New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

when removing anonymous user '', then also remove from mysql.db #22765

Open
wants to merge 1 commit into
base: devel
from

Conversation

Projects
None yet
4 participants
@computersalat
Contributor

computersalat commented Mar 18, 2017

SUMMARY

removing anonymous user does not remove its entries from mysql.db

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

modules/database/mysql/mysql_user

ANSIBLE VERSION
2.2.1.0
ADDITIONAL INFORMATION

when removing anonymous user, then the following is not removed:

MariaDB [(none)]> select * from mysql.db;
+------+---------+------+-------------+-------------+-------------+-------------+-------------+-----------+------------+-----------------+------------+------------+-----------------------+------------------+------------------+----------------+---------------------+--------------------+--------------+------------+--------------+
| Host | Db      | User | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Create_tmp_table_priv | Lock_tables_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Execute_priv | Event_priv | Trigger_priv |
+------+---------+------+-------------+-------------+-------------+-------------+-------------+-----------+------------+-----------------+------------+------------+-----------------------+------------------+------------------+----------------+---------------------+--------------------+--------------+------------+--------------+
| %    | test    |      | Y           | Y           | Y           | Y           | Y           | Y         | N          | Y               | Y          | Y          | Y                     | Y                | Y                | Y              | Y                   | N                  | N            | Y          | Y            |
| %    | test\_% |      | Y           | Y           | Y           | Y           | Y           | Y         | N          | Y               | Y          | Y          | Y                     | Y                | Y                | Y              | Y                   | N                  | N            | Y          | Y            |
+------+---------+------+-------------+-------------+-------------+-------------+-------------+-----------+------------+-----------------+------------+------------+-----------------------+------------------+------------------+----------------+---------------------+--------------------+--------------+------------+--------------+
2 rows in set (0.00 sec)

cause you are doing a DROP USER 'user'@'host'
and

- name: remove all anoymous user
  mysql_user:
    name: ''
    host_all: yes
    state: absent

usually only finds

MariaDB [(none)]> select * from mysql.user;
+-----------+------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+--------+-----------------------+------------------+---------+
| Host      | User | Password | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | is_role |
+-----------+------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+--------+-----------------------+------------------+---------+
| localhost |      |          | N           | N           | N           | N           | N           | N         | N           | N             | N            | N         | N          | N               | N          | N          | N            | N          | N                     | N                | N            | N               | N                | N                | N              | N                   | N                  | N                | N          | N            | N                      |          |            |             |              |             0 |           0 |               0 |                    0 |        |                       | N                | N       |
| ovhpc-02  |      |          | N           | N           | N           | N           | N           | N         | N           | N             | N            | N         | N          | N               | N          | N          | N            | N          | N                     | N                | N            | N               | N                | N                | N              | N                   | N                  | N                | N          | N            | N                      |          |            |             |              |             0 |           0 |               0 |                    0 |        |                       | N                | N       |
+-----------+------+----------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+--------+-----------------------+------------------+---------+
6 rows in set (0.00 sec)

and there is no % which would also remove the test stuff from mysql.db.
So there is a simple DROP without host needed
DROP USER '';

@ansibot

This comment has been minimized.

Contributor

ansibot commented Mar 18, 2017

@mattclay

This comment has been minimized.

Member

mattclay commented Mar 20, 2017

CI failure due to multiple integration test failures. Here's one example:

2017-03-18 20:45:25 The full traceback is:
2017-03-18 20:45:25 Traceback (most recent call last):
2017-03-18 20:45:25   File "/tmp/ansible_dgYbWf/ansible_module_mysql_user.py", line 652, in <module>
2017-03-18 20:45:25     main()
2017-03-18 20:45:25   File "/tmp/ansible_dgYbWf/ansible_module_mysql_user.py", line 642, in main
2017-03-18 20:45:25     changed = user_delete(cursor, user, host, host_all, module.check_mode)
2017-03-18 20:45:25   File "/tmp/ansible_dgYbWf/ansible_module_mysql_user.py", line 404, in user_delete
2017-03-18 20:45:25     cursor.execute("DROP USER ''")
2017-03-18 20:45:25   File "/usr/lib64/python2.7/site-packages/MySQLdb/cursors.py", line 205, in execute
2017-03-18 20:45:25     self.errorhandler(self, exc, value)
2017-03-18 20:45:25   File "/usr/lib64/python2.7/site-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
2017-03-18 20:45:25     raise errorclass, errorvalue
2017-03-18 20:45:25 _mysql_exceptions.OperationalError: (1396, "Operation DROP USER failed for ''@'%'")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment