---
- name: Get MySQL version.
  command: 'mysql --version'
  register: mysql_cli_version
  changed_when: false

- name: Ensure default user is present.
  mysql_user:
    name: "{{ mysql_user_name }}"
    host: 'localhost'
    password: "{{ mysql_user_password }}"
    priv: '*.*:ALL,GRANT'
    state: present
  when: mysql_user_name != mysql_root_username

# Has to be after the password assignment, for idempotency.
- name: Copy user-my.cnf file with password credentials.
  template:
    src: "user-my.cnf.j2"
    dest: "{{ mysql_user_home }}/.my.cnf"
    owner: "{{ mysql_user_name }}"
    mode: 0600
  when: mysql_user_name != mysql_root_username and (mysql_install_packages | bool or mysql_user_password_update)

- name: Disallow root login remotely
  command: 'mysql -NBe "{{ item }}"'
  with_items:
    - DELETE FROM mysql.user WHERE User='{{ mysql_root_username }}' AND Host NOT IN ('localhost', '127.0.0.1', '::1')
  changed_when: false

- name: Get list of hosts for the root user.
  command: mysql -NBe "SELECT Host FROM mysql.user WHERE User = '{{ mysql_root_username }}' ORDER BY (Host='localhost') ASC"
  register: mysql_root_hosts
  changed_when: false
  check_mode: no
  when: mysql_install_packages | bool or mysql_root_password_update

# Note: We do not use mysql_user for this operation, as it doesn't always update
# the root password correctly. See: https://goo.gl/MSOejW
# Set root password for MySQL >= 5.7.x.
- name: Update MySQL root password for localhost root account (5.7.x).
  shell: >
    mysql -u root -NBe
    'ALTER USER "{{ mysql_root_username }}"@"{{ item }}" IDENTIFIED WITH mysql_native_password BY "{{ mysql_root_password }}";'
  with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}"
  when: ((mysql_install_packages | bool) or mysql_root_password_update) and ('5.7.' in mysql_cli_version.stdout)

# Set root password for MySQL < 5.7.x.
- name: Update MySQL root password for localhost root account (< 5.7.x).
  shell: >
    mysql -NBe
    'SET PASSWORD FOR "{{ mysql_root_username }}"@"{{ item }}" = PASSWORD("{{ mysql_root_password }}");'
  with_items: "{{ mysql_root_hosts.stdout_lines|default([]) }}"
  when: ((mysql_install_packages | bool) or mysql_root_password_update) and ('5.7.' not in mysql_cli_version.stdout)

# Has to be after the root password assignment, for idempotency.
- name: Copy .my.cnf file with root password credentials.
  template:
    src: "root-my.cnf.j2"
    dest: "{{ mysql_root_home }}/.my.cnf"
    owner: root
    group: root
    mode: 0600
  when: mysql_install_packages | bool or mysql_root_password_update

- name: Get list of hosts for the anonymous user.
  command: mysql -NBe 'SELECT Host FROM mysql.user WHERE User = ""'
  register: mysql_anonymous_hosts
  changed_when: false
  check_mode: no

- name: Remove anonymous MySQL users.
  mysql_user:
     name: ""
     host: "{{ item }}"
     state: absent
  with_items: "{{ mysql_anonymous_hosts.stdout_lines|default([]) }}"

- name: Remove MySQL test database.
  mysql_db: "name='test' state=absent"