ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-08-21 13:31:45 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

technomax review modification

Browse source
This commit is contained in:
Matthieu Bourgain 2024-04-19 14:03:07 +02:00
commit efe8ad2fd9
No known key found for this signature in database
GPG key ID: 33BA95C808890C39
2 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

11
plugins/module_utils/user.py
View file

@ -143,9 +143,6 @@ def user_add(cursor, user, host, host_all, password, encrypted,
# If attributes are set, perform a sanity check to ensure server supports user attributes before creating user # If attributes are set, perform a sanity check to ensure server supports user attributes before creating user
if attributes and not get_attribute_support(cursor): if attributes and not get_attribute_support(cursor):
module.fail_json(msg="user attributes were specified but the server does not support user attributes") module.fail_json(msg="user attributes were specified but the server does not support user attributes")
# Only caching_sha2_password and sha256_password are supported for hash generation
if salt and plugin not in ['caching_sha2_password', 'sha256_password']:
module.fail_json(msg="salt requires caching_sha2_password or sha256_password plugin")
# we cannot create users without a proper hostname # we cannot create users without a proper hostname
if host_all: if host_all:
@ -189,6 +186,8 @@ def user_add(cursor, user, host, host_all, password, encrypted,
elif salt: elif salt:
if plugin in ['caching_sha2_password', 'sha256_password']: if plugin in ['caching_sha2_password', 'sha256_password']:
generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt) generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
else:
module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, generated_hash_string) query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, generated_hash_string)
else: else:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string) query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
@ -233,10 +232,6 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
plugin, plugin_hash_string, plugin_auth_string, salt, new_priv, plugin, plugin_hash_string, plugin_auth_string, salt, new_priv,
append_privs, subtract_privs, attributes, tls_requires, module, append_privs, subtract_privs, attributes, tls_requires, module,
password_expire, password_expire_interval, role=False, maria_role=False): password_expire, password_expire_interval, role=False, maria_role=False):
# Only caching_sha2_password and sha256_password are supported for hash generation
if salt and plugin not in ['caching_sha2_password', 'sha256_password']:
module.fail_json(msg="salt requires caching_sha2_password or sha256_password plugin")
changed = False changed = False
msg = "User unchanged" msg = "User unchanged"
grant_option = False grant_option = False
@ -372,6 +367,8 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
elif salt: elif salt:
if plugin in ['caching_sha2_password', 'sha256_password']: if plugin in ['caching_sha2_password', 'sha256_password']:
generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt) generated_hash_string = mysql_sha256_password_hash_hex(password=plugin_auth_string, salt=salt)
else:
module.fail_json(msg="salt not handled for %s authentication plugin" % plugin)
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, generated_hash_string) query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, generated_hash_string)
else: else:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string) query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)

3
plugins/modules/mysql_user.py
View file

@ -509,6 +509,9 @@ def main():
module.fail_json(msg="password_expire_interval value \ module.fail_json(msg="password_expire_interval value \
should be positive number") should be positive number")
if salt and plugin not in ['caching_sha2_password', 'sha256_password']:
module.fail_json(msg="salt requires caching_sha2_password or sha256_password plugin")
cursor = None cursor = None
try: try:
if check_implicit_admin: if check_implicit_admin: