[TEST III]

sinclert-canonical · sinclert-canonical · commit 2bb4cdc31b7a · 2025-07-14T17:18:55.000+02:00
diff --git a/lib/charms/mysql/v0/mysql.py b/lib/charms/mysql/v0/mysql.py
@@ -1131,7 +1131,11 @@ def configure_mysql_router_roles(self) -> None:
                 f"CREATE ROLE {role}",
                 f"GRANT CREATE ON *.* TO {role}",
                 f"GRANT CREATE USER ON *.* TO {role}",
-                f"GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON *.* TO {role} WITH GRANT OPTION",
+                # The granting of all privileges to the MySQL Router role
+                # can only be restricted when the privileges to the users
+                # created by such role are restricted as well
+                # https://github.com/canonical/mysql-router-operator/blob/main/src/mysql_shell/__init__.py#L134-L136
+                f"GRANT ALL ON *.* TO {role} WITH GRANT OPTION",
             ]
 
             try:
diff --git a/tests/unit/test_mysql.py b/tests/unit/test_mysql.py
@@ -149,7 +149,7 @@ def test_configure_mysql_router_roles(self, _run_mysqlcli_script, _list_mysql_ro
                 f"CREATE ROLE {role}",
                 f"GRANT CREATE ON *.* TO {role}",
                 f"GRANT CREATE USER ON *.* TO {role}",
-                f"GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON *.* TO {role} WITH GRANT OPTION",
+                f"GRANT ALL ON *.* TO {role} WITH GRANT OPTION",
             ]
 
             self.mysql.configure_mysql_router_roles()

Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,7 @@ def test_configure_mysql_router_roles(self, _run_mysqlcli_script, _list_mysql_ro`
`149`	`149`	`f"CREATE ROLE {role}",`
`150`	`150`	`f"GRANT CREATE ON . TO {role}",`
`151`	`151`	`f"GRANT CREATE USER ON . TO {role}",`
`152`		`- f"GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON . TO {role} WITH GRANT OPTION",`
	`152`	`+ f"GRANT ALL ON . TO {role} WITH GRANT OPTION",`
`153`	`153`	`]`
`154`	`154`
`155`	`155`	`self.mysql.configure_mysql_router_roles()`