This patch properly fixes bug 1226 without introducing a breaking
change to idempotency which was introduced in PR #1358
We can properly assign permissions to databases with a '.' in the name
of the database as well as assign priviliges to all databases as
specified with '*'
While this change doesn't break the creation, it does break
idempotency. This change will convert '*.*' to '`*`.*' which is
functionally the same, however when the user_mod() function looks up
the current privileges with privileges_get() it will read '*.*'
Since '*.*' != '`*`.*' it will go through the process of updating the
privleges always resulting in a 'changed' result.
This reverts commit db9ab9b262.
ALL gets expanded to the list of VALID_PRIVS which includes
TEMPORARY and TEMP
The code that replaced TEMP with TEMPORARY didn't work with the
expansion
ALL TABLES is considered to include views, so we must check for reltypes
'r' and 'v', not just 'r'. This bug was introduced due to using a
custom, backwards-compatible version of "ALL TABLES IN SCHEMA".
- Modified data type for port definition from string to integer
- Modified login_host default value for compatibilize with port definition according with MySQL Documentation (https://dev.mysql.com/doc/refman/5.0/en/connecting.html)
* If a db user belonged to a role which had a privilege, the user would
not have the privilege added as the role gave the appearance that the
user already had it. Fixed to always check the privileges specific to
the user.
* Make fewer db queries to determine if privileges need to be changed
and change them (was four for each privilege. Now two for each object
that has a set of privileges changed).
Use `has_table_privileges` and `has_database_privileges`
to test whether a user already has a privilege before
granting it, or whether a user doesn't have a privilege
before revoking it.
This prevents errors when the login_user does not have 'ALL'
permissions, and the 'priv' value contains fewer permissions than are
held by an existing user. This is particularly an issue when using an
Amazon Web Services RDS instance, as there is no (accessible) user with
'ALL' permissions on *.*.
* If a db user belonged to a role which had a privilege, the user would
not have the privilege added as the role gave the appearance that the
user already had it. Fixed to always check the privileges specific to
the user.
* Make fewer db queries to determine if privileges need to be changed
and change them (was four for each privilege. Now two for each object
that has a set of privileges changed).
The default value set by the module was a value of None for the
config_file parameter, which propogates into the connect method
call overriding the stated default in the method.
Instead, the default should be set with-in the parameter
specification so the file check is not requested to check None.
