From c83f6b9814a1a3d82a2f54ab2ae328b3b2b76155 Mon Sep 17 00:00:00 2001
From: 123quhiwiwk <70281681+123quhiwiwk@users.noreply.github.com>
Date: Mon, 23 Aug 2021 08:54:57 +0200
Subject: [PATCH] Execute check of error logfile permissions only when
 log_error is defined

Signed-off-by: 123quhiwiwk <70281681+123quhiwiwk@users.noreply.github.com>
---
 roles/mysql_hardening/tasks/configure.yml | 1 +
 roles/mysql_hardening/tasks/main.yml      | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/roles/mysql_hardening/tasks/configure.yml b/roles/mysql_hardening/tasks/configure.yml
index 2c1af784e..4d288b7b7 100644
--- a/roles/mysql_hardening/tasks/configure.yml
+++ b/roles/mysql_hardening/tasks/configure.yml
@@ -23,6 +23,7 @@
     owner: '{{ mysql_hardening_user }}'
     group: '{{ mysql_hardening_group }}'
     mode: '0640'
+  when: mysql_settings.settings.log_error != ""
 
 - name: Check mysql configuration-directory exists and has right permissions
   file:
diff --git a/roles/mysql_hardening/tasks/main.yml b/roles/mysql_hardening/tasks/main.yml
index e6cc64dc9..50ad4c4c4 100644
--- a/roles/mysql_hardening/tasks/main.yml
+++ b/roles/mysql_hardening/tasks/main.yml
@@ -44,6 +44,12 @@
     login_unix_socket: "{{ login_unix_socket | default(omit) }}"
   register: mysql_version
 
+- name: Check MySQL/MariaDB settings
+  community.mysql.mysql_info:
+    filter: settings
+    login_unix_socket: "{{ login_unix_socket | default(omit) }}"
+  register: mysql_settings
+
 # see https://stackoverflow.com/a/59451077/2953919 for the
 # dict2items and vice versa magic
 - name: Drop the secure-auth parameter on MySQL >=8.0.3 (not mariadb)