Closed bgorbuntsov closed 1 year ago
Hi, we are experiencing the same behavior on our environment. Here is a bit of context about our environment:
Terraform code used:
resource "mysql_user" "user" {
for_each = local.users
user = each.value["user"]
host = each.value["host"]
plaintext_password = each.value["password"]
}
After a bit of investigation on the source code and terraform state, my guess is that the line at https://github.com/petoju/terraform-provider-mysql/blob/master/mysql/resource_user.go#L188 is preventing the user password update at https://github.com/petoju/terraform-provider-mysql/blob/master/mysql/resource_user.go#L200.
Checking my terraform state, I see that auth_plugin
has value mysql_native_password
(probably a default value as I'm not setting it) so the if
at https://github.com/petoju/terraform-provider-mysql/blob/master/mysql/resource_user.go#L166 renders true
, but as we are using plaintext_password
instead of auth_string_hashed
, no actual change is made in MySQL server due to the return nil
clause at https://github.com/petoju/terraform-provider-mysql/blob/master/mysql/resource_user.go#L188.
Running terraform with TF_LOG=TRACE
I can see some logged messages like
[DEBUG] Using driverName: mysql
generated at https://github.com/petoju/terraform-provider-mysql/blob/master/mysql/provider.go#L305 but I cannot see the log message at https://github.com/petoju/terraform-provider-mysql/blob/master/mysql/resource_user.go#L206.
I hope that this helps in debugging and fixing the issue
Thanks for the description.
I hope that this helps in debugging and fixing the issue
I prefer pull requests, but I did a quick fix in https://github.com/petoju/terraform-provider-mysql/pull/51 Please test that.
Just tested. For me it works! Thanks!
Tested new version (3.0.26) and it works as expected. Thank you so much!
Thanks, closing then!
Hi,
Terraform v1.3.6 AWS Aurora MySQL (5.7) compatible.
I created set of users with for_each argument usage. I need to the passwords to be stored to SSM Parameter Store, so I can't use mysql_user_password resource, hence I used random_password.
If I taint random_password resource it recreates password and that causes mysql_user in-place update. This code runs successfully but afterward the password in database still the same which was created on user creation.
I expect that the password will be changed as long as plaintext_password has been changed.
Thanks!