ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-08 11:40:33 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Refactor get_existing_authentication to return a list of all row found

Browse source 
Previously we were returning only the first row found. We need to be
able to see if there is a difference in the existing passwords.
This commit is contained in:
Laurent Indermuehle 2024-06-06 19:15:28 +02:00
parent c7218c71aa
commit 3f4af18cb9
No known key found for this signature in database
GPG key ID: 93FA944C9F34DD09
2 changed files with 37 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
plugins/module_utils/user.py
View file

@ -90,7 +90,11 @@ def get_grants(cursor, user, host):
def get_existing_authentication(cursor, user, host): def get_existing_authentication(cursor, user, host):
# Return the plugin and auth_string if there is exactly one distinct existing plugin and auth_string. """ Return a list of dict containing the plugin and auth_string for the
specified username.
If hostname is provided, return only the information about this particular
account.
"""
cursor.execute("SELECT VERSION()") cursor.execute("SELECT VERSION()")
srv_type = cursor.fetchone() srv_type = cursor.fetchone()
# Mysql_info use a DictCursor so we must convert back to a list # Mysql_info use a DictCursor so we must convert back to a list
@ -114,27 +118,30 @@ def get_existing_authentication(cursor, user, host):
rows = cursor.fetchall() rows = cursor.fetchall()
if len(rows) == 0: if len(rows) == 0:
return None return []
# Mysql_info use a DictCursor so we must convert back to a list # Mysql_info use a DictCursor so we must convert back to a list
# otherwise we get KeyError 0 # otherwise we get KeyError 0
if isinstance(rows, dict): if isinstance(rows, dict):
rows = list(rows.values()) rows = list(rows.values())
# 'plugin_auth_string' contains the hash string. Must be removed in c.mysql 4.0 existing_auth_list = []
# See https://github.com/ansible-collections/community.mysql/pull/629
if isinstance(rows[0], tuple):
return {'plugin': rows[0][0],
'plugin_auth_string': rows[0][1],
'plugin_hash_string': rows[0][1]}
# 'plugin_auth_string' contains the hash string. Must be removed in c.mysql 4.0 # 'plugin_auth_string' contains the hash string. Must be removed in c.mysql 4.0
# See https://github.com/ansible-collections/community.mysql/pull/629 # See https://github.com/ansible-collections/community.mysql/pull/629
if isinstance(rows[0], dict): for r in rows:
return {'plugin': rows[0].get('plugin'), if isinstance(r, tuple):
'plugin_auth_string': rows[0].get('auth'), existing_auth_list.append({
'plugin_hash_string': rows[0].get('auth')} 'plugin': r[0],
return None 'plugin_auth_string': r[1],
'plugin_hash_string': r[1]})
elif isinstance(r, dict):
existing_auth_list.append({
'plugin': r.get('plugin'),
'plugin_auth_string': r.get('auth'),
'plugin_hash_string': r.get('auth')})
return existing_auth_list
def user_add(cursor, user, host, host_all, password, encrypted, def user_add(cursor, user, host, host_all, password, encrypted,
@ -158,14 +165,26 @@ def user_add(cursor, user, host, host_all, password, encrypted,
mogrify = do_not_mogrify_requires if old_user_mgmt else mogrify_requires mogrify = do_not_mogrify_requires if old_user_mgmt else mogrify_requires
# This is for update_password: on_new_username
used_existing_password = False used_existing_password = False
if reuse_existing_password: if reuse_existing_password:
existing_auth = get_existing_authentication(cursor, user, host) existing_auth = get_existing_authentication(cursor, user, host)
if existing_auth: if existing_auth:
plugin = existing_auth['plugin'] pass_hashes = [p['plugin_hash_string'] for p in existing_auth]
plugin_hash_string = existing_auth['plugin_hash_string'] # Use a set to check if all values are the same
if len(set(pass_hashes)) != 1:
module.warn("An account with the username %s has a different "
"password than the others existing accounts. Thus "
"on_new_username can't decide which password to "
"reuse so it will use your provided password "
"instead. If no password is provided, the account "
"will have an empty password!" % user)
used_existing_password = False
else:
plugin_hash_string = existing_auth[0]['plugin_hash_string']
password = None password = None
used_existing_password = True used_existing_password = True
plugin = existing_auth[0]['plugin'] # What if plugin differ?
if password and encrypted: if password and encrypted:
if impl.supports_identified_by_password(cursor): if impl.supports_identified_by_password(cursor):
query_with_args = "CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password) query_with_args = "CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password)

2
plugins/modules/mysql_info.py
View file

@ -633,7 +633,7 @@ class MySQL_Info(object):
authentications = get_existing_authentication(self.cursor, user, host) authentications = get_existing_authentication(self.cursor, user, host)
if authentications: if authentications:
output_dict.update(authentications) output_dict.update(authentications[0])
# TODO password_option # TODO password_option
# TODO lock_option # TODO lock_option