From 55a8ecd64efc0f18efff1943964fb9453f6250e7 Mon Sep 17 00:00:00 2001
From: Andrew Klychkov <aklychko@redhat.com>
Date: Tue, 19 Oct 2021 13:20:30 +0300
Subject: [PATCH] [stable-2] Backport stable 2 5 (#235)

* Copy ignore-2.12.txt to ignore-2.13.txt (#225)

(cherry picked from commit 4f205ef540baef1ea059f0591570eaf1524890be)

* CI matrix update (#226)

* CI matrix update

* Fix test_mysql_user

* Fix CI

* Fix CI

* Fix CI

* Fix CI

* Fix CI

(cherry picked from commit fc984b28aa06f916e380381a51fea3b736d54d37)

* integration tests: remove superfluous debug task (#228)

* integration tests: remove superfluous debug task

* Turn off integration tests against devel

(cherry picked from commit f47d4635f13ac2d642c678187b8321b613a18c15)

* mysql_user: fix broken compatibility for priviledge aliases (#233)

* mysql_user: fix broken compatibility for priviledge aliases

* add changelog fragment

* fix changelog fragment

* Improve formatting

(cherry picked from commit bb3e9fd3fa5d6fe62241b87bf38960330856e0ea)
---
 .github/workflows/ansible-test-plugins.yml    | 15 +++++++
 .../233-mysql_user_return_valid_privs.yml     |  2 +
 plugins/module_utils/user.py                  | 43 ++++++++++++++++++-
 .../targets/setup_mysql/tasks/install.yml     | 17 ++++++++
 .../tasks/config_overrides_defaults.yml       | 13 +++---
 .../targets/test_mysql_db/tasks/issue-28.yml  |  7 +--
 .../test_mysql_info/tasks/issue-28.yml        |  7 +--
 .../test_mysql_query/tasks/issue-28.yml       |  7 +--
 .../test_mysql_replication/tasks/issue-28.yml |  7 +--
 .../test_mysql_user/tasks/issue-28.yml        |  7 +--
 .../test_mysql_variables/tasks/issue-28.yml   |  7 +--
 .../tasks/mysql_variables.yml                 |  7 +--
 tests/sanity/ignore-2.13.txt                  |  8 ++++
 13 files changed, 104 insertions(+), 43 deletions(-)
 create mode 100644 changelogs/fragments/233-mysql_user_return_valid_privs.yml
 create mode 100644 tests/sanity/ignore-2.13.txt

diff --git a/.github/workflows/ansible-test-plugins.yml b/.github/workflows/ansible-test-plugins.yml
index da79c04..64435cd 100644
--- a/.github/workflows/ansible-test-plugins.yml
+++ b/.github/workflows/ansible-test-plugins.yml
@@ -28,6 +28,7 @@ jobs:
           - stable-2.9
           - stable-2.10
           - stable-2.11
+          - stable-2.12
           - devel
     steps:
 
@@ -61,9 +62,11 @@ jobs:
           - stable-2.9
           - stable-2.10
           - stable-2.11
+          - stable-2.12
           #- devel
         python:
           - 3.6
+          - 3.8
         connector:
           - pymysql==0.7.10
           - pymysql==0.9.3
@@ -71,6 +74,17 @@ jobs:
         exclude:
           - mysql: 8.0.22
             connector: pymysql==0.7.10
+          - python: 3.8
+            ansible: stable-2.9
+          - python: 3.8
+            ansible: stable-2.10
+          - python: 3.8
+            ansible: stable-2.11
+          - python: 3.6
+            ansible: stable-2.12
+          - python: 3.6
+            ansible: devel
+
     steps:
 
       - name: Check out code
@@ -116,6 +130,7 @@ jobs:
           - stable-2.9
           - stable-2.10
           - stable-2.11
+          - stable-2.12
           - devel
 
     steps:
diff --git a/changelogs/fragments/233-mysql_user_return_valid_privs.yml b/changelogs/fragments/233-mysql_user_return_valid_privs.yml
new file mode 100644
index 0000000..4f4b23e
--- /dev/null
+++ b/changelogs/fragments/233-mysql_user_return_valid_privs.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - mysql_user - Fix crash reporting ``Invalid privileges specified`` when passing privileges that became aliases (https://github.com/ansible-collections/community.mysql/issues/232).
diff --git a/plugins/module_utils/user.py b/plugins/module_utils/user.py
index 2ba60f2..0532de9 100644
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@@ -21,6 +21,46 @@ from ansible_collections.community.mysql.plugins.module_utils.mysql import (
 
 EXTRA_PRIVS = ['ALL', 'ALL PRIVILEGES', 'GRANT', 'REQUIRESSL']
 
+# This list is kept for backwards compatibility after release 2.3.0,
+# see https://github.com/ansible-collections/community.mysql/issues/232 for details
+VALID_PRIVS = [
+    'CREATE', 'DROP', 'GRANT', 'GRANT OPTION',
+    'LOCK TABLES', 'REFERENCES', 'EVENT', 'ALTER',
+    'DELETE', 'INDEX', 'INSERT', 'SELECT', 'UPDATE',
+    'CREATE TEMPORARY TABLES', 'TRIGGER', 'CREATE VIEW',
+    'SHOW VIEW', 'ALTER ROUTINE', 'CREATE ROUTINE',
+    'EXECUTE', 'FILE', 'CREATE TABLESPACE', 'CREATE USER',
+    'PROCESS', 'PROXY', 'RELOAD', 'REPLICATION CLIENT',
+    'REPLICATION SLAVE', 'SHOW DATABASES', 'SHUTDOWN',
+    'SUPER', 'ALL', 'ALL PRIVILEGES', 'USAGE',
+    'REQUIRESSL',  # Deprecated, to be removed in version 3.0.0
+    'CREATE ROLE', 'DROP ROLE', 'APPLICATION_PASSWORD_ADMIN',
+    'AUDIT_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
+    'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
+    'ENCRYPTION_KEY_ADMIN', 'FIREWALL_ADMIN', 'FIREWALL_USER',
+    'GROUP_REPLICATION_ADMIN', 'INNODB_REDO_LOG_ARCHIVE',
+    'NDB_STORED_USER', 'PERSIST_RO_VARIABLES_ADMIN',
+    'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
+    'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER',
+    'ROLE_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID',
+    'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'SYSTEM_USER',
+    'TABLE_ENCRYPTION_ADMIN', 'VERSION_TOKEN_ADMIN',
+    'XA_RECOVER_ADMIN', 'LOAD FROM S3', 'SELECT INTO S3',
+    'INVOKE LAMBDA',
+    'ALTER ROUTINE',
+    'BINLOG ADMIN',
+    'BINLOG MONITOR',
+    'BINLOG REPLAY',
+    'CONNECTION ADMIN',
+    'READ_ONLY ADMIN',
+    'REPLICATION MASTER ADMIN',
+    'REPLICATION SLAVE ADMIN',
+    'SET USER',
+    'SHOW_ROUTINE',
+    'SLAVE MONITOR',
+    'REPLICA MONITOR',
+]
+
 
 class InvalidPrivsError(Exception):
     pass
@@ -110,7 +150,8 @@ def get_tls_requires(cursor, user, host):
 def get_valid_privs(cursor):
     cursor.execute("SHOW PRIVILEGES")
     show_privs = [priv[0].upper() for priv in cursor.fetchall()]
-    all_privs = show_privs + EXTRA_PRIVS
+    # See the comment above VALID_PRIVS declaration
+    all_privs = show_privs + EXTRA_PRIVS + VALID_PRIVS
     return frozenset(all_privs)
 
 
diff --git a/tests/integration/targets/setup_mysql/tasks/install.yml b/tests/integration/targets/setup_mysql/tasks/install.yml
index aacdddc..57e4b31 100644
--- a/tests/integration/targets/setup_mysql/tasks/install.yml
+++ b/tests/integration/targets/setup_mysql/tasks/install.yml
@@ -28,6 +28,23 @@
 - name: "{{ role_name }} | install | install python packages"
   pip:
     name: "{{ python_packages }}"
+  register: connector
+
+- name: Extract connector.name.0 content
+  set_fact:
+    connector_name: "{{ connector.name.0 }}"
+
+- name: Debug connector_name content
+  debug:
+    msg: '{{ connector_name }}'
+
+- name: Extract connector version
+  set_fact:
+    connector_ver: "{{ connector_name.split('=')[2].strip() }}"
+
+- name: Debug connector_ver var content
+  debug:
+    msg: '{{ connector_ver }}'
 
 - name: "{{ role_name }} | install | install packages required by mysql"
   apt:
diff --git a/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml b/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml
index 42d8fd7..90c72b5 100644
--- a/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml
+++ b/tests/integration/targets/test_mysql_db/tasks/config_overrides_defaults.yml
@@ -11,27 +11,26 @@
 - name: Add fake port to config file
   shell: 'echo "port = {{ fake_port }}" >> {{ config_file }}'
 
-- name: Get pymysql version
-  shell: pip show pymysql | awk '/Version/ {print $2}'
-  register: pymysql_version
-
 - name: Add blank line
   shell: 'echo "" >> {{ config_file }}'
-  when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
+  when:
+  - (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')
 
 - name: Create include_dir
   file:
     path: '{{ include_dir }}'
     state: directory
     mode: '0777'
-  when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
+  when:
+  - (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')
 
 - name: Add include_dir
   lineinfile:
     path: '{{ config_file }}'
     line: '!includedir {{ include_dir }}'
     insertafter: EOF
-  when: (pymysql_version.stdout | default('1000', true)) is version('0.9.3', '>=')
+  when:
+  - (connector.name.0 is search('pymysql') and connector_ver is version('0.9.3', '>=')) or connector.name.0 is not search('pymysql')
 
 - name: Create database using fake port to connect to, must fail
   mysql_db:
diff --git a/tests/integration/targets/test_mysql_db/tasks/issue-28.yml b/tests/integration/targets/test_mysql_db/tasks/issue-28.yml
index 871e92d..a0b037f 100644
--- a/tests/integration/targets/test_mysql_db/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_db/tasks/issue-28.yml
@@ -9,9 +9,6 @@
   block:
 
     # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
     - name: get server certificate
       copy:
         content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@@ -49,12 +46,12 @@
     - assert:
         that:
           - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
 
     - assert:
         that:
           - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
 
     - name: attempt connection with newly created user ignoring hostname
       mysql_db:
diff --git a/tests/integration/targets/test_mysql_info/tasks/issue-28.yml b/tests/integration/targets/test_mysql_info/tasks/issue-28.yml
index 955683d..289b8b3 100644
--- a/tests/integration/targets/test_mysql_info/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_info/tasks/issue-28.yml
@@ -9,9 +9,6 @@
   block:
 
     # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
     - name: get server certificate
       copy:
         content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@@ -47,12 +44,12 @@
     - assert:
         that:
           - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
 
     - assert:
         that:
           - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
 
     - name: attempt connection with newly created user ignoring hostname
       mysql_info:
diff --git a/tests/integration/targets/test_mysql_query/tasks/issue-28.yml b/tests/integration/targets/test_mysql_query/tasks/issue-28.yml
index e2b51a6..0363834 100644
--- a/tests/integration/targets/test_mysql_query/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_query/tasks/issue-28.yml
@@ -9,9 +9,6 @@
   block:
 
     # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
     - name: get server certificate
       copy:
         content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@@ -47,12 +44,12 @@
     - assert:
         that:
           - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
 
     - assert:
         that:
           - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
 
     - name: attempt connection with newly created user ignoring hostname
       mysql_query:
diff --git a/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml b/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml
index 7943e35..5baa384 100644
--- a/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_replication/tasks/issue-28.yml
@@ -9,9 +9,6 @@
   block:
 
     # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
     - name: get server certificate
       copy:
         content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@@ -48,12 +45,12 @@
     - assert:
         that:
           - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
 
     - assert:
         that:
           - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
 
     - name: attempt connection with newly created user ignoring hostname
       mysql_replication:
diff --git a/tests/integration/targets/test_mysql_user/tasks/issue-28.yml b/tests/integration/targets/test_mysql_user/tasks/issue-28.yml
index a5b3d2a..16eb47d 100644
--- a/tests/integration/targets/test_mysql_user/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_user/tasks/issue-28.yml
@@ -9,9 +9,6 @@
   block:
 
     # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
     - name: get server certificate
       copy:
         content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@@ -50,12 +47,12 @@
     - assert:
         that:
           - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
 
     - assert:
         that:
           - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
 
     - name: attempt connection with newly created user ignoring hostname
       mysql_user:
diff --git a/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml b/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml
index 056771e..c33c52d 100644
--- a/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml
+++ b/tests/integration/targets/test_mysql_variables/tasks/issue-28.yml
@@ -9,9 +9,6 @@
   block:
 
     # ============================================================
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
     - name: get server certificate
       copy:
         content: "{{ lookup('pipe', \"openssl s_client -starttls mysql -connect localhost:3307 -showcerts 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'\") }}"
@@ -48,12 +45,12 @@
     - assert:
         that:
           - result is failed
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
 
     - assert:
         that:
           - result is succeeded
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
 
     - name: attempt connection with newly created user ignoring hostname
       mysql_variables:
diff --git a/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml b/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml
index 8a25849..390bc69 100644
--- a/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml
+++ b/tests/integration/targets/test_mysql_variables/tasks/mysql_variables.yml
@@ -151,9 +151,6 @@
     # ============================================================
     # Verify mysql_variable fails when setting an incorrect value (out of range)
     #
-    - shell: pip show pymysql | awk '/Version/ {print $2}'
-      register: pymysql_version
-
     - name: set mysql variable value to a number out of range
       mysql_variables:
         <<: *mysql_params
@@ -163,10 +160,10 @@
       ignore_errors: true
 
     - include: assert_var.yml changed=true output={{ oor_result }} var_name=max_connect_errors var_value=1
-      when: pymysql_version.stdout == ""
+      when: connector.name.0 is not search('pymysql')
 
     - include: assert_fail_msg.yml output={{ oor_result }}  msg='Truncated incorrect'
-      when: pymysql_version.stdout != ""
+      when: connector.name.0 is search('pymysql')
 
     # ============================================================
     # Verify mysql_variable fails when setting an incorrect value (incorrect type)
diff --git a/tests/sanity/ignore-2.13.txt b/tests/sanity/ignore-2.13.txt
new file mode 100644
index 0000000..c0323af
--- /dev/null
+++ b/tests/sanity/ignore-2.13.txt
@@ -0,0 +1,8 @@
+plugins/modules/mysql_db.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_db.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_db.py validate-modules:use-run-command-not-popen
+plugins/modules/mysql_info.py validate-modules:doc-elements-mismatch
+plugins/modules/mysql_info.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_query.py validate-modules:parameter-list-no-elements
+plugins/modules/mysql_user.py validate-modules:undocumented-parameter
+plugins/modules/mysql_variables.py validate-modules:doc-required-mismatch