Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add service name to plugin pam/auth_pam usage #445

Merged
merged 10 commits into from
Jan 3, 2023
Merged

add service name to plugin pam/auth_pam usage #445

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
a9299d5
add service name to plugin pam/auth_pam usage
hubiongithub Sep 13, 2022
73f200b
typo fixed
hubiongithub Sep 13, 2022
1df6442
MySLQ is using identified with auth_pam by ... instead of identified…
hubiongithub Sep 13, 2022
ee05224
Merge branch 'ansible-collections:main' into add_pam_service_option
hubiongithub Sep 20, 2022
2c431a2
Merge branch 'ansible-collections:main' into add_pam_service_option
hubiongithub Dec 12, 2022
c76493f
a : in description lines breaks yaml syntax
hubiongithub Dec 19, 2022
74c5e46
Merge branch 'add_pam_service_option' of github.com:hubiongithub/comm…
hubiongithub Dec 19, 2022
ff894e3
clearify documentation and add changelog fragment
hubiongithub Jan 2, 2023
197b908
Update changelogs/fragments/445_add_service_name_to_plugin_pam_auth_p…
hubiongithub Jan 3, 2023
8856f4d
Update plugins/module_utils/user.py
hubiongithub Jan 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 10 additions & 2 deletions plugins/module_utils/user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,11 @@ def user_add(cursor, user, host, host_all, password, encrypted,
elif plugin and plugin_hash_string:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
elif plugin and plugin_auth_string:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
# Mysql and MariaDB differ in naming pam plugin and Syntax to set it
if plugin == 'pam':
hubiongithub marked this conversation as resolved.
Show resolved Hide resolved
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
else:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
elif plugin:
query_with_args = "CREATE USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)
else:
Expand Down Expand Up @@ -305,7 +309,11 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
if plugin_hash_string:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s AS %s", (user, host, plugin, plugin_hash_string)
elif plugin_auth_string:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
# Mysql and MariaDB differ in naming pam plugin and syntax to set it
if plugin == 'pam':
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s USING %s", (user, host, plugin, plugin_auth_string)
else:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)
else:
query_with_args = "ALTER USER %s@%s IDENTIFIED WITH %s", (user, host, plugin)

Expand Down
4 changes: 3 additions & 1 deletion plugins/modules/mysql_user.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@
update_password:
description:
- C(always) will update passwords if they differ. This affects I(password) and the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string).
- C(on_create) will only set the password or the combination of plugin, plugin_hash_string, plugin_auth_string for newly created users.
- C(on_create) will only set the password or the combination of I(plugin), I(plugin_hash_string), I(plugin_auth_string) for newly created users.
- "C(on_new_username) works like C(on_create), but it tries to reuse an existing password: If one different user
with the same username exists, or multiple different users with the same username and equal C(plugin) and
C(authentication_string) attribute, the existing C(plugin) and C(authentication_string) are used for the
Expand All @@ -138,6 +138,8 @@
plugin_auth_string:
description:
- User's plugin auth_string (``CREATE USER user IDENTIFIED WITH plugin BY plugin_auth_string``).
- MariaDB If I(plugin) is ``pam`` an optional I(plugin_auth_string) ults in (``CREATE USER user IDENTIFIED WITH plugin USING plugin_auth_string``).
This was chosen because MySQL and MariaDB store the ``USING plugin_auth_string`` part in the ``authentication_string`` column in ``mysql.user``.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- MariaDB If I(plugin) is ``pam`` an optional I(plugin_auth_string) ults in (``CREATE USER user IDENTIFIED WITH plugin USING plugin_auth_string``).
This was chosen because MySQL and MariaDB store the ``USING plugin_auth_string`` part in the ``authentication_string`` column in ``mysql.user``.
- MariaDB If I(plugin) is ``pam`` an optional I(plugin_auth_string) ults in (``CREATE USER user IDENTIFIED WITH plugin USING plugin_auth_string``).
This was chosen because MySQL and MariaDB store the ``USING plugin_auth_string`` part in the ``authentication_string`` column in ``mysql.user``.

I would re-formulate these sentences somehow and fix a couple of typos.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed the technical parts of this, now its only describing the special use case of "plugin_auth_string" for pam/auth_pam.
You're right, for a user it does not matter what SQL this generates a lang as they know how to use the module.

type: str
version_added: '0.1.0'
resource_limits:
Expand Down