mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Add append_privs parameter to MySQL user module.
This adds the privileges given to the existing list of privileges instead of overwriting any existing ones.
This commit is contained in:
parent
bf7247c78c
commit
08b0773da5
2 changed files with 15 additions and 5 deletions
|
@ -43,7 +43,7 @@ Nested Loops
|
||||||
Loops can be nested as well::
|
Loops can be nested as well::
|
||||||
|
|
||||||
- name: give users access to multiple databases
|
- name: give users access to multiple databases
|
||||||
mysql_user: name={{ item[0] }} priv={{ item[1] }}.*:ALL password=foo
|
mysql_user: name={{ item[0] }} priv={{ item[1] }}.*:ALL append_privs=yes password=foo
|
||||||
with_nested:
|
with_nested:
|
||||||
- [ 'alice', 'bob', 'eve' ]
|
- [ 'alice', 'bob', 'eve' ]
|
||||||
- [ 'clientdb', 'employeedb', 'providerdb' ]
|
- [ 'clientdb', 'employeedb', 'providerdb' ]
|
||||||
|
@ -51,7 +51,7 @@ Loops can be nested as well::
|
||||||
As with the case of 'with_items' above, you can use previously defined variables. Just specify the variable's name without templating it with '{{ }}'::
|
As with the case of 'with_items' above, you can use previously defined variables. Just specify the variable's name without templating it with '{{ }}'::
|
||||||
|
|
||||||
- name: here, 'users' contains the above list of employees
|
- name: here, 'users' contains the above list of employees
|
||||||
mysql_user: name={{ item[0] }} priv={{ item[1] }}.*:ALL password=foo
|
mysql_user: name={{ item[0] }} priv={{ item[1] }}.*:ALL append_privs=yes password=foo
|
||||||
with_nested:
|
with_nested:
|
||||||
- users
|
- users
|
||||||
- [ 'clientdb', 'employeedb', 'providerdb' ]
|
- [ 'clientdb', 'employeedb', 'providerdb' ]
|
||||||
|
|
|
@ -71,6 +71,14 @@ options:
|
||||||
- "MySQL privileges string in the format: C(db.table:priv1,priv2)"
|
- "MySQL privileges string in the format: C(db.table:priv1,priv2)"
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
|
append_privs:
|
||||||
|
description:
|
||||||
|
- Append the privileges defined by priv to the existing ones for this
|
||||||
|
user instead of overwriting existing ones.
|
||||||
|
required: false
|
||||||
|
choices: [ "yes", "no" ]
|
||||||
|
default: "no"
|
||||||
|
version_added: "1.4"
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Whether the user should exist. When C(absent), removes
|
- Whether the user should exist. When C(absent), removes
|
||||||
|
@ -148,7 +156,7 @@ def user_add(cursor, user, host, password, new_priv):
|
||||||
privileges_grant(cursor, user,host,db_table,priv)
|
privileges_grant(cursor, user,host,db_table,priv)
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def user_mod(cursor, user, host, password, new_priv):
|
def user_mod(cursor, user, host, password, new_priv, append_privs):
|
||||||
changed = False
|
changed = False
|
||||||
grant_option = False
|
grant_option = False
|
||||||
|
|
||||||
|
@ -173,7 +181,7 @@ def user_mod(cursor, user, host, password, new_priv):
|
||||||
if "GRANT" in priv:
|
if "GRANT" in priv:
|
||||||
grant_option = True
|
grant_option = True
|
||||||
if db_table not in new_priv:
|
if db_table not in new_priv:
|
||||||
if user != "root" and "PROXY" not in priv:
|
if user != "root" and "PROXY" not in priv and not append_privs:
|
||||||
privileges_revoke(cursor, user,host,db_table,grant_option)
|
privileges_revoke(cursor, user,host,db_table,grant_option)
|
||||||
changed = True
|
changed = True
|
||||||
|
|
||||||
|
@ -358,6 +366,7 @@ def main():
|
||||||
host=dict(default="localhost"),
|
host=dict(default="localhost"),
|
||||||
state=dict(default="present", choices=["absent", "present"]),
|
state=dict(default="present", choices=["absent", "present"]),
|
||||||
priv=dict(default=None),
|
priv=dict(default=None),
|
||||||
|
append_privs=dict(type="bool", default="no"),
|
||||||
check_implicit_admin=dict(default=False),
|
check_implicit_admin=dict(default=False),
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
@ -367,6 +376,7 @@ def main():
|
||||||
state = module.params["state"]
|
state = module.params["state"]
|
||||||
priv = module.params["priv"]
|
priv = module.params["priv"]
|
||||||
check_implicit_admin = module.params['check_implicit_admin']
|
check_implicit_admin = module.params['check_implicit_admin']
|
||||||
|
append_privs = module.boolean(module.params["append_privs"])
|
||||||
|
|
||||||
if not mysqldb_found:
|
if not mysqldb_found:
|
||||||
module.fail_json(msg="the python mysqldb module is required")
|
module.fail_json(msg="the python mysqldb module is required")
|
||||||
|
@ -408,7 +418,7 @@ def main():
|
||||||
|
|
||||||
if state == "present":
|
if state == "present":
|
||||||
if user_exists(cursor, user, host):
|
if user_exists(cursor, user, host):
|
||||||
changed = user_mod(cursor, user, host, password, priv)
|
changed = user_mod(cursor, user, host, password, priv, append_privs)
|
||||||
else:
|
else:
|
||||||
if password is None:
|
if password is None:
|
||||||
module.fail_json(msg="password parameter required when adding a user")
|
module.fail_json(msg="password parameter required when adding a user")
|
||||||
|
|
Loading…
Reference in a new issue