ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-04-21 09:51:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Remove all code related to VALID_PRIVS and get_valid_privs()

Browse source
This commit is contained in:
R.Sicart 2021-10-30 16:38:45 +02:00
parent 5522e45284
commit ac18eeaad5
3 changed files with 3 additions and 65 deletions
Download patch file Download diff file Expand all files Collapse all files

57
plugins/module_utils/user.py
View file

@ -19,49 +19,6 @@ from ansible_collections.community.mysql.plugins.module_utils.mysql import (
) )
EXTRA_PRIVS = ['ALL', 'ALL PRIVILEGES', 'GRANT', 'REQUIRESSL']
# This list is kept for backwards compatibility after release 2.3.0,
# see https://github.com/ansible-collections/community.mysql/issues/232 for details
VALID_PRIVS = [
'CREATE', 'DROP', 'GRANT', 'GRANT OPTION',
'LOCK TABLES', 'REFERENCES', 'EVENT', 'ALTER',
'DELETE', 'INDEX', 'INSERT', 'SELECT', 'UPDATE',
'CREATE TEMPORARY TABLES', 'TRIGGER', 'CREATE VIEW',
'SHOW VIEW', 'ALTER ROUTINE', 'CREATE ROUTINE',
'EXECUTE', 'FILE', 'CREATE TABLESPACE', 'CREATE USER',
'PROCESS', 'PROXY', 'RELOAD', 'REPLICATION CLIENT',
'REPLICATION SLAVE', 'SHOW DATABASES', 'SHUTDOWN',
'SUPER', 'ALL', 'ALL PRIVILEGES', 'USAGE',
'REQUIRESSL', # Deprecated, to be removed in version 3.0.0
'CREATE ROLE', 'DROP ROLE', 'APPLICATION_PASSWORD_ADMIN',
'AUDIT_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
'ENCRYPTION_KEY_ADMIN', 'FIREWALL_ADMIN', 'FIREWALL_USER',
'GROUP_REPLICATION_ADMIN', 'INNODB_REDO_LOG_ARCHIVE',
'NDB_STORED_USER', 'PERSIST_RO_VARIABLES_ADMIN',
'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER',
'ROLE_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID',
'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'SYSTEM_USER',
'TABLE_ENCRYPTION_ADMIN', 'VERSION_TOKEN_ADMIN',
'XA_RECOVER_ADMIN', 'LOAD FROM S3', 'SELECT INTO S3',
'INVOKE LAMBDA',
'ALTER ROUTINE',
'BINLOG ADMIN',
'BINLOG MONITOR',
'BINLOG REPLAY',
'CONNECTION ADMIN',
'READ_ONLY ADMIN',
'REPLICATION MASTER ADMIN',
'REPLICATION SLAVE ADMIN',
'SET USER',
'SHOW_ROUTINE',
'SLAVE MONITOR',
'REPLICA MONITOR',
]
class InvalidPrivsError(Exception): class InvalidPrivsError(Exception):
pass pass
@ -147,14 +104,6 @@ def get_tls_requires(cursor, user, host):
return requires or None return requires or None
def get_valid_privs(cursor):
cursor.execute("SHOW PRIVILEGES")
show_privs = [priv[0].upper() for priv in cursor.fetchall()]
# See the comment above VALID_PRIVS declaration
all_privs = show_privs + EXTRA_PRIVS + VALID_PRIVS
return frozenset(all_privs)
def get_grants(cursor, user, host): def get_grants(cursor, user, host):
cursor.execute("SHOW GRANTS FOR %s@%s", (user, host)) cursor.execute("SHOW GRANTS FOR %s@%s", (user, host))
grants_line = list(filter(lambda x: "ON *.*" in x[0], cursor.fetchall()))[0] grants_line = list(filter(lambda x: "ON *.*" in x[0], cursor.fetchall()))[0]
@ -597,7 +546,7 @@ def sort_column_order(statement):
return '%s(%s)' % (priv_name, ', '.join(columns)) return '%s(%s)' % (priv_name, ', '.join(columns))
def privileges_unpack(priv, mode, valid_privs): def privileges_unpack(priv, mode):
""" Take a privileges string, typically passed as a parameter, and unserialize """ Take a privileges string, typically passed as a parameter, and unserialize
it into a dictionary, the same format as privileges_get() above. We have this it into a dictionary, the same format as privileges_get() above. We have this
custom format to avoid using YAML/JSON strings inside YAML playbooks. Example custom format to avoid using YAML/JSON strings inside YAML playbooks. Example
@ -643,10 +592,6 @@ def privileges_unpack(priv, mode, valid_privs):
# Handle cases when there's privs like GRANT SELECT (colA, ...) in privs. # Handle cases when there's privs like GRANT SELECT (colA, ...) in privs.
output[pieces[0]] = normalize_col_grants(output[pieces[0]]) output[pieces[0]] = normalize_col_grants(output[pieces[0]])
new_privs = frozenset(privs)
if not new_privs.issubset(valid_privs):
raise InvalidPrivsError('Invalid privileges specified: %s' % new_privs.difference(valid_privs))
if '*.*' not in output: if '*.*' not in output:
output['*.*'] = ['USAGE'] output['*.*'] = ['USAGE']

4
plugins/modules/mysql_role.py
View file

@ -250,7 +250,6 @@ from ansible_collections.community.mysql.plugins.module_utils.user import (
get_mode, get_mode,
user_mod, user_mod,
privileges_grant, privileges_grant,
get_valid_privs,
privileges_unpack, privileges_unpack,
) )
from ansible.module_utils._text import to_native from ansible.module_utils._text import to_native
@ -1014,8 +1013,7 @@ def main():
module.fail_json(msg=to_native(e)) module.fail_json(msg=to_native(e))
try: try:
valid_privs = get_valid_privs(cursor) priv = privileges_unpack(priv, mode)
priv = privileges_unpack(priv, mode, valid_privs)
except Exception as e: except Exception as e:
module.fail_json(msg='Invalid privileges string: %s' % to_native(e)) module.fail_json(msg='Invalid privileges string: %s' % to_native(e))

7
plugins/modules/mysql_user.py
View file

@ -318,7 +318,6 @@ from ansible_collections.community.mysql.plugins.module_utils.user import (
handle_requiressl_in_priv_string, handle_requiressl_in_priv_string,
InvalidPrivsError, InvalidPrivsError,
limit_resources, limit_resources,
get_valid_privs,
privileges_unpack, privileges_unpack,
sanitize_requires, sanitize_requires,
user_add, user_add,
@ -421,11 +420,7 @@ def main():
mode = get_mode(cursor) mode = get_mode(cursor)
except Exception as e: except Exception as e:
module.fail_json(msg=to_native(e)) module.fail_json(msg=to_native(e))
try: priv = privileges_unpack(priv, mode)
valid_privs = get_valid_privs(cursor)
priv = privileges_unpack(priv, mode, valid_privs)
except Exception as e:
module.fail_json(msg="invalid privileges string: %s" % to_native(e))
if state == "present": if state == "present":
if user_exists(cursor, user, host, host_all): if user_exists(cursor, user, host, host_all):