Privilege target does not accept template strings
mcclory opened this issue · 1 comments
SUMMARY
When creating a user with a database, I am unable to use a jinja/ansible string tempalte to fill in the lefthand portion (target) for the privileges to be assigned.
ISSUE TYPE
- Bug Report
COMPONENT NAME
community.mysql.mysql_user
ANSIBLE VERSION
ansible [core 2.14.4]
config file = /home/pmdev/Dev/openstack-basic/ansible.cfg
configured module search path = ['/home/pmdev/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/pmdev/.cache/pypoetry/virtualenvs/openstack-basic-ycHJs1Yi-py3.10/lib/python3.10/site-packages/ansible
ansible collection location = /home/pmdev/.ansible/collections:/usr/share/ansible/collections
executable location = /home/pmdev/.cache/pypoetry/virtualenvs/openstack-basic-ycHJs1Yi-py3.10/bin/ansible
python version = 3.10.6 (main, Mar 10 2023, 10:55:28) [GCC 11.3.0] (/home/pmdev/.cache/pypoetry/virtualenvs/openstack-basic-ycHJs1Yi-py3.10/bin/python)
jinja version = 3.1.2
libyaml = True
COLLECTION VERSION
# /home/pmdev/.cache/pypoetry/virtualenvs/openstack-basic-ycHJs1Yi-py3.10/lib/python3.10/site-packages/ansible_collections
Collection Version
----------------- -------
community.general 6.5.0
CONFIGURATION
ANSIBLE_PIPELINING(/home/pmdev/Dev/openstack-basic/ansible.cfg) = True
CACHE_PLUGIN(/home/pmdev/Dev/openstack-basic/ansible.cfg) = jsonfile
CACHE_PLUGIN_CONNECTION(/home/pmdev/Dev/openstack-basic/ansible.cfg) = ./_facts
CACHE_PLUGIN_TIMEOUT(/home/pmdev/Dev/openstack-basic/ansible.cfg) = 86400
CONFIG_FILE() = /home/pmdev/Dev/openstack-basic/ansible.cfg
DEFAULT_FORKS(/home/pmdev/Dev/openstack-basic/ansible.cfg) = 500
DEFAULT_GATHERING(/home/pmdev/Dev/openstack-basic/ansible.cfg) = smart
DEFAULT_HASH_BEHAVIOUR(/home/pmdev/Dev/openstack-basic/ansible.cfg) = merge
HOST_KEY_CHECKING(/home/pmdev/Dev/openstack-basic/ansible.cfg) = False
RETRY_FILES_ENABLED(/home/pmdev/Dev/openstack-basic/ansible.cfg) = True
RETRY_FILES_SAVE_PATH(/home/pmdev/Dev/openstack-basic/ansible.cfg) = /home/pmdev/Dev/openstack-basic
OS / ENVIRONMENT
Distributor ID: Ubuntu
Description: Ubuntu 22.04.2 LTS
Release: 22.04
Codename: jammy
Dual Broadcom 10g nics in lacp bond for 20gbps
Additional hardware details here: https://gist.github.com/mcclory/fdbfb031a7bda537612496f60d7d1844
STEPS TO REPRODUCE
For this task, assuming that the keystone
var has a db_user
and db_name
value (verified on my end):
- hosts: controller
become: true
vars:
mariadb:
version: 10.11
keystone:
db_name: keystone
db_user: keystone
db_password: not an actual password
tasks:
- name: add mariadb apt key
ansible.builtin.apt_key:
url: https://mariadb.org/mariadb_release_signing_key.asc
- name: add mariadb repo
ansible.builtin.apt_repository:
repo: "deb [arch=amd64] http://mariadb.mirror.globo.tech/repo/{{ mariadb.version }}/ubuntu {{ ansible_distribution_release }} main"
update_cache: true
- name: install mariadb
ansible.builtin.apt:
update_cache: true
name:
- mariadb-server
- python3-pymysql
state: latest
- name: create keystone database
community.mysql.mysql_db:
login_unix_socket: /run/mysqld/mysqld.sock
name: "{{ keystone.db_name|default('keystone') }}"
state: present
- name: create keystone user
community.mysql.mysql_user:
login_unix_socket: /run/mysqld/mysqld.sock
name: "{{ keystone.db_user|default('keystone') }}"
host: '%'
password: "{{ keystone.db_password }}"
priv:
"{{ keystone.db_name|default('keystone') }}.*": "ALL"
EXPECTED RESULTS
I'd expected all string inputs to comply with ansible's standard string formatting structure/capabilities.
ACTUAL RESULTS
I get the following privileges configured in my instance of mariadb:
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
| mysql |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.000 sec)
MariaDB [(none)]> show grants for 'keystone'@'%';
+---------------------------------------------------------------------------------------------------------+
| Grants for keystone@% |
+---------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `keystone`@`%` IDENTIFIED BY PASSWORD '*B9C8E35D1A6C3A16CEBC4D95C7BC1C8B3BF66A11' |
| GRANT ALL PRIVILEGES ON `{{ keystone.db_name|default('keystone') }}`.* TO `keystone`@`%` |
+---------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
@mcclory hello, thanks for reporting the issue! Once someone has time to investigate the case, they'll take a look. I'll put the help_wanted
label.