ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-06 10:40:36 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

add service name to plugin pam/auth_pam usage (#445)

Browse source 
* add service name to plugin pam/auth_pam usage

* typo fixed

* MySLQ is using identified with auth_pam by ...  instead of identified with pam using ... like mariadb does

* a : in description lines breaks yaml syntax

* clearify documentation and add changelog fragment

* Update changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/module_utils/user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
This commit is contained in:
hubiongithub 2023-01-03 09:47:11 +01:00 committed by GitHub
parent eade7ec1f0
commit 8a579b42e3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml Normal file
View file

@ -0,0 +1,3 @@
---
minor_changes:
- mysql_user - add plugin_auth_string as optional parameter to use a specific pam service if pam/auth_pam plugin is used (https://github.com/ansible-collections/community.mysql/pull/445).

12
plugins/module_utils/user.py
View file

@ -170,7 +170,11 @@ def user_add(cursor, user, host, host_all, password, encrypted,
elif plugin and plugin_hash_string: elif plugin and plugin_hash_string:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string) query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
elif plugin and plugin_auth_string: elif plugin and plugin_auth_string:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string) # Mysql and MariaDB differ in naming pam plugin and Syntax to set it
if plugin == 'pam': # Used by MariaDB which requires the USING keyword, not BY
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
else:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
elif plugin: elif plugin:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s", (user, host, plugin) query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)
else: else:
@ -305,7 +309,11 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
if plugin_hash_string: if plugin_hash_string:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string) query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
elif plugin_auth_string: elif plugin_auth_string:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string) # Mysql and MariaDB differ in naming pam plugin and syntax to set it
if plugin == 'pam':
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
else:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
else: else:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s", (user, host, plugin) query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)

3
plugins/modules/mysql_user.py
View file

@ -117,7 +117,7 @@ options:
update_password: update_password:
description: description:
- C(always) will update passwords if they differ. This affects I(password) and the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string). - C(always) will update passwords if they differ. This affects I(password) and the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string).
- C(on_create) will only set the password or the combination of plugin, plugin_hash_string, plugin_auth_string for newly created users. - C(on_create) will only set the password or the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string) for newly created users.
- "C(on_new_username) works like C(on_create), but it tries to reuse an existing password: If one different user - "C(on_new_username) works like C(on_create), but it tries to reuse an existing password: If one different user
with the same username exists, or multiple different users with the same username and equal C(plugin) and with the same username exists, or multiple different users with the same username and equal C(plugin) and
C(authentication_string) attribute, the existing C(plugin) and C(authentication_string) are used for the C(authentication_string) attribute, the existing C(plugin) and C(authentication_string) are used for the
@ -138,6 +138,7 @@ options:
plugin_auth_string: plugin_auth_string:
description: description:
- User's plugin auth_string (``CREATE USER user IDENTIFIED WITH plugin BY plugin_auth_string``). - User's plugin auth_string (``CREATE USER user IDENTIFIED WITH plugin BY plugin_auth_string``).
- If I(plugin) is ``pam`` (MariaDB) or ``auth_pam`` (MySQL) an optional I(plugin_auth_string) can be used to choose a specific PAM service.
type: str type: str
version_added: '0.1.0' version_added: '0.1.0'
resource_limits: resource_limits: