From 4f454de101021fb962d3f9a70ab2bcaa890e8de5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20J=C3=BAno=C5=A1?= Date: Wed, 24 Mar 2021 19:06:21 +0100 Subject: [PATCH] Fix zero-privilege case being interpreted as USAGE Also adding test to catch this issue in the future. --- mysql/resource_grant.go | 21 +++++++++++++++++++-- mysql/resource_grant_test.go | 23 +++++++++++++++++++++-- 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/mysql/resource_grant.go b/mysql/resource_grant.go index 8476f3ada..fdd0aa55c 100644 --- a/mysql/resource_grant.go +++ b/mysql/resource_grant.go @@ -192,6 +192,10 @@ func CreateGrant(d *schema.ResourceData, meta interface{}) error { grants, err := showGrants(db, userOrRole) for _, grant := range grants { + if len(grant.Privileges) == 0 { + continue + } + if hasPrivs { if grant.Database == d.Get("database").(string) && grant.Table == d.Get("table").(string) { return fmt.Errorf("user/role %s already has unmanaged grant to %s.%s - import it first", userOrRole, grant.Database, grant.Table) @@ -524,7 +528,9 @@ func showGrants(db *sql.DB, user string) ([]*MySQLGrant, error) { Grant: reGrant.MatchString(rawGrant), } - grants = append(grants, grant) + if len(privileges) > 0 { + grants = append(grants, grant) + } } else if m := reRole.FindStringSubmatch(rawGrant); len(m) == 2 { roleStr := m[1] @@ -557,6 +563,16 @@ func normalizeColumnOrderMulti(perm []string) []string { return ret } +func removeUselessPerms(grants []string) []string { + ret := []string{} + for _, grant := range grants { + if grant != "USAGE" { + ret = append(ret, grant) + } + } + return ret +} + func extractPermTypes(g string) []string { grants := []string{} @@ -588,7 +604,7 @@ func extractPermTypes(g string) []string { } } grants = append(grants, string(currentWord)) - return grants + return removeUselessPerms(grants) } func normalizeColumnOrder(perm string) string { @@ -623,6 +639,7 @@ func normalizePerms(perms []string) []string { permUcase = "ALL PRIVILEGES" } permSortedColumns := normalizeColumnOrder(permUcase) + ret = append(ret, permSortedColumns) } return ret diff --git a/mysql/resource_grant_test.go b/mysql/resource_grant_test.go index c535a03a4..67949c47a 100644 --- a/mysql/resource_grant_test.go +++ b/mysql/resource_grant_test.go @@ -367,7 +367,13 @@ resource "mysql_user" "test" { user = "jdoe-%s" host = "example.com" } -`, dbName, dbName) + +resource "mysql_user" "test_global" { + user = "jdoe-%s" + host = "%%" +} + +`, dbName, dbName, dbName) } func testAccGrantConfig_with_privs(dbName, privs string) string { @@ -381,6 +387,19 @@ resource "mysql_user" "test" { host = "example.com" } +resource "mysql_user" "test_global" { + user = "jdoe-%s" + host = "%%" +} + +resource "mysql_grant" "test_global" { + user = "${mysql_user.test_global.user}" + host = "${mysql_user.test_global.host}" + table = "*" + database = "*" + privileges = ["SHOW DATABASES"] +} + resource "mysql_grant" "test" { user = "${mysql_user.test.user}" host = "${mysql_user.test.host}" @@ -388,7 +407,7 @@ resource "mysql_grant" "test" { database = "${mysql_database.test.name}" privileges = [%s] } -`, dbName, dbName, privs) +`, dbName, dbName, dbName, privs) } func testAccGrantConfig_basic(dbName string) string {