---
- name: Wrapper playbook for kitchen testing "ansible-mysql-hardening"
  hosts: all
  become: true
  environment:
    http_proxy: "{{ lookup('env', 'http_proxy') | default(omit)  }}"
    https_proxy: "{{ lookup('env', 'https_proxy') | default(omit) }}"
    no_proxy: "{{ lookup('env', 'no_proxy') | default(omit) }}"
  tasks:
    - name: Determine required MySQL Python libraries (Ubuntu Focal Fossa ++)
      ansible.builtin.set_fact:
        mysql_python_package_debian: python3-pymysql
      when:
        - mysql_python_package_debian is not defined
        - ansible_distribution == "Ubuntu"
        - ansible_distribution_major_version|int > 19

    - name: Determine required MySQL Python libraries.
      ansible.builtin.set_fact:
        mysql_python_package_debian: "{% if 'python3' in ansible_python_interpreter | default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"
      when:
        - mysql_python_package_debian is not defined
        - ansible_distribution != "Ubuntu"
        - ansible_distribution_major_version|int < 20

    - name: Use Python 3 on Suse
      ansible.builtin.set_fact:
        ansible_python_interpreter: /usr/bin/python3
      when:
        - ansible_os_family == 'Suse'

    - name: Include mysql_hardening role
      ansible.builtin.include_role:
        name: devsec.hardening.mysql_hardening
  vars:
    overwrite_global_mycnf: false
    mysql_root_password: iloverandompasswordsbutthiswilldo
    mysql_user_password: iloverandompasswordsbutthiswilldo
    mysql_config_file: /etc/mysql/mariadb.cnf
    mysql_root_password_update: true