fix(salt-user): redirect error output from user access checks

4cb4c05e · Heinz Wiesinger · 1af83d1f · 4cb4c05e
Commit 4cb4c05e authored 4 years ago by Heinz Wiesinger
--- a/mysql/salt-user.sls
+++ b/mysql/salt-user.sls
@@ -25,9 +25,9 @@ mysql_salt_user_with_salt_user:
    - connection_user: '{{ mysql_salt_user }}'
    - connection_pass: '{{ mysql_salt_pass }}'
    - connection_charset: utf8
-    # - onlyif:
-    #   - mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1;"
-    #   - VALUE=$(mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';"); if [ "$VALUE" = 'Y' ]; then /bin/true; else /bin/false; fi
+    - onlyif:
+      - mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1; 2>&1"
+      - VALUE=$(mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'Y' ]; then /bin/true; else /bin/false; fi
 {%- if os_family in ['RedHat', 'Suse'] %}
    - require_in:
      - mysql_user: mysql_root_password
@@ -47,8 +47,8 @@ mysql_salt_user_with_salt_user_grants:
    - connection_pass: '{{ mysql_salt_pass }}'
    - connection_charset: utf8
    - onlyif:
-      - mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1;"
-      - VALUE=$(mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';"); if [ "$VALUE" = 'Y' ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1;" 2>&1
+      - VALUE=$(mysql --user {{ mysql_salt_user }} --password='{{ mysql_salt_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'Y' ]; then /bin/true; else /bin/false; fi
    - require:
      - mysql_user: mysql_salt_user_with_salt_user
 {%- if os_family in ['RedHat', 'Suse'] %}
@@ -67,8 +67,8 @@ mysql_salt_user_with_root_user:
    - connection_pass: '{{ mysql_root_pass }}'
    - connection_charset: utf8
    - onlyif:
-      - mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1;"
-      - VALUE=$(mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';"); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1;" 2>&1
+      - VALUE=$(mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
 {%- if os_family in ['RedHat', 'Suse'] %}
    - require_in:
      - mysql_user: mysql_root_password
@@ -88,8 +88,8 @@ mysql_salt_user_with_root_user_grants:
    - connection_pass: '{{ mysql_root_pass }}'
    - connection_charset: utf8
    - onlyif:
-      - mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1;"
-      - VALUE=$(mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';"); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -h {{ mysql_host }} --execute="SELECT 1; 2>&1"
+      - VALUE=$(mysql --user {{ mysql_root_user }} --password='{{ mysql_root_pass|replace("'", "'\"'\"'") }}' -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
    - require:
      - mysql_user: mysql_salt_user_with_root_user
 {%- if os_family in ['RedHat', 'Suse'] %}
@@ -107,8 +107,8 @@ mysql_salt_user_with_passwordless_root_user:
    - connection_user: '{{ mysql_root_user }}'
    - connection_charset: utf8
    - onlyif:
-      - mysql --user {{ mysql_root_user }} -h {{ mysql_host }} --execute="SELECT 1;"
-      - VALUE=$(mysql --user {{ mysql_root_user }} -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';"); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_root_user }} -h {{ mysql_host }} --execute="SELECT 1; 2>&1"
+      - VALUE=$(mysql --user {{ mysql_root_user }} -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
 {%- if os_family in ['RedHat', 'Suse'] %}
    - require_in:
      - mysql_user: mysql_root_password
@@ -127,8 +127,8 @@ mysql_salt_user_with_passwordless_root_user_grants:
    - connection_user: '{{ mysql_root_user }}'
    - connection_charset: utf8
    - onlyif:
-      - mysql --user {{ mysql_root_user }} -h {{ mysql_host }} --execute="SELECT 1;"
-      - VALUE=$(mysql --user {{ mysql_root_user }} -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';"); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
+      - mysql --user {{ mysql_root_user }} -h {{ mysql_host }} --execute="SELECT 1; 2>&1"
+      - VALUE=$(mysql --user {{ mysql_root_user }} -ss -e "SELECT Grant_priv FROM mysql.user WHERE user = '{{ mysql_salt_user }}' AND host = '{{ host }}';" 2>&1); if [ "$VALUE" = 'N' -o -z "$VALUE" ]; then /bin/true; else /bin/false; fi
    - require:
      - mysql_user: mysql_salt_user_with_passwordless_root_user
 {%- if os_family in ['RedHat', 'Suse'] %}