Closed irtiza-baig-unmind closed 2 months ago
I redacted the gist URL - please remove the GIST also from your account, as it contained a password and other details.
Try selecting all user rows from mysql.user
like this:
SELECT * FROM mysql.user WHERE user='REDACTED';
-> this should show, whether there is no other auth row.
Why? I believe this issue means server returned that native password has to be used. There could be more users with different hosts while you are looking at incorrect one.
Hiya,
This produces the same thing as above. No other rows are returned
Host | User | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | password_last_changed | password_lifetime | account_locked | Load_from_S3_priv | Select_into_S3_priv | Invoke_lambda_priv | Invoke_sagemaker_priv | Invoke_comprehend_priv |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
% | REDACTED | Y | Y | Y | Y | N | N | N | N | N | N | Y | N | N | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | 0 | 0 | 0 | 0 | AWSAuthenticationPlugin | RDS | N | N | N | N | N | N | N |
This comes from go MySQL library, that gets it from packet, so I'm not completely convinced we can easily do anything about that.
Maybe try writing a small Go program using https://github.com/go-sql-driver/mysql , that connects there. Once we have it, we would know, what doesn't work and what works. Without that, it's difficult
I wrote a quick go app and am getting some incredibly strange behaviour: https://gist.github.com/irtiza-baig-unmind/256328a07d25f955025ae6f37b1ab09c
As soon as I append: &allowNativePasswords=false
to the constructed DSN string we see the same error we're getting in the provider.
@irtiza-baig-unmind if I understand correctly, this clearly shows you need native password authentication, not plaintext. Even in your terraform.
I do not agree. Because when I run the provider with
authentication_plugin=native
or not including it all I get the error:
Error: failed to connect to MySQL: could not connect to server: this user requires clear text authentication. If you still want to use it, please add 'allowCleartextPasswords=1' to your DSN
Running my go app with:
c := mysql.Config{
User: "terraformci",
Passwd: "TOKEN",
Net: "tcp",
Addr: "CONNECTION_URL:3306",
TLSConfig: "true",
AllowCleartextPasswords: true,
AllowNativePasswords: true,
}
Works. This seems to match up with what this user was trying to say in this issue: https://github.com/hashicorp/terraform-provider-mysql/issues/89
Hi there,
I am trying to use cleartext auth to login to our mysql database in AWS using IAM authentication but it seems the provider does not allow cleartext authentication despite being an acceptable input
Terraform Version
Terraform v1.0.11 Provider version: 3.0.33
Affected Resource(s)
Please list the resources as a list, for example:
If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.
Terraform Configuration Files
Debug Output
REDACTED
Expected Behavior
Provider creates the resources
Actual Behavior
What actually happened? 2023-04-04T14:30:10.594+0100 [DEBUG] provider.terraform-provider-mysql_v3.0.33: [mysql] 2023/04/04 14:30:10 connector.go:95: could not use requested auth plugin 'mysql_native_password': this user requires mysql native password authentication.
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform apply
Important Factoids