search

petoju / terraform-provider-mysql

Terraform MySQL provider – unofficial fork
https://registry.terraform.io/providers/petoju/mysql
Mozilla Public License 2.0
63 stars 40 forks source link

Can't assign global privilege #157

Closed Dr-Shadow closed 1 week ago

Dr-Shadow commented 1 week ago

Provider version

Terraform v1.8.5
on linux_amd64
+ provider registry.terraform.io/hashicorp/vault v4.3.0
+ provider registry.terraform.io/petoju/mysql v3.0.61

MySQL version and settings

MariaDB 10.11

Terraform Configuration Files

resource "mysql_grant" "replication_client" {
  for_each   = local.replication_client_networks
  user       = var.replication_client_user
  host       = each.value.cidr
  database   = ""
  privileges = ["REPLICATION SLAVE"]
}

Debug Output

Error: Error running SQL (GRANT REPLICATION SLAVE ON ``.* TO 'replicator'@'192.168.36.0/24'): Error 1221 (HY000): Incorrect usage of DB GRANT and GLOBAL PRIVILEGES

Expected Behavior

Allow to not provide database argument so that this is a global privilege

References

Probably related to #69

petoju commented 1 week ago

Allow to not provide database argument so that this is a global privilege

While it is a global privilege (for now), you need to specify it explicitly in MySQL [1] and MariaDB [2] like *.*. That means all databases and all tables.

While I'd somehow accept it for roles, I completely dislike it here. Empty DB is technically possible in both mentioned engines and that means the "current" DB. I wouldn't like to support that or to give any resemblance of supporting it as it would lead to confusion.

[1] https://dev.mysql.com/doc/refman/8.4/en/grant.html [2] https://mariadb.com/kb/en/grant/

Dr-Shadow commented 1 week ago

You're right, I even realized that after trying again.

Thanks for your reply, it is perfect.