ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-08-28 00:41:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

mysql_role: fix and simplify role membership detection

Browse source
This commit is contained in:
Felix Hamme 2022-05-23 13:20:42 +02:00
commit 39fd2e81cf
1 changed files with 5 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

49
plugins/modules/mysql_role.py
View file

@ -896,50 +896,11 @@ class Role():
Returns: Returns:
set: Members. set: Members.
""" """
members = set() if self.is_mariadb:
self.cursor.execute('select user, host from mysql.roles_mapping where role = %s', (self.name,))
for user, host in self.server.get_users(): else:
# Don't handle itself self.cursor.execute('select TO_USER as user, TO_HOST as host from mysql.role_edges where FROM_USER = %s', (self.name,))
if user == self.name and host == self.host: return set(self.cursor.fetchall())
continue
grants = self.server.get_grants(user, host)
if self.__is_member(grants):
members.add((user, host))
return members
def __is_member(self, grants):
"""Check if a user / role is a member of a role.
To check if a user is a member of a role,
we parse their grants looking for the role name in them.
In the following grants, we can see that test@% is a member of readers.
+---------------------------------------------------+
| Grants for test@% |
+---------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE ON *.* TO `test`@`%` |
| GRANT ALL PRIVILEGES ON `mysql`.* TO `test`@`%` |
| GRANT INSERT ON `mysql`.`user` TO `test`@`%` |
| GRANT `readers`@`%` TO `test`@`%` |
+---------------------------------------------------+
Args:
grants (list): Grants of a user to parse.
Returns:
bool: True if the self.full_name has been found in grants,
otherwise returns False.
"""
if not grants:
return False
for grant in grants:
if self.full_name in grant[0]:
return True
return False
def main(): def main():