Feat/support authentication plugins like ldap simple

[alereca]

Description of your changes

Fixes #125

I have:

• Read and followed Crossplane's contribution process.
• Run make reviewable to ensure this PR is ready for review.

How has this code been tested

Added unit test for user controller create and update methods

• UserWithAnAuthPluginThatNotRequiresPassword (for both)

[Duologic]

Would you mind rebasing?

[mcanevet]

@alereca are you still interested in this feature? I'd like to see this merged, I can rebase and open a new PR crediting your work if you want.

[alereca]

@alereca are you still interested in this feature? I'd like to see this merged, I can rebase and open a new PR crediting your work if you want.

@mcanevet I would greatly appreciate it. Currently, I'm quite busy working on some quarterly job tasks and finishing my studies. Please let me know if you have any questions about anything here.

[alereca]

Would you mind rebasing?

@Duologic Sorry I didn't answer before

[mcanevet]

@alereca I think I underestimated the complexity of the conflicts.
I'm not sure how to fix the one on reconciler.go: https://gist.github.com/mcanevet/24b2fde49eab35c4ed717a4ebb5badf2

[chlunde]

As MariaDB does not support mysql_native_password, and mysql_native_password has been removed in later MySQL releases, I think we should support not managing the auth. plugin too. So either nil or "" should mean the default plugin.

The mysql_native_password authentication plugin is deprecated as of MySQL 8.0.34, disabled by default in MySQL 8.4, and removed as of MySQL 9.0.0.

Additionally, there are syntax differences here:

Context	MySQL Syntax	MariaDB Syntax	Unified?
Password, default auth	IDENTIFIED BY 'password'	IDENTIFIED BY 'password'	✅ Yes
Password, specific plugin	IDENTIFIED WITH plugin BY/AS 'password'	IDENTIFIED WITH/VIA plugin USING/AS 'password'	❌ No

So AS 'password' is the common syntax support by both, but only when using plugins.

https://mariadb.com/kb/en/create-user/
https://dev.mysql.com/doc/refman/8.4/en/create-user.html

Unless there are license issues I think this means we should run mysql in CI to catch issues like this, or at least enable running that locally.

WIP fix of compatibility issues + rebase: https://github.com/crossplane-contrib/provider-sql/compare/master...chlunde:provider-sql:feat/support-authentication-plugins-like-ldap-simple?expand=1

[matheus-guedes-movile]

Is there any chance of this being merged in the near future? It would really help us out, we have a case where we need to setup IAM Auth for RDS and #186 would solve our issues but it seems it was dropped in favour of this solution.

[alereca]

#133 (comment)

@chlunde Thank you for your detailed analysis on the MySQL/MariaDB compatibility issues! Your comment helped me tremendously to understand the correct approach for handling auth plugins. I've now implemented the solution using empty string/nil for default plugins as you suggested e71cc6e

[alereca]

#133 (comment)

@mcanevet Thank you for trying to help with the rebase. I was swamped at the time, but I've now managed to rebase it onto the current master and address all the issues. Hopefully it's in better shape now!

[alereca]

I've now rebased this PR onto the current master and addressed all the compatibility issues that were raised. The PR now:

• ✅ Uses empty string/nil for default auth plugins (avoiding deprecated mysql_native_password)
• ✅ Supports both MySQL and MariaDB syntax
• ✅ Includes unit tests for both cluster and namespaced controllers

@Duologic When you have a moment, would you mind taking a look? I believe this is now ready for review. Thanks!

[mlubanski]

@Duologic @chlunde
Could we merge @alereca PR?