From b25fb5974da2138b32d753533b0d4dbce380f4b5 Mon Sep 17 00:00:00 2001 From: Steve Teahan <75569952+steveteahan@users.noreply.github.com> Date: Fri, 15 Jan 2021 05:44:03 -0500 Subject: [PATCH] mysql_user: refactor to reduce execute() calls (#76) This module does not currently log the SQL statements that it executes. A change was proposed to add this functionality, but it would require modifications in many sections of the code due to how many cursor.execute() statements there currently are. This change simply consolidates the number of execute() calls where it is trivial to do so. --- .../fragments/76-mysql-user-query-refact.yaml | 2 + plugins/modules/mysql_user.py | 62 ++++++++----------- 2 files changed, 27 insertions(+), 37 deletions(-) create mode 100644 changelogs/fragments/76-mysql-user-query-refact.yaml diff --git a/changelogs/fragments/76-mysql-user-query-refact.yaml b/changelogs/fragments/76-mysql-user-query-refact.yaml new file mode 100644 index 00000000..e5298f6f --- /dev/null +++ b/changelogs/fragments/76-mysql-user-query-refact.yaml @@ -0,0 +1,2 @@ +minor_changes: + - mysql_user - refactor to reduce cursor.execute() calls in preparation for adding query logging (https://github.com/ansible-collections/community.mysql/pull/76). diff --git a/plugins/modules/mysql_user.py b/plugins/modules/mysql_user.py index 0bf18068..0c757fa8 100644 --- a/plugins/modules/mysql_user.py +++ b/plugins/modules/mysql_user.py @@ -492,44 +492,28 @@ def user_add(cursor, user, host, host_all, password, encrypted, if password and encrypted: if supports_identified_by_password(cursor): - cursor.execute(*mogrify("CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password), tls_requires)) + query_with_args = "CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user, host, password) else: - cursor.execute( - *mogrify( - "CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, password), - tls_requires - ) - ) - + query_with_args = "CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, password) elif password and not encrypted: if old_user_mgmt: - cursor.execute(*mogrify("CREATE USER %s@%s IDENTIFIED BY %s", (user, host, password), tls_requires)) + query_with_args = "CREATE USER %s@%s IDENTIFIED BY %s", (user, host, password) else: cursor.execute("SELECT CONCAT('*', UCASE(SHA1(UNHEX(SHA1(%s)))))", (password,)) encrypted_password = cursor.fetchone()[0] - cursor.execute( - *mogrify( - "CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", - (user, host, encrypted_password), - tls_requires, - ) - ) + query_with_args = "CREATE USER %s@%s IDENTIFIED WITH mysql_native_password AS %s", (user, host, encrypted_password) elif plugin and plugin_hash_string: - cursor.execute( - *mogrify( - "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string), tls_requires - ) - ) + query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string) elif plugin and plugin_auth_string: - cursor.execute( - *mogrify( - "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string), tls_requires - ) - ) + query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string) elif plugin: - cursor.execute(*mogrify("CREATE USER %s@%s IDENTIFIED WITH %s", (user, host, plugin), tls_requires)) + query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s", (user, host, plugin) else: - cursor.execute(*mogrify("CREATE USER %s@%s", (user, host), tls_requires)) + query_with_args = "CREATE USER %s@%s", (user, host) + + query_with_args_and_tls_requires = query_with_args + (tls_requires,) + cursor.execute(*mogrify(*query_with_args_and_tls_requires)) + if new_priv is not None: for db_table, priv in iteritems(new_priv): privileges_grant(cursor, user, host, db_table, priv, tls_requires) @@ -651,11 +635,13 @@ def user_mod(cursor, user, host, host_all, password, encrypted, if update: if plugin_hash_string: - cursor.execute("ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)) + query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string) elif plugin_auth_string: - cursor.execute("ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)) + query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string) else: - cursor.execute("ALTER USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)) + query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s", (user, host, plugin) + + cursor.execute(*query_with_args) changed = True # Handle privileges @@ -720,10 +706,12 @@ def user_mod(cursor, user, host, host_all, password, encrypted, if tls_requires is not None: query = " ".join((pre_query, "%s@%s")) - cursor.execute(*mogrify_requires(query, (user, host), tls_requires)) + query_with_args = mogrify_requires(query, (user, host), tls_requires) else: query = " ".join((pre_query, "%s@%s REQUIRE NONE")) - cursor.execute(query, (user, host)) + query_with_args = query, (user, host) + + cursor.execute(*query_with_args) changed = True return (changed, msg) @@ -735,11 +723,11 @@ def user_delete(cursor, user, host, host_all, check_mode): if host_all: hostnames = user_get_hostnames(cursor, user) - - for hostname in hostnames: - cursor.execute("DROP USER %s@%s", (user, hostname)) else: - cursor.execute("DROP USER %s@%s", (user, host)) + hostnames = [host] + + for hostname in hostnames: + cursor.execute("DROP USER %s@%s", (user, hostname)) return True