-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
does not work a create user with a password hash and the caching_sha2_password plugin #592
Comments
@Hramoff hello, thanks for reporting the issue. |
I think I recall having to convert the password with a weird command when I wrote this: https://github.com/ansible-collections/community.mysql/blob/main/tests/integration/targets/test_mysql_info/tasks/filter_users_info.yml#L192-L213 I think it's Does that help? |
@Hramoff ^ |
I'm sorry that I disappeared for a while, but I managed to analyze your advice. I'll answer everyone now. It is important to me to be able to create user using exactly the HASH of their script. We use a special application that stores password hashes in mysql format for our employees. I answer @Andersson007. We decided to start upgrading our databases to MySQL 8, and at the same time change the authentication plugin from I answer @laurent-indermuehle . I have little understanding of testing roles and playbooks, but I know Ansible quite well. You create a user by passing this text with a password, which is then converted to a hash ( community.mysql/tests/integration/targets/test_mysql_info/tasks/filter_users_info.yml Line 209 in 81ab18d
so you can enter through it. The If i user this task: - name: ADD USER
community.mysql.mysql_user:
login_unix_socket: /var/run/mysqld/mysqld.sock
login_user: root
login_password: "{{ mysql_root_password }}"
name: asdfd
state: present
plugin: caching_sha2_password
priv: "*.*: ALL"
plugin_hash_string: '0x244124303035241D5D2E5F634A622A6550394535296D1404453C4D4146644B5644765A6A732E516D57614C785874723631416C486E436B74707541447639564E435870557537'
tags: qwerty then I get an error: fatal: [myserv]: FAILED! => {"changed": false, "msg": "(1827, \"The password hash doesn't have the expected format.\")"} what is 0x224... ? this is the result of the command: SHOW CREATE USER 'asdf'@'localhost'\GG
*************************** 1. row ***************************
CREATE USER for asdf@localhost: CREATE USER `asdf`@`localhost` IDENTIFIED WITH 'caching_sha2_password' AS 0x244124303035241D5D2E5F634A622A6550394535296D1404453C4D4146644B5644765A6A732E516D57614C785874723631416C486E436B74707541447639564E435870557537 REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK PASSWORD HISTORY DEFAULT PASSWORD REUSE INTERVAL DEFAULT PASSWORD REQUIRE CURRENT DEFAULT
1 row in set (0,00 sec) I can copy this and create a user on a different base quite successfully: CREATE USER `zxc`@`localhost` IDENTIFIED WITH 'caching_sha2_password' AS 0x244124303035241D5D2E5F634A622A6550394535296D1404453C4D4146644B5644765A6A732E516D57614C785874723631416C486E436B74707541447639564E435870557537 REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK PASSWORD HISTORY DEFAULT
PASSWORD REUSE INTERVAL DEFAULT PASSWORD REQUIRE CURRENT DEFAULT;
Query OK, 0 rows affected (0,01 sec) But if I pass this value to the playbook then the known error appears. It seems to me that you need to look at the code - https://github.com/ansible-collections/community.mysql/blob/81ab18d56c64f64cb5bc369ce7fc79ff1aba1eed/plugins/module_utils/user.py#L187C5-L187C5 I'm not really a developer, but I can think. here a request is generated to create a user if you take this request and insert the data into it yourself, for example CREATE USER testuser@localhost IDENTIFIED WITH caching_sha2_password AS "0x00200000... ; then you can see the error CREATE USER `u2`@`localhost` IDENTIFIED WITH caching_sha2_password AS '0x24412430303524042C31091B0C7D1217551547705B2129163301094F4B454D61456F4352514461714133644C7349726A416D54643958617762504675664F426E6A766A4E6241';
ERROR 1827 (HY000): The password hash doesn't have the expected format. I also checked the options - pass the password in clear text, pass the sha2 and HEX hash. None of these options work and it seems that the problem is in MySQL 8 itself. |
@Hramoff thanks for your analys. I'm not sure I get your conclusion. To me the working command doesn't enclose the hash in quotes. When you use quote you get the error message. And you can't remove the quote if you use community.mysql. Are you able to reproduce this with the integrations tests? |
SUMMARY
It is not possible to create a user with the
caching_sha2_password
plugin usingplugin_hash_string
.ISSUE TYPE
COMPONENT NAME
community.mysql.mysql_user
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
EXPECTED RESULTS
Must create a user with username user1, plugin -
caching_sha2_password
and password -$A$005$7s0af617373776f7264
ACTUAL RESULTS
The text was updated successfully, but these errors were encountered: