---

- name: Python2 dependencies for Ansible are installed
  ansible.builtin.apt:
    name:
      - python-mysqldb
      - python-pymysql
    state: present
  tags:
    - mysql
  when: ansible_python_version is version('3', '<')

- name: Python3 dependencies for Ansible are installed
  ansible.builtin.apt:
    name:
      - python3-mysqldb
      - python3-pymysql
    state: present
  tags:
    - mysql
  when: ansible_python_version is version('3', '>=')

- name: create a password for mysqladmin
  ansible.builtin.command:
    cmd: "apg -n 1 -m 16 -M lcN"
  register: mysql_admin_password
  changed_when: False
  tags:
    - mysql

- name: there is a mysqladmin user
  community.mysql.mysql_user:
    name: mysqladmin
    password: '{{ mysql_admin_password.stdout }}'
    priv: "*.*:ALL,GRANT"
    update_password: on_create
    state: present
    config_file: "/etc/mysql/debian.cnf"
    check_implicit_admin: True
  register: create_mysqladmin_user
  tags:
    - mysql

- name: mysqladmin is the default user
  community.general.ini_file:
    dest: /root/.my.cnf
    mode: "0600"
    section: client
    option: '{{ item.option }}'
    value: '{{ item.value }}'
    create: yes
  loop:
    - { option: 'user', value: 'mysqladmin' }
    - { option: 'password', value: '{{ mysql_admin_password.stdout }}' }
  when: create_mysqladmin_user is changed
  tags:
    - mysql


- name: create a password for debian-sys-maint
  ansible.builtin.command:
    cmd: "apg -n 1 -m 16 -M lcN"
  register: mysql_debian_password
  changed_when: False
  tags:
    - mysql

- name: there is a debian-sys-maint user
  community.mysql.mysql_user:
    name: debian-sys-maint
    password: '{{ mysql_debian_password.stdout }}'
    priv: "*.*:ALL,GRANT"
    update_password: on_create
    state: present
    config_file: "/root/.my.cnf"
  register: create_debian_user
  tags:
    - mysql

- name: store debian-sys-maint user credentials
  community.general.ini_file:
    dest: /etc/mysql/debian.cnf
    mode: "0600"
    section: "{{ item[0] }}"
    option: '{{ item[1].option }}'
    value: '{{ item[1].value }}'
    create: yes
  loop: "{{ _sections | product(_credentials) | list }}"
  vars:
    _sections: [ 'client', 'mysql_upgrade' ]
    _credentials:
      - { option: 'user',     value: 'debian-sys-maint' }
      - { option: 'password', value: '{{ mysql_debian_password.stdout }}' }
  when: create_debian_user is changed
  tags:
    - mysql

- name: remove root user
  community.mysql.mysql_user:
    name: root
    host_all: yes
    config_file: "/root/.my.cnf"
    state: absent
  tags:
    - mysql