Importing mysql grants issue some time after v3.0.16

gallois commented 4 months ago

Terraform Version

$ terraform --version Terraform v1.2.3

Affected Resource(s)

mysql_grant

Terraform Configuration Files

provider "mysql" {
  endpoint = "localhost:3380"
  username = "root"
  password = "my-secret-pw"
}

resource "mysql_user" "foo_user_local" {
  provider           = mysql
  user               = "foo_user"
  plaintext_password = "foo_pass"
}

resource "mysql_grant" "foo_grant_local" {
  provider   = mysql
  user       = mysql_user.foo_user_local.user
  host       = mysql_user.foo_user_local.host
  database   = "test_db"
  privileges = ["SELECT", "UPDATE"]
}

Expected Behavior

Trying to import the grant above should work on v3.0.47 of the provider

Actual Behavior

Importing fails on v3.0.47 of the provider, but works on older versions (at least 3.0.16)

Steps to Reproduce

Confirm that the resources exist in the database


mysql> select user, host from mysql.user where user like 'foo_user';
+----------+-----------+
| user     | host      |
+----------+-----------+
| foo_user | localhost |
+----------+-----------+
1 row in set (0.01 sec)

mysql> show grants for 'foo_user'@'localhost'; +-------------------------------------------------------+ | Grants for foo_user@localhost | +-------------------------------------------------------+ | GRANT USAGE ON . TO foo_user@localhost | | GRANT SELECT ON test_db.* TO foo_user@localhost | +-------------------------------------------------------+ 2 rows in set (0.00 sec)

2. Clean up the environment

$ terraform state list | xargs terraform state rm $ rm -rf .terraform* && terraform init (...)

Finding petoju/mysql versions matching "3.0.16"... (...)
```
3. Test on v3.0.16 `$ terraform apply`
4. Import the necessary resources
```
$ terraform import mysql_user.foo_user_local 'foo_user@localhost' $ terraform import mysql_grant.foo_grant_local 'foo_user@localhost@test_db@' mysql_grant.foo_grant_local: Importing from ID "foo_user@localhost@test_db@"... mysql_grant.foo_grant_local: Import prepared! Prepared mysql_grant for import mysql_grant.foo_grant_local: Refreshing state... [id=foo_user@localhost:test_db]

Import successful!

The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform.

5. Change version to 3.0.47
6. Clean up the environment again

$ terraform state list | xargs terraform state rm $ rm -rf .terraform* && terraform init (...)

Finding petoju/mysql versions matching "3.0.47"... (...)
```
7. Import the necessary resources
```
$ terraform import mysql_user.foo_user_local 'foo_user@localhost' $ terraform import mysql_grant.foo_grant_local 'foo_user@localhost@test_db@' terraform import mysql_grant.foo_grant_local 'foo_user@localhost@test_db@' mysql_grant.foo_grant_local: Importing from ID "foo_user@localhost@test_db@*"... ╷ │ Error: The provider returned a resource missing an identifier during ImportResourceState. This is generally a bug in the resource implementation for import. Resource import code should not call d.SetId("") or create an empty ResourceData. If the resource is missing, instead return an error. Please report this to the provider developers.

Important Factoids

I was initially running an older version (v3.0.16) that was working fine. I've opened a PR to implement another feature, but couldn't import the grants on this version, which is based on latest. That's how I spotted the issue. There are, unsurprisingly, quite a few changes between these two versions, many of them in the grant resource.

I've seen this issue on MySQL 8.x only, haven't tried others. I was able to reproduce both with v8.3.0 which is installed by default through brew and v8.0.36, which is the version that comes with the docker container in the acceptance tests.

I have a more detailed output of the commands that were run above, but they don't add much more useful information. Happy to share if necessary.

gallois commented 4 months ago

I've managed to get it working with this commit. For reference, I've applied (most of) the changes of the PR mentioned above to the commit mentioned before and both the certificates and the grants are working as expected. It can be found in this branch

dgschwindturo commented 3 months ago

We are also seeing this same error by using an import block in our terraform code and while using v3.0.49 of this MySQL provider. We are using v1.6.5 of Terraform and our import block is of the form:

import {
  to = module.path.to.resource
  id = "user@%: 'databaseName'"
}

Where we retrieved that identifier from Terraform state. Trying to follow the syntax specified in the docs for id here. We have also tried the id to be of the form id = "user@%@databaseName@*" to attempt to indicate we do not care about the host nor table. This latter form produces an error of the form reported in this issue with additional error text of "Error: The provider returned a resource missing an identifier during ImportResourceState. This is generally a bug in the resource implementation for import."

Will attempt to roll back to v3.0.16 of this provider to see if that will give us immediate relief.

dgschwindturo commented 3 months ago

For what its worth, we were able to work around this issue using v3.0.16 of the provider and ids with the following forms:

user@%@databaseName@*
user@%@*@*

petoju commented 3 months ago

This should be fixed (and more tests were added to prevent this again) in 3.0.51.

That said, I could have missed something.

dgschwindturo commented 3 months ago

v3.0.52 looks to have resolved our issue @petoju , thank you very much!

petoju / terraform-provider-mysql