search

hashicorp / terraform-provider-mysql

Terraform MySQL provider – This Terraform provider is archived per our provider archiving process: https://terraform.io/docs/internals/archiving.html
https://www.terraform.io/docs/providers/mysql/
Mozilla Public License 2.0
61 stars 189 forks source link

Proxy functionality is broken in 1.9.0 #116

Open mohsen0 opened 4 years ago

mohsen0 commented 4 years ago

Setting export ALL_PROXY to sock5 proxy created by ssh -D suppose to help the provider to connect to a MySQL instance behind a bastion box.

But on version 1.8.0 this functionality works and in 1.9.0, it is broken.

Terraform Version

Terraform v0.12.21

Affected Resource(s)

provider connectivity to MySQL instance through a sock5 proxy

Terraform Configuration Files

provider "mysql" {
  # 1.8.0 works
  version  = "1.9.0"
  endpoint = "my-mysql-behind-a-bastion-box.example.com:3306"
  username = var.MYSQL_TERRAFORM_USER
  password = var.MYSQL_TERRAFORM_PASS
}

Debug Output

Panic Output

export ALL_PROXY=sock5://127.0.0.1:3306
terraform init
Initializing the backend...

Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.

Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "mysql" (terraform-providers/mysql) 1.9.0...
- Downloading plugin for provider "random" (hashicorp/random) 2.2.1...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.mysql: version = "~> 1.9"
* provider.random: version = "~> 2.2"

Terraform has been successfully initialized!
terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

module.db_users.mysql_user.iam_role_developers: Refreshing state... [id=developers@%]
channel 3: open failed: connect failed: Connection refused
module.db_service_users.random_string.app_one_user_password: Refreshing state... [id=none]
module.db_service_users.mysql_user.app_one: Refreshing state... [id=app_one@%]
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused
channel 3: open failed: connect failed: Connection refused

Error: Could not connect to server: socks connect tcp 127.0.0.1:1080->my-mysql-behind-a-bastion-box.example.com:3306: socks connect tcp 127.0.0.1:1080->127.0.0.1:1080: EOF

Error: Could not connect to server: socks connect tcp 127.0.0.1:1080->my-mysql-behind-a-bastion-box.example.com:3306: socks connect tcp 127.0.0.1:1080->127.0.0.1:1080: EOF

client_loop: send disconnect: Broken pipe

ssh debug logs

debug1: Connection to port 3306 forwarding to socks port 0 requested.
debug2: fd 7 setting TCP_NODELAY
debug3: fd 7 is O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 2: new [dynamic-tcpip]
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 3
debug2: channel 2: decode socks5
debug2: channel 2: socks5 auth done
debug2: channel 2: pre_dynamic: need more
debug2: channel 2: pre_dynamic: have 0
debug2: channel 2: pre_dynamic: have 10
debug2: channel 2: decode socks5
debug2: channel 2: socks5 post auth
debug2: channel 2: dynamic request: socks5 host 127.0.0.1 port 3306 command 1
debug3: send packet: type 90
debug3: receive packet: type 92
channel 2: open failed: connect failed: Connection refused
debug2: channel 2: zombie
debug2: channel 2: garbage collecting
debug1: channel 2: free: direct-tcpip: listening port 3306 for 127.0.0.1 port 3306, connect from 127.0.0.1 port 59832 to 127.0.0.1 port 3306, nchannels 3
debug3: channel 2: status: The following connections are open:

Expected Behavior

What should have happened?

So when trying hit the endpoint with nc or previous version of the provider. it works, but the following logline in the ssh log is different.

debug2: channel 3: dynamic request: socks5 host my-mysql-behind-a-bastion-box.example.com port 3306 command 1

instead of 

debug2: channel 2: dynamic request: socks5 host 127.0.0.1 port 3306 command 1

Steps to Reproduce

Set the version of the provider to be 1.9.0. Set the export ALL_PROXY=sock5://127.0.0.1:3306 Create the SSH proxy

ssh -vvvv -i ~/.ssh/id_rsa -D 3306 -S /tmp/ssh-control-socket -f -C -N -l username <bastion ip>

Run terraform init and plan

babadofar commented 4 years ago

I can confirm that this still is not working in version 1.9.0 Needs to set version 1.8.0 to use SOCKS Thanks a lot for posting this @mohsen0 I had a hard time trying to figure out what was wrong.

pdefreitas commented 3 years ago

I have been able to replicate the same issue. Wondering if this closed PR fix the bug #119.