fix #106 add ability to set auth_plugin for mysql users

cten · cten · commit 14be4ffef569 · 2024-06-18T16:01:19.000-05:00
diff --git a/cluster/local/integration_tests.sh b/cluster/local/integration_tests.sh
@@ -265,7 +265,7 @@ echo "${INSTALL_YAML}" | "${KUBECTL}" delete -f -
 timeout=60
 current=0
 step=3
-while [[ $(kubectl get providerrevision.pkg.crossplane.io -o name | wc -l) != "0" ]]; do
+while [[ $(kubectl get providerrevision.pkg.crossplane.io -o name | wc -l | awk '{print $1}') != "0" ]]; do
   echo "waiting for provider to be deleted for another $step seconds"
   current=$current+$step
   if ! [[ $timeout > $current ]]; then
diff --git a/examples/mysql/user.yaml b/examples/mysql/user.yaml
@@ -4,7 +4,6 @@ metadata:
   name: example-user
 spec:
   forProvider:
-    authPlugin: AWSAuthenticationPlugin
     passwordSecretRef:
       name: example-pw
       namespace: default
diff --git a/package/crds/mysql.sql.crossplane.io_users.yaml b/package/crds/mysql.sql.crossplane.io_users.yaml
@@ -72,8 +72,9 @@ spec:
                   instance.
                 properties:
                   authPlugin:
-                    description: AuthPlugin defines the authentication plugin to be used.
-                      Meant to add support for AWS IAM DB authentication (ie. AWSAuthenticationPlugin)
+                    description: |-
+                      AuthPlugin defines the MySQL auth plugin (ie. AWSAuthenticationPlugin for AWS IAM authentication when using AWS RDS )
+                      See https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.DBAccounts.html
                     type: string
                   binlog:
                     description: BinLog defines whether the create, delete, update
diff --git a/pkg/controller/mysql/user/reconciler.go b/pkg/controller/mysql/user/reconciler.go
@@ -245,15 +245,15 @@ func (c *external) Create(ctx context.Context, mg resource.Managed) (managed.Ext
 	ro := resourceOptionsToClauses(cr.Spec.ForProvider.ResourceOptions)
 	binlog := cr.Spec.ForProvider.BinLog
 
-	var authplugin string 
+	var authplugin string
+
 	if cr.Spec.ForProvider.AuthPlugin != "" {
 		authplugin = cr.Spec.ForProvider.AuthPlugin
-	} else {
-		authplugin = "mysql_native_password"
 	}
 	var pw string
 
-	if authplugin == "mysql_native_password" {
+	switch authplugin {
+	case "":
 		var err error
 		pw, _, err = c.getPassword(ctx, cr)
 		if err != nil {
@@ -266,11 +266,11 @@ func (c *external) Create(ctx context.Context, mg resource.Managed) (managed.Ext
 				return managed.ExternalCreation{}, err
 			}
 		}
-		auth = fmt.Sprintf("%s BY %s", authplugin, mysql.QuoteValue(pw))
-	} else if authplugin == "AWSAuthenticationPlugin" {
-		auth = fmt.Sprintf("%s AS %s", authplugin, mysql.QuoteValue("RDS"))
-	} else {
-		return managed.ExternalCreation{},  errors.New(errAuthPluginNotSupported)
+		auth = fmt.Sprintf("BY %s", mysql.QuoteValue(pw))
+	case "AWSAuthenticationPlugin":
+		auth = fmt.Sprintf("WITH %s AS %s", authplugin, mysql.QuoteValue("RDS"))
+	default:
+		return managed.ExternalCreation{}, errors.New(errAuthPluginNotSupported)
 	}
 
 	if err := c.executeCreateUserQuery(ctx, username, host, ro, auth, binlog); err != nil {
@@ -293,13 +293,12 @@ func (c *external) executeCreateUserQuery(ctx context.Context, username string,
 	}
 
 	query := fmt.Sprintf(
-		"CREATE USER %s@%s IDENTIFIED WITH %s%s",
+		"CREATE USER %s@%s IDENTIFIED %s%s",
 		mysql.QuoteValue(username),
 		mysql.QuoteValue(host),
 		auth,
 		resourceOptions,
 	)
-	fmt.Println(query)
 
 	if err := mysql.ExecWithBinlogAndFlush(ctx, c.db, mysql.ExecQuery{Query: query, ErrorValue: errCreateUser}, mysql.ExecOptions{Binlog: binlog}); err != nil {
 		return err
