From da9e179848b5a861a82f0d4aa84f7e49bfb24160 Mon Sep 17 00:00:00 2001
From: Felix Hamme <felix.hamme@ionos.com>
Date: Thu, 28 Apr 2022 16:10:46 +0200
Subject: [PATCH] mysql_user and mysql_role: don't grant too much privileges

If only the grant option needs to be granted, at least one privilege needs to be granted to get valid syntax. USAGE is better for that than the existing privileges, because unwanted privileges would be re-added after revokation.
---
 plugins/module_utils/user.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/module_utils/user.py b/plugins/module_utils/user.py
index a029d82..67a04fc 100644
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@@ -332,8 +332,8 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
                     grant_privs = list(set(new_priv[db_table]) - set(curr_priv[db_table]))
                     revoke_privs = list(set(curr_priv[db_table]) - set(new_priv[db_table]))
                 if grant_privs == ['GRANT']:
-                    # add the existing privileges because 'WITH GRANT OPTION' cannot stand alone
-                    grant_privs.extend(curr_priv[db_table])
+                    # USAGE grants no privileges, it is only needed because 'WITH GRANT OPTION' cannot stand alone
+                    grant_privs.extend('USAGE')
 
                 if len(grant_privs) + len(revoke_privs) > 0:
                     msg = "Privileges updated: granted %s, revoked %s" % (grant_privs, revoke_privs)