Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-8373

puppetlabs/mysql: grant all privileges is not idempotent anymore in mysql 8.0

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: mysql
    • Labels:
      None
    • Template:
      MODULES Bug Template
    • Epic Link:
    • Team:
      Modules
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Basic Info
      Module Version:7.0.0
      *Puppet Version:*4.10.10
      OS Name/Version:CentOS7.5

      When granting all privileges to a mysql user, puppet continue to execute the grant sql commands for every runs. This is because of a change of the SHOW GRANTS in mysql8 which expand all privileges to a complete list of privileges as stated here: https://dev.mysql.com/doc/refman/8.0/en/show-grants.html

      In MySQL 8.0 compared to previous series, SHOW GRANTS no longer displays ALL PRIVILEGES in its global-privileges output because the meaning of ALL PRIVILEGES at the global level varies depending on which dynamic privileges are defined. Instead, SHOW GRANTS explictly lists each granted global privilege:

      Desired Behavior:

      only execute GRANT sql if needed

      Actual Behavior:

      executes Mysql_grant[] resource every run if a mysql user has ALL prvileges:

      Notice: /Stage[main]/Mydeploy::Users/Mysql_grant[exploit@%/*.*]/privileges: privileges changed ['ALTER', 'ALTER ROUTINE', 'CREATE', 'CREATE ROLE', 'CREATE ROUTINE', 'CREATE TABLESPACE', 'CREATE TEMPORARY TABLES', 'CREATE USER', 'CREATE VIEW', 'DELETE', 'DROP', 'DROP ROLE', 'EVENT', 'EXECUTE', 'FILE', 'INDEX', 'INSERT', 'LOCK TABLES', 'PROCESS', 'REFERENCES', 'RELOAD', 'REPLICATION CLIENT', 'REPLICATION SLAVE', 'SELECT', 'SHOW DATABASES', 'SHOW VIEW', 'SHUTDOWN', 'SUPER', 'TRIGGER', 'UPDATE'] to 'ALL'

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            davidb2111 David Barbion
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support