Fix privilege changing everytime (#438)

* Compare privileges from before and after manipulation * Add unit tests * Fix FIXME integration tests related to this issue * Fix sanity check * Fix assertion when appending privs in mysql_role_initial integration tests * Fix pylint * [ci-skip] Add changelog fragment * Fix: missing fragment file extension * Replace privileges_equal() by a comparison * Fix: sanity pylint * Fix: forgot to remove privileges_equal import from unit tests
ansible-collections · Sep 8, 2022 · 2d75bc1 · 2d75bc1
1 parent ea73d40
commit 2d75bc1
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 13 deletions.
diff --git a/changelogs/fragments/438-fix-privilege-changing-everytime.yml b/changelogs/fragments/438-fix-privilege-changing-everytime.yml
@@ -0,0 +1,7 @@
+---
+bugfixes:
+  - mysql_user, mysql_role - mysql/mariadb recent versions translate 'ALL
+    PRIVILEGES' to a list of specific privileges. That caused a change every time
+    we modified user privileges. This fix compares privs before and after user
+    modification to avoid this infinite change
+    (https://github.com/ansible-collections/community.mysql/issues/77).
diff --git a/plugins/module_utils/user.py b/plugins/module_utils/user.py
@@ -385,7 +385,10 @@ def user_mod(cursor, user, host, host_all, password, encrypted,
                         privileges_revoke(cursor, user, host, db_table, revoke_privs, grant_option, maria_role)
                     if len(grant_privs) > 0:
                         privileges_grant(cursor, user, host, db_table, grant_privs, tls_requires, maria_role)
-                    changed = True
+
+            # after privilege manipulation, compare privileges from before and now
+            after_priv = privileges_get(cursor, user, host, maria_role)
+            changed = changed or (curr_priv != after_priv)
 
         if role:
             continue

diff --git a/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml b/tests/integration/targets/test_mysql_role/tasks/mysql_role_initial.yml
@@ -1491,16 +1491,10 @@
       priv: '{{ test_db1 }}.{{ test_table }}:SELECT,INSERT/{{ test_db2 }}.{{ test_table }}:DELETE'
       append_privs: yes
 
-  # TODO it must be changed. The module uses user_mod function
-  # taken from mysql_user module. It's a bug / expected behavior
-  # because I added a similar tasks to mysql_user tests
-  # https://github.com/ansible-collections/community.mysql/issues/50#issuecomment-871216825
-  # and it's also failed. Create an issue after the module is merged to avoid conflicts.
-  # TODO Fix this after user_mod is fixed.
-  - name: Check
+  - name: Check that there's no change
     assert:
       that:
-      - result is changed
+      - result is not changed
 
   - name: Rewrite privs
     <<: *task_params

diff --git a/tests/integration/targets/test_mysql_user/tasks/test_privs.yml b/tests/integration/targets/test_mysql_user/tasks/test_privs.yml
@@ -179,8 +179,6 @@
       assert:
         that:
           - result is not changed
-      when: (install_type == 'mysql' and mysql_version is version('8', '<')) or
-            (install_type == 'mariadb' and mariadb_version is version('10.5', '<'))
 
     - name: remove username
       mysql_user:
@@ -229,8 +227,6 @@
       assert:
         that:
           - result is not changed
-      when: (install_type == 'mysql' and mysql_version is version('8', '<')) or
-            (install_type == 'mariadb')
 
     - name: Collect user info by host
       community.mysql.mysql_info: