Closed jls-appfire closed 2 months ago
Which version of provider did you use? This should be fixed in 3.0.49 and newer versions.
I find it hard to believe no one else reported this TBH, so perhaps I've missed something in my config? Looking at the code however, it seems that the function to generate the revoke statement does indeed generate only one output which includes. the ON ... component.
It needs the ON ...
component. That's because your grant granted the user/host all privileges to database mydatabase
. Had you granted the very same user/host privileges to anotherdatabase
, revoke without ON
would revoke too much.
The issue is combining ALL PRIVILEGES with revoking GRANT OPTION like this. And Derek fixed it here https://github.com/petoju/terraform-provider-mysql/pull/121
Looks like we are on 3.0.43 @petoju. I tried searching for a previous REVOKE issue but my query skills must be lacking. I'll try updating the module and let you know if it works for us.
This is perhaps then a duplicate of https://github.com/petoju/terraform-provider-mysql/issues/120. However I did look at that code, but thought it was part of the issue (I could be reading the code wrong too, I'm not a Go expert). According to the MySQL Docs I was reading, it is the ON ...
syntax that is the issue.
But before anything else, let me upgrade and validate as requested.
@jls-appfire does it work for you now?
Yes @petoju it has been working. Apologies that I didn't first check the versions. Thank you for the help.
We successfully created a
mysql_grant
resource in MySQL 8 (AWS Aurora) with permissions of all /grant = true
. However when deleting saidmysql_grant
resource, the provider returns an error:Reading the MySQL 8 documentation at https://dev.mysql.com/doc/refman/8.0/en/revoke.html it seems that the correct revoke statement when using
ALL
is:REVOKE ALL, GRANT OPTION FROM 'myuser'@'%'
http://doc.docs.sk/mysql-refman-5.5/revoke.html for MySQL 5.5 (although it is not the official URL) indicates the same.
I find it hard to believe no one else reported this TBH, so perhaps I've missed something in my config? Looking at the code however, it seems that the function to generate the revoke statement does indeed generate only one output which includes. the
ON ...
component.Terraform Version
Run
terraform -v
to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.1.6.5
Affected Resource(s)
Please list the resources as a list, for example:
If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.
Terraform Configuration Files
Debug Output
Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist. N/A
Panic Output
If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the
crash.log
. N/AExpected Behavior
What should have happened?
The mysql_grant should be revoked without error.
Actual Behavior
What actually happened?
The revoke statement throws the error
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
mysql_grant
terraform apply
Important Factoids
Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?
We're using MySQL 8 on AWS Aurora.
References
Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example: