ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-24 11:21:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Check account_locking values

Browse source
This commit is contained in:
Jorge-Rodriguez 2020-11-29 22:03:54 +02:00
parent 9a303ac55a
commit de75697d5f
No known key found for this signature in database
GPG key ID: 43153D1EFD8F7D90
1 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

24
plugins/modules/mysql_user.py
View file

@ -440,10 +440,12 @@ def validate_account_locking(cursor, account_locking):
locking = {} locking = {}
if 'mariadb' in version_str.lower(): if 'mariadb' in version_str.lower():
msg = "MariaDB does not support this manner of account locking. Use the MAX_PASSWORD_ERRORS server variable instead." module.warn("MariaDB does not support this manner of account locking. Use the MAX_PASSWORD_ERRORS server variable instead.")
module.warn("Account locking settings are being ignored.")
else: else:
if int(version[0]) * 1000 + int(version[2]) < 8019: if int(version[0]) * 1000 + int(version[2]) < 8019:
msg = "MySQL is too old to support this manner of account locking." module.warn("MySQL is too old to support this manner of account locking.")
module.warn("Account locking settings are being ignored.")
else: else:
msg = None msg = None
if account_locking is not None: if account_locking is not None:
@ -451,7 +453,11 @@ def validate_account_locking(cursor, account_locking):
"FAILED_LOGIN_ATTEMPTS": str(account_locking.get("FAILED_LOGIN_ATTEMPTS", 0)), "FAILED_LOGIN_ATTEMPTS": str(account_locking.get("FAILED_LOGIN_ATTEMPTS", 0)),
"PASSWORD_LOCK_TIME": str(account_locking.get("PASSWORD_LOCK_TIME", 0)) "PASSWORD_LOCK_TIME": str(account_locking.get("PASSWORD_LOCK_TIME", 0))
} }
return msg, locking if any([int(value) < 0 or int(value) > 32767 for value in locking.values() if re.match("[-+]?\\d+$", value)]):
module.fail_json(msg="Account locking values are out of the valid range (0-32767)")
if not re.match("[-+]?\\d+$", locking["PASSWORD_LOCK_TIME"]) and locking["PASSWORD_LOCK_TIME"] != "UNBOUNDED":
module.fail_json(msg="PASSWORD_LOCK_TIME must be an integer between 0 and 32767 or 'UNBOUNDED'")
return locking
def get_account_locking(cursor, user, host): def get_account_locking(cursor, user, host):
@ -578,13 +584,10 @@ def user_add(cursor, user, host, host_all, password, encrypted,
if host_all: if host_all:
return False return False
msg, locking = validate_account_locking(cursor, account_locking) locking = validate_account_locking(cursor, account_locking, module)
if msg and account_locking:
module.warn(msg)
module.warn("Account locking settings are being ignored.")
if check_mode: if check_mode:
return (True, msg) return True
# Determine what user management method server uses # Determine what user management method server uses
old_user_mgmt = use_old_user_mgmt(cursor) old_user_mgmt = use_old_user_mgmt(cursor)
@ -816,10 +819,7 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
changed = True changed = True
# Handle Account locking # Handle Account locking
note, locking = validate_account_locking(cursor, account_locking) locking = validate_account_locking(cursor, account_locking, module)
if note and account_locking:
module.warn(note)
module.warn("Account locking settings are being ignored.")
current_locking = get_account_locking(cursor, user, host) current_locking = get_account_locking(cursor, user, host)
clear_locking = dict((x, y) for x, y in locking.items() if y != '0') clear_locking = dict((x, y) for x, y in locking.items() if y != '0')
if current_locking != clear_locking: if current_locking != clear_locking: