Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mysql_user, mysql_module and mysql_info break when parsing Mysql 8 partial revokes grants #686

Open
SoledaD208 opened this issue Oct 21, 2024 · 4 comments
Open

mysql_user, mysql_module and mysql_info break when parsing Mysql 8 partial revokes grants #686

SoledaD208 opened this issue Oct 21, 2024 · 4 comments
Labels
help wanted Extra attention is needed

Comments

@SoledaD208
Copy link
Contributor

SUMMARY

Mysql 8 introduces a new feature called partial revokes: https://dev.mysql.com/doc/refman/8.4/en/partial-revokes.html. When enabled, there will be REVOKE grants in SHOW GRANTS 's output like this:

+------------------------------------------+
| Grants for u1@%                          |
+------------------------------------------+
| GRANT SELECT, INSERT ON *.* TO `u1`@`%`  |
| REVOKE INSERT ON `world`.* FROM `u1`@`%` |
+------------------------------------------+

With that, the function privileges_get , which is used in mysql_user, mysql_role and mysql_info and depends on regex patterns:

community.mysql/plugins/module_utils/user.py

Line 627 in a5afa1a

res = re.match("""GRANT (.+) ON (.+) TO (['`"]).*\\3""", grant[0])
,

community.mysql/plugins/module_utils/user.py

Line 635 in a5afa1a

res = re.match("""GRANT (.+) TO (['`"]).*""", grant[0])
, will fail to parse such REVOKE grants and break with exception: unable to parse the MySQL grant string

ISSUE TYPE
  • Bug Report
  • Feature request
COMPONENT NAME

mysql_user, mysql_role, mysql_info

ANSIBLE VERSION

All versions

COLLECTION VERSION

All versions

OS / ENVIRONMENT

All

STEPS TO REPRODUCE
EXPECTED RESULTS

the modules can parse and really "understand" REVOKE grants (i.e: be able to compare, remove it to match with users' configured privileges).
@Andersson007
Copy link
Collaborator

@SoledaD208 hello, thanks a lot for reporting the issue!
would you like to fix it yourself or we can put the help wanted label?
the Quick start dev guide

@SoledaD208
Copy link
Contributor Author

SoledaD208 commented Oct 23, 2024 via email

@Andersson007 Andersson007 added the help wanted Extra attention is needed label Oct 23, 2024
@SoledaD208
Copy link
Contributor Author

I have an idea on this, which is creating a list for revoke grants along with the "normal" grants. let me try to implement that, maybe I can come up with a PR. MariaDB does not have partial revoke feature, so this does not affect MariaDB

@Andersson007
Copy link
Collaborator

I have an idea on this, which is creating a list for revoke grants along with the "normal" grants. let me try to implement that, maybe I can come up with a PR. MariaDB does not have partial revoke feature, so this does not affect MariaDB

@SoledaD208 yes, sure, please go ahead, thanks! (we sometimes respond slowly but we respond:) please ping us if we don't, sorry for delays)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@SoledaD208 @Andersson007 and others