add salt parameter to hash generation for sha256 plugin

2025-08-21 13:31:45 -07:00 · 2024-04-19 09:43:10 +02:00 · 2024-04-19 09:43:10 +02:00 · 805c3ea248
commit 805c3ea248
parent 50e7413b88
4 changed files with 194 additions and 6 deletions
--- a/tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml
@ -13,6 +13,7 @@
    test_plugin_auth_string: 'Fdt8fd^34ds'
    test_plugin_new_hash: '*E74368AC90460FA669F6D41BFB7F2A877DB73745'
    test_plugin_new_auth_string: 'c$K01LsmK7nJnIR4!h'
+    test_salt: 'TDwqdanU82d0yNtvaabb'
    test_default_priv_type: 'SELECT'
    test_default_priv: '*.*:{{ test_default_priv_type }}'

@ -115,7 +116,7 @@
        <<: *mysql_params
        name: '{{ test_user_name }}'
        host: '%'
-        plugin: '{{ test_plugin_type }}'
+        plugin: '{{ test_plugin_type_sha256 }}'
        plugin_hash_string: '{{ test_plugin_hash }}'
        priv: '{{ test_default_priv }}'
      register: result
@ -475,3 +476,59 @@
        - include_tasks: utils/remove_user.yml
          vars:
            user_name: "{{ test_user_name }}"
+
+    # ============================================================
+    # Test plugin auth with a salt
+    #
+    
+    - name: Plugin auth | Create user with plugin auth and salt
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ test_user_name }}'
+        host: '%'
+        plugin: caching_sha2_password
+        plugin_auth_string: '{{ test_plugin_auth_string }}'
+        salt: '{{ test_salt }}'
+        priv: '{{ test_default_priv }}'
+      register: result
+
+    - name: Plugin auth | Assert that plugin_auth_string and salt was successful
+      assert:
+        that:
+          - result is succeeded
+
+    - include_tasks: utils/assert_user.yml
+      vars:
+        user_name: "{{ test_user_name }}"
+        user_host: "%"
+        priv: "{{ test_default_priv_type }}"
+
+    - name: Plugin auth | Connect with user and password
+      command: "{{ mysql_command }} -u {{ test_user_name }} -p{{ test_plugin_auth_string }} -e \"SELECT 1\""
+      register: result
+
+    - name: Plugin auth | Assert that connection was successful
+      assert:
+        that:
+          - result is succeeded
+
+    - name: Plugin auth | Alter user with same plugin auth and same salt
+      mysql_user:
+        <<: *mysql_params
+        name: '{{ test_user_name }}'
+        host: '%'
+        plugin: caching_sha2_password
+        plugin_auth_string: '{{ test_plugin_auth_string }}'
+        salt: '{{ test_salt }}'
+        priv: '{{ test_default_priv }}'
+      register: result
+
+    - name: Plugin auth | Assert that plugin_auth_string and salt doesn't trigger change 
+      assert:
+        that:
+          - result is not changed
+
+    # Cleanup
+    - include_tasks: utils/remove_user.yml
+      vars:
+        user_name: "{{ test_user_name }}"