mysql_user: refactor to reduce execute() calls

This module does not currently log the SQL statements that it executes.
A change was proposed to add this functionality, but it would require
modifications in many sections of the code due to how many cursor.execute()
statements there currently are. This change simply consolidates the
number of execute() calls where it is trivial to do so.
This commit is contained in:
Steve Teahan 2020-12-26 19:00:59 -05:00
commit 9900b11d0d
2 changed files with 26 additions and 30 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- mysql_user - refactor to reduce cursor.execute() calls in preparation for adding query logging (https://github.com/ansible-collections/community.mysql/pull/76).

View file

@ -475,36 +475,26 @@ def user_add(cursor, user, host, host_all, password, encrypted,
mogrify = do_not_mogrify_requires if old_user_mgmt else mogrify_requires mogrify = do_not_mogrify_requires if old_user_mgmt else mogrify_requires
if password and encrypted: if password and encrypted:
cursor.execute(*mogrify("CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password), tls_requires)) query_with_args = "CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password)
elif password and not encrypted: elif password and not encrypted:
if old_user_mgmt: if old_user_mgmt:
cursor.execute(*mogrify("CREATE USER %s@%s IDENTIFIED BY %s", (user, host, password), tls_requires)) query_with_args = "CREATE USER %s@%s IDENTIFIED BY %s", (user, host, password)
else: else:
cursor.execute("SELECT CONCAT('*', UCASE(SHA1(UNHEX(SHA1(%s)))))", (password,)) cursor.execute("SELECT CONCAT('*', UCASE(SHA1(UNHEX(SHA1(%s)))))", (password,))
encrypted_password = cursor.fetchone()[0] encrypted_password = cursor.fetchone()[0]
cursor.execute( query_with_args = "CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, encrypted_password)
*mogrify(
"CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s",
(user, host, encrypted_password),
tls_requires,
)
)
elif plugin and plugin_hash_string: elif plugin and plugin_hash_string:
cursor.execute( query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
*mogrify(
"CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string), tls_requires
)
)
elif plugin and plugin_auth_string: elif plugin and plugin_auth_string:
cursor.execute( query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
*mogrify(
"CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string), tls_requires
)
)
elif plugin: elif plugin:
cursor.execute(*mogrify("CREATE USER %s@%s IDENTIFIED WITH %s", (user, host, plugin), tls_requires)) query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)
else: else:
cursor.execute(*mogrify("CREATE USER %s@%s", (user, host), tls_requires)) query_with_args = "CREATE USER %s@%s", (user, host)
query_with_args_and_tls_requires = query_with_args + (tls_requires,)
cursor.execute(*mogrify(*query_with_args_and_tls_requires))
if new_priv is not None: if new_priv is not None:
for db_table, priv in iteritems(new_priv): for db_table, priv in iteritems(new_priv):
privileges_grant(cursor, user, host, db_table, priv, tls_requires) privileges_grant(cursor, user, host, db_table, priv, tls_requires)
@ -626,11 +616,13 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
if update: if update:
if plugin_hash_string: if plugin_hash_string:
cursor.execute("ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)) query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
elif plugin_auth_string: elif plugin_auth_string:
cursor.execute("ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)) query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
else: else:
cursor.execute("ALTER USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)) query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)
cursor.execute(*query_with_args)
changed = True changed = True
# Handle privileges # Handle privileges
@ -695,10 +687,12 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
if tls_requires is not None: if tls_requires is not None:
query = " ".join((pre_query, "%s@%s")) query = " ".join((pre_query, "%s@%s"))
cursor.execute(*mogrify_requires(query, (user, host), tls_requires)) query_with_args = mogrify_requires(query, (user, host), tls_requires)
else: else:
query = " ".join((pre_query, "%s@%s REQUIRE NONE")) query = " ".join((pre_query, "%s@%s REQUIRE NONE"))
cursor.execute(query, (user, host)) query_with_args = query, (user, host)
cursor.execute(*query_with_args)
changed = True changed = True
return (changed, msg) return (changed, msg)
@ -710,11 +704,11 @@ def user_delete(cursor, user, host, host_all, check_mode):
if host_all: if host_all:
hostnames = user_get_hostnames(cursor, user) hostnames = user_get_hostnames(cursor, user)
for hostname in hostnames:
cursor.execute("DROP USER %s@%s", (user, hostname))
else: else:
cursor.execute("DROP USER %s@%s", (user, host)) hostnames = [host]
for hostname in hostnames:
cursor.execute("DROP USER %s@%s", (user, hostname))
return True return True