From 39fd2e81cfdbcf7ca8b424419a4c185dce7fb1d2 Mon Sep 17 00:00:00 2001
From: Felix Hamme <felix.hamme@ionos.com>
Date: Mon, 23 May 2022 13:20:42 +0200
Subject: [PATCH] mysql_role: fix and simplify role membership detection

---
 plugins/modules/mysql_role.py | 49 ++++-------------------------------
 1 file changed, 5 insertions(+), 44 deletions(-)

diff --git a/plugins/modules/mysql_role.py b/plugins/modules/mysql_role.py
index d036541..ffff026 100644
--- a/plugins/modules/mysql_role.py
+++ b/plugins/modules/mysql_role.py
@@ -896,50 +896,11 @@ class Role():
         Returns:
             set: Members.
         """
-        members = set()
-
-        for user, host in self.server.get_users():
-            # Don't handle itself
-            if user == self.name and host == self.host:
-                continue
-
-            grants = self.server.get_grants(user, host)
-
-            if self.__is_member(grants):
-                members.add((user, host))
-
-        return members
-
-    def __is_member(self, grants):
-        """Check if a user / role is a member of a role.
-
-        To check if a user is a member of a role,
-        we parse their grants looking for the role name in them.
-        In the following grants, we can see that test@% is a member of readers.
-        +---------------------------------------------------+
-        | Grants for test@%                                 |
-        +---------------------------------------------------+
-        | GRANT SELECT, INSERT, UPDATE ON *.* TO `test`@`%` |
-        | GRANT ALL PRIVILEGES ON `mysql`.* TO `test`@`%`   |
-        | GRANT INSERT ON `mysql`.`user` TO `test`@`%`      |
-        | GRANT `readers`@`%` TO `test`@`%`                 |
-        +---------------------------------------------------+
-
-        Args:
-            grants (list): Grants of a user to parse.
-
-        Returns:
-            bool: True if the self.full_name has been found in grants,
-                otherwise returns False.
-        """
-        if not grants:
-            return False
-
-        for grant in grants:
-            if self.full_name in grant[0]:
-                return True
-
-        return False
+        if self.is_mariadb:
+            self.cursor.execute('select user, host from mysql.roles_mapping where role = %s', (self.name,))
+        else:
+            self.cursor.execute('select TO_USER as user, TO_HOST as host from mysql.role_edges where FROM_USER = %s', (self.name,))
+        return set(self.cursor.fetchall())
 
 
 def main():