call ruby instead of mysql to generate hex string and replace regex w…

…ith more explicit one
puppetlabs · May 27, 2024 · 9d1bb5f · 9d1bb5f
1 parent 20f6fa1
commit 9d1bb5f
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/lib/puppet/functions/mysql/password.rb b/lib/puppet/functions/mysql/password.rb
@@ -22,7 +22,7 @@
   def password(password, sensitive = false)
     password = password.unwrap if password.is_a?(Puppet::Pops::Types::PSensitiveType::Sensitive)
 
-    result_string = if %r{\*[A-F0-9]{40}$}.match?(password) || %r{0x[A-F0-9]+$}.match?(password)
+    result_string = if %r{\*[A-F0-9]{40}$}.match?(password) || %r{0x24412430303524[A-F0-9]{63}$}.match?(password)
                       password
                     elsif password.empty?
                       ''

diff --git a/lib/puppet/provider/mysql_user/mysql.rb b/lib/puppet/provider/mysql_user/mysql.rb
@@ -27,7 +27,7 @@ def self.instances
       if @plugin == 'caching_sha2_password'
         # Escaping all single quotes to prevent errors when password generated it
         @password = @password.gsub("'") { "\\'" }
-        @password = mysql_caller("SELECT CONCAT('0x',HEX('#{@password}'))", 'regular').chomp
+        @password = '0x' + @password.each_byte.map { |b| b.to_s(16) }.join
       end
 
       @tls_options = parse_tls_options(ssl_type, ssl_cipher, x509_issuer, x509_subject)