Add shortening of ALL PRIVILEGES for MySQL 8 that return a big list

2025-04-06 10:40:36 -07:00 · 2023-09-21 18:06:32 +02:00 · 2023-09-21 18:06:32 +02:00 · eee4225ec4
commit eee4225ec4
parent 77c6a68a02
2 changed files with 46 additions and 4 deletions
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@ -486,6 +486,32 @@ def privileges_get(module, cursor, user, host, maria_role=False):
        else:
            return x

+    mysql8_all_privileges = [sorted([
+        'SELECT', 'INSERT', 'UPDATE', 'DELETE', 'CREATE', 'DROP', 'RELOAD',
+        'SHUTDOWN', 'PROCESS', 'FILE', 'REFERENCES', 'INDEX', 'ALTER',
+        'SHOW DATABASES', 'SUPER', 'CREATE TEMPORARY TABLES',
+        'LOCK TABLES', 'EXECUTE', 'REPLICATION SLAVE',
+        'REPLICATION CLIENT', 'CREATE VIEW', 'SHOW VIEW', 'CREATE ROUTINE',
+        'ALTER ROUTINE', 'CREATE USER', 'EVENT', 'TRIGGER',
+        'CREATE TABLESPACE', 'CREATE ROLE', 'DROP ROLE'
+        ]), sorted([
+        'APPLICATION_PASSWORD_ADMIN', 'AUDIT_ABORT_EXEMPT', 'AUDIT_ADMIN',
+        'AUTHENTICATION_POLICY_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
+        'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
+        'ENCRYPTION_KEY_ADMIN', 'FIREWALL_EXEMPT', 'FLUSH_OPTIMIZER_COSTS',
+        'FLUSH_STATUS', 'FLUSH_TABLES', 'FLUSH_USER_RESOURCES',
+        'GROUP_REPLICATION_ADMIN', 'GROUP_REPLICATION_STREAM',
+        'INNODB_REDO_LOG_ARCHIVE', 'INNODB_REDO_LOG_ENABLE',
+        'PASSWORDLESS_USER_ADMIN', 'PERSIST_RO_VARIABLES_ADMIN',
+        'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
+        'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER', 'ROLE_ADMIN',
+        'SENSITIVE_VARIABLES_OBSERVER', 'SERVICE_CONNECTION_ADMIN',
+        'SESSION_VARIABLES_ADMIN', 'SET_USER_ID', 'SHOW_ROUTINE',
+        'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'TABLE_ENCRYPTION_ADMIN',
+        'XA_RECOVER_ADMIN'
+        ])]
+
+
    for grant in grants:
        if isinstance(grant, dict):
            grant = list(grant.values())
@ -507,8 +533,8 @@ def privileges_get(module, cursor, user, host, maria_role=False):

            raise InvalidPrivsError('unable to parse the MySQL grant string: %s' % grant[0])

-        privileges = res.group(1).split(",")
-        privileges = [pick(x.strip()) for x in privileges]
+        privileges = [x.strip() for x in res.group(1).split(",")]
+        privileges = [pick(x) for x in privileges]

        # Handle cases when there's privs like GRANT SELECT (colA, ...) in privs.
        # To this point, the privileges list can look like
@ -517,11 +543,25 @@ def privileges_get(module, cursor, user, host, maria_role=False):
        # Determine if there's a case similar to the above:
        privileges = normalize_col_grants(privileges)

+        db = res.group(2)
+
+        if sorted(privileges) in mysql8_all_privileges:
+            privileges = ['ALL']
+
        if not maria_role:
            if "WITH GRANT OPTION" in res.group(7):
                privileges.append('GRANT')
-        db = res.group(2)
+
+        # Prevent to output 'ALL', 'ALL' because mysql 8 display all privileges
+        # with two lines as you can see in variable mysql8_all_privileges.
+        if (
+            'ALL' in privileges
+            and (['ALL'] in output.values() or ['ALL', 'GRANT'] in output.values())
+        ):
+            continue
+
        output.setdefault(db, []).extend(privileges)
+
    return output


--- a/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml
+++ b/tests/integration/targets/test_mysql_info/tasks/filter_users_privs.yml
@ -171,8 +171,10 @@
        - recreate_users_result is changed
      when:
        - item.name != 'root'
-        - item.name != 'mariadb.sys'
        - item.name != 'mysql'
+        - item.name != 'mariadb.sys'
+        - item.name != 'mysql.sys'
+        - item.name != 'mysql.infoschema'


    # ================================== Cleanup ============================