From 1cf1dbeca7342cb7019e9324c4ec903b7d8fbfc2 Mon Sep 17 00:00:00 2001
From: Bas Zoetekouw <bas.zoetekouw@surfnet.nl>
Date: Wed, 30 Sep 2020 15:50:58 +0200
Subject: [PATCH] Remove parsing of REQUIRE SSL in privileges

tls_require is handled separately (in `user_mod()` lines 673-690.
By adding the `REQUIRESSL` option to the current privileges, it gets passed to to the `curr_priv` variable in `user_mod()`, causing the privileges intersection between `curr_priv` and `new_priv` on line 663 to always contain `REQUIRESSL` (because `new_priv` will never never have it if we use `tls_requires`) and therefore the module would always be marked as "changed" (because it would always try removing the REQUIRESSL via `privileges_revoke()` at line 669 and then add it back via the explicit TLS route at lines 673-690).
---
 plugins/modules/mysql_user.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/plugins/modules/mysql_user.py b/plugins/modules/mysql_user.py
index 8d6c36a..6234611 100644
--- a/plugins/modules/mysql_user.py
+++ b/plugins/modules/mysql_user.py
@@ -746,8 +746,6 @@ def privileges_get(cursor, user, host):
         privileges = [pick(x.strip()) for x in privileges]
         if "WITH GRANT OPTION" in res.group(7):
             privileges.append('GRANT')
-        if 'REQUIRE SSL' in res.group(7):
-            privileges.append('REQUIRESSL')
         db = res.group(2)
         output.setdefault(db, []).extend(privileges)
     return output