mysql_user: replace VALID_PRIVS by get_valid_privs() function

plugins/module_utils/user.py

@@ -19,43 +19,6 @@
 )
 
 
-VALID_PRIVS = frozenset(('CREATE', 'DROP', 'GRANT', 'GRANT OPTION',
-                         'LOCK TABLES', 'REFERENCES', 'EVENT', 'ALTER',
-                         'DELETE', 'INDEX', 'INSERT', 'SELECT', 'UPDATE',
-                         'CREATE TEMPORARY TABLES', 'TRIGGER', 'CREATE VIEW',
-                         'SHOW VIEW', 'ALTER ROUTINE', 'CREATE ROUTINE',
-                         'EXECUTE', 'FILE', 'CREATE TABLESPACE', 'CREATE USER',
-                         'PROCESS', 'PROXY', 'RELOAD', 'REPLICATION CLIENT',
-                         'REPLICATION SLAVE', 'SHOW DATABASES', 'SHUTDOWN',
-                         'SUPER', 'ALL', 'ALL PRIVILEGES', 'USAGE',
-                         'REQUIRESSL',  # Deprecated, to be removed in version 3.0.0
-                         'CREATE ROLE', 'DROP ROLE', 'APPLICATION_PASSWORD_ADMIN',
-                         'AUDIT_ADMIN', 'BACKUP_ADMIN', 'BINLOG_ADMIN',
-                         'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN',
-                         'ENCRYPTION_KEY_ADMIN', 'FIREWALL_ADMIN', 'FIREWALL_USER',
-                         'GROUP_REPLICATION_ADMIN', 'INNODB_REDO_LOG_ARCHIVE',
-                         'NDB_STORED_USER', 'PERSIST_RO_VARIABLES_ADMIN',
-                         'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN',
-                         'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER',
-                         'ROLE_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID',
-                         'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'SYSTEM_USER',
-                         'TABLE_ENCRYPTION_ADMIN', 'VERSION_TOKEN_ADMIN',
-                         'XA_RECOVER_ADMIN', 'LOAD FROM S3', 'SELECT INTO S3',
-                         'INVOKE LAMBDA',
-                         'ALTER ROUTINE',
-                         'BINLOG ADMIN',
-                         'BINLOG MONITOR',
-                         'BINLOG REPLAY',
-                         'CONNECTION ADMIN',
-                         'READ_ONLY ADMIN',
-                         'REPLICATION MASTER ADMIN',
-                         'REPLICATION SLAVE ADMIN',
-                         'SET USER',
-                         'SHOW_ROUTINE',
-                         'SLAVE MONITOR',
-                         'REPLICA MONITOR',))
-
-
 class InvalidPrivsError(Exception):
     pass
 
@@ -141,6 +104,14 @@ def get_tls_requires(cursor, user, host):
         return requires or None
 
 
+def get_valid_privs(cursor):
+    cursor.execute("SHOW PRIVILEGES")
+    show_privs = [priv[0].upper() for priv in cursor.fetchall()]
+    other_privs = ['ALL', 'ALL PRIVILEGES', 'GRANT', 'REQUIRESSL']
+    all_privs = show_privs + other_privs
+    return frozenset(all_privs)
+
+
 def get_grants(cursor, user, host):
     cursor.execute("SHOW GRANTS FOR %s@%s", (user, host))
     grants_line = list(filter(lambda x: "ON *.*" in x[0], cursor.fetchall()))[0]
@@ -583,7 +554,7 @@ def sort_column_order(statement):
     return '%s(%s)' % (priv_name, ', '.join(columns))
 
 
-def privileges_unpack(priv, mode):
+def privileges_unpack(priv, mode, valid_privs):
     """ Take a privileges string, typically passed as a parameter, and unserialize
     it into a dictionary, the same format as privileges_get() above. We have this
     custom format to avoid using YAML/JSON strings inside YAML playbooks. Example
@@ -630,8 +601,8 @@ def privileges_unpack(priv, mode):
         output[pieces[0]] = normalize_col_grants(output[pieces[0]])
 
         new_privs = frozenset(privs)
-        if not new_privs.issubset(VALID_PRIVS):
-            raise InvalidPrivsError('Invalid privileges specified: %s' % new_privs.difference(VALID_PRIVS))
+        if not new_privs.issubset(valid_privs):
+            raise InvalidPrivsError('Invalid privileges specified: %s' % new_privs.difference(valid_privs))
 
     if '*.*' not in output:
         output['*.*'] = ['USAGE']

plugins/modules/mysql_role.py

@@ -250,6 +250,7 @@
     get_mode,
     user_mod,
     privileges_grant,
+    get_valid_privs,
     privileges_unpack,
 )
 from ansible.module_utils._text import to_native
@@ -1013,7 +1014,8 @@ def main():
             module.fail_json(msg=to_native(e))
 
         try:
-            priv = privileges_unpack(priv, mode)
+            valid_privs = get_valid_privs(cursor)
+            priv = privileges_unpack(priv, mode, valid_privs)
         except Exception as e:
             module.fail_json(msg='Invalid privileges string: %s' % to_native(e))
 

plugins/modules/mysql_user.py

@@ -318,6 +318,7 @@
     handle_requiressl_in_priv_string,
     InvalidPrivsError,
     limit_resources,
+    get_valid_privs,
     privileges_unpack,
     sanitize_requires,
     user_add,
@@ -421,7 +422,8 @@ def main():
         except Exception as e:
             module.fail_json(msg=to_native(e))
         try:
-            priv = privileges_unpack(priv, mode)
+            valid_privs = get_valid_privs(cursor)
+            priv = privileges_unpack(priv, mode, valid_privs)
         except Exception as e:
             module.fail_json(msg="invalid privileges string: %s" % to_native(e))