From 346633d6f65a4da5e44a9e7c1cff9f00e0e2075b Mon Sep 17 00:00:00 2001
From: Heinz Wiesinger <heinz@m2mobi.com>
Date: Wed, 7 Apr 2021 16:25:01 +0200
Subject: [PATCH] fix(salt-user): fix setting grants for the salt user

---
 mysql/salt-user.sls | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/mysql/salt-user.sls b/mysql/salt-user.sls
index 4d5a978..7307396 100644
--- a/mysql/salt-user.sls
+++ b/mysql/salt-user.sls
@@ -26,8 +26,8 @@ mysql_salt_user_with_salt_user:
     - connection_pass: '{{ mysql_salt_pass }}'
     - connection_charset: utf8
     - onlyif:
-      - mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1; 2>&1"
-      - VALUE=$(mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'Y' ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|yaml_dquote }}' -h {{ mysql_host }} --execute="SELECT 1;" 2>&1
+      - VALUE=$(mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|yaml_dquote }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>/dev/null); if [ "$VALUE" = 'Y' ]; then /bin/true; else /bin/false; fi
 {%- if os_family in ['RedHat', 'Suse'] %}
     - require_in:
       - mysql_user: mysql_root_password
@@ -47,8 +47,8 @@ mysql_salt_user_with_salt_user_grants:
     - connection_pass: '{{ mysql_salt_pass }}'
     - connection_charset: utf8
     - onlyif:
-      - mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1;" 2>&1
-      - VALUE=$(mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'Y' ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|yaml_dquote }}' -h {{ mysql_host }} --execute="SELECT 1;" 2>/dev/null
+      - VALUE=$(mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|yaml_dquote }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>/dev/null); if [ "$VALUE" = 'Y' ]; then /bin/true; else /bin/false; fi
     - require:
       - mysql_user: mysql_salt_user_with_salt_user
 {%- if os_family in ['RedHat', 'Suse'] %}
@@ -67,8 +67,8 @@ mysql_salt_user_with_root_user:
     - connection_pass: '{{ mysql_root_pass }}'
     - connection_charset: utf8
     - onlyif:
-      - mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1;" 2>&1
-      - VALUE=$(mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|yaml_dquote }}' -h {{ mysql_host }} --execute="SELECT 1;" 2>/dev/null
+      - VALUE=$(mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|yaml_dquote }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>/dev/null); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
 {%- if os_family in ['RedHat', 'Suse'] %}
     - require_in:
       - mysql_user: mysql_root_password
@@ -88,8 +88,8 @@ mysql_salt_user_with_root_user_grants:
     - connection_pass: '{{ mysql_root_pass }}'
     - connection_charset: utf8
     - onlyif:
-      - mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1; 2>&1"
-      - VALUE=$(mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|yaml_dquote }}' -h {{ mysql_host }} --execute="SELECT 1;" 2>/dev/null
+      - VALUE=$(mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|yaml_dquote }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>/dev/null); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
     - require:
       - mysql_user: mysql_salt_user_with_root_user
 {%- if os_family in ['RedHat', 'Suse'] %}
@@ -107,8 +107,8 @@ mysql_salt_user_with_passwordless_root_user:
     - connection_user: '{{ mysql_root_user }}'
     - connection_charset: utf8
     - onlyif:
-      - mysql --user {{ mysql_root_user }} -h {{ mysql_host }} --execute="SELECT 1; 2>&1"
-      - VALUE=$(mysql --user {{ mysql_root_user }} -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_root_user }} -h {{ mysql_host }} --execute="SELECT 1;" 2>/dev/null
+      - VALUE=$(mysql --user {{ mysql_root_user }} -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>/dev/null); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
 {%- if os_family in ['RedHat', 'Suse'] %}
     - require_in:
       - mysql_user: mysql_root_password
@@ -127,8 +127,8 @@ mysql_salt_user_with_passwordless_root_user_grants:
     - connection_user: '{{ mysql_root_user }}'
     - connection_charset: utf8
     - onlyif:
-      - mysql --user {{ mysql_root_user }} -h {{ mysql_host }} --execute="SELECT 1; 2>&1"
-      - VALUE=$(mysql --user {{ mysql_root_user }} -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_root_user }} -h {{ mysql_host }} --execute="SELECT 1;" 2>/dev/null
+      - VALUE=$(mysql --user {{ mysql_root_user }} -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>/dev/null); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
     - require:
       - mysql_user: mysql_salt_user_with_passwordless_root_user
 {%- if os_family in ['RedHat', 'Suse'] %}