From d67f2eb104060097737dfe44af23ab07e2156ab2 Mon Sep 17 00:00:00 2001 From: Mark van Driel Date: Tue, 29 Sep 2015 12:37:44 +0200 Subject: [PATCH] Fixes require ssl in combination with other privileges Fixes require ssl in combination with grant option Refactoring: code cleanup to make it easier to understand Code rewritten inspired by @willthames Added WITH GRANT OPTION as exception; when only REQUIRESSL and/or GRANT are specified we have to add USAGE --- lib/ansible/modules/database/mysql/mysql_user.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/ansible/modules/database/mysql/mysql_user.py b/lib/ansible/modules/database/mysql/mysql_user.py index 828ca38105..292c139d11 100644 --- a/lib/ansible/modules/database/mysql/mysql_user.py +++ b/lib/ansible/modules/database/mysql/mysql_user.py @@ -414,9 +414,9 @@ def privileges_unpack(priv): if '*.*' not in output: output['*.*'] = ['USAGE'] - # if we are only specifying something like REQUIRESSL in *.* we still need - # to add USAGE as a privilege to avoid syntax errors - if priv.find('REQUIRESSL') != -1 and 'USAGE' not in output['*.*']: + # if we are only specifying something like REQUIRESSL and/or GRANT (=WITH GRANT OPTION) in *.* + # we still need to add USAGE as a privilege to avoid syntax errors + if 'REQUIRESSL' in priv and not set(output['*.*']).difference(set('GRANT', 'REQUIRESSL')): output['*.*'].append('USAGE') return output @@ -442,10 +442,10 @@ def privileges_grant(cursor, user,host,db_table,priv): priv_string = ",".join([p for p in priv if p not in ('GRANT', 'REQUIRESSL')]) query = ["GRANT %s ON %s" % (priv_string, mysql_quote_identifier(db_table, 'table'))] query.append("TO %s@%s") - if 'GRANT' in priv: - query.append("WITH GRANT OPTION") if 'REQUIRESSL' in priv: query.append("REQUIRE SSL") + if 'GRANT' in priv: + query.append("WITH GRANT OPTION") query = ' '.join(query) cursor.execute(query, (user, host))