1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

mysql_user: fix overriding user passowrd to the same (#609)

* mysql_user: fix overriding user passowrd to the same

* add changelog
This commit is contained in:
Andrew Klychkov 2020-07-06 15:16:48 +03:00 committed by GitHub
parent 74ba307777
commit 5e23f01a76
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 13 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- mysql_user - fix overriding password to the same (https://github.com/ansible-collections/community.general/issues/543).

View file

@ -367,10 +367,19 @@ def user_add(cursor, user, host, host_all, password, encrypted,
if check_mode:
return True
# Determine what user management method server uses
old_user_mgmt = use_old_user_mgmt(cursor)
if password and encrypted:
cursor.execute("CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password))
elif password and not encrypted:
if old_user_mgmt:
cursor.execute("CREATE USER %s@%s IDENTIFIED BY %s", (user, host, password))
else:
cursor.execute("SELECT CONCAT('*', UCASE(SHA1(UNHEX(SHA1(%s)))))", (password,))
encrypted_password = cursor.fetchone()[0]
cursor.execute("CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, encrypted_password))
elif plugin and plugin_hash_string:
cursor.execute("CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string))
elif plugin and plugin_auth_string:

View file

@ -46,18 +46,17 @@
register: user_password_old
when: user_password_old_create is failed
# FIXME: not sure why this is failing, but it looks like it should expect changed=true
#- name: update user2 state=present with same password (expect changed=false)
# mysql_user:
# name: '{{ user_name_2 }}'
# password: '{{ user_password_2 }}'
# priv: '*.*:ALL'
# state: present
# login_unix_socket: '{{ mysql_socket }}'
# register: result
#
#- name: assert output user2 was not updated
# assert: { that: "result.changed == false" }
- name: update user2 state=present with same password (expect changed=false)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: assert output user2 was not updated
assert: { that: "result.changed == false" }
- include: assert_user.yml user_name={{user_name_2}} priv='ALL PRIVILEGES'