Fix zero-privilege case being interpreted as USAGE

Also adding test to catch this issue in the future.
pendo-io · Mar 24, 2021 · 4f454de · 4f454de
1 parent 04afe18
commit 4f454de
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 4 deletions.
diff --git a/mysql/resource_grant.go b/mysql/resource_grant.go
@@ -192,6 +192,10 @@ func CreateGrant(d *schema.ResourceData, meta interface{}) error {
 
 	grants, err := showGrants(db, userOrRole)
 	for _, grant := range grants {
+		if len(grant.Privileges) == 0 {
+			continue
+		}
+
 		if hasPrivs {
 			if grant.Database == d.Get("database").(string) && grant.Table == d.Get("table").(string) {
 				return fmt.Errorf("user/role %s already has unmanaged grant to %s.%s - import it first", userOrRole, grant.Database, grant.Table)
@@ -524,7 +528,9 @@ func showGrants(db *sql.DB, user string) ([]*MySQLGrant, error) {
 				Grant:      reGrant.MatchString(rawGrant),
 			}
 
-			grants = append(grants, grant)
+			if len(privileges) > 0 {
+				grants = append(grants, grant)
+			}
 
 		} else if m := reRole.FindStringSubmatch(rawGrant); len(m) == 2 {
 			roleStr := m[1]
@@ -557,6 +563,16 @@ func normalizeColumnOrderMulti(perm []string) []string {
 	return ret
 }
 
+func removeUselessPerms(grants []string) []string {
+	ret := []string{}
+	for _, grant := range grants {
+		if grant != "USAGE" {
+			ret = append(ret, grant)
+		}
+	}
+	return ret
+}
+
 func extractPermTypes(g string) []string {
 	grants := []string{}
 
@@ -588,7 +604,7 @@ func extractPermTypes(g string) []string {
 		}
 	}
 	grants = append(grants, string(currentWord))
-	return grants
+	return removeUselessPerms(grants)
 }
 
 func normalizeColumnOrder(perm string) string {
@@ -623,6 +639,7 @@ func normalizePerms(perms []string) []string {
 			permUcase = "ALL PRIVILEGES"
 		}
 		permSortedColumns := normalizeColumnOrder(permUcase)
+
 		ret = append(ret, permSortedColumns)
 	}
 	return ret

diff --git a/mysql/resource_grant_test.go b/mysql/resource_grant_test.go
@@ -367,7 +367,13 @@ resource "mysql_user" "test" {
   user     = "jdoe-%s"
   host     = "example.com"
 }
-`, dbName, dbName)
+
+resource "mysql_user" "test_global" {
+  user     = "jdoe-%s"
+  host     = "%%"
+}
+
+`, dbName, dbName, dbName)
 }
 
 func testAccGrantConfig_with_privs(dbName, privs string) string {
@@ -381,14 +387,27 @@ resource "mysql_user" "test" {
   host     = "example.com"
 }
 
+resource "mysql_user" "test_global" {
+  user     = "jdoe-%s"
+  host     = "%%"
+}
+
+resource "mysql_grant" "test_global" {
+  user       = "${mysql_user.test_global.user}"
+  host       = "${mysql_user.test_global.host}"
+  table      = "*"
+  database   = "*"
+  privileges = ["SHOW DATABASES"]
+}
+
 resource "mysql_grant" "test" {
   user       = "${mysql_user.test.user}"
   host       = "${mysql_user.test.host}"
   table      = "tbl"
   database   = "${mysql_database.test.name}"
   privileges = [%s]
 }
-`, dbName, dbName, privs)
+`, dbName, dbName, dbName, privs)
 }
 
 func testAccGrantConfig_basic(dbName string) string {