This was introduced in #189. To my knowledge, there is no difference
between MySQL and MariaDB regarding roles or when you call a user by
its name alone. Both works if the host it '%'. Same for roles.
This reverts commit 77593b7a91e8d417eead0d3d5366ba991c767565.
I imported PR569 to be able to test on my fork, but to avoid polluting
this patch I now revert those commit.
This debug output this:
[
{'Grants for root@localhost': \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION\"},
{'Grants for root@localhost': \"GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION\"}
],
[
{'Grants for mysql.session@localhost': \"GRANT SUPER ON *.* TO 'mysql.session'@'localhost'\"},
{'Grants for mysql.session@localhost': \"GRANT SELECT ON `performance_schema`.* TO 'mysql.session'@'localhost'\"},
{'Grants for mysql.session@localhost': \"GRANT SELECT ON `mysql`.`user` TO 'mysql.session'@'localhost'\"}
],
[
{'Grants for mysql.sys@localhost': \"GRANT USAGE ON *.* TO 'mysql.sys'@'localhost'\"},
{'Grants for mysql.sys@localhost': \"GRANT TRIGGER ON `sys`.* TO 'mysql.sys'@'localhost'\"},
{'Grants for mysql.sys@localhost': \"GRANT SELECT ON `sys`.`sys_config` TO 'mysql.sys'@'localhost'\"}
],
[
{'Grants for root@%': \"GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION\"}
]
I think something is wrong in the lambda and when grants art on ''@''.
* Add integrations tests for column case sensitive name
* add a warning when column_case_sensitive in not set
* add announce default will change in in 4.0.0
* fix tests for engine that don't wrap column in backticks
* add filter because only MySQL 5.7 is case sensitive for users privs
* add kmarse and myself to the authors
* add kmarse to the contributors list
---------
Co-authored-by: Laurent Indermühle <laurent.indermuehle@epfl.ch>
Co-authored-by: Andrew Klychkov <aklychko@redhat.com>
* add service name to plugin pam/auth_pam usage
* typo fixed
* MySLQ is using identified with auth_pam by ... instead of identified with pam using ... like mariadb does
* a : in description lines breaks yaml syntax
* clearify documentation and add changelog fragment
* Update changelogs/fragments/445_add_service_name_to_plugin_pam_auth_pam_usage.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/module_utils/user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Compare privileges from before and after manipulation
* Add unit tests
* Fix FIXME integration tests related to this issue
* Fix sanity check
* Fix assertion when appending privs in mysql_role_initial integration tests
* Fix pylint
* [ci-skip] Add changelog fragment
* Fix: missing fragment file extension
* Replace privileges_equal() by a comparison
* Fix: sanity pylint
* Fix: forgot to remove privileges_equal import from unit tests
* Fix: exclude mysql 8 from test_mysql_user's 'Assert that priv did not change' test
* Add tests to verify that GRANT permission is present after user modification
* Fix: do not revoke GRANT permission when it's already allowed and present in priv parameter
* Deduplicate tests name
Easier to debug this way
* Fix assertions named 'GRANT permission is present'
* Only revoke grant option if it exists and absence is requested
* Fix assertion comments
* Fix: Only revoke grant option if it exists and absence is requested
* Avoid pointless revocations when ALL are granted
* Assert that priv did not change on mariadb also
* Fix: sanity and unity tests
* Format long lines
* Add changelog fragment
Co-authored-by: Laurent Indermühle <laurent.indermuehle@pm.me>
* add option subtract_privs to mysql_role and mysql_user
see https://github.com/ansible-collections/community.mysql/issues/331
* add integration tests for subtract_privs for mysql_role and mysql_user
* add changelog fragment for PR #333
* mysql_role, mysql_user: when subtract_privileges, don't grant unwanted privileges and don't revoke USAGE implicitly
* fix integration tests
* mysql_role, mysql_user: invalid privileges are ignored when subtract_privs is true -> document that and fix integration tests
* fix mysql_role integration tests
* fix mysql_role, mysql_user integration tests
* formatting
make the PEP8 check happy
* mysql_user and mysql_role: fix granting privileges when only the GRANT OPTION needs to be added
* mysql_user and mysql_role: log some updated privileges; explain integration test blind spot
* mysql_user and mysql_role: don't grant too much privileges
If only the grant option needs to be granted, at least one privilege needs to be granted to get valid syntax. USAGE is better for that than the existing privileges, because unwanted privileges would be re-added after revokation.
* mysql_user and mysql_role: fix type error
* Update changelogs/fragments/333-mysql_user-mysql_role-add-subtract_privileges-argument.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_role.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Update plugins/modules/mysql_user.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Felix Hamme <felix.hamme@ionos.com>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* added flush privileges to write dynamic privs into db
Fixes https://github.com/ansible-collections/community.mysql/issues/120
* added changelog fragment
* Update changelogs/fragments/338-mysql_user_fix_missing_dynamic_privileges.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Remove all code related to VALID_PRIVS and get_valid_privs()
* Add tests to update user with invalid privs
* Re-raise InvalidPrivsError when granting privileges
* Fix: compatibility with python2
* More explicit assertions as commented by Andersson007
* Add changelog fragment
* mysql_user: replace VALID_PRIVS by get_valid_privs() function
* Add EXTRA_PRIVS in case we need to add more privs in the future
* Add changelog fragment
