From 51a38840d977e6184be3ef1d6f427c8cb3dc4545 Mon Sep 17 00:00:00 2001 From: hubiongithub <79990207+hubiongithub@users.noreply.github.com> Date: Tue, 31 May 2022 07:40:32 +0200 Subject: [PATCH] =?UTF-8?q?mysql=5Fuser:=20prevent=20password=20getting=20?= =?UTF-8?q?set=20for=20existing=20users=20on=20on=5Fcre=E2=80=A6=20(#342)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * mysql_user: prevent password getting set for existing users on on_create when plugin is used * added changelog fragment * format fix * added substract_privs, to t list of arguments * clarify the documetation * additional documentation to password,plugin,plugin_hash_string,plugin_auth_string options, format fix on changelog * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov * linting * linting * linting * linting Co-authored-by: Andrew Klychkov --- .../fragments/334-mysql_user_fix_logic_on_oncreate.yml | 2 ++ plugins/modules/mysql_user.py | 9 +++++---- 2 files changed, 7 insertions(+), 4 deletions(-) create mode 100644 changelogs/fragments/334-mysql_user_fix_logic_on_oncreate.yml diff --git a/changelogs/fragments/334-mysql_user_fix_logic_on_oncreate.yml b/changelogs/fragments/334-mysql_user_fix_logic_on_oncreate.yml new file mode 100644 index 0000000..4ac88a1 --- /dev/null +++ b/changelogs/fragments/334-mysql_user_fix_logic_on_oncreate.yml @@ -0,0 +1,2 @@ +bugfixes: + - "mysql_user - fix logic when ``update_password`` is set to ``on_create`` for users using ``plugin*`` arguments (https://github.com/ansible-collections/community.mysql/issues/334). The ``on_create`` sets ``password`` to None for old mysql_native_authentication but not for authentiation methods which uses the ``plugin*`` arguments. This PR changes this so ``on_create`` also exchange ``plugin``, ``plugin_hash_string``, ``plugin_auth_string`` to None in the list of arguments to change" diff --git a/plugins/modules/mysql_user.py b/plugins/modules/mysql_user.py index 9299eaf..292179a 100644 --- a/plugins/modules/mysql_user.py +++ b/plugins/modules/mysql_user.py @@ -22,7 +22,8 @@ options: required: true password: description: - - Set the user's password. + - Set the user's password. Only for C(mysql_native_password) authentication. + For other authentication plugins see the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string). type: str encrypted: description: @@ -115,8 +116,8 @@ options: default: no update_password: description: - - C(always) will update passwords if they differ. - - C(on_create) will only set the password for newly created users. + - C(always) will update passwords if they differ. This affects I(password) and the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string). + - C(on_create) will only set the password or the combination of plugin, plugin_hash_string, plugin_auth_string for newly created users. type: str choices: [ always, on_create ] default: always @@ -456,7 +457,7 @@ def main(): priv, append_privs, subtract_privs, tls_requires, module) else: changed, msg = user_mod(cursor, user, host, host_all, None, encrypted, - plugin, plugin_hash_string, plugin_auth_string, + None, None, None, priv, append_privs, subtract_privs, tls_requires, module) except (SQLParseError, InvalidPrivsError, mysql_driver.Error) as e: