diff --git a/mysql_user b/mysql_user index 7194b9f3606..9b6e7946b5a 100755 --- a/mysql_user +++ b/mysql_user @@ -170,11 +170,13 @@ def privileges_get(cursor, user,host): cursor.execute("SHOW GRANTS FOR %s@%s", (user,host)) grants = cursor.fetchall() for grant in grants: - res = re.match("GRANT\ (.+)\ ON\ (.+)\ TO", grant[0]) + res = re.match("GRANT (.+) ON (.+) TO '.+'@'.+'( IDENTIFIED BY PASSWORD '.+')? ?(.*)", grant[0]) if res is None: module.fail_json(msg="unable to parse the MySQL grant string") privileges = res.group(1).split(", ") privileges = ['ALL' if x=='ALL PRIVILEGES' else x for x in privileges] + if "WITH GRANT OPTION" in res.group(4): + privileges.append('GRANT') db = res.group(2).replace('`', '') output[db] = privileges return output @@ -203,10 +205,16 @@ def privileges_unpack(priv): def privileges_revoke(cursor, user,host,db_table): query = "REVOKE ALL PRIVILEGES ON %s FROM '%s'@'%s'" % (db_table,user,host) cursor.execute(query) + query = "REVOKE GRANT OPTION ON %s FROM '%s'@'%s'" % (db_table,user,host) + cursor.execute(query) def privileges_grant(cursor, user,host,db_table,priv): - priv_string = ",".join(priv) + + priv_string = ",".join(filter(lambda x: x != 'GRANT', priv)) query = "GRANT %s ON %s TO '%s'@'%s'" % (priv_string,db_table,user,host) + if 'GRANT' in priv: + query = query + " WITH GRANT OPTION" + cursor.execute(query) def load_mycnf():