mysql_user: prevent password getting set for existing users on on_cre… (

#342) Co-authored-by: Andrew Klychkov <[email protected]> (cherry picked from commit 51a3884)
ansible-collections · May 31, 2022 · 199b593 · 199b593
1 parent 0011798
commit 199b593
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/changelogs/fragments/334-mysql_user_fix_logic_on_oncreate.yml b/changelogs/fragments/334-mysql_user_fix_logic_on_oncreate.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "mysql_user - fix logic when ``update_password`` is set to ``on_create`` for users using ``plugin*`` arguments (https://github.com/ansible-collections/community.mysql/issues/334). The ``on_create`` sets ``password`` to None for old mysql_native_authentication but not for authentiation methods which uses the ``plugin*`` arguments. This PR changes this so ``on_create`` also exchange ``plugin``, ``plugin_hash_string``, ``plugin_auth_string`` to None in the list of arguments to change"
diff --git a/plugins/modules/mysql_user.py b/plugins/modules/mysql_user.py
@@ -22,7 +22,8 @@
     required: true
   password:
     description:
-      - Set the user's password.
+      - Set the user's password. Only for C(mysql_native_password) authentication.
+        For other authentication plugins see the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string).
     type: str
   encrypted:
     description:
@@ -94,8 +95,8 @@
     default: no
   update_password:
     description:
-      - C(always) will update passwords if they differ.
-      - C(on_create) will only set the password for newly created users.
+      - C(always) will update passwords if they differ. This affects I(password) and the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string).
+      - C(on_create) will only set the password or the combination of plugin, plugin_hash_string, plugin_auth_string for newly created users.
     type: str
     choices: [ always, on_create ]
     default: always
@@ -441,7 +442,7 @@ def main():
                                             priv, append_privs, tls_requires, module)
                 else:
                     changed, msg = user_mod(cursor, user, host, host_all, None, encrypted,
-                                            plugin, plugin_hash_string, plugin_auth_string,
+                                            None, None, None,
                                             priv, append_privs, tls_requires, module)
 
             except (SQLParseError, InvalidPrivsError, mysql_driver.Error) as e:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- "mysql_user - fix logic when ``update_password`` is set to ``on_create`` for users using ``plugin`` arguments (https://github.com/ansible-collections/community.mysql/issues/334). The ``on_create`` sets ``password`` to None for old mysql_native_authentication but not for authentiation methods which uses the ``plugin`` arguments. This PR changes this so ``on_create`` also exchange ``plugin``, ``plugin_hash_string``, ``plugin_auth_string`` to None in the list of arguments to change"