mysql_user database name bug + patch

Archives Ansible Developer
1

Hello. I'm trying to figure out how to submit a bug report and patch,
but am not very familiar with git. I'm on a Red Hat Enterprise Linux 7
box running Ansible installed from the EPEL repository:
    # rpm -q ansible
    ansible-2.3.1.0-1.el7.noarch

The problem is in the mysql_user module. It seems to not parse
permissions correctly if the database name includes a colon character
(:). For example:

- name: Ensure database users are present.
  mysql_user: name="wordpress" host="localhost"
              password="SECRET_PASSWORD" state=present
              priv="*.*:USAGE/`lnx-www-prod:wordpress`.*:ALL"
              append_privs="no"

That will fail like so:

failed: [lnx-www-prod] (item={u'password': u'SECRET_PASSWORD', u'name':
u'wordpress', u'priv': u'*.*:USAGE/`lnx-www-prod:wordpress`.*:ALL'}) =>
{"failed": true, "item": {"name": "wordpress", "password":
"SECRET_PASSWORD", "priv": "*.*:USAGE/`lnx-www-prod:wordpress`.*:ALL"},
"msg": "invalid privileges string: Invalid privileges specified:
frozenset(['WORDPRESS`.*'])"}

I tracked down the problem and have a really simple patch for it. I'm
not sure if this is the best way to fix the problem, but it works for me:

--- mysql_user.py~ 2017-06-01 12:00:04.000000000 -0500
+++ mysql_user.py 2017-06-27 16:29:25.047686016 -0500
@@ -471,7 +471,7 @@
     output = {}
     privs =
     for item in priv.strip().split('/'):
- pieces = item.strip().split(':')
+ pieces = item.strip().rsplit(':', 1)
         dbpriv = pieces[0].rsplit(".", 1)
         # Do not escape if privilege is for database or table, i.e.
         # neither quote *. nor .*

Is this the right place to post the fix so that it can be reviewed and
possibly included?

Thanks in advance,
Dan

2

If you can, the best thing to do is to create a github pull request as it is the best way to get changes reviewed and included. There’s a few steps to go through (creating your fork, setting up git locally) but once that’s done you can contribute in other ways too.

This page should help you get started: http://docs.ansible.com/ansible/community.html#contributing-code-features-or-bugfixes

The nice thing about pull requests is that they get tested automatically (in the case where there are already tests).

Hope this helps,

Jon

3

Thanks! I went back and looked at the process again. I think i have
submitted my first pull request:
    https://github.com/ansible/ansible/pull/26249

I couldn't figure it out at the command line (after "git clone" and
editing the file, then what?), but managed to edit the module via the
web site and got the pull request submitted.

Hopefully i included enough extra info that it is sensible.

Thanks again,
Dan

4

Nice, I’d forgotten that you can do via the github ui.

After you’ve changed the file you’d need to test it, commit your change using
git commit
then send the changes back up to your github fork using
git push

Once pushed, then you go to github and fill out the pull request form.

One thing that helps gets stuff merged is if there are tests. If you have the opportunity take a look at the integration tests in test/integration - they are every easy to understand as they are really just ansible playbooks.

Jon