Fix: mysql_user - permission string with column privileges

MySQL returns privileges on columns as "PRIVILEGES (column)".
For permissions to be correctly matched, it must be specified exactly the
same in the module argument. A resulting string is like
"dbname.dbtable:PRIVILEGES (column)". Thus, the space before the opening
parenthesis must also be removed when creating the set of privileges for
validation.
This commit is contained in:
Pierrick Caillon 2016-05-30 23:59:08 +02:00 committed by Toshio Kuratomi
parent 879feff6b7
commit a1b3664ec4

View file

@ -62,7 +62,15 @@ options:
version_added: "2.1"
priv:
description:
- "MySQL privileges string in the format: C(db.table:priv1,priv2)"
- "MySQL privileges string in the format: C(db.table:priv1,priv2)."
- "Multiple privileges can be specified by separating each one using
a forward slash: C(db.table:priv/db.table:priv)."
- The format is based on MySQL C(GRANT) statement.
- Database and table names can be quoted, MySQL-style.
- If column privileges are used, the C(priv1,priv2) part must be
exactly as returned by a C(SHOW GRANT) statement. If not followed,
the module will always report changes. It includes grouping columns
by permission (C(SELECT(col1,col2)) instead of C(SELECT(col1),SELECT(col2))).
required: false
default: null
append_privs:
@ -474,7 +482,7 @@ def privileges_unpack(priv, mode):
if '(' in pieces[1]:
output[pieces[0]] = re.split(r',\s*(?=[^)]*(?:\(|$))', pieces[1].upper())
for i in output[pieces[0]]:
privs.append(re.sub(r'\(.*\)','',i))
privs.append(re.sub(r'\s*\(.*\)','',i))
else:
output[pieces[0]] = pieces[1].upper().split(',')
privs = output[pieces[0]]