feat: remove unused users in init

2019-03-17 16:03:37 +01:00 · 2019-03-17 16:03:37 +01:00 · 40b6ef02b8
commit 40b6ef02b8
parent 9e65c1b8fb
4 changed files with 33 additions and 13 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,7 @@ Which is based on [Keep A Changelog](http://keepachangelog.com/)

 ## [Unreleased]
 - breaking: remove support for ansible 2.5
+- feat: remove unused users in init
 - feat: install database if datadir doesn't exist

 ## [v1.0.1] - 2019-03-16
--- a/tasks/initdb.yml
+++ b/tasks/initdb.yml
@ -35,3 +35,29 @@
  command: 'mysqladmin -u root password {{ mariadb_password }}'
  when: True
  tags: mariadb
+
+- name: remove anonymous users
+  mysql_user:
+    name: ''
+    host_all: yes
+    state: absent
+    login_user: '{{ mariadb_user }}'
+    login_password: '{{ mariadb_password }}'
+  no_log: true
+  tags: mariadb
+
+- name: remove root user without password
+  mysql_user:
+    name: root
+    host: '{{ item }}'
+    state: absent
+    login_user: '{{ mariadb_user }}'
+    login_password: '{{ mariadb_password }}'
+  loop:
+    - 127.0.0.1
+    - '::1'
+    - '{{ ansible_nodename }}'
+  no_log: true
+  tags: mariadb
+
+
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -37,18 +37,6 @@
    enabled: yes
  tags: mariadb

- name: remove anonymous users
-  mysql_user:
-    name: ''
-    host_all: yes
-    state: absent
-    login_user: '{{ mariadb_user }}'
-    login_password: '{{ mariadb_password }}'
-  run_once: true
-  no_log: true
-  when: mariadb_master
-  tags: mariadb
-
 - name: manage users
  mysql_user:
    name: '{{ item.name }}'
--- a/test/integration/default/serverspec/default_spec.rb
+++ b/test/integration/default/serverspec/default_spec.rb
@ -45,11 +45,16 @@ describe command('mysql -uroot -psecret -e "show databases"') do
  its(:stdout) { should contain 'test' }
 end

-describe command('mysql -uroot -psecret -e "select user, host from mysql.user"') do
+describe command('mysql -uroot -psecret -e "select user, host, password from mysql.user"') do
  its(:exit_status) { should eq 0 }
  its(:stdout) { should contain(/toto.*%/) }
 end

+describe command('mysql -uroot -psecret -e "select count(*) from mysql.user where user=\'root\'"') do
+  its(:exit_status) { should eq 0 }
+  its(:stdout) { should contain('1') }
+end
+
 describe command('mysql -uroot -psecret -e "show grants for toto@\'%\'"') do
  its(:exit_status) { should eq 0 }
  its(:stdout) do