Fix privilege changing everytime (#438)

* Compare privileges from before and after manipulation * Add unit tests * Fix FIXME integration tests related to this issue * Fix sanity check * Fix assertion when appending privs in mysql_role_initial integration tests * Fix pylint * [ci-skip] Add changelog fragment * Fix: missing fragment file extension * Replace privileges_equal() by a comparison * Fix: sanity pylint * Fix: forgot to remove privileges_equal import from unit tests
2025-04-05 10:10:32 -07:00 · 2022-09-08 18:26:58 +02:00 · 2022-09-08 18:26:58 +02:00 · 2d75bc19b8
commit 2d75bc19b8
parent ea73d408c3
4 changed files with 13 additions and 13 deletions
--- a/changelogs/fragments/438-fix-privilege-changing-everytime.yml
+++ b/changelogs/fragments/438-fix-privilege-changing-everytime.yml
@ -0,0 +1,7 @@
+---
+bugfixes:
+  - mysql_user, mysql_role - mysql/mariadb recent versions translate 'ALL
+    PRIVILEGES' to a list of specific privileges. That caused a change every time
+    we modified user privileges. This fix compares privs before and after user
+    modification to avoid this infinite change
+    (https://github.com/ansible-collections/community.mysql/issues/77).
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@ -385,7 +385,10 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
                        privileges_revoke(cursor, user, host, db_table, revoke_privs, grant_option, maria_role)
                    if len(grant_privs) > 0:
                        privileges_grant(cursor, user, host, db_table, grant_privs, tls_requires, maria_role)
-                    changed = True
+
+            # after privilege manipulation, compare privileges from before and now
+            after_priv = privileges_get(cursor, user, host, maria_role)
+            changed = changed or (curr_priv != after_priv)

        if role:
            continue
--- a/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
+++ b/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
@ -1491,16 +1491,10 @@
      priv: '{{ test_db1 }}.{{ test_table }}:SELECT,INSERT/{{ test_db2 }}.{{ test_table }}:DELETE'
      append_privs: yes

-  # TODO it must be changed. The module uses user_mod function
-  # taken from mysql_user module. It's a bug / expected behavior
-  # because I added a similar tasks to mysql_user tests
-  # https://github.com/ansible-collections/community.mysql/issues/50#issuecomment-871216825
-  # and it's also failed. Create an issue after the module is merged to avoid conflicts.
-  # TODO Fix this after user_mod is fixed.
-  - name: Check
+  - name: Check that there's no change
    assert:
      that:
-      - result is changed
+      - result is not changed

  - name: Rewrite privs
    <<: *task_params
--- a/tests/integration/targets/test_mysql_user/tasks/test_privs.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/test_privs.yml
@ -179,8 +179,6 @@
      assert:
        that:
          - result is not changed
-      when: (install_type == 'mysql' and mysql_version is version('8', '<')) or
-            (install_type == 'mariadb' and mariadb_version is version('10.5', '<'))

    - name: remove username
      mysql_user:
@ -229,8 +227,6 @@
      assert:
        that:
          - result is not changed
-      when: (install_type == 'mysql' and mysql_version is version('8', '<')) or
-            (install_type == 'mariadb')

    - name: Collect user info by host
      community.mysql.mysql_info: