fix tests

plugins/module_utils/implementations/mysql/hash.py

@@ -106,7 +106,8 @@ def _sha256_digest(key, salt, loops):
 
 def mysql_sha256_password_hash_hex(password, salt):
     """Return a MySQL compatible caching_sha2_password hash in hex format."""
-    assert len(salt) == 20, "Salt must be 20 characters long."
+    if len(salt) != 20:
+        raise ValueError("Salt must be 20 characters long.")
 
     count = 5
     iteration = 1000 * count

plugins/module_utils/user.py

@@ -191,7 +191,7 @@ def user_add(cursor, user, host, host_all, password, encrypted,
                 generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
             else:
                 module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
-            query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, generated_hash_string)
+            query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS 0x%s", (user, host, plugin, generated_hash_string)
         else:
             query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
     elif plugin:
@@ -372,7 +372,7 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
                             generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
                         else:
                             module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
-                        query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, generated_hash_string)
+                        query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS 0x%s", (user, host, plugin, generated_hash_string)
                     else:
                         query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
                 else:

plugins/modules/mysql_user.py

@@ -144,9 +144,9 @@ options:
     version_added: '0.1.0'
   salt:
     description:
-      - Salt used to generate password hash.
+      - Salt used to generate password hash from I(plugin_auth_string).
       - Salt length must be 20 characters.
-      - I(plugin) must be equal to ``caching_sha2_password`` or ``sha256_password`` and I(plugin_auth_string) defined.
+      - Salt only support ``caching_sha2_password`` or ``sha256_password`` authentication I(plugin).
     type: str
     version_added: '3.10.0'
   resource_limits:
@@ -377,6 +377,13 @@ EXAMPLES = r'''
     priv: '*.*:ALL'
     state: present
 
+- name: Create user 'bob' authenticated with plugin 'caching_sha2_password' and static salt
+  community.mysql.mysql_user:
+    name: bob
+    plugin: caching_sha2_password
+    plugin_auth_string: password
+    salt: 1234567890abcdefghij
+
 - name: Limit bob's resources to 10 queries per hour and 5 connections per hour
   community.mysql.mysql_user:
     name: bob
@@ -509,7 +516,10 @@ def main():
         module.fail_json(msg="password_expire_interval value \
                              should be positive number")
 
-    if salt and plugin not in ['caching_sha2_password', 'sha256_password']:
+    if salt:
+        if len(salt) != 20:
+            module.fail_json(msg="Salt must be 20 characters long")
+        if plugin not in ['caching_sha2_password', 'sha256_password']:
             module.fail_json(msg="salt requires caching_sha2_password or sha256_password plugin")
 
     cursor = None