mysql_user, mysql_module and mysql_info break when parsing Mysql 8 partial revokes grants

SoledaD208 commented 1 month ago

SUMMARY

Mysql 8 introduces a new feature called partial revokes: https://dev.mysql.com/doc/refman/8.4/en/partial-revokes.html. When enabled, there will be REVOKE grants in SHOW GRANTS 's output like this:

+------------------------------------------+
| Grants for u1@%                          |
+------------------------------------------+
| GRANT SELECT, INSERT ON *.* TO `u1`@`%`  |
| REVOKE INSERT ON `world`.* FROM `u1`@`%` |
+------------------------------------------+

With that, the function privileges_get , which is used in mysql_user, mysql_role and mysql_info and depends on regex patterns: https://github.com/ansible-collections/community.mysql/blob/a5afa1a375ebd7dc676ff6ab6f7323ce0b88b299/plugins/module_utils/user.py#L627, https://github.com/ansible-collections/community.mysql/blob/a5afa1a375ebd7dc676ff6ab6f7323ce0b88b299/plugins/module_utils/user.py#L635, will fail to parse such REVOKE grants and break with exception: unable to parse the MySQL grant string

ISSUE TYPE

Bug Report
Feature request

COMPONENT NAME

mysql_user, mysql_role, mysql_info

ANSIBLE VERSION

All versions

COLLECTION VERSION

All versions

OS / ENVIRONMENT

All

STEPS TO REPRODUCE

Set up a Mysql 8 server, enable partial revokes like the example in document: https://dev.mysql.com/doc/refman/8.4/en/partial-revokes.html
Run mysql_user, mysql_role or mysql_info to see the error.

EXPECTED RESULTS

the modules can parse and really "understand" REVOKE grants (i.e: be able to compare, remove it to match with users' configured privileges).

Andersson007 commented 1 month ago

@SoledaD208 hello, thanks a lot for reporting the issue! would you like to fix it yourself or we can put the help wanted label? the Quick start dev guide

SoledaD208 commented 1 month ago

Please help add the label. Thank you!

From: Andrew Klychkov @.> Sent: Tuesday, October 22, 2024 3:18:40 PM To: ansible-collections/community.mysql @.> Cc: Soledad208 @.>; Mention @.> Subject: Re: [ansible-collections/community.mysql] mysql_user, mysql_module and mysql_info break when parsing Mysql 8 partial revokes grants (Issue #686)

@SoledaD208https://github.com/SoledaD208 hello, thanks a lot for reporting the issue! would you like to fix it yourself or we can put the help wanted label? the Quick start dev guidehttps://docs.ansible.com/ansible/devel/community/create_pr_quick_start.html

— Reply to this email directly, view it on GitHubhttps://github.com/ansible-collections/community.mysql/issues/686#issuecomment-2428581912, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ACCTXOQZBOMAR5J3MYE3B7TZ4YC6BAVCNFSM6AAAAABQKPVI3KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMRYGU4DCOJRGI. You are receiving this because you were mentioned.Message ID: @.***>

SoledaD208 commented 3 weeks ago

I have an idea on this, which is creating a list for revoke grants along with the "normal" grants. let me try to implement that, maybe I can come up with a PR. MariaDB does not have partial revoke feature, so this does not affect MariaDB

Andersson007 commented 2 weeks ago

I have an idea on this, which is creating a list for revoke grants along with the "normal" grants. let me try to implement that, maybe I can come up with a PR. MariaDB does not have partial revoke feature, so this does not affect MariaDB

@SoledaD208 yes, sure, please go ahead, thanks! (we sometimes respond slowly but we respond:) please ping us if we don't, sorry for delays)

ansible-collections / community.mysql