From 5dd5d4ae934e11159b3f101400fbc0a303ff091d Mon Sep 17 00:00:00 2001 From: Rashid Abo Saada Date: Wed, 14 Jan 2026 14:29:29 +0100 Subject: [PATCH 1/3] mysql_role: add sql_log_bin support (#742) --- .../fragments/742-mysql_role-sql_log_bin.yml | 2 + plugins/modules/mysql_role.py | 19 ++++ .../targets/test_mysql_role/tasks/main.yml | 6 ++ .../tasks/test_sql_log_bin.yml | 102 ++++++++++++++++++ 4 files changed, 129 insertions(+) create mode 100644 changelogs/fragments/742-mysql_role-sql_log_bin.yml create mode 100644 tests/integration/targets/test_mysql_role/tasks/test_sql_log_bin.yml diff --git a/changelogs/fragments/742-mysql_role-sql_log_bin.yml b/changelogs/fragments/742-mysql_role-sql_log_bin.yml new file mode 100644 index 0000000..2fd7f41 --- /dev/null +++ b/changelogs/fragments/742-mysql_role-sql_log_bin.yml @@ -0,0 +1,2 @@ +minor_changes: + - mysql_role - add ``sql_log_bin`` option to disable binary logging for the connection (https://github.com/ansible-collections/community.mysql/issues/742). diff --git a/plugins/modules/mysql_role.py b/plugins/modules/mysql_role.py index eb474dc..51e8271 100644 --- a/plugins/modules/mysql_role.py +++ b/plugins/modules/mysql_role.py @@ -133,6 +133,13 @@ options: default: true version_added: '3.8.0' + sql_log_bin: + description: + - Whether binary logging should be enabled or disabled for the connection. + type: bool + default: true + version_added: '4.0.0' + notes: - Roles are supported since MySQL 8.0.0 and MariaDB 10.0.5. - Pay attention that the module runs C(SET DEFAULT ROLE ALL TO) @@ -299,6 +306,13 @@ EXAMPLES = r''' members: - 'existing_user@localhost' - 'not_existing_user@localhost' + +- name: Create role without binary logging + community.mysql.mysql_role: + name: readers + state: present + priv: 'fiction.*:SELECT' + sql_log_bin: false ''' RETURN = '''#''' @@ -975,6 +989,7 @@ def main(): set_default_role_all=dict(type='bool', default=True), members_must_exist=dict(type='bool', default=True), column_case_sensitive=dict(type='bool', default=True), + sql_log_bin=dict(type='bool', default=True), ) module = AnsibleModule( argument_spec=argument_spec, @@ -1010,6 +1025,7 @@ def main(): set_default_role_all = module.params['set_default_role_all'] members_must_exist = module.params['members_must_exist'] column_case_sensitive = module.params['column_case_sensitive'] + sql_log_bin = module.params['sql_log_bin'] if priv and not isinstance(priv, (str, dict)): msg = ('The "priv" parameter must be str or dict ' @@ -1047,6 +1063,9 @@ def main(): 'are correct or %s has the credentials. ' 'Exception message: %s' % (config_file, to_native(e))) + if not sql_log_bin: + cursor.execute("SET SQL_LOG_BIN=0;") + # Set defaults changed = False diff --git a/tests/integration/targets/test_mysql_role/tasks/main.yml b/tests/integration/targets/test_mysql_role/tasks/main.yml index 44e3308..b4af238 100644 --- a/tests/integration/targets/test_mysql_role/tasks/main.yml +++ b/tests/integration/targets/test_mysql_role/tasks/main.yml @@ -22,3 +22,9 @@ - name: Test column case sensitive ansible.builtin.import_tasks: file: test_column_case_sensitive.yml + +# Test sql_log_bin parameter +# (https://github.com/ansible-collections/community.mysql/issues/742) +- include_tasks: test_sql_log_bin.yml + when: + - db_engine == 'mysql' diff --git a/tests/integration/targets/test_mysql_role/tasks/test_sql_log_bin.yml b/tests/integration/targets/test_mysql_role/tasks/test_sql_log_bin.yml new file mode 100644 index 0000000..88bb822 --- /dev/null +++ b/tests/integration/targets/test_mysql_role/tasks/test_sql_log_bin.yml @@ -0,0 +1,102 @@ +--- +# Test sql_log_bin parameter for mysql_role module +# https://github.com/ansible-collections/community.mysql/issues/742 + +- name: Sql_log_bin | Set show_master_status variable + set_fact: + show_master_status: >- + {% if db_engine == 'mysql' and db_version is version('8.4', '>=') %} + SHOW BINARY LOG STATUS + {% else %} + SHOW MASTER STATUS + {% endif %} + +# ============================================================ +# Test sql_log_bin: true (default behavior - binlog events should be written) +# ============================================================ +- name: Sql_log_bin | Capture binlog position before creating role with sql_log_bin enabled + command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + register: bin_log_position_1 + +- name: Sql_log_bin | Create role with sql_log_bin enabled + mysql_role: + login_user: '{{ mysql_user }}' + login_password: '{{ mysql_password }}' + login_host: '{{ mysql_host }}' + login_port: '{{ mysql_primary_port }}' + name: 'test_role_bin_on' + sql_log_bin: true + state: present + +- name: Sql_log_bin | Capture binlog position after creating role with sql_log_bin enabled + command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + register: bin_log_position_2 + +- name: Sql_log_bin | Assert binlog events were written when sql_log_bin is true + assert: + that: + - bin_log_position_1.stdout_lines[2] != bin_log_position_2.stdout_lines[2] + +- name: Sql_log_bin | Remove role with sql_log_bin enabled + mysql_role: + login_user: '{{ mysql_user }}' + login_password: '{{ mysql_password }}' + login_host: '{{ mysql_host }}' + login_port: '{{ mysql_primary_port }}' + name: 'test_role_bin_on' + sql_log_bin: true + state: absent + +- name: Sql_log_bin | Capture binlog position after removing role with sql_log_bin enabled + command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + register: bin_log_position_3 + +- name: Sql_log_bin | Assert binlog events were written when removing role with sql_log_bin true + assert: + that: + - bin_log_position_2.stdout_lines[2] != bin_log_position_3.stdout_lines[2] + +# ============================================================ +# Test sql_log_bin: false (binlog events should NOT be written) +# ============================================================ +- name: Sql_log_bin | Capture binlog position before creating role with sql_log_bin disabled + command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + register: bin_log_position_4 + +- name: Sql_log_bin | Create role with sql_log_bin disabled + mysql_role: + login_user: '{{ mysql_user }}' + login_password: '{{ mysql_password }}' + login_host: '{{ mysql_host }}' + login_port: '{{ mysql_primary_port }}' + name: 'test_role_bin_off' + sql_log_bin: false + state: present + +- name: Sql_log_bin | Capture binlog position after creating role with sql_log_bin disabled + command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + register: bin_log_position_5 + +- name: Sql_log_bin | Assert binlog events were not written when sql_log_bin is false + assert: + that: + - bin_log_position_4.stdout_lines[2] == bin_log_position_5.stdout_lines[2] + +- name: Sql_log_bin | Remove role with sql_log_bin disabled + mysql_role: + login_user: '{{ mysql_user }}' + login_password: '{{ mysql_password }}' + login_host: '{{ mysql_host }}' + login_port: '{{ mysql_primary_port }}' + name: 'test_role_bin_off' + sql_log_bin: false + state: absent + +- name: Sql_log_bin | Capture binlog position after removing role with sql_log_bin disabled + command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + register: bin_log_position_6 + +- name: Sql_log_bin | Assert binlog events were not written when removing role with sql_log_bin false + assert: + that: + - bin_log_position_5.stdout_lines[2] == bin_log_position_6.stdout_lines[2] From bd9929db43c3fc1b9d5cad6cbfdedddb920d96f3 Mon Sep 17 00:00:00 2001 From: Rashid Abo Saada Date: Thu, 29 Jan 2026 12:28:31 +0100 Subject: [PATCH 2/3] Update plugins/modules/mysql_role.py Co-authored-by: Andrew Klychkov --- plugins/modules/mysql_role.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/mysql_role.py b/plugins/modules/mysql_role.py index 51e8271..b7880e3 100644 --- a/plugins/modules/mysql_role.py +++ b/plugins/modules/mysql_role.py @@ -138,7 +138,7 @@ options: - Whether binary logging should be enabled or disabled for the connection. type: bool default: true - version_added: '4.0.0' + version_added: '4.1.0' notes: - Roles are supported since MySQL 8.0.0 and MariaDB 10.0.5. From a6ba306a4aea6d7f46ecae2a7a67cb477aff949e Mon Sep 17 00:00:00 2001 From: Rashid Abo Saada Date: Fri, 30 Jan 2026 00:54:30 +0100 Subject: [PATCH 3/3] Address PR review comments: use FQCN and failed_when - Changed all task modules to use fully qualified collection names: - set_fact -> ansible.builtin.set_fact - command -> ansible.builtin.command - mysql_role -> community.mysql.mysql_role - include_tasks -> ansible.builtin.include_tasks - Replaced separate assert tasks with failed_when on capture tasks for more readable test output --- .../targets/test_mysql_role/tasks/main.yml | 3 +- .../tasks/test_sql_log_bin.yml | 46 ++++++------------- 2 files changed, 17 insertions(+), 32 deletions(-) diff --git a/tests/integration/targets/test_mysql_role/tasks/main.yml b/tests/integration/targets/test_mysql_role/tasks/main.yml index b4af238..cb43963 100644 --- a/tests/integration/targets/test_mysql_role/tasks/main.yml +++ b/tests/integration/targets/test_mysql_role/tasks/main.yml @@ -25,6 +25,7 @@ # Test sql_log_bin parameter # (https://github.com/ansible-collections/community.mysql/issues/742) -- include_tasks: test_sql_log_bin.yml +- name: Test sql_log_bin parameter + ansible.builtin.include_tasks: test_sql_log_bin.yml when: - db_engine == 'mysql' diff --git a/tests/integration/targets/test_mysql_role/tasks/test_sql_log_bin.yml b/tests/integration/targets/test_mysql_role/tasks/test_sql_log_bin.yml index 88bb822..7b8fe22 100644 --- a/tests/integration/targets/test_mysql_role/tasks/test_sql_log_bin.yml +++ b/tests/integration/targets/test_mysql_role/tasks/test_sql_log_bin.yml @@ -3,7 +3,7 @@ # https://github.com/ansible-collections/community.mysql/issues/742 - name: Sql_log_bin | Set show_master_status variable - set_fact: + ansible.builtin.set_fact: show_master_status: >- {% if db_engine == 'mysql' and db_version is version('8.4', '>=') %} SHOW BINARY LOG STATUS @@ -15,11 +15,11 @@ # Test sql_log_bin: true (default behavior - binlog events should be written) # ============================================================ - name: Sql_log_bin | Capture binlog position before creating role with sql_log_bin enabled - command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + ansible.builtin.command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" register: bin_log_position_1 - name: Sql_log_bin | Create role with sql_log_bin enabled - mysql_role: + community.mysql.mysql_role: login_user: '{{ mysql_user }}' login_password: '{{ mysql_password }}' login_host: '{{ mysql_host }}' @@ -29,16 +29,12 @@ state: present - name: Sql_log_bin | Capture binlog position after creating role with sql_log_bin enabled - command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + ansible.builtin.command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" register: bin_log_position_2 - -- name: Sql_log_bin | Assert binlog events were written when sql_log_bin is true - assert: - that: - - bin_log_position_1.stdout_lines[2] != bin_log_position_2.stdout_lines[2] + failed_when: bin_log_position_1.stdout_lines[2] == bin_log_position_2.stdout_lines[2] - name: Sql_log_bin | Remove role with sql_log_bin enabled - mysql_role: + community.mysql.mysql_role: login_user: '{{ mysql_user }}' login_password: '{{ mysql_password }}' login_host: '{{ mysql_host }}' @@ -48,23 +44,19 @@ state: absent - name: Sql_log_bin | Capture binlog position after removing role with sql_log_bin enabled - command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + ansible.builtin.command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" register: bin_log_position_3 - -- name: Sql_log_bin | Assert binlog events were written when removing role with sql_log_bin true - assert: - that: - - bin_log_position_2.stdout_lines[2] != bin_log_position_3.stdout_lines[2] + failed_when: bin_log_position_2.stdout_lines[2] == bin_log_position_3.stdout_lines[2] # ============================================================ # Test sql_log_bin: false (binlog events should NOT be written) # ============================================================ - name: Sql_log_bin | Capture binlog position before creating role with sql_log_bin disabled - command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + ansible.builtin.command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" register: bin_log_position_4 - name: Sql_log_bin | Create role with sql_log_bin disabled - mysql_role: + community.mysql.mysql_role: login_user: '{{ mysql_user }}' login_password: '{{ mysql_password }}' login_host: '{{ mysql_host }}' @@ -74,16 +66,12 @@ state: present - name: Sql_log_bin | Capture binlog position after creating role with sql_log_bin disabled - command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + ansible.builtin.command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" register: bin_log_position_5 - -- name: Sql_log_bin | Assert binlog events were not written when sql_log_bin is false - assert: - that: - - bin_log_position_4.stdout_lines[2] == bin_log_position_5.stdout_lines[2] + failed_when: bin_log_position_4.stdout_lines[2] != bin_log_position_5.stdout_lines[2] - name: Sql_log_bin | Remove role with sql_log_bin disabled - mysql_role: + community.mysql.mysql_role: login_user: '{{ mysql_user }}' login_password: '{{ mysql_password }}' login_host: '{{ mysql_host }}' @@ -93,10 +81,6 @@ state: absent - name: Sql_log_bin | Capture binlog position after removing role with sql_log_bin disabled - command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" + ansible.builtin.command: "{{ mysql_command }} -e \"{{ show_master_status }}\\G\"" register: bin_log_position_6 - -- name: Sql_log_bin | Assert binlog events were not written when removing role with sql_log_bin false - assert: - that: - - bin_log_position_5.stdout_lines[2] == bin_log_position_6.stdout_lines[2] + failed_when: bin_log_position_5.stdout_lines[2] != bin_log_position_6.stdout_lines[2]