[stable-2] Backport stable 2 5 (#235)

* Copy ignore-2.12.txt to ignore-2.13.txt (#225) (cherry picked from commit 4f205ef540) * CI matrix update (#226) * CI matrix update * Fix test_mysql_user * Fix CI * Fix CI * Fix CI * Fix CI * Fix CI (cherry picked from commit fc984b28aa) * integration tests: remove superfluous debug task (#228) * integration tests: remove superfluous debug task * Turn off integration tests against devel (cherry picked from commit f47d4635f1) * mysql_user: fix broken compatibility for priviledge aliases (#233) * mysql_user: fix broken compatibility for priviledge aliases * add changelog fragment * fix changelog fragment * Improve formatting (cherry picked from commit bb3e9fd3fa)
2025-04-25 03:41:26 -07:00 · 2021-10-19 13:20:30 +03:00 · 2021-10-19 13:20:30 +03:00 · 55a8ecd64e
commit 55a8ecd64e
parent a6bacefc41
13 changed files with 104 additions and 43 deletions
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@ -21,6 +21,46 @@ from ansible_collections.community.mysql.plugins.module_utils.mysql import (

 EXTRA_PRIVS = ['ALL', 'ALL PRIVILEGES', 'GRANT', 'REQUIRESSL']

+# This list is kept for backwards compatibility after release 2.3.0,
+# see https://github.com/ansible-collections/community.mysql/issues/232 for details
+VALID_PRIVS = [
+    'CREATE', 'DROP', 'GRANT', 'GRANT OPTION',
+    'LOCK TABLES', 'REFERENCES', 'EVENT', 'ALTER',
+    'DELETE', 'INDEX', 'INSERT', 'SELECT', 'UPDATE',
+    'CREATE TEMPORARY TABLES', 'TRIGGER', 'CREATE VIEW',
+    'SHOW VIEW', 'ALTER ROUTINE', 'CREATE ROUTINE',
+    'EXECUTE', 'FILE', 'CREATE TABLESPACE', 'CREATE USER',
+    'PROCESS', 'PROXY', 'RELOAD', 'REPLICATION CLIENT',
+    'REPLICATION SLAVE', 'SHOW DATABASES', 'SHUTDOWN',
+    'SUPER', 'ALL', 'ALL PRIVILEGES', 'USAGE',
+    'REQUIRESSL',  # Deprecated, to be removed in version 3.0.0
+    'CREATE ROLE', 'DROP ROLE', 'APPLICATION_PASSWORD_ADMIN',
+    'AUDIT_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
+    'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
+    'ENCRYPTION_KEY_ADMIN', 'FIREWALL_ADMIN', 'FIREWALL_USER',
+    'GROUP_REPLICATION_ADMIN', 'INNODB_REDO_LOG_ARCHIVE',
+    'NDB_STORED_USER', 'PERSIST_RO_VARIABLES_ADMIN',
+    'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
+    'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER',
+    'ROLE_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID',
+    'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'SYSTEM_USER',
+    'TABLE_ENCRYPTION_ADMIN', 'VERSION_TOKEN_ADMIN',
+    'XA_RECOVER_ADMIN', 'LOAD FROM S3', 'SELECT INTO S3',
+    'INVOKE LAMBDA',
+    'ALTER ROUTINE',
+    'BINLOG ADMIN',
+    'BINLOG MONITOR',
+    'BINLOG REPLAY',
+    'CONNECTION ADMIN',
+    'READ_ONLY ADMIN',
+    'REPLICATION MASTER ADMIN',
+    'REPLICATION SLAVE ADMIN',
+    'SET USER',
+    'SHOW_ROUTINE',
+    'SLAVE MONITOR',
+    'REPLICA MONITOR',
+]
+

 class InvalidPrivsError(Exception):
    pass
@ -110,7 +150,8 @@ def get_tls_requires(cursor, user, host):
 def get_valid_privs(cursor):
    cursor.execute("SHOW PRIVILEGES")
    show_privs = [priv[0].upper() for priv in cursor.fetchall()]
-    all_privs = show_privs + EXTRA_PRIVS
+    # See the comment above VALID_PRIVS declaration
+    all_privs = show_privs + EXTRA_PRIVS + VALID_PRIVS
    return frozenset(all_privs)