ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-10-25 05:24:01 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

laurent review

Browse source
This commit is contained in:
Matthieu Bourgain 2024-04-23 13:53:54 +02:00
commit ea8d348391
No known key found for this signature in database
GPG key ID: 33BA95C808890C39
2 changed files with 1 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

6
plugins/module_utils/user.py
View file

@ -190,8 +190,6 @@ def user_add(cursor, user, host, host_all, password, encrypted,
elif salt: elif salt:
if plugin in ['caching_sha2_password', 'sha256_password']: if plugin in ['caching_sha2_password', 'sha256_password']:
generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt) generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
else:
module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
query_with_args = ("CREATE USER %s@%s IDENTIFIED WITH %s AS 0x" + generated_hash_string), (user, host, plugin) query_with_args = ("CREATE USER %s@%s IDENTIFIED WITH %s AS 0x" + generated_hash_string), (user, host, plugin)
else: else:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string) query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
@ -358,8 +356,6 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
if plugin in ['caching_sha2_password', 'sha256_password']: if plugin in ['caching_sha2_password', 'sha256_password']:
if current_plugin[1] != mysql_sha256_password_hash(password=plugin_auth_string, salt=salt): if current_plugin[1] != mysql_sha256_password_hash(password=plugin_auth_string, salt=salt):
update = True update = True
else:
module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
elif plugin_auth_string and current_plugin[1] != plugin_auth_string: elif plugin_auth_string and current_plugin[1] != plugin_auth_string:
# this case can cause more updates than expected, # this case can cause more updates than expected,
# as plugin can hash auth_string in any way it wants # as plugin can hash auth_string in any way it wants
@ -377,8 +373,6 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
elif salt: elif salt:
if plugin in ['caching_sha2_password', 'sha256_password']: if plugin in ['caching_sha2_password', 'sha256_password']:
generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt) generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
else:
module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
query_with_args = ("ALTER USER %s@%s IDENTIFIED WITH %s AS 0x" + generated_hash_string), (user, host, plugin) query_with_args = ("ALTER USER %s@%s IDENTIFIED WITH %s AS 0x" + generated_hash_string), (user, host, plugin)
else: else:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string) query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)

18
tests/integration/targets/test_mysql_user/tasks/test_user_plugin_auth.yml
View file

@ -489,21 +489,9 @@
plugin_auth_string: '{{ test_plugin_auth_string }}' plugin_auth_string: '{{ test_plugin_auth_string }}'
salt: '{{ test_salt }}' salt: '{{ test_salt }}'
priv: '{{ test_default_priv }}' priv: '{{ test_default_priv }}'
register: result
- name: Plugin auth | Assert that plugin_auth_string and salt was successful
ansible.builtin.assert:
that:
- result is succeeded
- name: Plugin auth | Connect with user and password - name: Plugin auth | Connect with user and password
ansible.builtin.command: "{{ mysql_command }} -u {{ test_user_name }} -p{{ test_plugin_auth_string }} -e \"SELECT 1\"" ansible.builtin.command: "{{ mysql_command }} -u {{ test_user_name }} -p{{ test_plugin_auth_string }} -e \"SELECT 1\""
register: result
- name: Plugin auth | Assert that connection was successful
ansible.builtin.assert:
that:
- result is succeeded
- name: Plugin auth | Alter user with same plugin auth and same salt - name: Plugin auth | Alter user with same plugin auth and same salt
community.mysql.mysql_user: community.mysql.mysql_user:
@ -515,11 +503,7 @@
salt: '{{ test_salt }}' salt: '{{ test_salt }}'
priv: '{{ test_default_priv }}' priv: '{{ test_default_priv }}'
register: result register: result
failed_when: result is not changed
- name: Plugin auth | Assert that plugin_auth_string and salt doesn't trigger change
ansible.builtin.assert:
that:
- result is not changed
- name: cleanup user - name: cleanup user
ansible.builtin.include_tasks: utils/remove_user.yml ansible.builtin.include_tasks: utils/remove_user.yml