mysql_user support of REQUIRE NONE to remove granted REQUIRE-SSL

[drzraf]

SUMMARY

There is no way to remove the "REQUIRE SSL" mysql privilege ... other than rewriting the whole set of permission which is not practicable (especially when depending upon append_privs=yes)

Eg: After setting REQUIRESSL
- mysql_user: name=muser priv="*.*:REQUIRESSL" append_privs=yes

... there is no way to revert such a directive. Normally this is done using REQUIRE NONE
But this is not implemented by the Ansible role.

- mysql_user: name=muser priv="*.*:REQUIRENONE" append_privs=yes

Expected result: The REQUIRE SSL is droped for muser

ISSUE TYPE

• Feature Idea

COMPONENT NAME

mysql_user

ADDITIONAL INFORMATION

ansible/ansible#15440
ansible/ansible#29811

[Andersson007]

cc @Jorge-Rodriguez

[Jorge-Rodriguez]

This should be handled by setting the tls_requires parameter to an empty dictionary.
Requires should not be used to handle TLS connection requirements

[Andersson007]

@Jorge-Rodriguez 1) shouldn't we cover the case by CI tests and 2) add an example to EXAMPLE block?
If you want (I think it would be great because you're the feature's author, so you know better), feel free to make a PR. If not, I could.

[Jorge-Rodriguez]

@Andersson007 I'll have to look at the code, but I vaguely remember that we have both of those things.
But if it turns out that I'm wrong about this, I'll be more than happy to add it.