From bf87ff89f19502f55d8fe222f2db4a31f6a287e6 Mon Sep 17 00:00:00 2001 From: Garrett Guillotte Date: Fri, 5 Oct 2018 12:04:03 -0700 Subject: [PATCH] (MODULES-7487) Fix pw comparison MariaDB 10.2.16+ Since MariaDB 10.2.16, the `SET PASSWORD` command stores user passwords in the `mysql_native_password` plugin `authentication_string` instead of in the `password` column: ``` +------+-----------+----------+-----------------------+-------------------------------------------+ | user | host | password | plugin | authentication_string | +------+-----------+----------+-----------------------+-------------------------------------------+ | root | localhost | | mysql_native_password | *01396341988BCA5088C3A5DB5D7E434947096D4F | +------+-----------+----------+-----------------------+-------------------------------------------+ ``` The `puppetlabs/mysql` checks the `password` column instead of the `authentication_string` on all versions of MariaDB, resulting in every Puppet run attempting to update managed user passwords even when they haven't changed. Update the if statement to check the plugin authentication string on MariaDB 10.2.16 and newer. --- lib/puppet/provider/mysql_user/mysql.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/puppet/provider/mysql_user/mysql.rb b/lib/puppet/provider/mysql_user/mysql.rb index bbe7b63a1..3914ee3c5 100644 --- a/lib/puppet/provider/mysql_user/mysql.rb +++ b/lib/puppet/provider/mysql_user/mysql.rb @@ -14,7 +14,7 @@ def self.instances ## Default ... # rubocop:disable Metrics/LineLength query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'" - elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6') + elsif newer_than('mysql' => '5.7.6', 'percona' => '5.7.6', 'mariadb' => '10.2.16') query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, AUTHENTICATION_STRING, PLUGIN FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'" else query = "SELECT MAX_USER_CONNECTIONS, MAX_CONNECTIONS, MAX_QUESTIONS, MAX_UPDATES, SSL_TYPE, SSL_CIPHER, X509_ISSUER, X509_SUBJECT, PASSWORD /*!50508 , PLUGIN */ FROM mysql.user WHERE CONCAT(user, '@', host) = '#{name}'"