mysql_user: fix broken compatibility for priviledge aliases (#233)

* mysql_user: fix broken compatibility for priviledge aliases * add changelog fragment * fix changelog fragment * Improve formatting
2025-04-05 10:10:32 -07:00 · 2021-10-18 16:25:00 +03:00 · 2021-10-18 16:25:00 +03:00 · bb3e9fd3fa
commit bb3e9fd3fa
parent f47d4635f1
2 changed files with 44 additions and 1 deletions
--- a/changelogs/fragments/233-mysql_user_return_valid_privs.yml
+++ b/changelogs/fragments/233-mysql_user_return_valid_privs.yml
@ -0,0 +1,2 @@
 bugfixes:
  - mysql_user - Fix crash reporting ``Invalid privileges specified`` when passing privileges that became aliases (https://github.com/ansible-collections/community.mysql/issues/232).
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@ -21,6 +21,46 @@ from ansible_collections.community.mysql.plugins.module_utils.mysql import (
 EXTRA_PRIVS = ['ALL', 'ALL PRIVILEGES', 'GRANT', 'REQUIRESSL']
 # This list is kept for backwards compatibility after release 2.3.0,
 # see https://github.com/ansible-collections/community.mysql/issues/232 for details
 VALID_PRIVS = [
    'CREATE', 'DROP', 'GRANT', 'GRANT OPTION',
    'LOCK TABLES', 'REFERENCES', 'EVENT', 'ALTER',
    'DELETE', 'INDEX', 'INSERT', 'SELECT', 'UPDATE',
    'CREATE TEMPORARY TABLES', 'TRIGGER', 'CREATE VIEW',
    'SHOW VIEW', 'ALTER ROUTINE', 'CREATE ROUTINE',
    'EXECUTE', 'FILE', 'CREATE TABLESPACE', 'CREATE USER',
    'PROCESS', 'PROXY', 'RELOAD', 'REPLICATION CLIENT',
    'REPLICATION SLAVE', 'SHOW DATABASES', 'SHUTDOWN',
    'SUPER', 'ALL', 'ALL PRIVILEGES', 'USAGE',
    'REQUIRESSL',  # Deprecated, to be removed in version 3.0.0
    'CREATE ROLE', 'DROP ROLE', 'APPLICATION_PASSWORD_ADMIN',
    'AUDIT_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
    'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
    'ENCRYPTION_KEY_ADMIN', 'FIREWALL_ADMIN', 'FIREWALL_USER',
    'GROUP_REPLICATION_ADMIN', 'INNODB_REDO_LOG_ARCHIVE',
    'NDB_STORED_USER', 'PERSIST_RO_VARIABLES_ADMIN',
    'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
    'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER',
    'ROLE_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID',
    'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'SYSTEM_USER',
    'TABLE_ENCRYPTION_ADMIN', 'VERSION_TOKEN_ADMIN',
    'XA_RECOVER_ADMIN', 'LOAD FROM S3', 'SELECT INTO S3',
    'INVOKE LAMBDA',
    'ALTER ROUTINE',
    'BINLOG ADMIN',
    'BINLOG MONITOR',
    'BINLOG REPLAY',
    'CONNECTION ADMIN',
    'READ_ONLY ADMIN',
    'REPLICATION MASTER ADMIN',
    'REPLICATION SLAVE ADMIN',
    'SET USER',
    'SHOW_ROUTINE',
    'SLAVE MONITOR',
    'REPLICA MONITOR',
 ]
 class InvalidPrivsError(Exception):
    pass
@ -110,7 +150,8 @@ def get_tls_requires(cursor, user, host):
 def get_valid_privs(cursor):
    cursor.execute("SHOW PRIVILEGES")
    show_privs = [priv[0].upper() for priv in cursor.fetchall()]
-    all_privs = show_privs + EXTRA_PRIVS
+    # See the comment above VALID_PRIVS declaration
    all_privs = show_privs + EXTRA_PRIVS + VALID_PRIVS
    return frozenset(all_privs)
		`@ -0,0 +1,2 @@`
							`bugfixes:`
							- mysql_user - Fix crash reporting ``Invalid privileges specified`` when passing privileges that became aliases (https://github.com/ansible-collections/community.mysql/issues/232).