Merge pull request #2774 from koichirok/mysql_user-check_mode

Add check_mode support to mysql_user.
2016-01-11 18:50:38 -05:00 · 2016-01-11 18:50:38 -05:00 · 516aed0837
commit 516aed0837
parent 1b8487ffce 76905bc345
1 changed files with 25 additions and 8 deletions
--- a/database/mysql/mysql_user.py
+++ b/database/mysql/mysql_user.py
@ -200,11 +200,14 @@ def user_exists(cursor, user, host, host_all):
    count = cursor.fetchone()
    return count[0] > 0

-def user_add(cursor, user, host, host_all, password, encrypted, new_priv):
+def user_add(cursor, user, host, host_all, password, encrypted, new_priv, check_mode):
    # we cannot create users without a proper hostname
    if host_all:
        return False

+    if check_mode:
+        return True
+
    if password and encrypted:
        cursor.execute("CREATE USER %s@%s IDENTIFIED BY PASSWORD %s", (user,host,password))
    elif password and not encrypted:
@ -222,7 +225,7 @@ def is_hash(password):
            ishash = True
    return ishash

-def user_mod(cursor, user, host, host_all, password, encrypted, new_priv, append_privs):
+def user_mod(cursor, user, host, host_all, password, encrypted, new_priv, append_privs, check_mode):
    changed = False
    grant_option = False

@ -247,6 +250,8 @@ def user_mod(cursor, user, host, host_all, password, encrypted, new_priv, append
                encrypted_string = (password)
                if is_hash(password):
                    if current_pass_hash[0] != encrypted_string:
+                        if check_mode:
+                            return True
                        if old_user_mgmt:
                            cursor.execute("SET PASSWORD FOR %s@%s = %s", (user, host, password))
                        else:
@ -261,6 +266,8 @@ def user_mod(cursor, user, host, host_all, password, encrypted, new_priv, append
                    cursor.execute("SELECT CONCAT('*', UCASE(SHA1(UNHEX(SHA1(%s)))))", (password,))
                new_pass_hash = cursor.fetchone()
                if current_pass_hash[0] != new_pass_hash[0]:
+                    if check_mode:
+                        return True
                    if old_user_mgmt:
                        cursor.execute("SET PASSWORD FOR %s@%s = PASSWORD(%s)", (user, host, password))
                    else:
@ -279,6 +286,8 @@ def user_mod(cursor, user, host, host_all, password, encrypted, new_priv, append
                    grant_option = True
                if db_table not in new_priv:
                    if user != "root" and "PROXY" not in priv and not append_privs:
+                        if check_mode:
+                            return True
                        privileges_revoke(cursor, user,host,db_table,priv,grant_option)
                        changed = True

@ -286,6 +295,8 @@ def user_mod(cursor, user, host, host_all, password, encrypted, new_priv, append
            # we can perform a straight grant operation.
            for db_table, priv in new_priv.iteritems():
                if db_table not in curr_priv:
+                    if check_mode:
+                        return True
                    privileges_grant(cursor, user,host,db_table,priv)
                    changed = True

@ -295,6 +306,8 @@ def user_mod(cursor, user, host, host_all, password, encrypted, new_priv, append
            for db_table in db_table_intersect:
                priv_diff = set(new_priv[db_table]) ^ set(curr_priv[db_table])
                if (len(priv_diff) > 0):
+                    if check_mode:
+                        return True
                    if not append_privs:
                        privileges_revoke(cursor, user,host,db_table,curr_priv[db_table],grant_option)
                    privileges_grant(cursor, user,host,db_table,new_priv[db_table])
@ -302,7 +315,10 @@ def user_mod(cursor, user, host, host_all, password, encrypted, new_priv, append

    return changed

-def user_delete(cursor, user, host, host_all):
+def user_delete(cursor, user, host, host_all, check_mode):
+    if module.check_mode:
+        changed = True
+
    if host_all:
        hostnames = user_get_hostnames(cursor, user)

@ -452,7 +468,8 @@ def main():
            ssl_cert=dict(default=None),
            ssl_key=dict(default=None),
            ssl_ca=dict(default=None),
-        )
+        ),
+        supports_check_mode=True
    )
    login_user = module.params["login_user"]
    login_password = module.params["login_password"]
@ -499,9 +516,9 @@ def main():
        if user_exists(cursor, user, host, host_all):
            try:
                if update_password == 'always':
-                    changed = user_mod(cursor, user, host, host_all, password, encrypted, priv, append_privs)
+                    changed = user_mod(cursor, user, host, host_all, password, encrypted, priv, append_privs, module.check_mode)
                else:
-                    changed = user_mod(cursor, user, host, host_all, None, encrypted, priv, append_privs)
+                    changed = user_mod(cursor, user, host, host_all, None, encrypted, priv, append_privs, module.check_mode)

            except (SQLParseError, InvalidPrivsError, MySQLdb.Error), e:
                module.fail_json(msg=str(e))
@ -511,12 +528,12 @@ def main():
            if host_all:
                module.fail_json(msg="host_all parameter cannot be used when adding a user")
            try:
-                changed = user_add(cursor, user, host, host_all, password, encrypted, priv)
+                changed = user_add(cursor, user, host, host_all, password, encrypted, priv, module.check_mode)
            except (SQLParseError, InvalidPrivsError, MySQLdb.Error), e:
                module.fail_json(msg=str(e))
    elif state == "absent":
        if user_exists(cursor, user, host, host_all):
-            changed = user_delete(cursor, user, host, host_all)
+            changed = user_delete(cursor, user, host, host_all, module.check_mode)
        else:
            changed = False
    module.exit_json(changed=changed, user=user)