From 84acacd9ffd407458f72a62fb5b26e15ae445eb8 Mon Sep 17 00:00:00 2001
From: gregharvey <greg.harvey@gmail.com>
Date: Fri, 10 Jun 2022 12:51:19 +0200
Subject: [PATCH 1/2] Fixing GRANT query for MySQL > 8.0.

---
 roles/_init/defaults/main.yml                                | 1 +
 roles/database_backup/database_backup-mysql/tasks/deploy.yml | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/_init/defaults/main.yml b/roles/_init/defaults/main.yml
index c4d15b78..790e9409 100644
--- a/roles/_init/defaults/main.yml
+++ b/roles/_init/defaults/main.yml
@@ -1,6 +1,7 @@
 ---
 # Common defaults. Given the "_init" role is mandatory,
 # this will ensure defaults to other roles too.
+# If you are using ce-provision to deploy infrastructure this must match the `user_deploy.username` variable
 deploy_user: "deploy"
 _mysqldump_params: "--max-allowed-packet=128M --single-transaction --skip-opt -e --quick --skip-disable-keys --skip-add-locks -C -a --add-drop-table"
 drupal:
diff --git a/roles/database_backup/database_backup-mysql/tasks/deploy.yml b/roles/database_backup/database_backup-mysql/tasks/deploy.yml
index dbb39de7..54fdf2a7 100644
--- a/roles/database_backup/database_backup-mysql/tasks/deploy.yml
+++ b/roles/database_backup/database_backup-mysql/tasks/deploy.yml
@@ -88,8 +88,9 @@
 # to allow this role to be looped over,
 # for multisites or projects with multiple databases.
 # @see https://www.thesysadmin.rocks/2020/10/08/rds-mariadb-grant-all-permission-access-denied-for-user/ for why we cannot GRANT ALL.
+# As of MySQL 8.0 the GRANT operation has no password option, you must CREATE your user first.
 - name: Create/update mysql user.
-  command: mysql --defaults-extra-file={{ database.credentials_file }} -e "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON {{ _mysql_build_database_name }}.* TO '{{ _mysql_build_user_name }}'@'%' IDENTIFIED BY '{{ _mysql_build_password }}';"
+  command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE '{{ _mysql_build_user_name }}'@'%' IDENTIFIED BY '{{ _mysql_build_password }}'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON {{ _mysql_build_database_name }}.* TO '{{ _mysql_build_user_name }}'@'%';"
   when: ( mysql_backup.credentials_handling == 'rotate' ) or ( mysql_backup.credentials_handling == 'static' )
   run_once: true
 

From 80a5c160b5cf79c656b3ffbecfbc5d588ec5c6d7 Mon Sep 17 00:00:00 2001
From: gregharvey <greg.harvey@gmail.com>
Date: Fri, 10 Jun 2022 12:54:26 +0200
Subject: [PATCH 2/2] Create what though?

---
 roles/database_backup/database_backup-mysql/tasks/deploy.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/database_backup/database_backup-mysql/tasks/deploy.yml b/roles/database_backup/database_backup-mysql/tasks/deploy.yml
index 54fdf2a7..b0328958 100644
--- a/roles/database_backup/database_backup-mysql/tasks/deploy.yml
+++ b/roles/database_backup/database_backup-mysql/tasks/deploy.yml
@@ -90,7 +90,7 @@
 # @see https://www.thesysadmin.rocks/2020/10/08/rds-mariadb-grant-all-permission-access-denied-for-user/ for why we cannot GRANT ALL.
 # As of MySQL 8.0 the GRANT operation has no password option, you must CREATE your user first.
 - name: Create/update mysql user.
-  command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE '{{ _mysql_build_user_name }}'@'%' IDENTIFIED BY '{{ _mysql_build_password }}'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON {{ _mysql_build_database_name }}.* TO '{{ _mysql_build_user_name }}'@'%';"
+  command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE USER '{{ _mysql_build_user_name }}'@'%' IDENTIFIED BY '{{ _mysql_build_password }}'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON {{ _mysql_build_database_name }}.* TO '{{ _mysql_build_user_name }}'@'%';"
   when: ( mysql_backup.credentials_handling == 'rotate' ) or ( mysql_backup.credentials_handling == 'static' )
   run_once: true