Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

simplify MySQL queries for user deletion #641

Merged
merged 13 commits into from Mar 1, 2023
Merged

simplify MySQL queries for user deletion #641

merged 13 commits into from Mar 1, 2023

Conversation

schurzi
Copy link
Contributor

@schurzi schurzi commented Feb 23, 2023

No description provided.

@schurzi
use rowcount to determine mysql results
b6171cf 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
use correct list level
0ff7632 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
remove json_query
96756c9 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
remove intermediate vars
5587b8b 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
add check for count
6286011 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
drop condition, since one result must exist
8a90fb2 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
move rowcount in condition
06687d7 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi schurzi force-pushed the simplify_mysql branch 5 times, most recently from 2fc1570 to 00d1bdc Compare February 23, 2023 23:53
@schurzi
do loop in ansible to report each deleted user
aabe620 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
Copy link
Contributor Author

schurzi commented Feb 24, 2023

I moved the deletion of users into a loop inside Ansible, this is slower if it needs to delete a lot of users, but it is also logged better at execution time:

  TASK [devsec.hardening.mysql_hardening : Ensure that there are no users without password or authentication_string] ***
  Friday 24 February 2023  00:03:46 +0000 (0:00:00.053)       0:00:18.832 *******
  changed: [instance] => (item='foo'@'bar')

@schurzi
add idempotency check
47c771c 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi schurzi marked this pull request as ready for review February 24, 2023 00:16
@schurzi schurzi added the patch label Feb 24, 2023
@schurzi
Copy link
Contributor Author

schurzi commented Feb 24, 2023

this might fix the problem in #640 but I suspect a different error there

This was linked to issues Feb 24, 2023
devsec.hardening.mysql_hardening - Get all users that have no authentication_string - Hello world #640
Closed
Write tests for MySQL user-deletion #445
Closed
@schurzi
additional tests to verify user deletion
49fd6b0 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
actually iterate the whole user list when deleting
bb44772 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi
fix tests for SuSE
5afff3d 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
rndmh3ro
rndmh3ro reviewed Feb 28, 2023
View reviewed changes
Copy link
Member

@rndmh3ro rndmh3ro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great simplification! I didn't know the mysql_query module was capable of this.

roles/mysql_hardening/tasks/mysql_secure_installation.yml Outdated Show resolved Hide resolved
roles/mysql_hardening/tasks/mysql_secure_installation.yml Outdated Show resolved Hide resolved
roles/mysql_hardening/tasks/mysql_secure_installation.yml Outdated Show resolved Hide resolved
@schurzi
adopt suggestions
7fbb913 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
@schurzi schurzi mentioned this pull request Mar 1, 2023
Open
@rndmh3ro rndmh3ro merged commit 6e5621c into master Mar 1, 2023
@rndmh3ro rndmh3ro deleted the simplify_mysql branch March 1, 2023 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rndmh3ro rndmh3ro rndmh3ro left review comments

Assignees
No one assigned
Labels
mysql_hardening patch
Projects
None yet
Milestone
No milestone
2 participants
@schurzi @rndmh3ro