mysql_user: fix broken compatibility for priviledge aliases

[Andersson007]

SUMMARY

Fixes #232

• Before 2.3.0 all supported privs were hardcoded in the VALID_PRIVS frozenset.
• Since 2.3.0 all supported privs are fetched from the server dynamically with the SHOW PRIVILEGES command.
• The issue is that some privs were deprecated, replaced and became aliases and they are not present in the SHOW PRIVILEGES output but they were present in the VALID_PRIVS frozenset.
• Removing VALID_PRIVS has brought breaking changes.

This PR:

1. returns VALID_PRIVS removed in mysql_user: replace VALID_PRIVS by get_valid_privs() function #217
2. merges it in a frozenset with show_privs (fetched from server dynamically) and EXTRA_PRIVS
3. now the frozenset contains all the privs including the hardcoded ones that were there before 2.3.0

ISSUE TYPE

• Bugfix Pull Request

[codecov]

Codecov Report

Merging #233 (76b4771) into main (f47d463) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #233      +/-   ##
==========================================
+ Coverage   77.60%   77.61%   +0.01%     
==========================================
  Files          24       24              
  Lines        2170     2171       +1     
  Branches      510      510              
==========================================
+ Hits         1684     1685       +1     
  Misses        319      319              
  Partials      167      167              

Impacted Files	Coverage Δ
plugins/module_utils/user.py	81.71% <100.00%> (+0.04%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f47d463...76b4771. Read the comment docs.

[Andersson007]

@jb-2197 @tuhoanganh as i mentioned in the issue, we don't have mariadb in our CI, so could you please help with testing?
The easiest way how to do it (in this case) is:
0. Run you playbook again to make sure it fails

1. Find the community/mysql/plugins/module_utils/users.py on your test system
2. Backup it
3. Add the changes from this PR
4. Run the playbook again and confirm that this fixes the problem
5. Return the original (backed up) file in place

More complex method is described there

[Andersson007]

ready_for_review

[Andersson007]

@bmalynovytch thanks for reviewing and merging! I'll release the patch (i.e. 2.3.1) morning

[rsicart]

Sorry I'm late for the conversation :/ . If I understand, there are some alias privileges we lost when merging #217 . Having a hard coded list of alias privileges merged with the dynamic privilege list could be enough?

[rsicart]

But what you commented in #232 (comment) makes sense and it deserves reflexion.

[Andersson007]

@rsicart #234 let's continue to discuss this in the issue:)

[tuhoanganh]

@Andersson007 Sorry for the late reply :(
i followed your guide and try to test new code with my test environment
OS: MacOS Bigsur

Darwin MF843.local 20.6.0 Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:21 PDT 2021; root:xnu-7195.141.6~3/RELEASE_X86_64 x86_64

ANSIBLE VERSION

ansible [core 2.11.6]
  config file = /Volumes/Work/git/SVTECH-installation-automation/ansible.cfg
  configured module search path = ['/Users/hoangtu/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/site-packages/ansible
  ansible collection location = /Volumes/Work/git/test-automation/collections
  executable location = /usr/local/bin/ansible
  python version = 3.8.12 (default, Oct 13 2021, 06:42:42) [Clang 13.0.0 (clang-1300.0.29.3)]
  jinja version = 3.0.2
  libyaml = True

COLLECTION VERSION

community.mysql 2.3.0

PR APPLIED

#233 

INVENTORY FILE

all:
  children:
    replication:
      children:
        replication_master:
          hosts:
            db-01:
              ansible_host: 10.98.10.161
              IP: 10.98.10.161
              server_id: 1
        replication_slave:
          hosts:
            db-02:
              ansible_host: 10.98.10.162
              IP: 10.98.10.162
              server_id: 2
            db-03:
              ansible_host: 10.98.10.163
              IP: 10.98.10.163
              server_id: 3
          vars:
            Is_Slave: true
            backup_dir: /tmp/mariabackup
      vars:
        gtid_domain: 1
        replication_user:
          name: "repl_user"
          host: "%"
          password: "repl_user@123"
          priv: "*.*:REPLICATION SLAVE,REPLICATION CLIENT"

STEPS TO REPRODUCE

- name: DATABASE [Replication]  - Ensure replication user exists on master.
  mysql_user:
    login_user: root
    login_password: "{{ mariadb_root_password }}"
    login_unix_socket: "{{ data_dir }}/mysql.sock"
    name: "{{ replication_user.name }}"
    host: "{{ replication_user.host | default('%') }}"
    password: "{{ replication_user.password }}"
    priv: "{{ replication_user.priv }}"
    update_password: on_create
    state: present

EXPECTED RESULTS

User created with privileges set as above.

ACTUAL RESULTS

TASK [database : DATABASE [Replication] - Ensure replication user exists on master.] ***********************************************************************************************************
changed: [db-01 -> db-01]

SUMMARY
#233 fixed the problem 👍

[Andersson007]

@tuhoanganh ah, no problem at all! We were fast this time:) and I haven't released the patch yet, we'll do it today later.
Thank you for the confirmation, this is much appreciated!