From c7c14e1c43dbdfd8303e0a27265f55afda129ad0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= <radoslaw.piliszek@gmail.com>
Date: Wed, 6 Oct 2021 13:19:59 +0000
Subject: [PATCH] Fix privileges for MariaDB 10.5

"BINLOG MONITOR" and "SLAVE MONITOR" replace
"REPLICATION CLIENT" (which is now an alias for "BINLOG MONITOR").
The validation in Ansible MySQL collection is too simple to
understand aliases and breaks. Hence, let's use the canonical
names and adapt per service according to its needs.

Change-Id: I1175e4846384accd19942620dc155d0c5728e64b
---
 ansible/roles/mariadb/tasks/register.yml     | 2 +-
 ansible/roles/prometheus/tasks/bootstrap.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/mariadb/tasks/register.yml b/ansible/roles/mariadb/tasks/register.yml
index 68d00bf6c..74894a5af 100644
--- a/ansible/roles/mariadb/tasks/register.yml
+++ b/ansible/roles/mariadb/tasks/register.yml
@@ -57,7 +57,7 @@
       name: "{{ mariadb_backup_database_user }}"
       password: "{{ mariadb_backup_database_password }}"
       host: "%"
-      priv: "*.*:CREATE TABLESPACE,RELOAD,PROCESS,SUPER,LOCK TABLES,REPLICATION CLIENT"
+      priv: "*.*:CREATE TABLESPACE,RELOAD,PROCESS,SUPER,LOCK TABLES,BINLOG MONITOR"
       append_privs: True
   when:
     - enable_mariabackup | bool
diff --git a/ansible/roles/prometheus/tasks/bootstrap.yml b/ansible/roles/prometheus/tasks/bootstrap.yml
index 7447eebdf..62420b24f 100644
--- a/ansible/roles/prometheus/tasks/bootstrap.yml
+++ b/ansible/roles/prometheus/tasks/bootstrap.yml
@@ -11,7 +11,7 @@
       name: "{{ prometheus_mysql_exporter_database_user }}"
       password: "{{ prometheus_mysql_exporter_database_password }}"
       host: "%"
-      priv: "*.*:PROCESS,REPLICATION CLIENT,SELECT"
+      priv: "*.*:PROCESS,SLAVE MONITOR,SELECT"
       append_privs: "yes"
   run_once: True
   delegate_to: "{{ groups['prometheus'][0] }}"
-- 
GitLab