diff --git a/changelogs/fragments/367-mysql_role-fix-deatch-members.yml b/changelogs/fragments/367-mysql_role-fix-deatch-members.yml new file mode 100644 index 00000000..5a4d4148 --- /dev/null +++ b/changelogs/fragments/367-mysql_role-fix-deatch-members.yml @@ -0,0 +1,2 @@ +bugfixes: + - "mysql_role - don't add members to a role when creating the role and ``detach_members: true`` is set (https://github.com/ansible-collections/community.mysql/pull/367)." diff --git a/plugins/modules/mysql_role.py b/plugins/modules/mysql_role.py index d0365418..64b38f9d 100644 --- a/plugins/modules/mysql_role.py +++ b/plugins/modules/mysql_role.py @@ -128,6 +128,7 @@ author: - Andrew Klychkov (@Andersson007) + - Felix Hamme (@betanummeric) extends_documentation_fragment: - community.mysql.mysql @@ -1067,6 +1068,8 @@ def main(): if not role.exists: if subtract_privs: priv = None # avoid granting unwanted privileges + if detach_members: + members = None # avoid adding unwanted members changed = role.add(members, priv, module.check_mode, admin, set_default_role_all) diff --git a/tests/integration/targets/test_mysql_role/defaults/main.yml b/tests/integration/targets/test_mysql_role/defaults/main.yml index 53544bf8..544f0983 100644 --- a/tests/integration/targets/test_mysql_role/defaults/main.yml +++ b/tests/integration/targets/test_mysql_role/defaults/main.yml @@ -15,3 +15,4 @@ nonexistent: user3 role0: role0 role1: role1 role2: role2 +role3: role3 \ No newline at end of file diff --git a/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml b/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml index a2167c67..95616df8 100644 --- a/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml +++ b/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml @@ -1248,6 +1248,32 @@ that: - result is not changed + - name: '"detach" users when creating a new role' + <<: *task_params + mysql_role: + <<: *mysql_params + name: '{{ role3 }}' + state: present + detach_members: yes + members: + - '{{ user1 }}@localhost' + + - name: Check the role was created + assert: + that: + - result is changed + + - name: Check grants + <<: *task_params + mysql_query: + <<: *mysql_params + query: "SHOW GRANTS FOR {{ user1 }}@localhost" + + - name: asssert detach_members did not add a user to the role + assert: + that: + - "'{{ role3 }}' not in result.query_result.0.0['Grants for {{ user1 }}@localhost']" + # ########## # Test privs # ########## @@ -1561,3 +1587,4 @@ loop: - '{{ role0 }}' - test + - '{{ role3 }}'