---
# 'localhost' needs to be the last item for idempotency, the mysql_user docs
- name: configure_root_access | Secure the mysql root user with a password
  community.mysql.mysql_user:
    name: root
    host: "{{ item }}"
    password: "{{ mysql_root_password }}"
    login_unix_socket: "{{ mysql_socket }}"
  no_log: true
  when: mysql_root_password is defined
  loop:
    - 127.0.0.1
    - ::1
    - '{{ ansible_hostname }}'
    - localhost
  # ignore_errors: true
  tags: ['mysql', 'mysql_root']

- name: configure_root_access | Secure the mysql root user when no password has been defined
  community.mysql.mysql_user:
    name: root
    host: "{{ item }}"
    password: ""
    login_unix_socket: "{{ mysql_socket }}"
  when: mysql_root_password is not defined
  loop:
    - 127.0.0.1
    - ::1
    - '{{ ansible_hostname }}'
    - localhost
  no_log: true
  # ignore_errors: true
  tags: ['mysql', 'mysql_root']

- name: configure_root_access | Install the .my.cnf file with root password credentials
  ansible.builtin.template:
    src: dot_my.cnf.j2
    dest: /root/.my.cnf
    owner: root
    group: root
    mode: "0400"
  when: mysql_root_password is defined
  tags: ['mysql', 'mysql_root']

- name: configure_root_access | Delete anonymous MySQL server user for the server hostname
  community.mysql.mysql_user:
    user: ""
    host: "{{ ansible_hostname }}"
    state: "absent"
    login_unix_socket: "{{ mysql_socket }}"
  tags: ['mysql', 'mysql_root']

- name: configure_root_access | Delete anonymous MySQL server user for localhost
  community.mysql.mysql_user:
    user: ""
    state: "absent"
    login_unix_socket: "{{ mysql_socket }}"
  tags: mysql

- name: configure_root_access | Remove the MySQL test database
  community.mysql.mysql_db:
    db: test
    state: absent
    login_unix_socket: "{{ mysql_socket }}"
  tags: mysql