ansible-collections/community.mysql
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.mysql.git synced 2025-08-27 08:21:46 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

mysql_user and mysql_role: don't grant too much privileges

Browse source 
If only the grant option needs to be granted, at least one privilege needs to be granted to get valid syntax. USAGE is better for that than the existing privileges, because unwanted privileges would be re-added after revokation.
This commit is contained in:
Felix Hamme 2022-04-28 16:10:46 +02:00
commit da9e179848
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
plugins/module_utils/user.py
View file

@ -332,8 +332,8 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
grant_privs = list(set(new_priv[db_table]) - set(curr_priv[db_table]))
revoke_privs = list(set(curr_priv[db_table]) - set(new_priv[db_table]))
if grant_privs == ['GRANT']:
# add the existing privileges because 'WITH GRANT OPTION' cannot stand alone
grant_privs.extend(curr_priv[db_table])
# USAGE grants no privileges, it is only needed because 'WITH GRANT OPTION' cannot stand alone
grant_privs.extend('USAGE')
if len(grant_privs) + len(revoke_privs) > 0:
msg = "Privileges updated: granted %s, revoked %s" % (grant_privs, revoke_privs)