Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix revoke only grant #503

Merged
merged 3 commits into from
Feb 8, 2023
Merged

Fix revoke only grant #503

merged 3 commits into from
Feb 8, 2023

Conversation

markuman
Copy link
Member

@markuman markuman commented Feb 7, 2023

SUMMARY

When only grant is revoked by mysql_user, it results in a 2nd sql query, where empty privs are tried to revoked.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

plugs/module_utils/user.py

@markuman
Copy link
Member Author

markuman commented Feb 8, 2023
edited
Loading

here is a playbook that show the current bug:

---
- name: prepare mariadb container
  hosts: localhost
  connection: local

  tasks:
    - name: test
      vars:
        mysql_parameters: &mysql_params
          login_user: root
          login_password: mariadb
          login_host: 127.0.0.1
          login_port: 33066
      block:
        - name: start nextcloud container
          register: out
          community.docker.docker_container:
            name: mariadb_test_container
            image: mariadb:10.6
            state: started
            auto_remove: true
            recreate: true
            container_default_behavior: no_defaults
            published_ports:
              - "127.0.0.1:{{ mysql_parameters.login_port }}:3306"
            env:
              MARIADB_ROOT_PASSWORD: "{{ mysql_parameters.login_password }}"

        - name: mariadb container needs some sec for initialization
          pause:
            seconds: 10

        - name: create user with two grants
          mysql_user:
            <<: *mysql_params
            name: testuser
            password: testpassword
            update_password: on_create
            priv: '*.*:SELECT,GRANT'

        - name: >
            user must have only one priv. grant priv must be dropped
            this is the bug that is fixed in https://github.com/ansible-collections/community.mysql/pull/503
          register: result
          mysql_user:
            <<: *mysql_params
            name: testuser
            password: testpassword
            update_password: on_create
            priv: '*.*:SELECT'

        - assert:
            that:
              - result is not failed
              - result is changed

        - name: immutable - user must have only one priv, grant priv must be dropped
          register: result
          mysql_user:
            <<: *mysql_params
            name: testuser
            password: testpassword
            update_password: on_create
            priv: '*.*:SELECT'

        - assert:
            that:
              - result is not failed
              - result is not changed

      always:
        - name: stop mariadb test container
          community.docker.docker_container:
            name: mariadb_test_container
            state: absent

it results in

PLAY [prepare nextcloud container] ********************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************
ok: [localhost]

TASK [start mariadb container] **********************************************************************************************************************************
changed: [localhost]

TASK [mariadb container needs some sec for initialization] ********************************************************************************************************
Pausing for 10 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [localhost]

TASK [create user with two grants] ********************************************************************************************************************************
changed: [localhost]

TASK [user must have only one priv. grant priv must be dropped] ***************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "(1064, \"You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'ON *.* FROM 'testuser'@'localhost'' at line 1\")"}

TASK [stop mariadb test container] ********************************************************************************************************************************
changed: [localhost]

PLAY RECAP ********************************************************************************************************************************************************
localhost                  : ok=5    changed=3    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0

while this PR fixes it


PLAY [prepare mariadb container] ********************************************************************************************************************************

TASK [Gathering Facts] ********************************************************************************************************************************************
ok: [localhost]

TASK [start nextcloud container] **********************************************************************************************************************************
changed: [localhost]

TASK [mariadb container needs some sec for initialization] ********************************************************************************************************
Pausing for 10 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [localhost]

TASK [create user with two grants] ********************************************************************************************************************************
changed: [localhost]

TASK [user must have only one priv. grant priv must be dropped] ***************************************************************************************************
changed: [localhost]

TASK [assert] *****************************************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [immutable - user must have only one priv, grant priv must be dropped] ***************************************************************************************
ok: [localhost]

TASK [assert] *****************************************************************************************************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [stop mariadb test container] ********************************************************************************************************************************
changed: [localhost]

PLAY RECAP ********************************************************************************************************************************************************
localhost                  : ok=9    changed=4    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

@Andersson007 Andersson007 merged commit b34c23d into ansible-collections:main Feb 8, 2023
@Andersson007
Copy link
Collaborator

@markuman thanks for the contribution!

@patchback
Copy link

patchback bot commented Feb 8, 2023
edited
Loading

Backport to stable-2: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-2/b34c23d07d1fd2097767a5e16e153cbf20ed8973/pr-503

Backported as #504

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

patchback bot pushed a commit that referenced this pull request Feb 8, 2023
@markuman @patchback
Fix revoke only grant (#503)
f2efed4 
* fix

* test

* changelog

(cherry picked from commit b34c23d)
@patchback patchback bot mentioned this pull request Feb 8, 2023
Closed
@ansible-collections ansible-collections deleted a comment from patchback bot Feb 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Andersson007 Andersson007 Andersson007 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@markuman @Andersson007