ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-05 18:20:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add the locked attribute

Browse source 
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
This commit is contained in:
E.S. Rosenberg a.k.a. Keeper of the Keys 2025-03-04 00:25:20 +02:00
parent 5079dc4ab7
commit 583407fbe2
2 changed files with 20 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
plugins/module_utils/user.py
View file

@ -61,9 +61,8 @@ def user_is_locked(cursor, user, host, host_all):
# Unless I am very much mistaken there should only be 1 answer to this query ever. # Unless I am very much mistaken there should only be 1 answer to this query ever.
result = cursor.fetchone() result = cursor.fetchone()
for res in result.values(): if result[0].endswith('ACCOUNT LOCK'):
if res.endswith('ACCOUNT LOCK'): return True
return True
return False return False
@ -176,7 +175,7 @@ def get_existing_authentication(cursor, user, host=None):
def user_add(cursor, user, host, host_all, password, encrypted, def user_add(cursor, user, host, host_all, password, encrypted,
plugin, plugin_hash_string, plugin_auth_string, salt, new_priv, plugin, plugin_hash_string, plugin_auth_string, salt, new_priv,
attributes, tls_requires, reuse_existing_password, module, attributes, tls_requires, reuse_existing_password, module,
password_expire, password_expire_interval): password_expire, password_expire_interval, locked=False):
# If attributes are set, perform a sanity check to ensure server supports user attributes before creating user # If attributes are set, perform a sanity check to ensure server supports user attributes before creating user
if attributes and not get_attribute_support(cursor): if attributes and not get_attribute_support(cursor):
module.fail_json(msg="user attributes were specified but the server does not support user attributes") module.fail_json(msg="user attributes were specified but the server does not support user attributes")
@ -266,8 +265,8 @@ def user_add(cursor, user, host, host_all, password, encrypted,
cursor.execute("ALTER USER %s@%s ATTRIBUTE %s", (user, host, json.dumps(attributes))) cursor.execute("ALTER USER %s@%s ATTRIBUTE %s", (user, host, json.dumps(attributes)))
final_attributes = attributes_get(cursor, user, host) final_attributes = attributes_get(cursor, user, host)
# if locked: if locked:
# cursor.execute("ALTER USER %s@%s ACCOUNT LOCK", (user, host)) cursor.execute("ALTER USER %s@%s ACCOUNT LOCK", (user, host))
return {'changed': True, 'password_changed': not used_existing_password, 'attributes': final_attributes} return {'changed': True, 'password_changed': not used_existing_password, 'attributes': final_attributes}
@ -283,7 +282,7 @@ def is_hash(password):
def user_mod(cursor, user, host, host_all, password, encrypted, def user_mod(cursor, user, host, host_all, password, encrypted,
plugin, plugin_hash_string, plugin_auth_string, salt, new_priv, plugin, plugin_hash_string, plugin_auth_string, salt, new_priv,
append_privs, subtract_privs, attributes, tls_requires, module, append_privs, subtract_privs, attributes, tls_requires, module,
password_expire, password_expire_interval, role=False, maria_role=False): password_expire, password_expire_interval, locked=False, role=False, maria_role=False):
changed = False changed = False
msg = "User unchanged" msg = "User unchanged"
grant_option = False grant_option = False
@ -555,6 +554,15 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
if attribute_support: if attribute_support:
final_attributes = attributes_get(cursor, user, host) final_attributes = attributes_get(cursor, user, host)
if user_is_locked(cursor, user, host, False) != locked:
if locked:
cursor.execute("ALTER USER %s@%s ACCOUNT LOCK", (user, host))
msg = 'User locked'
else:
cursor.execute("ALTER USER %s@%s ACCOUNT UNLOCK", (user, host))
msg = 'User unlocked'
changed = True
if role: if role:
continue continue
@ -578,13 +586,6 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
cursor.execute(*query_with_args) cursor.execute(*query_with_args)
changed = True changed = True
# if user_is_locked(cursor, user, host, False) != locked:
# if locked:
# cursor.execute("ALTER USER %s@%s ACCOUNT LOCK", (user, host))
# else:
# cursor.execute("ALTER USER %s@%s ACCOUNT UNLOCK", (user, host))
# changed = True
return {'changed': changed, 'msg': msg, 'password_changed': password_changed, 'attributes': final_attributes} return {'changed': changed, 'msg': msg, 'password_changed': password_changed, 'attributes': final_attributes}

8
plugins/modules/mysql_user.py
View file

@ -470,6 +470,7 @@ def main():
column_case_sensitive=dict(type='bool', default=None), # TODO 4.0.0 add default=True column_case_sensitive=dict(type='bool', default=None), # TODO 4.0.0 add default=True
password_expire=dict(type='str', choices=['now', 'never', 'default', 'interval'], no_log=True), password_expire=dict(type='str', choices=['now', 'never', 'default', 'interval'], no_log=True),
password_expire_interval=dict(type='int', required_if=[('password_expire', 'interval', True)], no_log=True), password_expire_interval=dict(type='int', required_if=[('password_expire', 'interval', True)], no_log=True),
locked=dict(type='bool', default='no'),
) )
module = AnsibleModule( module = AnsibleModule(
argument_spec=argument_spec, argument_spec=argument_spec,
@ -510,6 +511,7 @@ def main():
column_case_sensitive = module.params["column_case_sensitive"] column_case_sensitive = module.params["column_case_sensitive"]
password_expire = module.params["password_expire"] password_expire = module.params["password_expire"]
password_expire_interval = module.params["password_expire_interval"] password_expire_interval = module.params["password_expire_interval"]
locked = module.boolean(module.params['locked'])
if priv and not isinstance(priv, (str, dict)): if priv and not isinstance(priv, (str, dict)):
module.fail_json(msg="priv parameter must be str or dict but %s was passed" % type(priv)) module.fail_json(msg="priv parameter must be str or dict but %s was passed" % type(priv))
@ -577,13 +579,13 @@ def main():
result = user_mod(cursor, user, host, host_all, password, encrypted, result = user_mod(cursor, user, host, host_all, password, encrypted,
plugin, plugin_hash_string, plugin_auth_string, salt, plugin, plugin_hash_string, plugin_auth_string, salt,
priv, append_privs, subtract_privs, attributes, tls_requires, module, priv, append_privs, subtract_privs, attributes, tls_requires, module,
password_expire, password_expire_interval) password_expire, password_expire_interval, locked)
else: else:
result = user_mod(cursor, user, host, host_all, None, encrypted, result = user_mod(cursor, user, host, host_all, None, encrypted,
None, None, None, None, None, None, None, None,
priv, append_privs, subtract_privs, attributes, tls_requires, module, priv, append_privs, subtract_privs, attributes, tls_requires, module,
password_expire, password_expire_interval) password_expire, password_expire_interval, locked)
changed = result['changed'] changed = result['changed']
msg = result['msg'] msg = result['msg']
password_changed = result['password_changed'] password_changed = result['password_changed']
@ -601,7 +603,7 @@ def main():
result = user_add(cursor, user, host, host_all, password, encrypted, result = user_add(cursor, user, host, host_all, password, encrypted,
plugin, plugin_hash_string, plugin_auth_string, salt, plugin, plugin_hash_string, plugin_auth_string, salt,
priv, attributes, tls_requires, reuse_existing_password, module, priv, attributes, tls_requires, reuse_existing_password, module,
password_expire, password_expire_interval) password_expire, password_expire_interval, locked)
changed = result['changed'] changed = result['changed']
password_changed = result['password_changed'] password_changed = result['password_changed']
final_attributes = result['attributes'] final_attributes = result['attributes']