mysql_user: fix overriding user passowrd to the same (#609)

* mysql_user: fix overriding user passowrd to the same * add changelog
2024-09-14 20:13:21 +02:00 · 2020-07-06 15:16:48 +03:00 · 2020-07-06 15:16:48 +03:00 · 5e23f01a76
commit 5e23f01a76
parent 74ba307777
3 changed files with 23 additions and 13 deletions
--- a/changelogs/fragments/609-mysql_user_fix_overriding_password_to_the_same.yml
+++ b/changelogs/fragments/609-mysql_user_fix_overriding_password_to_the_same.yml
@ -0,0 +1,2 @@
+bugfixes:
+- mysql_user - fix overriding password to the same (https://github.com/ansible-collections/community.general/issues/543).
--- a/plugins/modules/database/mysql/mysql_user.py
+++ b/plugins/modules/database/mysql/mysql_user.py
@ -367,10 +367,19 @@ def user_add(cursor, user, host, host_all, password, encrypted,
    if check_mode:
        return True

+    # Determine what user management method server uses
+    old_user_mgmt = use_old_user_mgmt(cursor)
+
    if password and encrypted:
        cursor.execute("CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password))
    elif password and not encrypted:
-        cursor.execute("CREATE USER %s@%s IDENTIFIED BY %s", (user, host, password))
+        if old_user_mgmt:
+            cursor.execute("CREATE USER %s@%s IDENTIFIED BY %s", (user, host, password))
+        else:
+            cursor.execute("SELECT CONCAT('*', UCASE(SHA1(UNHEX(SHA1(%s)))))", (password,))
+            encrypted_password = cursor.fetchone()[0]
+            cursor.execute("CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, encrypted_password))
+
    elif plugin and plugin_hash_string:
        cursor.execute("CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string))
    elif plugin and plugin_auth_string:
--- a/tests/integration/targets/mysql_user/tasks/user_password_update_test.yml
+++ b/tests/integration/targets/mysql_user/tasks/user_password_update_test.yml
@ -46,18 +46,17 @@
  register: user_password_old  
  when: user_password_old_create is failed

-# FIXME: not sure why this is failing, but it looks like it should expect changed=true
-#- name: update user2 state=present with same password (expect changed=false)
-#  mysql_user:
-#    name: '{{ user_name_2 }}'
-#    password: '{{ user_password_2 }}'
-#    priv: '*.*:ALL'
-#    state: present
-#    login_unix_socket: '{{ mysql_socket }}'
-#  register: result
-#
-#- name: assert output user2 was not updated 
-#  assert: { that: "result.changed == false" }
+- name: update user2 state=present with same password (expect changed=false)
+  mysql_user:
+    name: '{{ user_name_2 }}'
+    password: '{{ user_password_2 }}'
+    priv: '*.*:ALL'
+    state: present
+    login_unix_socket: '{{ mysql_socket }}'
+  register: result
+
+- name: assert output user2 was not updated 
+  assert: { that: "result.changed == false" }

 - include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'