Open casperisfine opened 2 weeks ago
Good catch, looks like it.
Actually I wonder if the incompatibility is mainly a difference in mysql2 defaulting to ssl enabled and trilogy defaulting to disabled. If I disable ssl for mysql2 I get a similar error (this error message one of the possible paths from the code I linked):
Mysql2::Client.new(host: '127.0.0.1', username: 'caching_sha2', password: 'abc', ssl_mode: :disabled)
#=> Authentication plugin 'caching_sha2_password' reported error: Authentication requires secure connection. (Mysql2::Error)
(I set up a caching_sha2 user called caching_sha2)
AFIK this is by design by the trilogy authors, see https://github.com/trilogy-libraries/trilogy/issues/26#issuecomment-1995521936 and https://github.com/trilogy-libraries/trilogy/pull/165
Note that we have chosen on purpose to only implement the path where TLS or a unix socket is used.
Yeah, I discussed this with GitHub folks. It wasn't implemented because it's a lot of work and tricky, and not the most used part. So it was deemed better to ship the caching_sha2+TLS
part and leave the raw TCP part of the protocol unimplemented for now.
I still think we should implement it at some point because if mysql-server
ship with a caching_sha2
user but no SSL that may be an issue.
It would be nice to also be closer to a drop-in placement for the mysql2
gem in many cases. I for example stopped evaluating it some months ago because of this. Would probably have worked fine in prod, but would have added some complications to our dev and test setup. Still possible, but wasn't worth it.
We'd gladly accept a PR, but per-the previous PR, it is quite complicated.
I ran into something I don't quite understand the other day when making a gem compatible with
trilogy
: https://github.com/cainlevy/scenic-mysql_adapter/pull/2 / https://github.com/cainlevy/scenic-mysql_adapter/actions/runs/10516090228/That gem CI uses the default mysql baked into GitHub Actions
ubuntu-latest
images:Nothing else changed in the test suite, just the same code using Active Record, one with
mysql2
the other withtrilogy
.The
mysql2
jobs went fine, but thetrilogy
ones failed to connect with:So I don't know what
mysql2
is doing, if it somehow accept to docaching_sha2
without TLS, or if somehow it fallbacks to another method, but I think we should do the same thing if we want to ease the transition frommysql2
totrilogy
.cc @adrianna-chang-shopify @eileencodes @jhawthorn @matthewd