Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix privilege changing everytime #438

Merged
merged 11 commits into from
Sep 8, 2022
Merged

Fix privilege changing everytime #438

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
5fb85e9
Compare privileges from before and after manipulation
rsicart Sep 5, 2022
eaf5cbf
Add unit tests
rsicart Sep 5, 2022
bd30bf1
Fix FIXME integration tests related to this issue
rsicart Sep 5, 2022
8e5dc90
Fix sanity check
rsicart Sep 6, 2022
adeeb12
Fix assertion when appending privs in mysql_role_initial integration …
rsicart Sep 7, 2022
4ad3cbf
Fix pylint
rsicart Sep 7, 2022
302f685
[ci-skip] Add changelog fragment
rsicart Sep 8, 2022
e2b7d0e
Fix: missing fragment file extension
rsicart Sep 8, 2022
b195e71
Replace privileges_equal() by a comparison
rsicart Sep 8, 2022
7d5a064
Fix: sanity pylint
rsicart Sep 8, 2022
1005108
Fix: forgot to remove privileges_equal import from unit tests
rsicart Sep 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 18 additions & 1 deletion plugins/module_utils/user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -385,7 +385,12 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
privileges_revoke(cursor, user, host, db_table, revoke_privs, grant_option, maria_role)
if len(grant_privs) > 0:
privileges_grant(cursor, user, host, db_table, grant_privs, tls_requires, maria_role)
changed = True

# after privilege manipulation, compare privileges from before and now
changed = changed or not privileges_equal(
curr_priv,
privileges_get(cursor, user, host, maria_role)
)

if role:
continue
Expand Down Expand Up @@ -880,3 +885,15 @@ def get_impl(cursor):
else:
from ansible_collections.community.mysql.plugins.module_utils.implementations.mysql import user as mysqluser
impl = mysqluser


def privileges_equal(before_privs, after_privs):
"""Compare 2 priv dicts

Args:
before_privs (dict): contains privileges, built with privileges_get()
after_privs (dict): contains privileges, built with privileges_get()

Returns: True, if equal, False otherwise.
"""
return before_privs == after_privs
10 changes: 2 additions & 8 deletions tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1491,16 +1491,10 @@
priv: '{{ test_db1 }}.{{ test_table }}:SELECT,INSERT/{{ test_db2 }}.{{ test_table }}:DELETE'
append_privs: yes

# TODO it must be changed. The module uses user_mod function
# taken from mysql_user module. It's a bug / expected behavior
# because I added a similar tasks to mysql_user tests
# https://github.com/ansible-collections/community.mysql/issues/50#issuecomment-871216825
# and it's also failed. Create an issue after the module is merged to avoid conflicts.
# TODO Fix this after user_mod is fixed.
- name: Check
- name: Check that there's no change
assert:
that:
- result is changed
- result is not changed

- name: Rewrite privs
<<: *task_params
Expand Down
4 changes: 0 additions & 4 deletions tests/integration/targets/test_mysql_user/tasks/test_privs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,8 +179,6 @@
assert:
that:
- result is not changed
when: (install_type == 'mysql' and mysql_version is version('8', '<')) or
(install_type == 'mariadb' and mariadb_version is version('10.5', '<'))

- name: remove username
mysql_user:
Expand Down Expand Up @@ -229,8 +227,6 @@
assert:
that:
- result is not changed
when: (install_type == 'mysql' and mysql_version is version('8', '<')) or
(install_type == 'mariadb')

- name: Collect user info by host
community.mysql.mysql_info:
Expand Down
33 changes: 32 additions & 1 deletion tests/unit/plugins/module_utils/test_mysql_user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,8 @@
handle_grant_on_col,
has_grant_on_col,
normalize_col_grants,
sort_column_order
sort_column_order,
privileges_equal
)
from ..utils import dummy_cursor_class

Expand Down Expand Up @@ -97,3 +98,33 @@ def test_handle_grant_on_col(privileges, start, end, output):
def test_normalize_col_grants(input_, expected):
"""Tests normalize_col_grants function."""
assert normalize_col_grants(input_) == expected


@pytest.mark.parametrize(
'before_privileges,after_privileges,output',
[
(
{'*.*': ['INSERT', 'UPDATE', 'GRANT'], '`mysql`.*': ['SELECT']},
{'*.*': ['INSERT', 'UPDATE', 'GRANT'], '`mysql`.*': ['SELECT']},
True
),
(
{'`mysql`.*': ['SELECT'], '`sys`.*': ['SELECT']},
{'`mysql`.*': ['SELECT'], '`sys`.*': ['SELECT']},
True
),
(
{'`sys`.*': ['SELECT'], '`mysql`.*': ['SELECT']},
{'`mysql`.*': ['SELECT'], '`sys`.*': ['SELECT']},
True
),
(
{'`mysql`.*': ['UPDATE'], '`sys`.*': ['SELECT']},
{'`mysql`.*': ['SELECT'], '`sys`.*': ['SELECT']},
False
),
]
)
def test_privileges_equal(before_privileges, after_privileges, output):
"""Tests privileges_equal function."""
assert privileges_equal(before_privileges, after_privileges) == output