fix for issue #1502

lib/puppet/provider/mysql_grant/mysql.rb

@@ -22,6 +22,15 @@ def self.instances
         next if %r{There is no such grant defined for user}.match?(e.inspect)
         raise Puppet::Error, _('#mysql had an error ->  %{inspect}') % { inspect: e.inspect }
       end
+
+      # initialize variables to be visible outside of the grants.each_line scope
+      stripped_privileges = []
+      table = ''
+      options = []
+      host = ''
+
+      # we need to iterate over all grants rows, because on mysql 8+ there are static and dynamic privileges
+      # each on separate row of show grants
       # Once we have the list of grants generate entries for each.
       grants.each_line do |grant|
         # Match the munges we do in the type.
@@ -34,7 +43,7 @@ def self.instances
         # split on ',' if it is not a non-'('-containing string followed by a
         # closing parenthesis ')'-char - e.g. only split comma separated elements not in
         # parentheses
-        stripped_privileges = privileges.strip.split(%r{\s*,\s*(?![^(]*\))}).map do |priv|
+        local_stripped_privileges = privileges.strip.split(%r{\s*,\s*(?![^(]*\))}).map do |priv|
           # split and sort the column_privileges in the parentheses and rejoin
           if priv.include?('(')
             type, col = priv.strip.split(%r{\s+|\b}, 2)
@@ -45,12 +54,14 @@ def self.instances
             (priv == 'ALL PRIVILEGES') ? 'ALL' : priv.strip
           end
         end
+        stripped_privileges.concat local_stripped_privileges
         # Same here, but to remove OPTION leaving just GRANT.
-        options = if %r{WITH\sGRANT\sOPTION}.match?(rest)
-                    ['GRANT']
-                  else
-                    ['NONE']
-                  end
+        local_options = if %r{WITH\sGRANT\sOPTION}.match?(rest)
+                          ['GRANT']
+                        else
+                          ['NONE']
+                        end
+        options.concat local_options
         # fix double backslash that MySQL prints, so resources match
         table.gsub!('\\\\', '\\')
         # We need to return an array of instances so capture these
@@ -62,10 +73,21 @@ def self.instances
         end
 
         sorted_privileges = stripped_privileges.uniq.sort
-        if newer_than('mysql' => '8.0.0') && sorted_privileges == ['ALTER', 'ALTER ROUTINE', 'CREATE', 'CREATE ROLE', 'CREATE ROUTINE', 'CREATE TABLESPACE', 'CREATE TEMPORARY TABLES', 'CREATE USER',
-                                                                   'CREATE VIEW', 'DELETE', 'DROP', 'DROP ROLE', 'EVENT', 'EXECUTE', 'FILE', 'INDEX', 'INSERT', 'LOCK TABLES', 'PROCESS', 'REFERENCES',
-                                                                   'RELOAD', 'REPLICATION CLIENT', 'REPLICATION SLAVE', 'SELECT', 'SHOW DATABASES', 'SHOW VIEW', 'SHUTDOWN', 'SUPER', 'TRIGGER',
-                                                                   'UPDATE']
+        if newer_than('mysql' => '8.0.0') &&
+           [['ALTER', 'ALTER ROUTINE', 'CREATE', 'CREATE ROLE', 'CREATE ROUTINE', 'CREATE TABLESPACE', 'CREATE TEMPORARY TABLES', 'CREATE USER',
+             'CREATE VIEW', 'DELETE', 'DROP', 'DROP ROLE', 'EVENT', 'EXECUTE', 'FILE', 'INDEX', 'INSERT', 'LOCK TABLES', 'PROCESS', 'REFERENCES',
+             'RELOAD', 'REPLICATION CLIENT', 'REPLICATION SLAVE', 'SELECT', 'SHOW DATABASES', 'SHOW VIEW', 'SHUTDOWN', 'SUPER', 'TRIGGER',
+             'UPDATE'], ['ALTER', 'ALTER ROUTINE', 'APPLICATION_PASSWORD_ADMIN', 'AUDIT_ABORT_EXEMPT', 'AUDIT_ADMIN', 'AUTHENTICATION_POLICY_ADMIN',
+                         'BACKUP_ADMIN', 'BINLOG_ADMIN', 'BINLOG_ENCRYPTION_ADMIN', 'CLONE_ADMIN', 'CONNECTION_ADMIN', 'CREATE', 'CREATE ROLE', 'CREATE ROUTINE',
+                         'CREATE TABLESPACE', 'CREATE TEMPORARY TABLES', 'CREATE USER', 'CREATE VIEW', 'DELETE', 'DROP', 'DROP ROLE', 'ENCRYPTION_KEY_ADMIN',
+                         'EVENT', 'EXECUTE', 'FILE', 'FIREWALL_EXEMPT', 'FLUSH_OPTIMIZER_COSTS', 'FLUSH_STATUS', 'FLUSH_TABLES', 'FLUSH_USER_RESOURCES',
+                         'GROUP_REPLICATION_ADMIN', 'GROUP_REPLICATION_STREAM', 'INDEX', 'INNODB_REDO_LOG_ARCHIVE', 'INNODB_REDO_LOG_ENABLE', 'INSERT',
+                         'LOCK TABLES', 'PASSWORDLESS_USER_ADMIN', 'PERSIST_RO_VARIABLES_ADMIN', 'PROCESS', 'REFERENCES', 'RELOAD', 'REPLICATION CLIENT',
+                         'REPLICATION SLAVE', 'REPLICATION_APPLIER', 'REPLICATION_SLAVE_ADMIN', 'RESOURCE_GROUP_ADMIN', 'RESOURCE_GROUP_USER', 'ROLE_ADMIN',
+                         'SELECT', 'SENSITIVE_VARIABLES_OBSERVER', 'SERVICE_CONNECTION_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID', 'SHOW DATABASES',
+                         'SHOW VIEW', 'SHOW_ROUTINE', 'SHUTDOWN', 'SUPER', 'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'TABLE_ENCRYPTION_ADMIN', 'TRIGGER', 'UPDATE',
+                         'XA_RECOVER_ADMIN'], ['ALL', 'USAGE']].include?(sorted_privileges)
+
           sorted_privileges = ['ALL']
 
         # The following two elsif blocks of code are a workaround for issue #1474.
@@ -83,6 +105,10 @@ def self.instances
                                     'SERVICE_CONNECTION_ADMIN', 'SESSION_VARIABLES_ADMIN', 'SET_USER_ID', 'SHOW_ROUTINE', 'SYSTEM_USER', 'SYSTEM_VARIABLES_ADMIN', 'TABLE_ENCRYPTION_ADMIN',
                                     'XA_RECOVER_ADMIN']
           sorted_privileges = ['ALL']
+
+        # the following elsif is there to mitigate problems with redundant ALL and USAGE, issue #1502
+        elsif sorted_privileges == ['ALL', 'USAGE']
+          sorted_privileges = ['ALL']
         end
 
         instance_configs[name] = {