fix case when a account as same user but different host and password

plugins/module_utils/user.py

@@ -112,7 +112,7 @@ def get_grants(cursor, user, host):
     return grants.split(", ")
 
 
-def get_existing_authentication(cursor, user):
+def get_existing_authentication(cursor, user, host):
     # Return the plugin and auth_string if there is exactly one distinct existing plugin and auth_string.
     cursor.execute("SELECT VERSION()")
     srv_type = cursor.fetchone()
@@ -126,12 +126,14 @@ def get_existing_authentication(cursor, user):
         # when using mysql_native_password
         cursor.execute("""select plugin, auth from (
             select plugin, password as auth from mysql.user where user=%(user)s
+            and host=%(host)s
             union select plugin, authentication_string as auth from mysql.user where user=%(user)s
-            ) x group by plugin, auth limit 2
+            and host=%(host)s) x group by plugin, auth limit 2
-        """, {'user': user})
+        """, {'user': user, 'host': host})
     else:
-        cursor.execute("""select plugin, authentication_string as auth from mysql.user where user=%(user)s
+        cursor.execute("""select plugin, authentication_string as auth
-            group by plugin, authentication_string limit 2""", {'user': user})
+            from mysql.user where user=%(user)s and host=%(host)s
+            group by plugin, authentication_string limit 2""", {'user': user, 'host': host})
     rows = cursor.fetchall()
 
     # Mysql_info use a DictCursor so we must convert back to a list
@@ -164,7 +166,7 @@ def user_add(cursor, user, host, host_all, password, encrypted,
 
     used_existing_password = False
     if reuse_existing_password:
-        existing_auth = get_existing_authentication(cursor, user)
+        existing_auth = get_existing_authentication(cursor, user, host)
         if existing_auth:
             plugin = existing_auth['plugin']
             plugin_hash_string = existing_auth['auth_string']

plugins/modules/mysql_info.py

@@ -605,7 +605,7 @@ class MySQL_Info(object):
                 if len(output_dict['resource_limits']) == 0:
                     del output_dict['resource_limits']
 
-            authentications = get_existing_authentication(self.cursor, user)
+            authentications = get_existing_authentication(self.cursor, user, host)
             if authentications:
                 output_dict.update(authentications)
 

tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml

@@ -120,6 +120,33 @@
             GRANT SELECT,UPDATE(name1,NAME2,Name3) ON users_privs_db.T_UPPER TO
             users_privs_columns_uppercase@'users_privs.com'
 
+          - >-
+            CREATE USER users_privs_multi_hosts@'%'
+            IDENTIFIED WITH mysql_native_password AS
+            '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
+          - GRANT SELECT ON users_privs_db.* TO users_privs_multi_hosts@'%'
+
+          - >-
+            CREATE USER users_privs_multi_hosts@'localhost'
+            IDENTIFIED WITH mysql_native_password AS
+            '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
+          - >-
+            GRANT SELECT ON users_privs_db.* TO
+            users_privs_multi_hosts@'localhost'
+
+          - >-
+            CREATE USER users_privs_multi_hosts@'host1'
+            IDENTIFIED WITH mysql_native_password AS
+            '*6C387FC3893DBA1E3BA155E74754DA6682D04747'
+          - GRANT SELECT ON users_privs_db.* TO users_privs_multi_hosts@'host1'
+
+          # Different password than the others users_privs_multi_hosts
+          - >-
+            CREATE USER users_privs_multi_hosts@'host2'
+            IDENTIFIED WITH mysql_native_password AS
+            '*CB3326D5279DE7915FE5D743232165EE887883CA'
+          - GRANT SELECT ON users_privs_db.* TO users_privs_multi_hosts@'host2'
+
     - name: Mysql_info users_privs | Prepare tests users for MariaDB
       community.mysql.mysql_user:
         name: "{{ item.name }}"