Remove all code related to VALID_PRIVS and get_valid_privs()

2025-04-21 09:51:31 -07:00 · 2021-10-30 16:38:45 +02:00 · 2021-10-30 16:38:45 +02:00 · ac18eeaad5
commit ac18eeaad5
parent 5522e45284
3 changed files with 3 additions and 65 deletions
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@ -19,49 +19,6 @@ from ansible_collections.community.mysql.plugins.module_utils.mysql import (
 )


-EXTRA_PRIVS = ['ALL', 'ALL PRIVILEGES', 'GRANT', 'REQUIRESSL']
-
-# This list is kept for backwards compatibility after release 2.3.0,
-# see https://github.com/ansible-collections/community.mysql/issues/232 for details
-VALID_PRIVS = [
-    'CREATE', 'DROP', 'GRANT', 'GRANT OPTION',
-    'LOCK TABLES', 'REFERENCES', 'EVENT', 'ALTER',
-    'DELETE', 'INDEX', 'INSERT', 'SELECT', 'UPDATE',
-    'CREATE TEMPORARY TABLES', 'TRIGGER', 'CREATE VIEW',
-    'SHOW VIEW', 'ALTER ROUTINE', 'CREATE ROUTINE',
-    'EXECUTE', 'FILE', 'CREATE TABLESPACE', 'CREATE USER',
-    'PROCESS', 'PROXY', 'RELOAD', 'REPLICATION CLIENT',
-    'REPLICATION SLAVE', 'SHOW DATABASES', 'SHUTDOWN',
-    'SUPER', 'ALL', 'ALL PRIVILEGES', 'USAGE',
-    'REQUIRESSL',  # Deprecated, to be removed in version 3.0.0
-    'CREATE ROLE', 'DROP ROLE', 'APPLICATION_PASSWORD_ADMIN',
-    'AUDIT_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
-    'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
-    'ENCRYPTION_KEY_ADMIN', 'FIREWALL_ADMIN', 'FIREWALL_USER',
-    'GROUP_REPLICATION_ADMIN', 'INNODB_REDO_LOG_ARCHIVE',
-    'NDB_STORED_USER', 'PERSIST_RO_VARIABLES_ADMIN',
-    'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
-    'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER',
-    'ROLE_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID',
-    'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'SYSTEM_USER',
-    'TABLE_ENCRYPTION_ADMIN', 'VERSION_TOKEN_ADMIN',
-    'XA_RECOVER_ADMIN', 'LOAD FROM S3', 'SELECT INTO S3',
-    'INVOKE LAMBDA',
-    'ALTER ROUTINE',
-    'BINLOG ADMIN',
-    'BINLOG MONITOR',
-    'BINLOG REPLAY',
-    'CONNECTION ADMIN',
-    'READ_ONLY ADMIN',
-    'REPLICATION MASTER ADMIN',
-    'REPLICATION SLAVE ADMIN',
-    'SET USER',
-    'SHOW_ROUTINE',
-    'SLAVE MONITOR',
-    'REPLICA MONITOR',
-]
-
-
 class InvalidPrivsError(Exception):
    pass

@ -147,14 +104,6 @@ def get_tls_requires(cursor, user, host):
        return requires or None


-def get_valid_privs(cursor):
-    cursor.execute("SHOW PRIVILEGES")
-    show_privs = [priv[0].upper() for priv in cursor.fetchall()]
-    # See the comment above VALID_PRIVS declaration
-    all_privs = show_privs + EXTRA_PRIVS + VALID_PRIVS
-    return frozenset(all_privs)
-
-
 def get_grants(cursor, user, host):
    cursor.execute("SHOW GRANTS FOR %s@%s", (user, host))
    grants_line = list(filter(lambda x: "ON *.*" in x[0], cursor.fetchall()))[0]
@ -597,7 +546,7 @@ def sort_column_order(statement):
    return '%s(%s)' % (priv_name, ', '.join(columns))


-def privileges_unpack(priv, mode, valid_privs):
+def privileges_unpack(priv, mode):
    """ Take a privileges string, typically passed as a parameter, and unserialize
    it into a dictionary, the same format as privileges_get() above. We have this
    custom format to avoid using YAML/JSON strings inside YAML playbooks. Example
@ -643,10 +592,6 @@ def privileges_unpack(priv, mode, valid_privs):
        # Handle cases when there's privs like GRANT SELECT (colA, ...) in privs.
        output[pieces[0]] = normalize_col_grants(output[pieces[0]])

-        new_privs = frozenset(privs)
-        if not new_privs.issubset(valid_privs):
-            raise InvalidPrivsError('Invalid privileges specified: %s' % new_privs.difference(valid_privs))
-
    if '*.*' not in output:
        output['*.*'] = ['USAGE']

--- a/plugins/modules/mysql_role.py
+++ b/plugins/modules/mysql_role.py
@ -250,7 +250,6 @@ from ansible_collections.community.mysql.plugins.module_utils.user import (
    get_mode,
    user_mod,
    privileges_grant,
-    get_valid_privs,
    privileges_unpack,
 )
 from ansible.module_utils._text import to_native
@ -1014,8 +1013,7 @@ def main():
            module.fail_json(msg=to_native(e))

        try:
-            valid_privs = get_valid_privs(cursor)
-            priv = privileges_unpack(priv, mode, valid_privs)
+            priv = privileges_unpack(priv, mode)
        except Exception as e:
            module.fail_json(msg='Invalid privileges string: %s' % to_native(e))

--- a/plugins/modules/mysql_user.py
+++ b/plugins/modules/mysql_user.py
@ -318,7 +318,6 @@ from ansible_collections.community.mysql.plugins.module_utils.user import (
    handle_requiressl_in_priv_string,
    InvalidPrivsError,
    limit_resources,
-    get_valid_privs,
    privileges_unpack,
    sanitize_requires,
    user_add,
@ -421,11 +420,7 @@ def main():
            mode = get_mode(cursor)
        except Exception as e:
            module.fail_json(msg=to_native(e))
-        try:
-            valid_privs = get_valid_privs(cursor)
-            priv = privileges_unpack(priv, mode, valid_privs)
-        except Exception as e:
-            module.fail_json(msg="invalid privileges string: %s" % to_native(e))
+        priv = privileges_unpack(priv, mode)

    if state == "present":
        if user_exists(cursor, user, host, host_all):