a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed mysql_user idempotency for long privilege lists. (Fixes ansible/#68044) (#58)

pull/88/head
Florian Apolloner 2020-04-01 17:31:53 +02:00 committed by GitHub
parent d921968504
commit 8d203225d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 37 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/mysql_user_idempotency.yml Normal file
View File

@ -0,0 +1,2 @@
bugfixes:
- "mysql_user - Fix idempotence when long grant lists are used (https://github.com/ansible/ansible/issues/68044)"

6
plugins/modules/database/mysql/mysql_user.py
View File

@ -561,14 +561,14 @@ def privileges_get(cursor, user, host):
res = re.match("""GRANT (.+) ON (.+) TO (['`"]).*\\3@(['`"]).*\\4( IDENTIFIED BY PASSWORD (['`"]).+\\6)? ?(.*)""", grant[0]) res = re.match("""GRANT (.+) ON (.+) TO (['`"]).*\\3@(['`"]).*\\4( IDENTIFIED BY PASSWORD (['`"]).+\\6)? ?(.*)""", grant[0])
if res is None: if res is None:
raise InvalidPrivsError('unable to parse the MySQL grant string: %s' % grant[0]) raise InvalidPrivsError('unable to parse the MySQL grant string: %s' % grant[0])
privileges = res.group(1).split(", ") privileges = res.group(1).split(",")
privileges = [pick(x) for x in privileges] privileges = [pick(x.strip()) for x in privileges]
if "WITH GRANT OPTION" in res.group(7): if "WITH GRANT OPTION" in res.group(7):
privileges.append('GRANT') privileges.append('GRANT')
if "REQUIRE SSL" in res.group(7): if "REQUIRE SSL" in res.group(7):
privileges.append('REQUIRESSL') privileges.append('REQUIRESSL')
db = res.group(2) db = res.group(2)
output[db] = privileges output.setdefault(db, []).extend(privileges)
return output return output

25
tests/integration/targets/mysql_user/tasks/test_privs.yml
View File

@ -122,6 +122,31 @@
login_user: '{{ user_name_2 }}' login_user: '{{ user_name_2 }}'
login_password: '{{ user_password_2 }}' login_password: '{{ user_password_2 }}'
# ============================================================
- name: update user with a long privileges list (mysql has a special multiline grant output)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert that priv changed
assert: { that: "result.changed == true" }
- name: Test idempotency (expect ok)
mysql_user:
name: '{{ user_name_2 }}'
password: '{{ user_password_2 }}'
priv: '*.*:CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE,SHOW DATABASES,SHUTDOWN,SUPER,CREATE,DROP,EVENT,LOCK TABLES,INSERT,UPDATE,DELETE,SELECT,SHOW VIEW,GRANT'
state: present
login_unix_socket: '{{ mysql_socket }}'
register: result
- name: Assert that priv did not change
assert: { that: "result.changed == false" }
- name: remove username - name: remove username
mysql_user: mysql_user:
name: '{{ user_name_2 }}' name: '{{ user_name_2 }}'