Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mysql db unsafe passwd #428

Merged
merged 3 commits into from
Jun 2, 2020
Merged

Mysql db unsafe passwd #428

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
00c8abe
mysql_db: add new parameter unsafe_login_password
Andersson007 May 28, 2020
639b474
add CI tests
Andersson007 May 28, 2020
4abd5b3
add changelog fragment
Andersson007 May 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions changelogs/fragments/428-mysql_db_add_unsafe_login_password_param.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
minor_changes:
- mysql_db - add the ``unsafe_login_password`` parameter (https://github.com/ansible/ansible/issues/63955).
30 changes: 24 additions & 6 deletions plugins/modules/database/mysql/mysql_db.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,15 @@
required: no
type: bool
default: no
unsafe_login_password:
description:
- If C(no), the module will safely use a shell-escaped version of the I(login_password) value.
- It makes sense to use C(yes) only if there are special symbols in the value and errors C(Access denied) occur.
- Used only when I(state) is C(import) or C(dump) and I(login_password) is passed, ignored otherwise.
type: bool
default: no
version_added: '2.10'

seealso:
- module: mysql_info
- module: mysql_variables
Expand Down Expand Up @@ -299,15 +308,19 @@ def db_delete(cursor, db):
def db_dump(module, host, user, password, db_name, target, all_databases, port,
config_file, socket=None, ssl_cert=None, ssl_key=None, ssl_ca=None,
single_transaction=None, quick=None, ignore_tables=None, hex_blob=None,
encoding=None, force=False, master_data=0, skip_lock_tables=False, dump_extra_args=None):
encoding=None, force=False, master_data=0, skip_lock_tables=False,
dump_extra_args=None, unsafe_password=False):
cmd = module.get_bin_path('mysqldump', True)
# If defined, mysqldump demands --defaults-extra-file be the first option
if config_file:
cmd += " --defaults-extra-file=%s" % shlex_quote(config_file)
if user is not None:
cmd += " --user=%s" % shlex_quote(user)
if password is not None:
cmd += " --password=%s" % shlex_quote(password)
if not unsafe_password:
cmd += " --password=%s" % shlex_quote(password)
else:
cmd += " --password=%s" % password
if ssl_cert is not None:
cmd += " --ssl-cert=%s" % shlex_quote(ssl_cert)
if ssl_key is not None:
Expand Down Expand Up @@ -366,7 +379,7 @@ def db_dump(module, host, user, password, db_name, target, all_databases, port,

def db_import(module, host, user, password, db_name, target, all_databases, port, config_file,
socket=None, ssl_cert=None, ssl_key=None, ssl_ca=None, encoding=None, force=False,
use_shell=False):
use_shell=False, unsafe_password=False):
if not os.path.exists(target):
return module.fail_json(msg="target %s does not exist on the host" % target)

Expand All @@ -377,7 +390,10 @@ def db_import(module, host, user, password, db_name, target, all_databases, port
if user:
cmd.append("--user=%s" % shlex_quote(user))
if password:
cmd.append("--password=%s" % shlex_quote(password))
if not unsafe_password:
cmd.append("--password=%s" % shlex_quote(password))
else:
cmd.append("--password=%s" % password)
if ssl_cert is not None:
cmd.append("--ssl-cert=%s" % shlex_quote(ssl_cert))
if ssl_key is not None:
Expand Down Expand Up @@ -492,6 +508,7 @@ def main():
skip_lock_tables=dict(type='bool', default=False),
dump_extra_args=dict(type='str'),
use_shell=dict(type='bool', default=False),
unsafe_login_password=dict(type='bool', default=False),
),
supports_check_mode=True,
)
Expand All @@ -518,6 +535,7 @@ def main():
connect_timeout = module.params['connect_timeout']
config_file = module.params['config_file']
login_password = module.params["login_password"]
unsafe_login_password = module.params["unsafe_login_password"]
login_user = module.params["login_user"]
login_host = module.params["login_host"]
ignore_tables = module.params["ignore_tables"]
Expand Down Expand Up @@ -599,7 +617,7 @@ def main():
login_port, config_file, socket, ssl_cert, ssl_key,
ssl_ca, single_transaction, quick, ignore_tables,
hex_blob, encoding, force, master_data, skip_lock_tables,
dump_extra_args)
dump_extra_args, unsafe_login_password)
if rc != 0:
module.fail_json(msg="%s" % stderr)
module.exit_json(changed=True, db=db_name, db_list=db, msg=stdout,
Expand All @@ -618,7 +636,7 @@ def main():
all_databases,
login_port, config_file,
socket, ssl_cert, ssl_key, ssl_ca,
encoding, force, use_shell)
encoding, force, use_shell, unsafe_login_password)
if rc != 0:
module.fail_json(msg="%s" % stderr)
module.exit_json(changed=True, db=db_name, db_list=db, msg=stdout,
Expand Down
18 changes: 17 additions & 1 deletion tests/integration/targets/mysql_db/tasks/state_dump_import.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,16 @@
wrong_sql_file="{{tmp_dir}}/wrong.sql"
dump_file1="{{tmp_dir}}/{{file2}}"
dump_file2="{{tmp_dir}}/{{file3}}"
db_user="test"
db_user_unsafe_password="pass!word"

- name: create user for test unsafe_login_password parameter
mysql_user:
name: '{{ db_user }}'
password: '{{ db_user_unsafe_password }}'
priv: '*.*:ALL'
state: present
login_unix_socket: '{{ mysql_socket }}'

- name: state dump/import - create database
mysql_db:
Expand Down Expand Up @@ -58,6 +68,9 @@

- name: state dump without department table.
mysql_db:
login_user: '{{ db_user }}'
login_password: '{{ db_user_unsafe_password }}'
unsafe_login_password: yes
name: "{{ db_name }}"
state: dump
target: "{{ db_file_name }}"
Expand All @@ -74,7 +87,7 @@
assert:
that:
- result is changed
- result.executed_commands[0] is search("mysqldump --force --socket={{ mysql_socket }} {{ db_name }} --skip-lock-tables --quick --ignore-table={{ db_name }}.department --master-data=1 --skip-triggers")
- result.executed_commands[0] is search("mysqldump --user={{ db_user }} --password=\*\*\*\*\*\*\*\* --force --socket={{ mysql_socket }} {{ db_name }} --skip-lock-tables --quick --ignore-table={{ db_name }}.department --master-data=1 --skip-triggers")

- name: state dump/import - file name should exist
file: name={{ db_file_name }} state=file
Expand Down Expand Up @@ -153,6 +166,9 @@

- name: test state=import to restore the database of type {{ format_type }} (expect changed=true)
mysql_db:
login_user: '{{ db_user }}'
login_password: '{{ db_user_unsafe_password }}'
unsafe_login_password: yes
name: '{{ db_name }}'
state: import
target: '{{ db_file_name }}'
Expand Down