2 }} login_password={{ user_password_2 }} + ignore_errors: true + +- name: run command to test that database was not created + command: mysql "-e show databases like '{{ db_name }}';" + register: result + +- name: assert database was not created + assert: { that: "'{{ db_name }}' not in result.stdout" } + +# ============================================================ +- name: Add privs to a specific table (expect changed) + mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=jmainguy.jmainguy:ALL state=present + register: result + +- name: Assert that priv changed + assert: { that: "result.changed == true" } + +- name: Add privs to a specific table (expect ok) + mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=jmainguy.jmainguy:ALL state=present + register: result + +- name: Assert that priv did not change + assert: { that: "result.changed == false" } + +# ============================================================ +- name: update user with all privileges + mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=*.*:ALL state=present + +- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES' + +- name: create database using user + mysql_db: name={{ db_name }} state=present login_user={{ user_name_2 }} login_password={{ user_password_2 }} + +- name: run command to test database was created using user new privileges + command: mysql "-e SHOW CREATE DATABASE {{ db_name }};" + +- name: drop database using user + mysql_db: name={{ db_name }} state=absent login_user={{ user_name_2 }} login_password={{ user_password_2 }} + +- name: remove username + mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} state=absent diff --git a/test/integration/targets/mysql_user/tasks/user_password_update_test.yml b/test/integration/targets/mysql_user/tasks/user_password_update_test.yml new file mode 100644 index 0000000000..315066724e --- /dev/null +++ b/test/integration/targets/mysql_user/tasks/user_password_update_test.yml @@ -0,0 +1,117 @@ +# test code update password for the mysql_user module +# (c) 2014, Wayne Rosario <wrosario@ansible.com> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 dof the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# ============================================================ +# Update user password for a user. +# Assert the user password is updated and old password can no longer be used. +# +- name: create user1 state=present with a password + mysql_user: name={{ user_name_1 }} password={{ user_password_1 }} priv=*.*:ALL state=present + +- name: create user2 state=present with a password + mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=*.*:ALL state=present + +- name: store user2 grants with old password (mysql 5.7.6 and newer) + command: mysql "-e SHOW CREATE USER '{{ user_name_2 }}'@'localhost';" + register: user_password_old_create + ignore_errors: yes + +- name: store user2 grants with old password (mysql 5.7.5 and older) + command: mysql "-e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost';" + register: user_password_old + when: user_password_old_create|failed + +# FIXME: not sure why this is failing, but it looks like it should expect changed=true +#- name: update user2 state=present with same password (expect changed=false) +# mysql_user: name={{ user_name_2 }} password={{ user_password_2 }} priv=*.*:ALL state=present +# register: result +# +#- name: assert output user2 was not updated +# assert: { that: "result.changed == false" } + +- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES' + +- name: update user2 state=present with a new password (expect changed=true) + mysql_user: name={{ user_name_2 }} password={{ user_password_1 }} state=present + register: result + +- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES' + +- name: store user2 grants with old password (mysql 5.7.6 and newer) + command: mysql "-e SHOW CREATE USER '{{ user_name_2 }}'@'localhost';" + register: user_password_new_create + ignore_errors: yes + +- name: store user2 grants with new password + command: mysql "-e SHOW GRANTS FOR '{{ user_name_2 }}'@'localhost';" + register: user_password_new + when: user_password_new_create|failed + +- name: assert output message password was update for user2 (mysql 5.7.6 and newer) + assert: { that: "user_password_old_create.stdout != user_password_new_create.stdout" } + when: not user_password_new_create|failed + +- name: assert output message password was update for user2 (mysql 5.7.5 and older) + assert: { that: "user_password_old.stdout != user_password_new.stdout" } + when: user_password_new_create|failed + +- name: create database using user2 and old password + mysql_db: name={{ db_name }} state=present login_user={{ user_name_2 }} login_password={{ user_password_2 }} + ignore_errors: true + register: result + +- debug: var=result.msg +- name: assert output message that database not create with old password + assert: + that: + - "result.failed == true" + +- name: create database using user2 and new password + mysql_db: name={{ db_name }} state=present login_user={{ user_name_2 }} login_password={{ user_password_1 }} + register: result + +- name: assert output message that database is created with new password + assert: { that: "result.changed == true" } + +- name: remove database + mysql_db: name={{ db_name }} state=absent + +- include: remove_user.yml user_name={{user_name_1}} user_password={{ user_password_1 }} + +- include: remove_user.yml user_name={{user_name_2}} user_password={{ user_password_1 }} + +- name: Create user with password1234 using hash. (expect changed=true) + mysql_user: name=jmainguy password='*D65798AAC0E5C6DF3F320F8A30E026E7EBD73A95' encrypted=yes + register: encrypt_result + +- name: Check that the module made a change + assert: + that: + - "encrypt_result.changed == True" + +- name: See if the password needs to be updated. (expect changed=false) + mysql_user: name=jmainguy password='password1234' + register: plain_result + +- name: Check that the module did not change the password + assert: + that: + - "plain_result.changed == False" + +- name: Remove user (cleanup) + mysql_user: name=jmainguy state=absent |