ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-06 10:40:36 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Remove Black formatting in an attempt to make codecov happy

Browse source
This commit is contained in:
Jorge-Rodriguez 2020-07-26 10:52:37 +03:00
parent 69d3f8b3c2
commit 25441dfaaf
1 changed files with 159 additions and 307 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

464
plugins/modules/mysql_user.py
View file

@ -6,11 +6,10 @@
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = r"""
DOCUMENTATION = r'''
---
module: mysql_user
short_description: Adds or removes a user from a MySQL database
@ -142,9 +141,9 @@ author:
extends_documentation_fragment:
- community.mysql.mysql
"""
'''
EXAMPLES = r"""
EXAMPLES = r'''
- name: Removes anonymous user account for localhost
community.mysql.mysql_user:
name: ''
@ -286,109 +285,55 @@ EXAMPLES = r"""
# [client]
# user=root
# password=n<_665{vS43y
"""
'''
import re
import string
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.mysql.plugins.module_utils.database import SQLParseError
from ansible_collections.community.mysql.plugins.module_utils.mysql import (
mysql_connect,
mysql_driver,
mysql_driver_fail_msg,
)
from ansible_collections.community.mysql.plugins.module_utils.mysql import mysql_connect, mysql_driver, mysql_driver_fail_msg
from ansible.module_utils.six import iteritems
from ansible.module_utils._text import to_native
VALID_PRIVS = frozenset(
(
"CREATE",
"DROP",
"GRANT",
"GRANT OPTION",
"LOCK TABLES",
"REFERENCES",
"EVENT",
"ALTER",
"DELETE",
"INDEX",
"INSERT",
"SELECT",
"UPDATE",
"CREATE TEMPORARY TABLES",
"TRIGGER",
"CREATE VIEW",
"SHOW VIEW",
"ALTER ROUTINE",
"CREATE ROUTINE",
"EXECUTE",
"FILE",
"CREATE TABLESPACE",
"CREATE USER",
"PROCESS",
"PROXY",
"RELOAD",
"REPLICATION CLIENT",
"REPLICATION SLAVE",
"SHOW DATABASES",
"SHUTDOWN",
"SUPER",
"ALL",
"ALL PRIVILEGES",
"USAGE",
"REQUIRESSL",
"CREATE ROLE",
"DROP ROLE",
"APPLICATION_PASSWORD_ADMIN",
"AUDIT_ADMIN",
"BACKUP_ADMIN",
"BINLOG_ADMIN",
"BINLOG_ENCRYPTION_ADMIN",
"CLONE_ADMIN",
"CONNECTION_ADMIN",
"ENCRYPTION_KEY_ADMIN",
"FIREWALL_ADMIN",
"FIREWALL_USER",
"GROUP_REPLICATION_ADMIN",
"INNODB_REDO_LOG_ARCHIVE",
"NDB_STORED_USER",
"PERSIST_RO_VARIABLES_ADMIN",
"REPLICATION_APPLIER",
"REPLICATION_SLAVE_ADMIN",
"RESOURCE_GROUP_ADMIN",
"RESOURCE_GROUP_USER",
"ROLE_ADMIN",
"SESSION_VARIABLES_ADMIN",
"SET_USER_ID",
"SYSTEM_USER",
"SYSTEM_VARIABLES_ADMIN",
"SYSTEM_USER",
"TABLE_ENCRYPTION_ADMIN",
"VERSION_TOKEN_ADMIN",
"XA_RECOVER_ADMIN",
"LOAD FROM S3",
"SELECT INTO S3",
"INVOKE LAMBDA",
"ALTER ROUTINE",
"BINLOG ADMIN",
"BINLOG MONITOR",
"BINLOG REPLAY",
"CONNECTION ADMIN",
"READ_ONLY ADMIN",
"REPLICATION MASTER ADMIN",
"REPLICATION SLAVE",
"REPLICATION SLAVE ADMIN",
"SET USER",
)
)
VALID_PRIVS = frozenset(('CREATE', 'DROP', 'GRANT', 'GRANT OPTION',
'LOCK TABLES', 'REFERENCES', 'EVENT', 'ALTER',
'DELETE', 'INDEX', 'INSERT', 'SELECT', 'UPDATE',
'CREATE TEMPORARY TABLES', 'TRIGGER', 'CREATE VIEW',
'SHOW VIEW', 'ALTER ROUTINE', 'CREATE ROUTINE',
'EXECUTE', 'FILE', 'CREATE TABLESPACE', 'CREATE USER',
'PROCESS', 'PROXY', 'RELOAD', 'REPLICATION CLIENT',
'REPLICATION SLAVE', 'SHOW DATABASES', 'SHUTDOWN',
'SUPER', 'ALL', 'ALL PRIVILEGES', 'USAGE', 'REQUIRESSL',
'CREATE ROLE', 'DROP ROLE', 'APPLICATION_PASSWORD_ADMIN',
'AUDIT_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
'ENCRYPTION_KEY_ADMIN', 'FIREWALL_ADMIN', 'FIREWALL_USER',
'GROUP_REPLICATION_ADMIN', 'INNODB_REDO_LOG_ARCHIVE',
'NDB_STORED_USER', 'PERSIST_RO_VARIABLES_ADMIN',
'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER',
'ROLE_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID',
'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'SYSTEM_USER',
'TABLE_ENCRYPTION_ADMIN', 'VERSION_TOKEN_ADMIN',
'XA_RECOVER_ADMIN', 'LOAD FROM S3', 'SELECT INTO S3',
'INVOKE LAMBDA',
'ALTER ROUTINE',
'BINLOG ADMIN',
'BINLOG MONITOR',
'BINLOG REPLAY',
'CONNECTION ADMIN',
'READ_ONLY ADMIN',
'REPLICATION MASTER ADMIN',
'REPLICATION SLAVE',
'REPLICATION SLAVE ADMIN',
'SET USER',))
class InvalidPrivsError(Exception):
pass
# ===========================================
# MySQL module specific support methods.
#
@ -399,9 +344,9 @@ def use_old_user_mgmt(cursor):
cursor.execute("SELECT VERSION()")
result = cursor.fetchone()
version_str = result[0]
version = version_str.split(".")
version = version_str.split('.')
if "mariadb" in version_str.lower():
if 'mariadb' in version_str.lower():
# Prior to MariaDB 10.2
if int(version[0]) * 1000 + int(version[1]) < 10002:
return True
@ -416,13 +361,13 @@ def use_old_user_mgmt(cursor):
def get_mode(cursor):
cursor.execute("SELECT @@GLOBAL.sql_mode")
cursor.execute('SELECT @@GLOBAL.sql_mode')
result = cursor.fetchone()
mode_str = result[0]
if "ANSI" in mode_str:
mode = "ANSI"
if 'ANSI' in mode_str:
mode = 'ANSI'
else:
mode = "NOTANSI"
mode = 'NOTANSI'
return mode
@ -500,20 +445,9 @@ def get_grants(cursor, user, host):
return grants.split(", ")
def user_add(
cursor,
user,
host,
host_all,
password,
encrypted,
plugin,
plugin_hash_string,
plugin_auth_string,
new_priv,
tls_requires,
check_mode,
):
def user_add(cursor, user, host, host_all, password, encrypted,
plugin, plugin_hash_string, plugin_auth_string, new_priv,
tls_requires, check_mode):
# we cannot create users without a proper hostname
if host_all:
return False
@ -567,27 +501,15 @@ def user_add(
def is_hash(password):
ishash = False
if len(password) == 41 and password[0] == "*":
if len(password) == 41 and password[0] == '*':
if frozenset(password[1:]).issubset(string.hexdigits):
ishash = True
return ishash
def user_mod(
cursor,
user,
host,
host_all,
password,
encrypted,
plugin,
plugin_hash_string,
plugin_auth_string,
new_priv,
append_privs,
tls_requires,
module,
):
def user_mod(cursor, user, host, host_all, password, encrypted,
plugin, plugin_hash_string, plugin_auth_string, new_priv,
append_privs, tls_requires, module):
changed = False
msg = "User unchanged"
grant_option = False
@ -604,46 +526,36 @@ def user_mod(
old_user_mgmt = use_old_user_mgmt(cursor)
# Get a list of valid columns in mysql.user table to check if Password and/or authentication_string exist
cursor.execute(
"""
cursor.execute("""
SELECT COLUMN_NAME FROM information_schema.COLUMNS
WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME IN ('Password', 'authentication_string')
ORDER BY COLUMN_NAME DESC LIMIT 1
"""
)
""")
colA = cursor.fetchone()
cursor.execute(
"""
cursor.execute("""
SELECT COLUMN_NAME FROM information_schema.COLUMNS
WHERE TABLE_SCHEMA = 'mysql' AND TABLE_NAME = 'user' AND COLUMN_NAME IN ('Password', 'authentication_string')
ORDER BY COLUMN_NAME ASC LIMIT 1
"""
)
""")
colB = cursor.fetchone()
# Select hash from either Password or authentication_string, depending which one exists and/or is filled
cursor.execute(
"""
cursor.execute("""
SELECT COALESCE(
CASE WHEN %s = '' THEN NULL ELSE %s END,
CASE WHEN %s = '' THEN NULL ELSE %s END
)
FROM mysql.user WHERE user = %%s AND host = %%s
"""
% (colA[0], colA[0], colB[0], colB[0]),
(user, host),
)
""" % (colA[0], colA[0], colB[0], colB[0]), (user, host))
current_pass_hash = cursor.fetchone()[0]
if isinstance(current_pass_hash, bytes):
current_pass_hash = current_pass_hash.decode("ascii")
current_pass_hash = current_pass_hash.decode('ascii')
if encrypted:
encrypted_password = password
if not is_hash(encrypted_password):
module.fail_json(
msg="encrypted was specified however it does not appear to be a valid hash expecting: *SHA1(SHA1(your_password))"
)
module.fail_json(msg="encrypted was specified however it does not appear to be a valid hash expecting: *SHA1(SHA1(your_password))")
else:
if old_user_mgmt:
cursor.execute("SELECT PASSWORD(%s)", (password,))
@ -660,10 +572,7 @@ def user_mod(
msg = "Password updated (old style)"
else:
try:
cursor.execute(
"ALTER USER %s@%s IDENTIFIED WITH mysql_native_password AS %s",
(user, host, encrypted_password),
)
cursor.execute("ALTER USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, encrypted_password))
msg = "Password updated (new style)"
except (mysql_driver.Error) as e:
# https://stackoverflow.com/questions/51600000/authentication-string-of-root-user-on-mysql
@ -671,7 +580,7 @@ def user_mod(
if e.args[0] == 1396:
cursor.execute(
"UPDATE mysql.user SET plugin = %s, authentication_string = %s, Password = '' WHERE User = %s AND Host = %s",
("mysql_native_password", encrypted_password, user, host),
('mysql_native_password', encrypted_password, user, host)
)
cursor.execute("FLUSH PRIVILEGES")
msg = "Password forced update"
@ -681,9 +590,8 @@ def user_mod(
# Handle plugin authentication
if plugin:
cursor.execute(
"SELECT plugin, authentication_string FROM mysql.user " "WHERE user = %s AND host = %s", (user, host)
)
cursor.execute("SELECT plugin, authentication_string FROM mysql.user "
"WHERE user = %s AND host = %s", (user, host))
current_plugin = cursor.fetchone()
update = False
@ -703,13 +611,9 @@ def user_mod(
if update:
if plugin_hash_string:
cursor.execute(
"ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
)
cursor.execute("ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string))
elif plugin_auth_string:
cursor.execute(
"ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
)
cursor.execute("ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string))
else:
cursor.execute("ALTER USER %s@%s IDENTIFIED WITH %s", (user, host, plugin))
changed = True
@ -819,23 +723,21 @@ def privileges_get(cursor, user, host):
grants = cursor.fetchall()
def pick(x):
if x == "ALL PRIVILEGES":
return "ALL"
if x == 'ALL PRIVILEGES':
return 'ALL'
else:
return x
for grant in grants:
res = re.match(
"""GRANT (.+) ON (.+) TO (['`"]).*\\3@(['`"]).*\\4( IDENTIFIED BY PASSWORD (['`"]).+\\6)? ?(.*)""", grant[0]
)
res = re.match("""GRANT (.+) ON (.+) TO (['`"]).*\\3@(['`"]).*\\4( IDENTIFIED BY PASSWORD (['`"]).+\\6)? ?(.*)""", grant[0])
if res is None:
raise InvalidPrivsError("unable to parse the MySQL grant string: %s" % grant[0])
raise InvalidPrivsError('unable to parse the MySQL grant string: %s' % grant[0])
privileges = res.group(1).split(",")
privileges = [pick(x.strip()) for x in privileges]
if "WITH GRANT OPTION" in res.group(7):
privileges.append("GRANT")
if "REQUIRE SSL" in res.group(7):
privileges.append("REQUIRESSL")
privileges.append('GRANT')
if 'REQUIRE SSL' in res.group(7):
privileges.append('REQUIRESSL')
db = res.group(2)
output.setdefault(db, []).extend(privileges)
return output
@ -852,83 +754,83 @@ def privileges_unpack(priv, mode):
The privilege USAGE stands for no privileges, so we add that in on *.* if it's
not specified in the string, as MySQL will always provide this by default.
"""
if mode == "ANSI":
if mode == 'ANSI':
quote = '"'
else:
quote = "`"
quote = '`'
output = {}
privs = []
for item in priv.strip().split("/"):
pieces = item.strip().rsplit(":", 1)
for item in priv.strip().split('/'):
pieces = item.strip().rsplit(':', 1)
dbpriv = pieces[0].rsplit(".", 1)
# Check for FUNCTION or PROCEDURE object types
parts = dbpriv[0].split(" ", 1)
object_type = ""
if len(parts) > 1 and (parts[0] == "FUNCTION" or parts[0] == "PROCEDURE"):
object_type = parts[0] + " "
object_type = ''
if len(parts) > 1 and (parts[0] == 'FUNCTION' or parts[0] == 'PROCEDURE'):
object_type = parts[0] + ' '
dbpriv[0] = parts[1]
# Do not escape if privilege is for database or table, i.e.
# neither quote *. nor .*
for i, side in enumerate(dbpriv):
if side.strip("`") != "*":
dbpriv[i] = "%s%s%s" % (quote, side.strip("`"), quote)
pieces[0] = object_type + ".".join(dbpriv)
if side.strip('`') != '*':
dbpriv[i] = '%s%s%s' % (quote, side.strip('`'), quote)
pieces[0] = object_type + '.'.join(dbpriv)
if "(" in pieces[1]:
output[pieces[0]] = re.split(r",\s*(?=[^)]*(?:\(|$))", pieces[1].upper())
if '(' in pieces[1]:
output[pieces[0]] = re.split(r',\s*(?=[^)]*(?:\(|$))', pieces[1].upper())
for i in output[pieces[0]]:
privs.append(re.sub(r"\s*\(.*\)", "", i))
privs.append(re.sub(r'\s*\(.*\)', '', i))
else:
output[pieces[0]] = pieces[1].upper().split(",")
output[pieces[0]] = pieces[1].upper().split(',')
privs = output[pieces[0]]
new_privs = frozenset(privs)
if not new_privs.issubset(VALID_PRIVS):
raise InvalidPrivsError("Invalid privileges specified: %s" % new_privs.difference(VALID_PRIVS))
raise InvalidPrivsError('Invalid privileges specified: %s' % new_privs.difference(VALID_PRIVS))
if "*.*" not in output:
output["*.*"] = ["USAGE"]
if '*.*' not in output:
output['*.*'] = ['USAGE']
# if we are only specifying something like REQUIRESSL and/or GRANT (=WITH GRANT OPTION) in *.*
# we still need to add USAGE as a privilege to avoid syntax errors
if "REQUIRESSL" in priv and not set(output["*.*"]).difference(set(["GRANT", "REQUIRESSL"])):
output["*.*"].append("USAGE")
if 'REQUIRESSL' in priv and not set(output['*.*']).difference(set(['GRANT', 'REQUIRESSL'])):
output['*.*'].append('USAGE')
return output
def privileges_revoke(cursor, user, host, db_table, priv, grant_option):
# Escape '%' since mysql db.execute() uses a format string
db_table = db_table.replace("%", "%%")
db_table = db_table.replace('%', '%%')
if grant_option:
query = ["REVOKE GRANT OPTION ON %s" % db_table]
query.append("FROM %s@%s")
query = " ".join(query)
query = ' '.join(query)
cursor.execute(query, (user, host))
priv_string = ",".join([p for p in priv if p not in ("GRANT", "REQUIRESSL")])
priv_string = ",".join([p for p in priv if p not in ('GRANT', 'REQUIRESSL')])
query = ["REVOKE %s ON %s" % (priv_string, db_table)]
query.append("FROM %s@%s")
query = " ".join(query)
query = ' '.join(query)
cursor.execute(query, (user, host))
def privileges_grant(cursor, user, host, db_table, priv, tls_requires):
# Escape '%' since mysql db.execute uses a format string and the
# specification of db and table often use a % (SQL wildcard)
db_table = db_table.replace("%", "%%")
priv_string = ",".join([p for p in priv if p not in ("GRANT", "REQUIRESSL")])
db_table = db_table.replace('%', '%%')
priv_string = ",".join([p for p in priv if p not in ('GRANT', 'REQUIRESSL')])
query = ["GRANT %s ON %s" % (priv_string, db_table)]
query.append("TO %s@%s")
params = (user, host)
if tls_requires and not server_suports_requires_create(cursor):
query, params = mogrify_requires(" ".join(query), params, tls_requires)
query = [query]
if "REQUIRESSL" in priv and not tls_requires:
if 'REQUIRESSL' in priv and not tls_requires:
query.append("REQUIRE SSL")
if "GRANT" in priv:
if 'GRANT' in priv:
query.append("WITH GRANT OPTION")
query = " ".join(query)
query = ' '.join(query)
cursor.execute(query, params)
@ -941,9 +843,9 @@ def convert_priv_dict_to_str(priv):
Returns:
priv (str): String representation of input argument.
"""
priv_list = ["%s:%s" % (key, val) for key, val in iteritems(priv)]
priv_list = ['%s:%s' % (key, val) for key, val in iteritems(priv)]
return "/".join(priv_list)
return '/'.join(priv_list)
# TLS requires on user create statement is supported since MySQL 5.7 and MariaDB 10.2
@ -984,9 +886,9 @@ def server_supports_alter_user(cursor):
"""
cursor.execute("SELECT VERSION()")
version_str = cursor.fetchone()[0]
version = version_str.split(".")
version = version_str.split('.')
if "mariadb" in version_str.lower():
if 'mariadb' in version_str.lower():
# MariaDB 10.2 and later
if int(version[0]) * 1000 + int(version[1]) >= 10002:
return True
@ -1011,13 +913,11 @@ def get_resource_limits(cursor, user, host):
Returns: Dictionary containing current resource limits.
"""
query = (
"SELECT max_questions AS MAX_QUERIES_PER_HOUR, "
"max_updates AS MAX_UPDATES_PER_HOUR, "
"max_connections AS MAX_CONNECTIONS_PER_HOUR, "
"max_user_connections AS MAX_USER_CONNECTIONS "
"FROM mysql.user WHERE User = %s AND Host = %s"
)
query = ('SELECT max_questions AS MAX_QUERIES_PER_HOUR, '
'max_updates AS MAX_UPDATES_PER_HOUR, '
'max_connections AS MAX_CONNECTIONS_PER_HOUR, '
'max_user_connections AS MAX_USER_CONNECTIONS '
'FROM mysql.user WHERE User = %s AND Host = %s')
cursor.execute(query, (user, host))
res = cursor.fetchone()
@ -1025,10 +925,10 @@ def get_resource_limits(cursor, user, host):
return None
current_limits = {
"MAX_QUERIES_PER_HOUR": res[0],
"MAX_UPDATES_PER_HOUR": res[1],
"MAX_CONNECTIONS_PER_HOUR": res[2],
"MAX_USER_CONNECTIONS": res[3],
'MAX_QUERIES_PER_HOUR': res[0],
'MAX_UPDATES_PER_HOUR': res[1],
'MAX_CONNECTIONS_PER_HOUR': res[2],
'MAX_USER_CONNECTIONS': res[3],
}
return current_limits
@ -1083,10 +983,8 @@ def limit_resources(module, cursor, user, host, resource_limits, check_mode):
Returns: True, if changed, False otherwise.
"""
if not server_supports_alter_user(cursor):
module.fail_json(
msg="The server version does not match the requirements "
"for resource_limits parameter. See module's documentation."
)
module.fail_json(msg="The server version does not match the requirements "
"for resource_limits parameter. See module's documentation.")
current_limits = get_resource_limits(cursor, user, host)
@ -1101,10 +999,10 @@ def limit_resources(module, cursor, user, host, resource_limits, check_mode):
# If not check_mode
tmp = []
for key, val in iteritems(needs_to_change):
tmp.append("%s %s" % (key, val))
tmp.append('%s %s' % (key, val))
query = "ALTER USER %s@%s"
query += " WITH %s" % " ".join(tmp)
query += ' WITH %s' % ' '.join(tmp)
cursor.execute(query, (user, host))
return True
@ -1117,32 +1015,32 @@ def limit_resources(module, cursor, user, host, resource_limits, check_mode):
def main():
module = AnsibleModule(
argument_spec=dict(
login_user=dict(type="str"),
login_password=dict(type="str", no_log=True),
login_host=dict(type="str", default="localhost"),
login_port=dict(type="int", default=3306),
login_unix_socket=dict(type="str"),
user=dict(type="str", required=True, aliases=["name"]),
password=dict(type="str", no_log=True),
encrypted=dict(type="bool", default=False),
host=dict(type="str", default="localhost"),
login_user=dict(type='str'),
login_password=dict(type='str', no_log=True),
login_host=dict(type='str', default='localhost'),
login_port=dict(type='int', default=3306),
login_unix_socket=dict(type='str'),
user=dict(type='str', required=True, aliases=['name']),
password=dict(type='str', no_log=True),
encrypted=dict(type='bool', default=False),
host=dict(type='str', default='localhost'),
host_all=dict(type="bool", default=False),
state=dict(type="str", default="present", choices=["absent", "present"]),
priv=dict(type="raw"),
tls_requires=dict(type="dict"),
append_privs=dict(type="bool", default=False),
check_implicit_admin=dict(type="bool", default=False),
update_password=dict(type="str", default="always", choices=["always", "on_create"], no_log=False),
connect_timeout=dict(type="int", default=30),
config_file=dict(type="path", default="~/.my.cnf"),
sql_log_bin=dict(type="bool", default=True),
client_cert=dict(type="path", aliases=["ssl_cert"]),
client_key=dict(type="path", aliases=["ssl_key"]),
ca_cert=dict(type="path", aliases=["ssl_ca"]),
plugin=dict(default=None, type="str"),
plugin_hash_string=dict(default=None, type="str"),
plugin_auth_string=dict(default=None, type="str"),
resource_limits=dict(type="dict"),
state=dict(type='str', default='present', choices=['absent', 'present']),
priv=dict(type='raw'),
tls_requires=dict(type='dict'),
append_privs=dict(type='bool', default=False),
check_implicit_admin=dict(type='bool', default=False),
update_password=dict(type='str', default='always', choices=['always', 'on_create'], no_log=False),
connect_timeout=dict(type='int', default=30),
config_file=dict(type='path', default='~/.my.cnf'),
sql_log_bin=dict(type='bool', default=True),
client_cert=dict(type='path', aliases=['ssl_cert']),
client_key=dict(type='path', aliases=['ssl_key']),
ca_cert=dict(type='path', aliases=['ssl_ca']),
plugin=dict(default=None, type='str'),
plugin_hash_string=dict(default=None, type='str'),
plugin_auth_string=dict(default=None, type='str'),
resource_limits=dict(type='dict'),
),
supports_check_mode=True,
)
@ -1160,11 +1058,11 @@ def main():
connect_timeout = module.params["connect_timeout"]
config_file = module.params["config_file"]
append_privs = module.boolean(module.params["append_privs"])
update_password = module.params["update_password"]
update_password = module.params['update_password']
ssl_cert = module.params["client_cert"]
ssl_key = module.params["client_key"]
ssl_ca = module.params["ca_cert"]
db = ""
db = ''
sql_log_bin = module.params["sql_log_bin"]
plugin = module.params["plugin"]
plugin_hash_string = module.params["plugin_hash_string"]
@ -1183,29 +1081,18 @@ def main():
try:
if check_implicit_admin:
try:
cursor, db_conn = mysql_connect(
module, "root", "", config_file, ssl_cert, ssl_key, ssl_ca, db, connect_timeout=connect_timeout
)
cursor, db_conn = mysql_connect(module, "root", "", config_file, ssl_cert, ssl_key, ssl_ca, db,
connect_timeout=connect_timeout)
except Exception:
pass
if not cursor:
cursor, db_conn = mysql_connect(
module,
login_user,
login_password,
config_file,
ssl_cert,
ssl_key,
ssl_ca,
db,
cursor, db_conn = mysql_connect(module, login_user, login_password, config_file, ssl_cert, ssl_key, ssl_ca, db,
connect_timeout=connect_timeout,
)
except Exception as e:
module.fail_json(
msg="unable to connect to database, check login_user and login_password are correct or %s has the credentials. "
"Exception message: %s" % (config_file, to_native(e))
)
module.fail_json(msg="unable to connect to database, check login_user and login_password are correct or %s has the credentials. "
"Exception message: %s" % (config_file, to_native(e)))
if not sql_log_bin:
cursor.execute("SET SQL_LOG_BIN=0;")
@ -1224,37 +1111,13 @@ def main():
if user_exists(cursor, user, host, host_all):
try:
if update_password == "always":
changed, msg = user_mod(
cursor,
user,
host,
host_all,
password,
encrypted,
plugin,
plugin_hash_string,
plugin_auth_string,
priv,
append_privs,
tls_requires,
module,
)
changed, msg = user_mod(cursor, user, host, host_all, password, encrypted,
plugin, plugin_hash_string, plugin_auth_string,
priv, append_privs, tls_requires, module)
else:
changed, msg = user_mod(
cursor,
user,
host,
host_all,
None,
encrypted,
plugin,
plugin_hash_string,
plugin_auth_string,
priv,
append_privs,
tls_requires,
module,
)
changed, msg = user_mod(cursor, user, host, host_all, None, encrypted,
plugin, plugin_hash_string, plugin_auth_string,
priv, append_privs, tls_requires, module)
except (SQLParseError, InvalidPrivsError, mysql_driver.Error) as e:
module.fail_json(msg=to_native(e))
@ -1262,20 +1125,9 @@ def main():
if host_all:
module.fail_json(msg="host_all parameter cannot be used when adding a user")
try:
changed = user_add(
cursor,
user,
host,
host_all,
password,
encrypted,
plugin,
plugin_hash_string,
plugin_auth_string,
priv,
tls_requires,
module.check_mode,
)
changed = user_add(cursor, user, host, host_all, password, encrypted,
plugin, plugin_hash_string, plugin_auth_string,
priv, tls_requires, module.check_mode)
if changed:
msg = "User added"
@ -1295,5 +1147,5 @@ def main():
module.exit_json(changed=changed, user=user, msg=msg)
if __name__ == "__main__":
if __name__ == '__main__':
main()