Commit graph

37 commits

Author SHA1 Message Date
E.S. Rosenberg a.k.a. Keeper of the Keys
6747ef32e9 Add the location and logic of where I think user locking would happen.
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
2025-03-03 16:36:04 +02:00
E.S. Rosenberg a.k.a. Keeper of the Keys
1380c20b20 function to check if a user is locked already
Signed-off-by: E.S. Rosenberg a.k.a. Keeper of the Keys <es.rosenberg+github@gmail.com>
2025-03-03 16:09:15 +02:00
Soledad208
ebb37ae7a3
sql_mode can be set in session, therefore we should look for ANSI_QUOTES in session variable instead of global variable (#677)
* issue-671: get ASNI_QUOTES from session sql_mode instead of GLOBAL sql_mode
2024-11-07 09:56:31 +01:00
hubiongithub
eec6e7091f
Update user.py (#676)
* Update user.py

Added correct syntax to ed25519 password plugin.
on create user
on update user
This only accepts cleartext passwords (PASSWORD(%s)) not pregenerated ed25519 hashes.

* Update plugins/module_utils/user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/module_utils/user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/module_utils/user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/module_utils/user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/module_utils/user.py

* Update plugins/module_utils/user.py

---------

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2024-09-09 15:01:26 +02:00
Andrew Klychkov
3425fdb839
mysql_user: add correct ed25519 plugin handling when creating a user (#674) 2024-09-05 12:19:33 +02:00
Fran
0de9685cf1
Fix user plugin changes in check mode (#596)
* Fix user plugin changes in check mode

* Add auth plugin tests

* Undo local changes

* Improve task names

* Fix query

* Changes

* Add check

* Add check

* Add check

* Add one more check

* Add one more check

* Fix typo

* Change parameter

* Testing

* Remove tests

* Add tests

* Test first stteps

* Readd tests

* Test without check mode

* Test with check mode

* Test with check mode

* Testing

* Testing

* Add missing tests

* Changes for ansible-lint complaints

* Fix condition

* Update changelogs/fragments/596-fix-check-changes.yaml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* refactor

* Add more tests

* Fix newpass var

* Remove extra test

---------

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2024-08-30 11:15:16 +02:00
Andrew Klychkov
87be61ccf3
CI: Fix sanity errors (#668) 2024-08-29 08:47:48 +02:00
Laurent Indermühle
33e8754c4e
Fix mysql_user on_new_username IndexError (#642)
* fix tuple indexerror when no accounts are found

* Fix tests for update_password not executed

* Add test for case where existing user have different password

* lint to prevent warning about jinja templating in when clause

* Refactor get_existing_authentication to return a list of all row found

Previously we were returning only the first row found. We need to be
able to see if there is a difference in the existing passwords.

* Refactor host option to be optional

This make it possible to use the same method from mysql_user to help
update_password retrieve existing password for all account with the same
username independently of their hostname. And from mysql_info to get
the password of a specif user using WHERE user = '' AND host = ''

* Add change log fragment

* Add link to the PR in the change log

* lint for ansible devel

* Fix templating type error could not cconvert to bool with ansible devel

* Revert changes made for ansible-devel that broke tests for Ansible 2.15

* Revert changes made for ansible-devel that broke tests

* Cut unnecessary set, uniqueness is ensured by the group_by in the query

* Cut auth plugin from returned values when multiple existing auths exists

Discussed here:
https://github.com/ansible-collections/community.mysql/pull/642/files#r1649720519

* fix convertion of list(dict) to list(tuple)

* Fix test for empty password on MySQL 8+
2024-06-27 22:12:01 +02:00
Matthieu Bourgain
0bc3e3d848
Add salt parameter to hash generation for sha256 plugins (#631)
* add salt parameter to hash generation for sha256 plugin
* technomax review modification
* no general user test for salt
2024-06-11 17:23:05 +02:00
Laurent Indermühle
50e7413b88
Fix hashed passwords being returned by get_existing_authentication() via the plugin_auth_string variable instead of plugin_hash_string (#629)
* fix returned variable from plugin_auth_string to plugin_hash_string
* Refactor to keep plugin_auth_string in addition to plugin_hash_string
* Add breaking_changes to the changelog
2024-06-06 13:05:31 +02:00
Laurent Indermühle
47710cfb93
Enhance support of tls_requires in mysql_user and mysql_info (#628)
* fix option name

* Add tests for users using SSL

* Rewrite get_tls_requires using mysql.user table

* Add tls_requires to users_info filter

* add more consistant test users

* Add tls tests users in cleanup task

* Fix tls_requires data structure inconsistencies between modules

* Refactor user implementation to host get_tls_requires

* fix MySQL tls_requires not removed from user passed as empty

* Fix wrong variable used to return a hashed password

* Fix sanity

* fix unit tests

* Add changelog fragment

* Add PR URI to the changelog

* Add more precise change log

* fix documentation using wrong variable as an example

* Document example returned value `tls_requires` from users_info filter

* Revert changes that will be in a separate PR

* Fix sanity
2024-04-16 10:52:24 +02:00
Andrew Klychkov
bfe2fdc3ff
mysql_user: fix ed25512 plugin handling (#619) 2024-03-14 07:19:39 +01:00
tompal3
40af258d86
password_expire support for mysql_user (#598)
* initial commit for password_expire support

* sanity check and default values

* add one more if block for version check

* some changes and integration tests

* docs and sanity and integration test fix

* make integration tests work

* make integration tests work

* fix unneeded commits

* fix verify as well

* Update plugins/modules/mysql_user.py

Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>

* Update tests/integration/targets/test_mysql_user/tasks/test_password_expire.yml

Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>

* Apply suggestions from code review

Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/module_utils/user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/module_utils/user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/module_utils/user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* typo and no_log remove for password_expire* vars

* add change log fragment

* move one if statement to module initialiazation

* fix merge conflicts

* fix order

* some fixes

* set no_log to true for password word containing keys

* fix sanity error

* Update changelogs/fragments/598-password_expire-support-for-mysql_user.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

---------

Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2024-02-22 10:31:01 +01:00
ncc
051aa48d8d
feat[mysql_user]: add support for mysql user attributes (#604)
* add support for mysql user attributes

* fix CI

* write integration tests

* requested changes pt. 1

* requested changes pt. 2

* fix changelog fragment

---------

Co-authored-by: n-cc <ncc@github.com>
2024-01-19 15:37:28 +01:00
Laurent Indermühle
0dbedf57cb
Document MySQL and MariaDB don't store roles with same manner (#584) 2023-10-26 14:21:28 +02:00
Laurent Indermühle
3ef9bda95f
feat[mysql_info]: add 'users_info' filter (#580)
* add documentation for new mysql_info users_info filter

* Add integration tests for mysql_info users_info

* fix list parsing when cursor come from mysql_info

Mysql_info use a DictCursor and mysql_user a normal cursor.

* fix case when an account as same user but different host and password

* document why certain authentications plugins cause issues

* add version_added for users_info to the documentation

* Add 'users' description to differentiate it from 'users_info'

---------

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2023-10-23 11:26:46 +02:00
kmarse
033b4c74f9
Fix column uppercasing (#569)
* Add integrations tests for column case sensitive name

* add a warning when column_case_sensitive in not set

* add announce default will change in in 4.0.0

* fix tests for engine that don't wrap column in backticks

* add filter because only MySQL 5.7 is case sensitive for users privs

* add kmarse and myself to the authors

* add kmarse to the contributors list

---------

Co-authored-by: Laurent Indermühle <laurent.indermuehle@epfl.ch>
Co-authored-by: Andrew Klychkov <aklychko@redhat.com>
2023-10-06 16:08:46 +02:00
Maximilian Stinsky
526e674e6f
Add MAX_STATEMENT_TIME resource limit (#523)
* Add MAX_STATEMENT_TIME to resource_limits

* Move version check for resource_limits to implementations
2023-04-07 10:20:49 +02:00
Markus Bergholz
b34c23d07d
Fix revoke only grant (#503)
* fix

* test

* changelog
2023-02-08 09:24:35 +01:00
hubiongithub
8a579b42e3
add service name to plugin pam/auth_pam usage (#445)
* add service name to plugin pam/auth_pam usage

* typo fixed

* MySLQ is using identified with auth_pam by ...  instead of identified with pam using ... like mariadb does

* a : in description lines breaks yaml syntax

* clearify documentation and add changelog fragment

* Update changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/module_utils/user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2023-01-03 09:47:11 +01:00
Diego Gullo
6ac89ca1f6
Display a more informative error when InvalidPrivsError is raised (#465) (#466)
* Display a more informative error when InvalidPrivsError is raised (Issue #465)

Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
2022-12-06 13:12:01 +01:00
R.Sicart
2d75bc19b8
Fix privilege changing everytime (#438)
* Compare privileges from before and after manipulation

* Add unit tests

* Fix FIXME integration tests related to this issue

* Fix sanity check

* Fix assertion when appending privs in mysql_role_initial integration tests

* Fix pylint

* [ci-skip] Add changelog fragment

* Fix: missing fragment file extension

* Replace privileges_equal() by a comparison

* Fix: sanity pylint

* Fix: forgot to remove privileges_equal import from unit tests
2022-09-08 18:26:58 +02:00
R.Sicart
cc5cf98368
Fix: grant revoked priv (#434)
* Fix: exclude mysql 8 from test_mysql_user's 'Assert that priv did not change' test

* Add tests to verify that GRANT permission is present after user modification

* Fix: do not revoke GRANT permission when it's already allowed and present in priv parameter

* Deduplicate tests name

Easier to debug this way

* Fix assertions named 'GRANT permission is present'

* Only revoke grant option if it exists and absence is requested

* Fix assertion comments

* Fix: Only revoke grant option if it exists and absence is requested

* Avoid pointless revocations when ALL are granted

* Assert that priv did not change on mariadb also

* Fix: sanity and unity tests

* Format long lines

* Add changelog fragment

Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
2022-09-02 13:40:06 +02:00
Andrew Klychkov
2a3f8f6506
Update licensing information (#390) 2022-06-03 11:47:03 +02:00
betanummeric
ed3935abec
mysql_user: add "update_password: on_new_username" argument, "password_changed" result field (#365)
* mysql_user: add value 'on_new_username' to argument 'update_password'

* mysql_user: return "password_changed" boolean (true if the user got a new password)

* mysql_user: optimize queries for existing passwords

* mysql_user: add integration tests for update_password argument

* mysql_user: add description for "update_password: on_new_username" argument

* add changelog fragment

* formatting (PEP8)

* Update changelogs/fragments/365-mysql_user-add-on_new_username-and-password_changed.yml

Co-authored-by: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>

* Update changelogs/fragments/365-mysql_user-add-on_new_username-and-password_changed.yml

Co-authored-by: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update changelogs/fragments/365-mysql_user-add-on_new_username-and-password_changed.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update changelogs/fragments/365-mysql_user-add-on_new_username-and-password_changed.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Benjamin MALYNOVYTCH <bmalynovytch@users.noreply.github.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2022-05-31 16:00:24 +02:00
Andrew Klychkov
8d114c7e39
mysql_user: fix parsing privs when a user has roles assigned to it (#341)
* mysql_user: fix parsing errors when a user has roles assigned

* Add a changelog fragment

* Fix a typo

* Fix CI
2022-05-12 09:36:21 +02:00
betanummeric
ba4fea67b1
mysql_user, mysql_role: add argument subtract_privs to revoke privileges explicitly (#333)
* add option subtract_privs to mysql_role and mysql_user

see https://github.com/ansible-collections/community.mysql/issues/331

* add integration tests for subtract_privs for mysql_role and mysql_user

* add changelog fragment for PR #333

* mysql_role, mysql_user: when subtract_privileges, don't grant unwanted privileges and don't revoke USAGE implicitly

* fix integration tests

* mysql_role, mysql_user: invalid privileges are ignored when subtract_privs is true -> document that and fix integration tests

* fix mysql_role integration tests

* fix mysql_role, mysql_user integration tests

* formatting

make the PEP8 check happy

* mysql_user and mysql_role: fix granting privileges when only the GRANT OPTION needs to be added

* mysql_user and mysql_role: log some updated privileges; explain integration test blind spot

* mysql_user and mysql_role: don't grant too much privileges

If only the grant option needs to be granted, at least one privilege needs to be granted to get valid syntax. USAGE is better for that than the existing privileges, because unwanted privileges would be re-added after revokation.

* mysql_user and mysql_role: fix type error

* Update changelogs/fragments/333-mysql_user-mysql_role-add-subtract_privileges-argument.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/modules/mysql_role.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Update plugins/modules/mysql_user.py

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2022-05-09 09:50:49 +02:00
bigo8525
1dcc5ec086
mysql_user: added flush privileges to write dynamic privs into db (#338)
* added flush privileges to write dynamic privs into db
Fixes https://github.com/ansible-collections/community.mysql/issues/120

* added changelog fragment

* Update changelogs/fragments/338-mysql_user_fix_missing_dynamic_privileges.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2022-04-29 12:38:12 +02:00
Andrew Klychkov
3a452faeb0
Add IF EXISTS clause to DROP USER statement (#307)
* Add IF EXISTS clause to DROP USER statement

* Add a changelog fragment

* Fix exception
2022-03-15 13:41:55 +01:00
Andrew Klychkov
f00f06df76
Fix the collection to work with mysqlclient connector (#293)
* Integration tests: restrict exclusion mysqlclient + MariaDB only when testing the mysql_role module

* Fix

* Fix underlying issue

* Fix units

* Add changelog fragment
2022-03-14 10:03:47 +01:00
Jorge Rodriguez (A.K.A. Tiriel)
dd4700989f
Remove support for REQUIRESSL privilege (#244)
* Remove support for REQUIRESSL privilege

* Fix error search string
2021-12-01 07:56:04 +01:00
R.Sicart
727b638d13
Get rid of privs comparison (#243)
* Remove all code related to VALID_PRIVS and get_valid_privs()

* Add tests to update user with invalid privs

* Re-raise InvalidPrivsError when granting privileges

* Fix: compatibility with python2

* More explicit assertions as commented by Andersson007

* Add changelog fragment
2021-11-20 09:28:40 +01:00
Andrew Klychkov
bb3e9fd3fa
mysql_user: fix broken compatibility for priviledge aliases (#233)
* mysql_user: fix broken compatibility for priviledge aliases

* add changelog fragment

* fix changelog fragment

* Improve formatting
2021-10-18 15:25:00 +02:00
R.Sicart
0ce1fa1634
mysql_user: replace VALID_PRIVS by get_valid_privs() function (#217)
* mysql_user: replace VALID_PRIVS by get_valid_privs() function

* Add EXTRA_PRIVS in case we need to add more privs in the future

* Add changelog fragment
2021-09-23 11:53:37 +02:00
int32bit
663590689f
Fix wrong impl for mysql (#210)
If 'mariadb' in version info, the db instance should be mariadb(reverse in code) rather than mysql.
2021-08-25 09:21:24 +02:00
Andrew Klychkov
8a17e43eae
Fix sanity errors (#206) 2021-08-19 16:20:28 +02:00
Andrew Klychkov
ce2b269f84
mysql_role: new module (#189)
* mysql_role: new module

* fixes

* fixes

* Add the role class

* Check if role exists

* role.add()

* role.__get_members

* tmp

* tmp

* Change tests

* Fix

* Fix

* add_members()

* get_privs()

* tmp

* __extract_grants() filler version

* Before big work

* tmp

* drop()

* tmp

* tmp

* Big changes

* Fix

* append_members, detach_members, append_privs

* tmp

* admin option

* Add tests

* Add tests

* Fix tests

* Remove debug warning

* Fix tests

* Add documentation

* Fix MariaDB case

* Fix MariaDB

* Fix MariaDB

* Fix MariaDB

* Fix MariaDB

* Fix MariaDB

* Fix

* Fix

* Remove debug warning

* Add try-except block

* tmp

* tmp

* tmp

* Fix

* Add err handling

* Add user check

* Check admin in db

* Fix CI

* Fix CI

* Fix CI

* Fix CI

* Fix

* Add mutually exclusive options

* Small refactoring, documenting

* Documenting, refactoring

* Change docs

* Refactoring

* Refactoring

* Refactoring

* Add unit tests

* Update README.md
2021-08-10 13:30:34 +02:00