While preparing to run the change_mysql_password script in production, ops found that users with incorrect passwords could connect after the script was run. The correct behavior is for the password to be reset if it has been changed and invalid passwords to be rejected.
Additionally, this tool should reset the password to the value in the env, not generate a new value.
Commits pushed to master at https://github.com/openshift/li https://github.com/openshift/li/commit/2df67cefc9d742fac60eef0c63613db56f61ab84 Fix bug 1025856 Signed-off-by: Stefanie Forrester <sedgar> https://github.com/openshift/li/commit/e4b7356536f133c784b196cfc9bf1b2687b5475f Fix bug 1025856: reset to password in env instead of generating new password
Checked on devenv-stage_549, Git clone the li-repo to get the latest script. Change mysql password for my app, Reset the password with the script change_mysql_password The script finished with successful. And after password reset, trying to connect to the db with incorrect password, it cannot be accessed. \> mysql -uadminagNuJah -predhat -h127.1.244.2 app1 ERROR 1045 (28000): Access denied for user 'adminagNuJah'@'127.1.244.2' (using password: YES) And can be connected with correct password. \> mysql -uadminagNuJah -pPhvIZiYPnYZV -h127.1.244.2 app1 Welcome to the MySQL monitor. Commands end with ; or \g.