New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for MySQL plugin authentication #44267
Conversation
071fc42
to
6e3ff73
Compare
The test
|
6e3ff73
to
c7d2558
Compare
I asked aws community |
@tomaszkiewicz folks said it's possible, see test/integration/targets/rds_instance. |
Maybe I'm mistaken, but I think you could use one of the standard auth plugins (even mysql_native_password) for the integration tests? |
Any updates here? |
I've been pulling my hair out wondering why I can do |
I've been wondering how I could do that, @gundalow, but couldn't find anything in the docs. Point me in the right direction and I'll test this out ASAP |
@daraul Since this PR only modifies a single file download https://raw.githubusercontent.com/ansible/ansible/50a6ec33f44989b980c9e0563ea4278667f481b0/lib/ansible/modules/database/mysql/mysql_user.py into ie
|
@gundalow just ran this in my playbook:
and was given this error:
I can confirm that
I'm not sure what the problem is. Maybe this custom module is conflicting with the official one? Is there any way to confirm that the custom module is being used? Can I just rename it to something like Update: trying the same module, with |
From your debug @Andersson007 Any ideas? |
@daraul I know this is annoying sometimes, but some client libraries convert implicitly |
Setting |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you please put the empty lines between examples back
- it is not related to the changes
- it was much more better (when not one bunch of text)
@@ -115,87 +128,81 @@ | |||
name: '' | |||
host: localhost | |||
state: absent | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please keep the blank lines between tasks, it helps readability.
considering that CI tests can be difficult to implement in this case, if there are a couple of people who tried it manually, IMO it might be merged after @gundalow 's requests are done |
@gundalow @Andersson007 I've been using this for a while to manage users with the |
@abohne , thanks for the feedback! |
Co-Authored-By: John R Barker <john@johnrbarker.com>
The test
The test
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tested (with typo fixed):
- mysql_user:
name: prometheus
plugin: unix_socket
priv: '*.*:PROCESS,REPLICATION CLIENT,SELECT'
login_unix_socket: /run/mysqld/mysqld.sock
result:
MariaDB [(none)]> select Host,User,Password,Plugin from mysql.user;
+-----------+------------+-------------------------------------------+-------------+
| Host | User | Password | Plugin |
+-----------+------------+-------------------------------------------+-------------+
| localhost | root | | unix_socket |
| localhost | prometheus | | unix_socket |
+-----------+------------+-------------------------------------------+-------------+
2 rows in set (0.001 sec)
elif plugin and plugin_auth_string: | ||
cursor.execute("CREATE USER %s@%s IDENTIFIED WITH %s BY %s", (user, host, plugin, plugin_auth_string)) | ||
elif plugin: | ||
cursor.execute("CREATE USER %s@%s IDENTIFIED WITH %s", (user, host, plugin_auth_string)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
plugin, not plugin_auth_string
Hey all! |
SUMMARY
The change adds support for MySQL plugin authentication, eg. AWS RDS IAM Authentication plugin.
ISSUE TYPE
COMPONENT NAME
MySQL
ANSIBLE VERSION
ADDITIONAL INFORMATION