WIP attempt to retrieve all users privileges

2025-04-24 03:11:25 -07:00 · 2023-09-11 19:28:26 +02:00 · 2023-09-11 19:28:26 +02:00 · d7beeec410
commit d7beeec410
parent 033b4c74f9
6 changed files with 307 additions and 238 deletions
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@ -104,9 +104,13 @@ def get_tls_requires(cursor, user, host):
        return requires or None


-def get_grants(cursor, user, host):
+def get_grants(module, cursor, user, host):
    cursor.execute("SHOW GRANTS FOR %s@%s", (user, host))
-    grants_line = list(filter(lambda x: "ON *.*" in x[0], cursor.fetchall()))[0]
+    try:
+        grants_line = list(filter(lambda x: "ON *.*" in x[0], cursor.fetchall()))[0]
+    except Exception as e:
+        module.fail_json(msg="Error %s" % e)
+
    pattern = r"(?<=\bGRANT\b)(.*?)(?=(?:\bON\b))"
    grants = re.search(pattern, grants_line[0]).group().strip()
    return grants.split(", ")
@ -132,7 +136,7 @@ def get_existing_authentication(cursor, user):
    return None


-def user_add(cursor, user, host, host_all, password, encrypted,
+def user_add(module, cursor, user, host, host_all, password, encrypted,
             plugin, plugin_hash_string, plugin_auth_string, new_priv,
             tls_requires, check_mode, reuse_existing_password):
    # we cannot create users without a proper hostname
@ -187,7 +191,7 @@ def user_add(cursor, user, host, host_all, password, encrypted,
        for db_table, priv in iteritems(new_priv):
            privileges_grant(cursor, user, host, db_table, priv, tls_requires)
    if tls_requires is not None:
-        privileges_grant(cursor, user, host, "*.*", get_grants(cursor, user, host), tls_requires)
+        privileges_grant(cursor, user, host, "*.*", get_grants(module, cursor, user, host), tls_requires)
    return {'changed': True, 'password_changed': not used_existing_password}