Skip to content

Support RDS IAM authentication for MySQL#186

Closed
fortra-cloudops-platform wants to merge 1 commit intocrossplane-contrib:masterfrom
fortra-cloudops-platform:master
Closed

Support RDS IAM authentication for MySQL#186
fortra-cloudops-platform wants to merge 1 commit intocrossplane-contrib:masterfrom
fortra-cloudops-platform:master

Conversation

@fortra-cloudops-platform
Copy link

@fortra-cloudops-platform fortra-cloudops-platform commented Jul 1, 2024

Description of your changes

Fixes #106, provides the ability to create MySQL users with the AWSAuthenticationPlugin

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

Honestly I have had issues testing as I don't know how to get the provider to run my image successfully, any help appreciated.

@cten
fix crossplane-contrib#106 add ability to set auth_plugin for mysql u…
8004d67 
…sers

Signed-off-by: cten <cxtenberge5@gmail.com>
@mcanevet
Copy link

mcanevet commented Jul 3, 2024

I was about to rebase #133, but it's a bit complicated because a lot of things have changed since that PR have been submitted.
So I tested that one and it works fine. Although, the default is mysql_native_password but this value throws errAuthPluginNotSupported error. Except form that it works fine.

@cten
Copy link

cten commented Jul 3, 2024

I found that setting the default to mysql_native_password fails, documentation makes me believe it should work but failed on the MySQL version I tried. I can try to replicate the changes from #133 on current master. I think those might be cleaner code. Only difference would be not setting a default plugin name.

@mcanevet
Copy link

mcanevet commented Jul 3, 2024

At least I can confirm that this PR works fine. I'm using it right now.
Thanks a lot for this work!

@pierluigilenoci
Copy link

pierluigilenoci commented Aug 14, 2024

@chlunde @Duologic, could someone from you review the PR?

chlunde
chlunde reviewed Aug 14, 2024
View reviewed changes
pkg/controller/mysql/user/reconciler.go
if pw == "" {
pw, err = password.Generate()
switch authplugin {
case "":
Copy link
Collaborator

@chlunde chlunde Aug 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

default:"mysql_native_password"

is not handled here?

chlunde
chlunde reviewed Aug 14, 2024
View reviewed changes
apis/mysql/v1alpha1/user_types.go
// AuthPlugin defines the MySQL auth plugin (ie. AWSAuthenticationPlugin for AWS IAM authentication when using AWS RDS )
// See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.DBAccounts.html
// +optional
AuthPlugin string `json:"authPlugin,omitempty" default:"mysql_native_password"`
Copy link
Collaborator

@chlunde chlunde Aug 14, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

since the code only accepts specific values here, I think you should use an enum to limit to the valid types. Alternatively, let the code handle any value, if that possible

@chlunde
Copy link
Collaborator

chlunde commented Aug 14, 2024

I'm not a maintainer of this project (and not a MySQL user), but as you pinged me I left some comments :)

A couple more:

  1. this code needs unit tests so we cover the new branches

  2. It might be cleaner if you keep the query building part inside executeCreateUserQuery instead of partially building it outside, because now we get SQL quoting/escaping in different layers of the code

@pierluigilenoci
Copy link

pierluigilenoci commented Aug 22, 2024

@fortra-cloudops-platform, can you check/react to PR comments?

@chlunde chlunde linked an issue May 27, 2025 that may be closed by this pull request
Support Authentication Plugins like authentication_ldap_simple #125
Open
@chlunde chlunde mentioned this pull request May 27, 2025
Open
2 tasks
@chlunde
Copy link
Collaborator

chlunde commented Jun 15, 2025

We'll move forward with #212 instead of this. We can extend it with more features if needed.

@chlunde chlunde closed this Jun 15, 2025
@matheus-guedes-movile matheus-guedes-movile mentioned this pull request Aug 21, 2025
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chlunde chlunde chlunde left review comments

+1 more reviewer

@mcanevet mcanevet mcanevet approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support Authentication Plugins like authentication_ldap_simple Support RDS IAM authentication

5 participants

@fortra-cloudops-platform @mcanevet @cten @pierluigilenoci @chlunde