Skip to content

Commit

Permalink
[stable-2] Backport stable 2 5 (#235)
Browse files Browse the repository at this point in the history
* Copy ignore-2.12.txt to ignore-2.13.txt (#225)

(cherry picked from commit 4f205ef)

* CI matrix update (#226)

* CI matrix update

* Fix test_mysql_user

* Fix CI

* Fix CI

* Fix CI

* Fix CI

* Fix CI

(cherry picked from commit fc984b2)

* integration tests: remove superfluous debug task (#228)

* integration tests: remove superfluous debug task

* Turn off integration tests against devel

(cherry picked from commit f47d463)

* mysql_user: fix broken compatibility for priviledge aliases (#233)

* mysql_user: fix broken compatibility for priviledge aliases

* add changelog fragment

* fix changelog fragment

* Improve formatting

(cherry picked from commit bb3e9fd)
  • Loading branch information
Andersson007 authored Oct 19, 2021
1 parent a6bacef commit 55a8ecd
Show file tree
Hide file tree
Showing 13 changed files with 104 additions and 43 deletions.
15 changes: 15 additions & 0 deletions .github/workflows/ansible-test-plugins.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ jobs:
- stable-2.9
- stable-2.10
- stable-2.11
- stable-2.12
- devel
steps:

Expand Down Expand Up @@ -61,16 +62,29 @@ jobs:
- stable-2.9
- stable-2.10
- stable-2.11
- stable-2.12
#- devel
python:
- 3.6
- 3.8
connector:
- pymysql==0.7.10
- pymysql==0.9.3
- mysqlclient==2.0.1
exclude:
- mysql: 8.0.22
connector: pymysql==0.7.10
- python: 3.8
ansible: stable-2.9
- python: 3.8
ansible: stable-2.10
- python: 3.8
ansible: stable-2.11
- python: 3.6
ansible: stable-2.12
- python: 3.6
ansible: devel

steps:

- name: Check out code
Expand Down Expand Up @@ -116,6 +130,7 @@ jobs:
- stable-2.9
- stable-2.10
- stable-2.11
- stable-2.12
- devel

steps:
Expand Down
2 changes: 2 additions & 0 deletions changelogs/fragments/233-mysql_user_return_valid_privs.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bugfixes:
- mysql_user - Fix crash reporting ``Invalid privileges specified`` when passing privileges that became aliases (https://github.com/ansible-collections/community.mysql/issues/232).
43 changes: 42 additions & 1 deletion plugins/module_utils/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,46 @@

EXTRA_PRIVS = ['ALL', 'ALL PRIVILEGES', 'GRANT', 'REQUIRESSL']

# This list is kept for backwards compatibility after release 2.3.0,
# see https://github.com/ansible-collections/community.mysql/issues/232 for details
VALID_PRIVS = [
'CREATE', 'DROP', 'GRANT', 'GRANT OPTION',
'LOCK TABLES', 'REFERENCES', 'EVENT', 'ALTER',
'DELETE', 'INDEX', 'INSERT', 'SELECT', 'UPDATE',
'CREATE TEMPORARY TABLES', 'TRIGGER', 'CREATE VIEW',
'SHOW VIEW', 'ALTER ROUTINE', 'CREATE ROUTINE',
'EXECUTE', 'FILE', 'CREATE TABLESPACE', 'CREATE USER',
'PROCESS', 'PROXY', 'RELOAD', 'REPLICATION CLIENT',
'REPLICATION SLAVE', 'SHOW DATABASES', 'SHUTDOWN',
'SUPER', 'ALL', 'ALL PRIVILEGES', 'USAGE',
'REQUIRESSL', # Deprecated, to be removed in version 3.0.0
'CREATE ROLE', 'DROP ROLE', 'APPLICATION_PASSWORD_ADMIN',
'AUDIT_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
'ENCRYPTION_KEY_ADMIN', 'FIREWALL_ADMIN', 'FIREWALL_USER',
'GROUP_REPLICATION_ADMIN', 'INNODB_REDO_LOG_ARCHIVE',
'NDB_STORED_USER', 'PERSIST_RO_VARIABLES_ADMIN',
'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER',
'ROLE_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID',
'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'SYSTEM_USER',
'TABLE_ENCRYPTION_ADMIN', 'VERSION_TOKEN_ADMIN',
'XA_RECOVER_ADMIN', 'LOAD FROM S3', 'SELECT INTO S3',
'INVOKE LAMBDA',
'ALTER ROUTINE',
'BINLOG ADMIN',
'BINLOG MONITOR',
'BINLOG REPLAY',
'CONNECTION ADMIN',
'READ_ONLY ADMIN',
'REPLICATION MASTER ADMIN',
'REPLICATION SLAVE ADMIN',
'SET USER',
'SHOW_ROUTINE',
'SLAVE MONITOR',
'REPLICA MONITOR',
]


class InvalidPrivsError(Exception):
pass
Expand Down Expand Up @@ -110,7 +150,8 @@ def get_tls_requires(cursor, user, host):
def get_valid_privs(cursor):
cursor.execute("SHOW PRIVILEGES")
show_privs = [priv[0].upper() for priv in cursor.fetchall()]
all_privs = show_privs + EXTRA_PRIVS
# See the comment above VALID_PRIVS declaration
all_privs = show_privs + EXTRA_PRIVS + VALID_PRIVS
return frozenset(all_privs)


Expand Down
17 changes: 17 additions & 0 deletions tests/integration/targets/setup_mysql/tasks/install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,23 @@
- name: "{{ role_name }} | install | install python packages"
pip:
name: "{{ python_packages }}"
register: connector

- name: Extract connector.name.0 content
set_fact:
connector_name: "{{ connector.name.0 }}"

- name: Debug connector_name content
debug:
msg: '{{ connector_name }}'

- name: Extract connector version
set_fact:
connector_ver: "{{ connector_name.split('=')[2].strip() }}"

- name: Debug connector_ver var content
debug:
msg: '{{ connector_ver }}'

- name: "{{ role_name }} | install | install packages required by mysql"
apt:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,27 +11,26 @@
- name: Add fake port to config file
shell: 'echo "port = {{ fake_port }}" >> {{ config_file }}'

- name: Get pymysql version
shell: pip show pymysql | awk '/Version/ {print $2}'
register: pymysql_version

- name: Add blank line
shell: 'echo "" >> {{ config_file }}'
when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
when:
- (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')

- name: Create include_dir
file:
path: '{{ include_dir }}'
state: directory
mode: '0777'
when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
when:
- (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')

- name: Add include_dir
lineinfile:
path: '{{ config_file }}'
line: '!includedir {{ include_dir }}'
insertafter: EOF
when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
when:
- (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')

- name: Create database using fake port to connect to, must fail
mysql_db:
Expand Down
7 changes: 2 additions & 5 deletions tests/integration/targets/test_mysql_db/tasks/issue-28.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@
block:

# ============================================================
- shell: pip show pymysql | awk '/Version/ {print $2}'
register: pymysql_version

- name: get server certificate
copy:
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
Expand Down Expand Up @@ -49,12 +46,12 @@
- assert:
that:
- result is failed
when: pymysql_version.stdout != ""
when: connector.name.0 is search('pymysql')

- assert:
that:
- result is succeeded
when: pymysql_version.stdout == ""
when: connector.name.0 is not search('pymysql')

- name: attempt connection with newly created user ignoring hostname
mysql_db:
Expand Down
7 changes: 2 additions & 5 deletions tests/integration/targets/test_mysql_info/tasks/issue-28.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@
block:

# ============================================================
- shell: pip show pymysql | awk '/Version/ {print $2}'
register: pymysql_version

- name: get server certificate
copy:
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
Expand Down Expand Up @@ -47,12 +44,12 @@
- assert:
that:
- result is failed
when: pymysql_version.stdout != ""
when: connector.name.0 is search('pymysql')

- assert:
that:
- result is succeeded
when: pymysql_version.stdout == ""
when: connector.name.0 is not search('pymysql')

- name: attempt connection with newly created user ignoring hostname
mysql_info:
Expand Down
7 changes: 2 additions & 5 deletions tests/integration/targets/test_mysql_query/tasks/issue-28.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@
block:

# ============================================================
- shell: pip show pymysql | awk '/Version/ {print $2}'
register: pymysql_version

- name: get server certificate
copy:
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
Expand Down Expand Up @@ -47,12 +44,12 @@
- assert:
that:
- result is failed
when: pymysql_version.stdout != ""
when: connector.name.0 is search('pymysql')

- assert:
that:
- result is succeeded
when: pymysql_version.stdout == ""
when: connector.name.0 is not search('pymysql')

- name: attempt connection with newly created user ignoring hostname
mysql_query:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@
block:

# ============================================================
- shell: pip show pymysql | awk '/Version/ {print $2}'
register: pymysql_version

- name: get server certificate
copy:
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
Expand Down Expand Up @@ -48,12 +45,12 @@
- assert:
that:
- result is failed
when: pymysql_version.stdout != ""
when: connector.name.0 is search('pymysql')

- assert:
that:
- result is succeeded
when: pymysql_version.stdout == ""
when: connector.name.0 is not search('pymysql')

- name: attempt connection with newly created user ignoring hostname
mysql_replication:
Expand Down
7 changes: 2 additions & 5 deletions tests/integration/targets/test_mysql_user/tasks/issue-28.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@
block:

# ============================================================
- shell: pip show pymysql | awk '/Version/ {print $2}'
register: pymysql_version

- name: get server certificate
copy:
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
Expand Down Expand Up @@ -50,12 +47,12 @@
- assert:
that:
- result is failed
when: pymysql_version.stdout != ""
when: connector.name.0 is search('pymysql')

- assert:
that:
- result is succeeded
when: pymysql_version.stdout == ""
when: connector.name.0 is not search('pymysql')

- name: attempt connection with newly created user ignoring hostname
mysql_user:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@
block:

# ============================================================
- shell: pip show pymysql | awk '/Version/ {print $2}'
register: pymysql_version

- name: get server certificate
copy:
content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
Expand Down Expand Up @@ -48,12 +45,12 @@
- assert:
that:
- result is failed
when: pymysql_version.stdout != ""
when: connector.name.0 is search('pymysql')

- assert:
that:
- result is succeeded
when: pymysql_version.stdout == ""
when: connector.name.0 is not search('pymysql')

- name: attempt connection with newly created user ignoring hostname
mysql_variables:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -151,9 +151,6 @@
# ============================================================
# Verify mysql_variable fails when setting an incorrect value (out of range)
#
- shell: pip show pymysql | awk '/Version/ {print $2}'
register: pymysql_version

- name: set mysql variable value to a number out of range
mysql_variables:
<<: *mysql_params
Expand All @@ -163,10 +160,10 @@
ignore_errors: true

- include: assert_var.yml changed=true output={{ oor_result }} var_name=max_connect_errors var_value=1
when: pymysql_version.stdout == ""
when: connector.name.0 is not search('pymysql')

- include: assert_fail_msg.yml output={{ oor_result }} msg='Truncated incorrect'
when: pymysql_version.stdout != ""
when: connector.name.0 is search('pymysql')

# ============================================================
# Verify mysql_variable fails when setting an incorrect value (incorrect type)
Expand Down
8 changes: 8 additions & 0 deletions tests/sanity/ignore-2.13.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch
plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements
plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch
plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements
plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements
plugins/modules/mysql_user.py validate-modules:undocumented-parameter
plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch

0 comments on commit 55a8ecd

Please sign in to comment.