mysql_user: priv parameter can also be a dictionary (#66801)

* mysql_user: add priv_dict parameter * add changelog * priv can be string or dictionary * fix example
4 years ago · 54520c4685
parent 813091cf94
commit 54520c4685
5 changed files with 84 additions and 2 deletions
--- a/changelogs/fragments/66801-mysql_user_priv_can_be_dict.yml
+++ b/changelogs/fragments/66801-mysql_user_priv_can_be_dict.yml
@ -0,0 +1,2 @@
+minor_changes:
+- mysql_user - ``priv`` parameter can be string or dictionary (https://github.com/ansible/ansible/issues/57533).
--- a/lib/ansible/modules/database/mysql/mysql_user.py
+++ b/lib/ansible/modules/database/mysql/mysql_user.py
@ -60,7 +60,8 @@ options:
        exactly as returned by a C(SHOW GRANT) statement. If not followed,
        the module will always report changes. It includes grouping columns
        by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))).
-    type: str
+      - Can be passed as a dictionary (see the examples).
+    type: raw
  append_privs:
    description:
      - Append the privileges defined by priv to the existing ones for this
@ -167,6 +168,15 @@ EXAMPLES = r'''
    priv: '*.*:ALL,GRANT'
    state: present

+- name: Create user with password, all database privileges and 'WITH GRANT OPTION' in db1 and db2
+  mysql_user:
+    state: present
+    name: bob
+    password: 12345dd
+    priv:
+      'db1.*': 'ALL,GRANT'
+      'db2.*': 'ALL,GRANT'
+
 # Note that REQUIRESSL is a special privilege that should only apply to *.* by itself.
 - name: Modify user to require SSL connections.
  mysql_user:
@ -651,6 +661,20 @@ def privileges_grant(cursor, user, host, db_table, priv):
    query = ' '.join(query)
    cursor.execute(query, (user, host))

+
+def convert_priv_dict_to_str(priv):
+    """Converts privs dictionary to string of certain format.
+
+    Args:
+        priv (dict): Dict of privileges that needs to be converted to string.
+
+    Returns:
+        priv (str): String representation of input argument.
+    """
+    priv_list = ['%s:%s' % (key, val) for key, val in iteritems(priv)]
+
+    return '/'.join(priv_list)
+
 # ===========================================
 # Module execution.
 #
@ -670,7 +694,7 @@ def main():
            host=dict(type='str', default='localhost'),
            host_all=dict(type="bool", default=False),
            state=dict(type='str', default='present', choices=['absent', 'present']),
-            priv=dict(type='str'),
+            priv=dict(type='raw'),
            append_privs=dict(type='bool', default=False),
            check_implicit_admin=dict(type='bool', default=False),
            update_password=dict(type='str', default='always', choices=['always', 'on_create']),
@ -708,6 +732,11 @@ def main():
    plugin = module.params["plugin"]
    plugin_hash_string = module.params["plugin_hash_string"]
    plugin_auth_string = module.params["plugin_auth_string"]
+    if priv and not (isinstance(priv, str) or isinstance(priv, dict)):
+        module.fail_json(msg="priv parameter must be str or dict but %s was passed" % type(priv))
+
+    if priv and isinstance(priv, dict):
+        priv = convert_priv_dict_to_str(priv)

    if mysql_driver is None:
        module.fail_json(msg=mysql_driver_fail_msg)
--- a/test/integration/targets/mysql_user/defaults/main.yml
+++ b/test/integration/targets/mysql_user/defaults/main.yml
@ -3,9 +3,11 @@
 db_name: 'data'
 user_name_1: 'db_user1'
 user_name_2: 'db_user2'
+user_name_3: 'db_user3'

 user_password_1: 'gadfFDSdtTU^Sdfuj'
 user_password_2: 'jkFKUdfhdso78yi&td'
+user_password_3: 'jkFKUdfhdso78yi&tk'

 root_password: 'zevuR6oPh7'

--- a/test/integration/targets/mysql_user/tasks/main.yml
+++ b/test/integration/targets/mysql_user/tasks/main.yml
@ -208,6 +208,9 @@
 #
 - include: test_privs.yml current_privilege='INSERT,DELETE' current_append_privs=yes

+# Tests for the priv parameter with dict value (https://github.com/ansible/ansible/issues/57533)
+- include: test_priv_dict.yml
+
 - import_tasks: issue-29511.yaml
  tags:
    - issue-29511
--- a/test/integration/targets/mysql_user/tasks/test_priv_dict.yml
+++ b/test/integration/targets/mysql_user/tasks/test_priv_dict.yml
@ -0,0 +1,46 @@
+# Tests for priv parameter value passed as a dict
+- name: Create test databases
+  mysql_db:
+    name: '{{ item }}'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  loop:
+  - data1
+  - data2
+
+- name: Create user with privileges
+  mysql_user:
+    name: '{{ user_name_3 }}'
+    password: '{{ user_password_3 }}'
+    priv:
+      "data1.*": "SELECT"
+      "data2.*": "SELECT"
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+
+- name: Run command to show privileges for user (expect privileges in stdout)
+  command: mysql "-e SHOW GRANTS FOR '{{ user_name_3 }}'@'localhost';"
+  register: result
+
+- name: Assert user has giving privileges
+  assert:
+    that:
+    - "'GRANT SELECT ON `data1`.*' in result.stdout"
+    - "'GRANT SELECT ON `data2`.*' in result.stdout"
+
+##########
+# Clean up
+- name: Drop test databases
+  mysql_db:
+    name: '{{ item }}'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  loop:
+  - data1
+  - data2
+
+- name: Drop test user
+  mysql_user:
+    name: '{{ user_name_3 }}'
+    state: absent
+    login_unix_socket: '{{ mysql_socket }}'