ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-07-25 14:20:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Remove support for REQUIRESSL privilege (#244)

Browse source 
* Remove support for REQUIRESSL privilege

* Fix error search string
This commit is contained in:
Jorge Rodriguez (A.K.A. Tiriel) 2021-12-01 07:56:04 +01:00 committed by GitHub
commit dd4700989f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 11 additions and 147 deletions
Download patch file Download diff file Expand all files Collapse all files

21
plugins/module_utils/user.py
View file

@ -664,27 +664,6 @@ def convert_priv_dict_to_str(priv):
return '/'.join(priv_list)
def handle_requiressl_in_priv_string(module, priv, tls_requires):
module.deprecate('The "REQUIRESSL" privilege is deprecated, use the "tls_requires" option instead.',
version='3.0.0', collection_name='community.mysql')
priv_groups = re.search(r"(.*?)(\*\.\*:)([^/]*)(.*)", priv)
if priv_groups.group(3) == "REQUIRESSL":
priv = priv_groups.group(1) + priv_groups.group(4) or None
else:
inner_priv_groups = re.search(r"(.*?),?REQUIRESSL,?(.*)", priv_groups.group(3))
priv = '{0}{1}{2}{3}'.format(
priv_groups.group(1),
priv_groups.group(2),
','.join(filter(None, (inner_priv_groups.group(1), inner_priv_groups.group(2)))),
priv_groups.group(4)
)
if not tls_requires:
tls_requires = "SSL"
else:
module.warn('Ignoring "REQUIRESSL" privilege as "tls_requires" is defined and it takes precedence.')
return priv, tls_requires
# Alter user is supported since MySQL 5.6 and MariaDB 10.2.0
def server_supports_alter_user(cursor):
"""Check if the server supports ALTER USER statement or doesn't.

14
plugins/modules/mysql_user.py
View file

@ -198,16 +198,6 @@ EXAMPLES = r'''
FUNCTION my_db.my_function: EXECUTE
state: present
# Note that REQUIRESSL is a special privilege that should only apply to *.* by itself.
# Setting this privilege in this manner is deprecated.
# Use 'tls_requires' instead.
- name: Modify user to require SSL connections
community.mysql.mysql_user:
name: bob
append_privs: yes
priv: '*.*:REQUIRESSL'
state: present
- name: Modify user to require TLS connection with a valid client certificate
community.mysql.mysql_user:
name: bob
@ -315,7 +305,6 @@ from ansible_collections.community.mysql.plugins.module_utils.user import (
convert_priv_dict_to_str,
get_impl,
get_mode,
handle_requiressl_in_priv_string,
InvalidPrivsError,
limit_resources,
privileges_unpack,
@ -388,9 +377,6 @@ def main():
if priv and isinstance(priv, dict):
priv = convert_priv_dict_to_str(priv)
if priv and "REQUIRESSL" in priv:
priv, tls_requires = handle_requiressl_in_priv_string(module, priv, tls_requires)
if mysql_driver is None:
module.fail_json(msg=mysql_driver_fail_msg)