mysql_user: prevent password getting set for existing users on on_cre… (#342)

* mysql_user: prevent password getting set for existing users on on_create when plugin is used * added changelog fragment * format fix * added substract_privs, to t list of arguments * clarify the documetation * additional documentation to password,plugin,plugin_hash_string,plugin_auth_string options, format fix on changelog * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/mysql_user.py Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * linting * linting * linting * linting Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2025-04-05 10:10:32 -07:00 · 2022-05-31 07:40:32 +02:00 · 2022-05-31 07:40:32 +02:00 · 51a38840d9
commit 51a38840d9
parent 05eccd9a1d
2 changed files with 7 additions and 4 deletions
--- a/changelogs/fragments/334-mysql_user_fix_logic_on_oncreate.yml
+++ b/changelogs/fragments/334-mysql_user_fix_logic_on_oncreate.yml
@ -0,0 +1,2 @@
+bugfixes:
+  - "mysql_user - fix logic when ``update_password`` is set to ``on_create`` for users using ``plugin*`` arguments (https://github.com/ansible-collections/community.mysql/issues/334). The ``on_create`` sets ``password`` to None for old mysql_native_authentication but not for authentiation methods which uses the ``plugin*`` arguments. This PR changes this so ``on_create`` also exchange ``plugin``, ``plugin_hash_string``, ``plugin_auth_string`` to None in the list of arguments to change"
--- a/plugins/modules/mysql_user.py
+++ b/plugins/modules/mysql_user.py
@ -22,7 +22,8 @@ options:
    required: true
  password:
    description:
-      - Set the user's password.
+      - Set the user's password. Only for C(mysql_native_password) authentication.
+        For other authentication plugins see the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string).
    type: str
  encrypted:
    description:
@ -115,8 +116,8 @@ options:
    default: no
  update_password:
    description:
-      - C(always) will update passwords if they differ.
-      - C(on_create) will only set the password for newly created users.
+      - C(always) will update passwords if they differ. This affects I(password) and the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string).
+      - C(on_create) will only set the password or the combination of plugin, plugin_hash_string, plugin_auth_string for newly created users.
    type: str
    choices: [ always, on_create ]
    default: always
@ -456,7 +457,7 @@ def main():
                                            priv, append_privs, subtract_privs, tls_requires, module)
                else:
                    changed, msg = user_mod(cursor, user, host, host_all, None, encrypted,
-                                            plugin, plugin_hash_string, plugin_auth_string,
+                                            None, None, None,
                                            priv, append_privs, subtract_privs, tls_requires, module)

            except (SQLParseError, InvalidPrivsError, mysql_driver.Error) as e: