From 40fa0aadc77b7c94df7d88e875463b2dfbaa3543 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9Ctkr=E2=80=9D?= <“tim.kruth@wiit.cloud”>
Date: Mon, 16 Jun 2025 14:32:00 +0200
Subject: [PATCH] mysql_user: fix crash when default role is set

---
 plugins/module_utils/user.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/plugins/module_utils/user.py b/plugins/module_utils/user.py
index 337cc67..59f9b01 100644
--- a/plugins/module_utils/user.py
+++ b/plugins/module_utils/user.py
@@ -665,12 +665,19 @@ def privileges_get(cursor, user, host, maria_role=False):
             res = re.match("""GRANT (.+) ON (.+) TO .*""", grant[0])
 
         if res is None:
-            # If a user has roles assigned, we'll have one of priv tuples looking like
+            # If a user has roles or a default role assigned,
+            # we'll have some of the priv tuples looking either like
             # GRANT `admin`@`%` TO `user1`@`localhost`
+            # or
+            # SET DEFAULT ROLE `admin`@`%` FOR `user1`@`localhost`
             # which will result None as res value.
             # As we use the mysql_role module to manipulate roles
             # we just ignore such privs below:
-            res = re.match("""GRANT (.+) TO (['`"]).*""", grant[0])
+            res = re.match(
+                """GRANT (.+) TO (['`"]).*|SET DEFAULT ROLE (.+) FOR (['`"]).*""",
+                grant[0]
+            )
+
             if not maria_role and res:
                 continue