mirror of
https://github.com/ansible-collections/community.mysql.git
synced 2025-04-05 10:10:32 -07:00
Fix revoke only grant (#503)
* fix
* test
* changelog
(cherry picked from commit b34c23d07d
)
This commit is contained in:
parent
ff94dcdf0f
commit
f2efed4b84
4 changed files with 73 additions and 9 deletions
2
changelogs/fragments/503-fix-revoke-grant-only.yml
Normal file
2
changelogs/fragments/503-fix-revoke-grant-only.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
bugfixes:
|
||||||
|
- mysql_user - when revoke privs consists only of ``GRANT``, a 2nd revoke query is executed with empty privs to revoke that ended in an SQL exception (https://github.com/ansible-collections/community.mysql/pull/503).
|
|
@ -680,17 +680,19 @@ def privileges_revoke(cursor, user, host, db_table, priv, grant_option, maria_ro
|
||||||
query = ' '.join(query)
|
query = ' '.join(query)
|
||||||
cursor.execute(query, (user, host))
|
cursor.execute(query, (user, host))
|
||||||
priv_string = ",".join([p for p in priv if p not in ('GRANT', )])
|
priv_string = ",".join([p for p in priv if p not in ('GRANT', )])
|
||||||
query = ["REVOKE %s ON %s" % (priv_string, db_table)]
|
|
||||||
|
|
||||||
if not maria_role:
|
if priv_string != "":
|
||||||
query.append("FROM %s@%s")
|
query = ["REVOKE %s ON %s" % (priv_string, db_table)]
|
||||||
params = (user, host)
|
|
||||||
else:
|
|
||||||
query.append("FROM %s")
|
|
||||||
params = (user,)
|
|
||||||
|
|
||||||
query = ' '.join(query)
|
if not maria_role:
|
||||||
cursor.execute(query, params)
|
query.append("FROM %s@%s")
|
||||||
|
params = (user, host)
|
||||||
|
else:
|
||||||
|
query.append("FROM %s")
|
||||||
|
params = (user,)
|
||||||
|
|
||||||
|
query = ' '.join(query)
|
||||||
|
cursor.execute(query, params)
|
||||||
cursor.execute("FLUSH PRIVILEGES")
|
cursor.execute("FLUSH PRIVILEGES")
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -289,3 +289,5 @@
|
||||||
|
|
||||||
# https://github.com/ansible-collections/community.mysql/issues/231
|
# https://github.com/ansible-collections/community.mysql/issues/231
|
||||||
- include: test_user_grants_with_roles_applied.yml
|
- include: test_user_grants_with_roles_applied.yml
|
||||||
|
|
||||||
|
- include: revoke_only_grant.yml
|
|
@ -0,0 +1,58 @@
|
||||||
|
---
|
||||||
|
- vars:
|
||||||
|
mysql_parameters: &mysql_params
|
||||||
|
login_user: '{{ mysql_user }}'
|
||||||
|
login_password: '{{ mysql_password }}'
|
||||||
|
login_host: 127.0.0.1
|
||||||
|
login_port: '{{ mysql_primary_port }}'
|
||||||
|
block:
|
||||||
|
- name: Drop mysql user if exists
|
||||||
|
mysql_user:
|
||||||
|
<<: *mysql_params
|
||||||
|
name: '{{ user_name_1 }}'
|
||||||
|
state: absent
|
||||||
|
ignore_errors: true
|
||||||
|
|
||||||
|
- name: create user with two grants
|
||||||
|
mysql_user:
|
||||||
|
<<: *mysql_params
|
||||||
|
name: "{{ user_name_1 }}"
|
||||||
|
password: "{{ user_password_1 }}"
|
||||||
|
update_password: on_create
|
||||||
|
priv: '*.*:SELECT,GRANT'
|
||||||
|
|
||||||
|
- name: user must have only on priv, grant priv must be dropped
|
||||||
|
register: result
|
||||||
|
mysql_user:
|
||||||
|
<<: *mysql_params
|
||||||
|
name: "{{ user_name_1 }}"
|
||||||
|
password: "{{ user_password_1 }}"
|
||||||
|
update_password: on_create
|
||||||
|
priv: '*.*:SELECT'
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is not failed
|
||||||
|
- result is changed
|
||||||
|
|
||||||
|
- name: immutable - user must have only on priv, grant priv must be dropped
|
||||||
|
register: result
|
||||||
|
mysql_user:
|
||||||
|
<<: *mysql_params
|
||||||
|
name: "{{ user_name_1 }}"
|
||||||
|
password: "{{ user_password_1 }}"
|
||||||
|
update_password: on_create
|
||||||
|
priv: '*.*:SELECT'
|
||||||
|
|
||||||
|
- assert:
|
||||||
|
that:
|
||||||
|
- result is not failed
|
||||||
|
- result is not changed
|
||||||
|
|
||||||
|
always:
|
||||||
|
- name: drop user
|
||||||
|
mysql_user:
|
||||||
|
<<: *mysql_params
|
||||||
|
name: '{{ user_name_1 }}'
|
||||||
|
state: absent
|
||||||
|
ignore_errors: true
|
Loading…
Add table
Reference in a new issue