feat: remove conflict between auth_plugin and plaintext_password (#173)

petoju · Sep 12, 2024 · ca654b1 · ca654b1
1 parent e4c6424
commit ca654b1
Show file tree

Hide file tree

Showing 2 changed files with 155 additions and 1 deletion.
diff --git a/mysql/resource_user.go b/mysql/resource_user.go
@@ -58,7 +58,7 @@ func resourceUser() *schema.Resource {
 				Optional:         true,
 				ForceNew:         true,
 				DiffSuppressFunc: NewEmptyStringSuppressFunc,
-				ConflictsWith:    []string{"plaintext_password", "password"},
+				ConflictsWith:    []string{"password"},
 			},
 
 			"aad_identity": {
@@ -193,6 +193,9 @@ func CreateUser(ctx context.Context, d *schema.ResourceData, meta interface{}) d
 
 	if authStm != "" {
 		stmtSQL = stmtSQL + authStm
+		if password != "" {
+			stmtSQL = stmtSQL + fmt.Sprintf(" BY '%s'", password)
+		}
 	} else if password != "" {
 		stmtSQL = stmtSQL + fmt.Sprintf(" IDENTIFIED BY '%s'", password)
 	}

diff --git a/mysql/resource_user_test.go b/mysql/resource_user_test.go
@@ -77,6 +77,15 @@ func TestAccUser_auth(t *testing.T) {
 					resource.TestCheckResourceAttr("mysql_user.test", "auth_plugin", "mysql_native_password"),
 				),
 			},
+			{
+				Config: testAccUserConfig_auth_native_plaintext,
+				Check: resource.ComposeTestCheckFunc(
+					testAccUserAuthExists("mysql_user.test"),
+					resource.TestCheckResourceAttr("mysql_user.test", "user", "jdoe"),
+					resource.TestCheckResourceAttr("mysql_user.test", "host", "example.com"),
+					resource.TestCheckResourceAttr("mysql_user.test", "auth_plugin", "mysql_native_password"),
+				),
+			},
 			{
 				Config: testAccUserConfig_auth_iam_plugin,
 				Check: resource.ComposeTestCheckFunc(
@@ -90,6 +99,30 @@ func TestAccUser_auth(t *testing.T) {
 	})
 }
 
+func TestAccUser_auth_mysql8(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheckSkipTiDB(t)
+			testAccPreCheckSkipMariaDB(t)
+			testAccPreCheckSkipRds(t)
+			testAccPreCheckSkipNotMySQLVersionMin(t, "8.0.14")
+		},
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccUserCheckDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccUserConfig_auth_caching_sha2_password,
+				Check: resource.ComposeTestCheckFunc(
+					testAccUserAuthExists("mysql_user.test"),
+					resource.TestCheckResourceAttr("mysql_user.test", "user", "jdoe"),
+					resource.TestCheckResourceAttr("mysql_user.test", "host", "example.com"),
+					resource.TestCheckResourceAttr("mysql_user.test", "auth_plugin", "caching_sha2_password"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccUser_authConnect(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		PreCheck: func() {
@@ -160,6 +193,46 @@ func TestAccUser_authConnectRetainOldPassword(t *testing.T) {
 				),
 				ExpectError: regexp.MustCompile(`.*Access denied for user 'jdoe'.*`),
 			},
+			{
+				Config: testAccUserConfig_auth_native_plaintext_retain_old_password,
+				Check: resource.ComposeTestCheckFunc(
+					testAccUserAuthValid("jdoe", "password"),
+				),
+			},
+			{
+				Config: testAccUserConfig_auth_native_plaintext_newPass_retain_old_password,
+				Check: resource.ComposeTestCheckFunc(
+					testAccUserAuthValid("jdoe", "password"),
+					testAccUserAuthValid("jdoe", "password2"),
+				),
+			},
+			{
+				Config: testAccUserConfig_auth_native_plaintext_newNewPass_retain_old_password,
+				Check: resource.ComposeTestCheckFunc(
+					testAccUserAuthValid("jdoe", "password"),
+				),
+				ExpectError: regexp.MustCompile(`.*Access denied for user 'jdoe'.*`),
+			},
+			{
+				Config: testAccUserConfig_auth_caching_sha2_password_retain_old_password,
+				Check: resource.ComposeTestCheckFunc(
+					testAccUserAuthValid("jdoe", "password"),
+				),
+			},
+			{
+				Config: testAccUserConfig_auth_caching_sha2_password_newPass_retain_old_password,
+				Check: resource.ComposeTestCheckFunc(
+					testAccUserAuthValid("jdoe", "password"),
+					testAccUserAuthValid("jdoe", "password2"),
+				),
+			},
+			{
+				Config: testAccUserConfig_auth_caching_sha2_password_newNewPass_retain_old_password,
+				Check: resource.ComposeTestCheckFunc(
+					testAccUserAuthValid("jdoe", "password"),
+				),
+				ExpectError: regexp.MustCompile(`.*Access denied for user 'jdoe'.*`),
+			},
 		},
 	})
 }
@@ -361,6 +434,24 @@ resource "mysql_user" "test" {
 }
 `
 
+const testAccUserConfig_auth_native_plaintext = `
+resource "mysql_user" "test" {
+    user               = "jdoe"
+    host               = "example.com"
+    auth_plugin        = "mysql_native_password"
+    plaintext_password = "password"
+}
+`
+
+const testAccUserConfig_auth_caching_sha2_password = `
+resource "mysql_user" "test" {
+    user               = "jdoe"
+    host               = "example.com"
+    auth_plugin        = "caching_sha2_password"
+    plaintext_password = "password"
+}
+`
+
 const testAccUserConfig_basic_retain_old_password = `
 resource "mysql_user" "test" {
     user = "jdoe"
@@ -387,3 +478,63 @@ resource "mysql_user" "test" {
     retain_old_password = true
 }
 `
+
+const testAccUserConfig_auth_native_plaintext_retain_old_password = `
+resource "mysql_user" "test" {
+    user                = "jdoe"
+    host                = "%"
+    auth_plugin         = "mysql_native_password"
+    plaintext_password  = "password"
+    retain_old_password = true
+}
+`
+
+const testAccUserConfig_auth_native_plaintext_newPass_retain_old_password = `
+resource "mysql_user" "test" {
+    user                = "jdoe"
+    host                = "%"
+    auth_plugin         = "mysql_native_password"
+    plaintext_password  = "password2"
+    retain_old_password = true
+}
+`
+
+const testAccUserConfig_auth_native_plaintext_newNewPass_retain_old_password = `
+resource "mysql_user" "test" {
+    user                = "jdoe"
+    host                = "%"
+    auth_plugin         = "mysql_native_password"
+    plaintext_password  = "password3"
+    retain_old_password = true
+}
+`
+
+const testAccUserConfig_auth_caching_sha2_password_retain_old_password = `
+resource "mysql_user" "test" {
+    user                = "jdoe"
+    host                = "%"
+    auth_plugin         = "caching_sha2_password"
+    plaintext_password  = "password"
+    retain_old_password = true
+}
+`
+
+const testAccUserConfig_auth_caching_sha2_password_newPass_retain_old_password = `
+resource "mysql_user" "test" {
+    user                = "jdoe"
+    host                = "%"
+    auth_plugin         = "caching_sha2_password"
+    plaintext_password  = "password2"
+    retain_old_password = true
+}
+`
+
+const testAccUserConfig_auth_caching_sha2_password_newNewPass_retain_old_password = `
+resource "mysql_user" "test" {
+    user                = "jdoe"
+    host                = "%"
+    auth_plugin         = "caching_sha2_password"
+    plaintext_password  = "password3"
+    retain_old_password = true
+}
+`