-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot set a user's plugin to caching_sha2_password from scratch #484
Comments
However, when the user is created (after having deleted the previous one) with a local mysql client call, everything is fine:
The plugin is set as expected:
|
@jean-christophe-manciot hello, thanks for reporting the issue and welcome to the community! I have a couple of questions that can help us investigate the problem:
Waiting for your feedback |
|
@jean-christophe-manciot thanks for the detailed feedback! we'll take a look |
@jean-christophe-manciot i think the issue is that
Thanks! |
Hello, @Andersson007 you are right, the presence of password: will force an user with mysql_native_password authentication The second point ( make password and plugin parameters mutually exclusive) is a good idea, the logic in the code does not use a combination of these, but checks password first an if set -> mysql_native_password, if not -> check plugin ... |
@hubiongithub thanks much for the feedback!
What do you think? |
I strongly disagree. In the official MySQL 8.0 docs, nothing prevents the user from being created with both
That's why I'm able to create any user with a combination of both using a mysql client CLI command. The fact that it not possible to do so with the ansible module is an issue: any ansible user would expect to be able to create any user with that plugin by setting its password. |
Hello @jean-christophe-manciot "password" has two different meanings here: a) mysql documentation: b) but in ansible code
here 'password' is a parameter name containing a string to be used as credential The code interpreting the ansible parameter to mysql_user look like this:
|
@hubiongithub how do you think we should proceed here?
|
@jean-christophe-manciot thanks for the feedback! Didn't notice your comment. So the question above is still relevant ^ |
Hence the issue. The code must have been written several years ago when I suppose the choice of plugins was very limited. Anyway, the code which handles the user creation must be overhauled and fixed: it must first begin by checking for the type of plugin which is more important, then the password which must be present for some types of plugin. |
Hello @Andersson007 @jean-christophe-manciot At the moment it works like documented (and yes probably the code is old), not using the parameter "password" will make your code behave like you expect. From my point of view as a user (that's me) of this community build software: From a point of view of a developer (that's not me, so I might be wrong here) it might be nice to have a consistent API for all possible use cases, but nothing I would call "must be overhauled and fixed:" as it works as documented. |
I'm not sure how we should proceed now as the opinions are quite different:) |
Hello @Andersson007 @jean-christophe-manciot From the point of the issue headline "Cannot set a user's plugin to caching_sha2_password from scratch" From the point of view that it would be more pleasing to have only one parameter for passwords |
@hubiongithub thanks for the feedback! |
@jean-christophe-manciot we could leave the issue open for further discussion. |
will close this as the discussion has actually stopped, we can open it later if needed |
SUMMARY
When setting the plugin to caching_sha2_password, the user is actually created with the mysql_native_password plugin.
ISSUE TYPE
COMPONENT NAME
mysql_user
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
Creating a test user with the caching_sha2_password plugin
EXPECTED RESULTS
The user test should have been created with the requested plugin.
ACTUAL RESULTS
But the plugin is actually wrong:
The text was updated successfully, but these errors were encountered: