New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

State mysql_user.present Exception with mysql 8.0.11 #48204

Open
zerthimon opened this Issue Jun 19, 2018 · 20 comments

Comments

Projects
None yet
4 participants
@zerthimon
Contributor

zerthimon commented Jun 19, 2018

Description of Issue/Question

[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s AND authentication_string = PASSWORD(%(password)s) args: {u'host': u'localhost', u'password': u'somepass', u'user': u'monitoring'} 
[ERROR   ] An exception occurred in this state: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/state.py", line 1905, in call
    **cdata['kwargs'])
  File "/usr/lib/python2.7/dist-packages/salt/loader.py", line 1830, in wrapper
    return f(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/salt/states/mysql_user.py", line 142, in present
    **connection_args):
  File "/usr/lib/python2.7/dist-packages/salt/modules/mysql.py", line 1244, in user_exists
    _execute(cur, qry, args)
  File "/usr/lib/python2.7/dist-packages/salt/modules/mysql.py", line 548, in _execute
    return cur.execute(qry, args)
  File "/usr/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 226, in execute
    self.errorhandler(self, exc, value)
  File "/usr/lib/python2.7/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
    raise errorvalue
ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('u'somepass')' at line 1")

Setup

mysql_user_monitoring_creds:
  mysql_user.present:
    - name: monitoring
    - password: somepass
    - host: localhost
    - connection_user: root
    - connection_pass: root_pass
    - require:
      - service: mysql_service

Versions Report

Salt Version:
           Salt: 2018.3.1
 
Dependency Versions:
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: 2.6.1
      docker-py: 2.6.1
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.8
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: 1.0.3
   msgpack-pure: Not Installed
 msgpack-python: 0.4.6
   mysql-python: 1.3.7
      pycparser: Not Installed
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 2.7.12 (default, Dec  4 2017, 14:50:18)
   python-gnupg: 0.3.8
         PyYAML: 3.12
          PyZMQ: 15.2.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4
 
System Versions:
           dist: Ubuntu 16.04 xenial
         locale: UTF-8
        machine: x86_64
        release: 4.4.0-1061-aws
         system: Linux
        version: Ubuntu 16.04 xenial
# mysqld --version
/usr/sbin/mysqld  Ver 8.0.11 for Linux on x86_64 (MySQL Community Server - GPL)
@zerthimon

This comment has been minimized.

Contributor

zerthimon commented Jun 19, 2018

The password() function no longer works in mysql since 8.0.11

mysql> select password('sdfsdf');
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('sdfsdf')' at line 1
mysql>

https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_password

@zerthimon zerthimon changed the title from State mysql_user.present Exception with mysql 8.0.x to State mysql_user.present Exception with mysql 8.0.11 Jun 19, 2018

@garethgreenaway

This comment has been minimized.

Member

garethgreenaway commented Jun 19, 2018

@zerthimon Thanks for the report. Looks like we need to take the version of MySQL into account for whether to use the PASSWORD function. When adding a user is the password being automatically encrypted now? As a workaround you can specify a pre-hashed password using the password_hash option.

@zerthimon

This comment has been minimized.

Contributor

zerthimon commented Jun 19, 2018

@garethgreenaway yeah, when you create a user the password is hashed by default.
pre-hashed password wih password_hash could be an option, but now when they removed the password() function I'm not sure how to generate a hash....

@garethgreenaway

This comment has been minimized.

Member

garethgreenaway commented Jun 19, 2018

@zerthimon

This comment has been minimized.

Contributor

zerthimon commented Jun 20, 2018

@garethgreenaway the workaround with password_hash doesn't work either.

mysql_user:
  mysql_user.present:
    - name: user
    - password_hash: "*8EA2B1EE751A98EBE427D8835F97717E7E1E8324"
    - host: localhost
    - connection_user: root
    - connection_pass: root_pass
[DEBUG   ] Doing query: CREATE USER %(user)s@%(host)s IDENTIFIED BY PASSWORD %(password)s args: {u'host': u'localhost', u'password': u'*8EA2B1EE751A98EBE427D8835F97717E7E1E8324', u'user': u'user'} 
[ERROR   ] An exception occurred in this state: Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/salt/state.py", line 1905, in call
    **cdata['kwargs'])
  File "/usr/lib/python2.7/dist-packages/salt/loader.py", line 1830, in wrapper
    return f(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/salt/states/mysql_user.py", line 215, in present
    **connection_args):
  File "/usr/lib/python2.7/dist-packages/salt/modules/mysql.py", line 1372, in user_create
    _execute(cur, qry, args)
  File "/usr/lib/python2.7/dist-packages/salt/modules/mysql.py", line 548, in _execute
    return cur.execute(qry, args)
  File "/usr/lib/python2.7/dist-packages/MySQLdb/cursors.py", line 226, in execute
    self.errorhandler(self, exc, value)
  File "/usr/lib/python2.7/dist-packages/MySQLdb/connections.py", line 36, in defaulterrorhandler
    raise errorvalue
ProgrammingError: (1064, "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'PASSWORD '*8EA2B1EE751A98EBE427D8835F97717E7E1E8324'' at line 1")
@garethgreenaway

This comment has been minimized.

Member

garethgreenaway commented Jun 21, 2018

@zerthimon If you're able to, can you test that PR and see if it fixes the issue for you?

@zerthimon

This comment has been minimized.

Contributor

zerthimon commented Jun 22, 2018

@garethgreenaway it kinda works, but in a weird way.
I've tested with password_hash option:

So when user doesn't exist in mysql I get this:

[INFO    ] Executing state mysql_user.present for [user]
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s AND authentication_string = %(password)s args: {u'host': u'localhost', u'password': u'*8EA2B1EE751A98EBE427D8835F97717E7E1E8324', u'user': u'user'} 
[DEBUG   ] LazyLoaded test.ping
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: CREATE USER %(user)s@%(host)s IDENTIFIED BY %(password)s args: {u'host': u'localhost', u'password': u'*8EA2B1EE751A98EBE427D8835F97717E7E1E8324', u'user': u'user'} 
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s AND authentication_string = %(password)s args: {u'host': u'localhost', u'password': u'*8EA2B1EE751A98EBE427D8835F97717E7E1E8324', u'user': u'user'} 
[INFO    ] User 'user'@'localhost' was not created
[ERROR   ] Failed to create user user@localhost
[INFO    ] Completed state [user] at time 14:15:38.288708 (duration_in_ms=29.798)
----------
          ID: mysql_user
    Function: mysql_user.present
        Name: user
      Result: False
     Comment: Failed to create user user@localhost
     Started: 14:15:38.258910
    Duration: 29.798 ms
     Changes:  

This actualy creates a user with a wrong hash:

mysql> select User,Host,authentication_string from mysql.user where User='user'\G
*************************** 1. row ***************************
                 User: user
                 Host: localhost
authentication_string: *005502185042CDB34F47B285CAED016843A1ECBB
1 row in set (0,00 sec)

mysql>

On the second run I get this:

[INFO    ] Executing state mysql_user.present for [user]
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s AND authentication_string = %(password)s args: {u'host': u'localhost', u'password': u'*8EA2B1EE751A98EBE427D8835F97717E7E1E8324', u'user': u'user'} 
[DEBUG   ] LazyLoaded test.ping
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: UPDATE mysql.user SET authentication_string=%(password)s WHERE User=%(user)s AND Host = %(host)s; args: {u'host': u'localhost', u'password': u'*8EA2B1EE751A98EBE427D8835F97717E7E1E8324', u'user': u'user'} 
[DEBUG   ] Doing query: FLUSH PRIVILEGES;
[INFO    ] Password for user 'user'@'localhost' has been changed
[INFO    ] {u'user': u'Updated'}
[INFO    ] Completed state [user] at time 14:20:43.241616 (duration_in_ms=38.872)

And the user is updated with the correct password:

mysql> select User,Host,authentication_string from mysql.user where User='user'\G
*************************** 1. row ***************************
                 User: user
                 Host: localhost
authentication_string: *8EA2B1EE751A98EBE427D8835F97717E7E1E8324
1 row in set (0,00 sec)

On the third run the state correctly detects that no changes necessary:

[INFO    ] Executing state mysql_user.present for [user]
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s AND authentication_string = %(password)s args: {u'host': u'localhost', u'password': u'*8EA2B1EE751A98EBE427D8835F97717E7E1E8324', u'user': u'user'} 
[INFO    ] User user@localhost is already present with the desired password hash
[INFO    ] Completed state [user] at time 14:22:24.171331 (duration_in_ms=5.951)
@zerthimon

This comment has been minimized.

Contributor

zerthimon commented Jun 22, 2018

Now when the password is used instead of hash, the things become even more weird:
First run:

[INFO    ] Executing state mysql_user.present for [user]
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s AND authentication_string = %(password)s args: {u'host': u'localhost', u'password': u'somepass', u'user': u'user'} 
[DEBUG   ] LazyLoaded test.ping
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: CREATE USER %(user)s@%(host)s IDENTIFIED BY %(password)s args: {u'host': u'localhost', u'password': u'somepass', u'user': u'user'} 
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s AND authentication_string = %(password)s args: {u'host': u'localhost', u'password': u'somepass', u'user': u'user'} 
[INFO    ] User 'user'@'localhost' was not created
[ERROR   ] Failed to create user user@localhost
[INFO    ] Completed state [user] at time 14:24:26.549141 (duration_in_ms=30.345)
local:
----------
          ID: mysql_user
    Function: mysql_user.present
        Name: user
      Result: False
     Comment: Failed to create user user@localhost
     Started: 14:24:26.518796
    Duration: 30.345 ms
     Changes:

The user is created with correct password:

mysql> select User,Host,authentication_string from mysql.user where User='user'\G
*************************** 1. row ***************************
                 User: user
                 Host: localhost
authentication_string: *8EA2B1EE751A98EBE427D8835F97717E7E1E8324
1 row in set (0,00 sec)

But then the second run:

[INFO    ] Executing state mysql_user.present for [user]
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s AND authentication_string = %(password)s args: {u'host': u'localhost', u'password': u'somepass', u'user': u'user'} 
[DEBUG   ] LazyLoaded test.ping
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: UPDATE mysql.user SET authentication_string=%(password)s WHERE User=%(user)s AND Host = %(host)s; args: {u'host': u'localhost', u'password': u'somepass', u'user': u'user'} 
[DEBUG   ] Doing query: FLUSH PRIVILEGES;
[INFO    ] Password for user 'user'@'localhost' has been changed
[INFO    ] {u'user': u'Updated'}
[INFO    ] Completed state [user] at time 14:25:00.231490 (duration_in_ms=37.049)
local:
----------
          ID: mysql_user
    Function: mysql_user.present
        Name: user
      Result: True
     Comment: Password for user user@localhost has been changed
     Started: 14:25:00.194441
    Duration: 37.049 ms
     Changes:   
              ----------
              user:
                  Updated

Updates the password with a clear text password:

mysql> select User,Host,authentication_string from mysql.user where User='user'\G
*************************** 1. row ***************************
                 User: user
                 Host: localhost
authentication_string: somepass
1 row in set (0,00 sec)

And the third run sees no changes.

@rallytime

This comment has been minimized.

Contributor

rallytime commented Jun 25, 2018

@zerthimon How about that fix ^ ?

@zerthimon

This comment has been minimized.

Contributor

zerthimon commented Jun 26, 2018

The module now only works well with - password: setting and only if default_authentication_plugin = mysql_native_password is set in mysql (but that's not the default setting for mysql 8.0.11).
The - password_hash doesn't work regardless of authentication plugin config.

@zerthimon

This comment has been minimized.

Contributor

zerthimon commented Jun 26, 2018

@rallytime There is also problem with grants is this a known problem ?

mysql_user:
  mysql_user.present:
    - name: user
    - password: somepass
    - host: localhost
    - connection_user: root
    - connection_pass: root_pass

user_grants:
  mysql_grants.present:
    - grant: PROCESS,REPLICATION CLIENT
    - database: "*.*"
    - user: user
    - host: localhost
    - connection_user: root
    - connection_pass: root_pass
    - require:
      - mysql_user: mysql_user
[INFO    ] Running state [user_grants] at time 13:10:34.559132
[INFO    ] Executing state mysql_grants.present for [user_grants]
[DEBUG   ] Grant Query generated: GRANT PROCESS, REPLICATION CLIENT ON *.* TO %(user)s@%(host)s args {u'host': u'localhost', u'user': u'user'}
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] Doing query: SHOW GRANTS FOR %(user)s@%(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] [u'GRANT USAGE ON *.* TO `user`@`localhost`']
[DEBUG   ] _grant_to_tokens entry '{u'qry': u'GRANT PROCESS, REPLICATION CLIENT ON *.* TO %(user)s@%(host)s', u'args': {u'host': u'localhost', u'user': u'user'}}'
[DEBUG   ] grant to token 'user'::'localhost'::'['PROCESS', u'REPLICATION CLIENT']'::'*.*'
[DEBUG   ] _grant_to_tokens entry 'GRANT USAGE ON *.* TO `user`@`localhost`'
[DEBUG   ] grant to token '`user`'::'`localhost`'::'['USAGE']'::'*.*'
[DEBUG   ] grants mismatch '{'host': u'`localhost`', 'database': u'*.*', 'user': u'`user`', 'grant': ['USAGE']}'<>'{'host': u'localhost', 'database': u'*.*', 'user': u'user', 'grant': ['PROCESS', u'REPLICATION CLIENT']}'
[DEBUG   ] Grant does not exist, or is perhaps not ordered properly?
[DEBUG   ] Grant Query generated: GRANT PROCESS, REPLICATION CLIENT ON *.* TO %(user)s@%(host)s args {u'host': u'localhost', u'user': u'user'}
[DEBUG   ] Doing query: GRANT PROCESS, REPLICATION CLIENT ON *.* TO %(user)s@%(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] Grant Query generated: GRANT PROCESS, REPLICATION CLIENT ON *.* TO %(user)s@%(host)s args {u'host': u'localhost', u'user': u'user'}
[DEBUG   ] Doing query: SELECT VERSION()
[DEBUG   ] Doing query: SELECT column_name from information_schema.COLUMNS WHERE table_schema=%(schema)s and table_name=%(table)s and column_name=%(column)s args: {u'column': u'Password', u'table': u'user', u'schema': u'mysql'} 
[DEBUG   ] Doing query: SELECT User,Host FROM mysql.user WHERE User = %(user)s AND Host = %(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] Doing query: SHOW GRANTS FOR %(user)s@%(host)s args: {u'host': u'localhost', u'user': u'user'} 
[DEBUG   ] [u'GRANT PROCESS, REPLICATION CLIENT ON *.* TO `user`@`localhost`']
[DEBUG   ] _grant_to_tokens entry '{u'qry': u'GRANT PROCESS, REPLICATION CLIENT ON *.* TO %(user)s@%(host)s', u'args': {u'host': u'localhost', u'user': u'user'}}'
[DEBUG   ] grant to token 'user'::'localhost'::'['PROCESS', u'REPLICATION CLIENT']'::'*.*'
[DEBUG   ] _grant_to_tokens entry 'GRANT PROCESS, REPLICATION CLIENT ON *.* TO `user`@`localhost`'
[DEBUG   ] grant to token '`user`'::'`localhost`'::'['PROCESS', u'REPLICATION CLIENT']'::'*.*'
[DEBUG   ] grants mismatch '{'host': u'`localhost`', 'database': u'*.*', 'user': u'`user`', 'grant': ['PROCESS', u'REPLICATION CLIENT']}'<>'{'host': u'localhost', 'database': u'*.*', 'user': u'user', 'grant': ['PROCESS', u'REPLICATION CLIENT']}'
[DEBUG   ] Grant does not exist, or is perhaps not ordered properly?
[INFO    ] Grant 'PROCESS,REPLICATION CLIENT' on '*.*' for user 'user' has NOT been added
[ERROR   ] Failed to execute: "GRANT PROCESS,REPLICATION CLIENT ON *.* TO user@localhost"
[INFO    ] Completed state [user_grants] at time 13:10:34.576400 (duration_in_ms=17.268)

The grants are created correctly, but then the comparison fails...
'{'host': u'`localhost`', 'database': u'*.*', 'user': u'`user`', 'grant': ['PROCESS', u'REPLICATION CLIENT']}'
vs
'{'host': u'localhost', 'database': u'*.*', 'user': u'user', 'grant': ['PROCESS', u'REPLICATION CLIENT']}'

@rallytime

This comment has been minimized.

Contributor

rallytime commented Jul 11, 2018

@zerthimon I'm not sure. I'll let @garethgreenaway follow up here. :)

@waynegemmell

This comment has been minimized.

waynegemmell commented Aug 15, 2018

Hi, is this still being worked on? I have the same issue on 2018.3.2.

@garethgreenaway

This comment has been minimized.

Member

garethgreenaway commented Aug 16, 2018

@waynegemmell Yup. Unfortunately just pushed to the back burner, circling back to it now.

@waynegemmell

This comment has been minimized.

waynegemmell commented Aug 17, 2018

Good to hear, I see a lot has been happening. The hash_password worked ok a s a workaround for me.
I'm installing mysql 8 on bionic so it's challenging

@rallytime

This comment has been minimized.

Contributor

rallytime commented Oct 10, 2018

@zerthimon

This comment has been minimized.

Contributor

zerthimon commented Oct 10, 2018

@rallytime Great, there is also an issue with grants, that happens because of backticks and is described above.

@waynegemmell

This comment has been minimized.

waynegemmell commented Oct 10, 2018

@garethgreenaway

This comment has been minimized.

Member

garethgreenaway commented Nov 19, 2018

@zerthimon Apologies for the delay in responding on this one. Unfortunately I am unable to reproduce the issue when creating grants via a Salt state file.

@zerthimon

This comment has been minimized.

Contributor

zerthimon commented Nov 19, 2018

@garethgreenaway The problem with specific grants has been solved with 2018.3.3.
However, I'm having a problem with wildcard grants here: #50433 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment