fix(salt-user): fix setting grants for the salt user

[pprkut]

PR progress checklist (to be filled in by reviewers)

• Changes to documentation are appropriate (or tick if not required)
• Changes to tests are appropriate (or tick if not required)
• Reviews completed

---

What type of PR is this?

Primary type

• [build] Changes related to the build system
• [chore] Changes to the build process or auxiliary tools and libraries such as documentation generation
• [ci] Changes to the continuous integration configuration
• [feat] A new feature
• [fix] A bug fix
• [perf] A code change that improves performance
• [refactor] A code change that neither fixes a bug nor adds a feature
• [revert] A change used to revert a previous commit
• [style] Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)

Secondary type

• [docs] Documentation changes
• [test] Adding missing or correcting existing tests

Does this PR introduce a BREAKING CHANGE?

No.

Related issues and/or pull requests

Follow up to #260
More complete fix for #230

Describe the changes you're proposing

This is embarrassing :(
I swear I tested the previous pull requests, but I just finished setting up a couple more servers and ran into these issues...

• For some onlyif conditions, the stderr redirect was part of the query sent to mysql, which obviously doesn't work
• The onlyif condition to check grant privileges returns an error string (to stderr) if we still need to execute the state. Redirecting that to stdout yields a false result for the condition and the state to set the grants is never executed. This is fixed by sending stderr to /dev/null. That way stdout response would still be captured, but we don't get false positives from errors.

Pillar / config required to test the proposed changes

Debug log showing how the proposed changes work

Documentation checklist

• Updated the README (e.g. Available states).
• Updated pillar.example.

Testing checklist

• Included in Kitchen (i.e. under state_top).
• Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
• Updated the relevant test pillar.

Additional context

[javierbertoli]

@pprkut good catch!

as you're in it, I propose you a couple of changes that I think makes sense and would be great if you apply them.

[pprkut]

@javierbertoli Of course!

I can't see them, however :-)

[javierbertoli]

@javierbertoli Of course!

I can't see them, however :-)

aaargh! It seems that when I clicked to add that comment, didn't save the other text 🤦‍♂️
Re-writing them. Sorry

[javierbertoli]

I think that these two changes might be useful:

1. For the sake of consistency, redirect stderr to /dev/null in all the cases
2. For the sake of readability, replace those replace()s with yaml_dquote, like

- mysql --user {{ mysql_salt_user }} --password={{ mysql_salt_pass | yaml_dquote }} -h {{ mysql_host }} --execute="SELECT 1;" 2>&1

which should take care of properly escaping and quoting the password string.

Wdyt?

[pprkut]

Hey! Sorry, this took so long :-(

I made the changes, but I've only been able to verify them on one host so far, and salt crapped out on it so I didn't see the full job output. It worked, but I'd be more comfortable with a bit more testing.

[javierbertoli]

@pprkut They look good to me. Thanks!

[saltstack-formulas-travis]

🎉 This PR is included in version 0.55.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀