Merge pull request #4352 from jhoekx/mysql-user-grant

Add grant parameter to MySQL user module
This commit is contained in:
Michael DeHaan 2013-10-07 06:08:39 -07:00
commit 8604212da9
2 changed files with 15 additions and 5 deletions

View file

@ -52,7 +52,7 @@ Nested Loops
Loops can be nested as well:: Loops can be nested as well::
- name: give users access to multiple databases - name: give users access to multiple databases
mysql_user: name={{ item[0] }} priv={{ item[1] }}.*:ALL password=foo mysql_user: name={{ item[0] }} priv={{ item[1] }}.*:ALL append_privs=yes password=foo
with_nested: with_nested:
- [ 'alice', 'bob', 'eve' ] - [ 'alice', 'bob', 'eve' ]
- [ 'clientdb', 'employeedb', 'providerdb' ] - [ 'clientdb', 'employeedb', 'providerdb' ]
@ -60,7 +60,7 @@ Loops can be nested as well::
As with the case of 'with_items' above, you can use previously defined variables. Just specify the variable's name without templating it with '{{ }}':: As with the case of 'with_items' above, you can use previously defined variables. Just specify the variable's name without templating it with '{{ }}'::
- name: here, 'users' contains the above list of employees - name: here, 'users' contains the above list of employees
mysql_user: name={{ item[0] }} priv={{ item[1] }}.*:ALL password=foo mysql_user: name={{ item[0] }} priv={{ item[1] }}.*:ALL append_privs=yes password=foo
with_nested: with_nested:
- users - users
- [ 'clientdb', 'employeedb', 'providerdb' ] - [ 'clientdb', 'employeedb', 'providerdb' ]

View file

@ -71,6 +71,14 @@ options:
- "MySQL privileges string in the format: C(db.table:priv1,priv2)" - "MySQL privileges string in the format: C(db.table:priv1,priv2)"
required: false required: false
default: null default: null
append_privs:
description:
- Append the privileges defined by priv to the existing ones for this
user instead of overwriting existing ones.
required: false
choices: [ "yes", "no" ]
default: "no"
version_added: "1.4"
state: state:
description: description:
- Whether the user should exist. When C(absent), removes - Whether the user should exist. When C(absent), removes
@ -148,7 +156,7 @@ def user_add(cursor, user, host, password, new_priv):
privileges_grant(cursor, user,host,db_table,priv) privileges_grant(cursor, user,host,db_table,priv)
return True return True
def user_mod(cursor, user, host, password, new_priv): def user_mod(cursor, user, host, password, new_priv, append_privs):
changed = False changed = False
grant_option = False grant_option = False
@ -173,7 +181,7 @@ def user_mod(cursor, user, host, password, new_priv):
if "GRANT" in priv: if "GRANT" in priv:
grant_option = True grant_option = True
if db_table not in new_priv: if db_table not in new_priv:
if user != "root" and "PROXY" not in priv: if user != "root" and "PROXY" not in priv and not append_privs:
privileges_revoke(cursor, user,host,db_table,grant_option) privileges_revoke(cursor, user,host,db_table,grant_option)
changed = True changed = True
@ -358,6 +366,7 @@ def main():
host=dict(default="localhost"), host=dict(default="localhost"),
state=dict(default="present", choices=["absent", "present"]), state=dict(default="present", choices=["absent", "present"]),
priv=dict(default=None), priv=dict(default=None),
append_privs=dict(type="bool", default="no"),
check_implicit_admin=dict(default=False), check_implicit_admin=dict(default=False),
) )
) )
@ -367,6 +376,7 @@ def main():
state = module.params["state"] state = module.params["state"]
priv = module.params["priv"] priv = module.params["priv"]
check_implicit_admin = module.params['check_implicit_admin'] check_implicit_admin = module.params['check_implicit_admin']
append_privs = module.boolean(module.params["append_privs"])
if not mysqldb_found: if not mysqldb_found:
module.fail_json(msg="the python mysqldb module is required") module.fail_json(msg="the python mysqldb module is required")
@ -408,7 +418,7 @@ def main():
if state == "present": if state == "present":
if user_exists(cursor, user, host): if user_exists(cursor, user, host):
changed = user_mod(cursor, user, host, password, priv) changed = user_mod(cursor, user, host, password, priv, append_privs)
else: else:
if password is None: if password is None:
module.fail_json(msg="password parameter required when adding a user") module.fail_json(msg="password parameter required when adding a user")