From 856e0795eb05eacf8b34cc4d056a7c05d94c512a Mon Sep 17 00:00:00 2001
From: gregharvey <greg.harvey@gmail.com>
Date: Wed, 12 Apr 2023 10:22:23 +0200
Subject: [PATCH 1/4] Adding escaped backticks to db names to be safe.

---
 .../database_backup-mysql/tasks/deploy-rolling.yml   | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml b/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml
index 71fa7580..88b51523 100644
--- a/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml
+++ b/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml
@@ -7,10 +7,20 @@
   # Note: we don't use the mysql_db Ansible module on purpose.
   # If database already exists, we want to fail and not override it
   # with previous build.
+  # @TODO fix this so we check if the database exists and exit with
+  # the proper plugin instead of using command.
 - name: Create new database.
-  ansible.builtin.command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE DATABASE {{ _mysql_build_database_name }};"
+  ansible.builtin.command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE DATABASE \`{{ _mysql_build_database_name }}\`;"
   run_once: true
 
+#- name: Create a new database.
+#  community.mysql.mysql_db:
+#    name: "{{ _mysql_build_database_name }}"
+#    state: present
+#    config_file: "{{ database.credentials_file }}"
+#    config_overrides_defaults: true
+#  run_once: true
+
 - name: Populate new database.
   ansible.builtin.shell: "mysqldump --defaults-extra-file={{ database.credentials_file }} {{ mysql_backup.mysqldump_params }} {{ _mysql_previous_build_database_name }} | mysql --defaults-extra-file={{ database.credentials_file }} {{ _mysql_build_database_name }}"
   when: previous_build_number > 0

From 2549bab19bded4d4234a96934dc010d8a15860dd Mon Sep 17 00:00:00 2001
From: gregharvey <greg.harvey@gmail.com>
Date: Wed, 12 Apr 2023 10:33:41 +0200
Subject: [PATCH 2/4] Looks like Ansible auto-escapes backticks.

---
 .../database_backup-mysql/tasks/deploy-rolling.yml              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml b/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml
index 88b51523..f7f109bc 100644
--- a/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml
+++ b/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml
@@ -10,7 +10,7 @@
   # @TODO fix this so we check if the database exists and exit with
   # the proper plugin instead of using command.
 - name: Create new database.
-  ansible.builtin.command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE DATABASE \`{{ _mysql_build_database_name }}\`;"
+  ansible.builtin.command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE DATABASE `{{ _mysql_build_database_name }}`;"
   run_once: true
 
 #- name: Create a new database.

From 22ee516f848d61fa4d999b7bcd0ce811be2c521c Mon Sep 17 00:00:00 2001
From: gregharvey <greg.harvey@gmail.com>
Date: Wed, 12 Apr 2023 10:41:24 +0200
Subject: [PATCH 3/4] Adding backticks to database names for creating MySQL
 users too.

---
 roles/database_backup/database_backup-mysql/tasks/deploy.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/database_backup/database_backup-mysql/tasks/deploy.yml b/roles/database_backup/database_backup-mysql/tasks/deploy.yml
index 5442230d..4160806c 100644
--- a/roles/database_backup/database_backup-mysql/tasks/deploy.yml
+++ b/roles/database_backup/database_backup-mysql/tasks/deploy.yml
@@ -90,12 +90,12 @@
 # @see https://www.thesysadmin.rocks/2020/10/08/rds-mariadb-grant-all-permission-access-denied-for-user/ for why we cannot GRANT ALL.
 # As of MySQL 8.0 the GRANT operation has no password option, you must CREATE your user first.
 - name: Create/update mysql user for TCP connections.
-  ansible.builtin.command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE USER IF NOT EXISTS '{{ _mysql_build_user_name }}'@'%' IDENTIFIED BY '{{ _mysql_build_password }}'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON {{ _mysql_build_database_name }}.* TO '{{ _mysql_build_user_name }}'@'%';"
+  ansible.builtin.command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE USER IF NOT EXISTS '{{ _mysql_build_user_name }}'@'%' IDENTIFIED BY '{{ _mysql_build_password }}'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `{{ _mysql_build_database_name }}`.* TO '{{ _mysql_build_user_name }}'@'%';"
   when: ( mysql_backup.credentials_handling == 'rotate' ) or ( mysql_backup.credentials_handling == 'static' )
   run_once: true
 
 - name: Create/update mysql user for unix socket connections.
-  ansible.builtin.command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE USER IF NOT EXISTS '{{ _mysql_build_user_name }}'@'localhost' IDENTIFIED BY '{{ _mysql_build_password }}'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON {{ _mysql_build_database_name }}.* TO '{{ _mysql_build_user_name }}'@'localhost';"
+  ansible.builtin.command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE USER IF NOT EXISTS '{{ _mysql_build_user_name }}'@'localhost' IDENTIFIED BY '{{ _mysql_build_password }}'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `{{ _mysql_build_database_name }}`.* TO '{{ _mysql_build_user_name }}'@'localhost';"
   when: ( mysql_backup.credentials_handling == 'rotate' ) or ( mysql_backup.credentials_handling == 'static' )
   run_once: true
 

From 3a8a13ffde291997a0aefa85e7134d2fb9917a3d Mon Sep 17 00:00:00 2001
From: gregharvey <greg.harvey@gmail.com>
Date: Thu, 13 Apr 2023 17:16:58 +0200
Subject: [PATCH 4/4] Adding extra mysqldump flags to stop restores failing on
 RDS.

---
 roles/_init/defaults/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/_init/defaults/main.yml b/roles/_init/defaults/main.yml
index 971f1b9b..5eed81f2 100644
--- a/roles/_init/defaults/main.yml
+++ b/roles/_init/defaults/main.yml
@@ -3,7 +3,7 @@
 # this will ensure defaults to other roles too.
 # If you are using ce-provision to deploy infrastructure this must match the `user_deploy.username` variable
 deploy_user: "deploy"
-_mysqldump_params: "--max-allowed-packet=128M --single-transaction --skip-opt -e --quick --skip-disable-keys --skip-add-locks -C -a --add-drop-table"
+_mysqldump_params: "--set-gtid-purged=OFF --skip-definer --max-allowed-packet=128M --single-transaction --skip-opt -e --quick --skip-disable-keys --skip-add-locks -C -a --add-drop-table"
 drupal:
   sites:
     - folder: "default"