ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

mysql_user: fix overriding user passowrd to the same (#609)

Browse source 
* mysql_user: fix overriding user passowrd to the same

* add changelog
This commit is contained in:
Andrew Klychkov 2020-07-06 15:16:48 +03:00 committed by GitHub
parent 74ba307777
commit 5e23f01a76
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/609-mysql_user_fix_overriding_password_to_the_same.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- mysql_user - fix overriding password to the same (https://github.com/ansible-collections/community.general/issues/543).

11
plugins/modules/database/mysql/mysql_user.py
View file

@ -367,10 +367,19 @@ def user_add(cursor, user, host, host_all, password, encrypted,
if check_mode: if check_mode:
return True return True
# Determine what user management method server uses
old_user_mgmt = use_old_user_mgmt(cursor)
if password and encrypted: if password and encrypted:
cursor.execute("CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password)) cursor.execute("CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password))
elif password and not encrypted: elif password and not encrypted:
cursor.execute("CREATE USER %s@%s IDENTIFIED BY %s", (user, host, password)) if old_user_mgmt:
cursor.execute("CREATE USER %s@%s IDENTIFIED BY %s", (user, host, password))
else:
cursor.execute("SELECT CONCAT('*', UCASE(SHA1(UNHEX(SHA1(%s)))))", (password,))
encrypted_password = cursor.fetchone()[0]
cursor.execute("CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, encrypted_password))
elif plugin and plugin_hash_string: elif plugin and plugin_hash_string:
cursor.execute("CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)) cursor.execute("CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string))
elif plugin and plugin_auth_string: elif plugin and plugin_auth_string:

23
tests/integration/targets/mysql_user/tasks/user_password_update_test.yml
View file

@ -46,18 +46,17 @@
register: user_password_old register: user_password_old
when: user_password_old_create is failed when: user_password_old_create is failed
# FIXME: not sure why this is failing, but it looks like it should expect changed=true - name: update user2 state=present with same password (expect changed=false)
#- name: update user2 state=present with same password (expect changed=false) mysql_user:
# mysql_user: name: '{{ user_name_2 }}'
# name: '{{ user_name_2 }}' password: '{{ user_password_2 }}'
# password: '{{ user_password_2 }}' priv: '*.*:ALL'
# priv: '*.*:ALL' state: present
# state: present login_unix_socket: '{{ mysql_socket }}'
# login_unix_socket: '{{ mysql_socket }}' register: result
# register: result
# - name: assert output user2 was not updated
#- name: assert output user2 was not updated assert: { that: "result.changed == false" }
# assert: { that: "result.changed == false" }
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES' - include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'