From bf7597efe1093c90019da7e4b416742bc624defc Mon Sep 17 00:00:00 2001 From: plumbeo Date: Fri, 22 Feb 2019 01:41:26 +0100 Subject: [PATCH] backport/2.7/40092 (#51909) * mysql_user: Match quotes, double quotes and backticks when checking current privileges (cherry picked from commit 1ae0e2138332dad30f5bdd9a46d46b1abf9be868) * Add changelog fragment for PR #40092 (cherry picked from commit 8974ce3c78557a4ea36b7c33b5dc9361bdea92a1) * mysql_user: fix malformed regex used to check current privileges --- changelogs/fragments/40092-mysql_user-match-backticks.yml | 2 ++ lib/ansible/modules/database/mysql/mysql_user.py | 6 +++--- 2 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/40092-mysql_user-match-backticks.yml diff --git a/changelogs/fragments/40092-mysql_user-match-backticks.yml b/changelogs/fragments/40092-mysql_user-match-backticks.yml new file mode 100644 index 00000000000..c1ee42f2355 --- /dev/null +++ b/changelogs/fragments/40092-mysql_user-match-backticks.yml @@ -0,0 +1,2 @@ +bugfixes: + - "mysql_user: match backticks, single and double quotes when checking user privileges." diff --git a/lib/ansible/modules/database/mysql/mysql_user.py b/lib/ansible/modules/database/mysql/mysql_user.py index a796bb95960..e89143a5b65 100644 --- a/lib/ansible/modules/database/mysql/mysql_user.py +++ b/lib/ansible/modules/database/mysql/mysql_user.py @@ -427,14 +427,14 @@ def privileges_get(cursor, user, host): return x for grant in grants: - res = re.match("GRANT (.+) ON (.+) TO '.*'@'.*'( IDENTIFIED BY PASSWORD '.+')? ?(.*)", grant[0]) + res = re.match("""GRANT (.+) ON (.+) TO (['`"]).*\\3@(['`"]).*\\4( IDENTIFIED BY PASSWORD (['`"]).+\\6)? ?(.*)""", grant[0]) if res is None: raise InvalidPrivsError('unable to parse the MySQL grant string: %s' % grant[0]) privileges = res.group(1).split(", ") privileges = [pick(x) for x in privileges] - if "WITH GRANT OPTION" in res.group(4): + if "WITH GRANT OPTION" in res.group(7): privileges.append('GRANT') - if "REQUIRE SSL" in res.group(4): + if "REQUIRE SSL" in res.group(7): privileges.append('REQUIRESSL') db = res.group(2) output[db] = privileges