Feature - Add support for importing mysql roles#268
Feature - Add support for importing mysql roles#268jutaz wants to merge 10 commits intopetoju:masterfrom
Conversation
petoju
left a comment
petoju
left a comment
There was a problem hiding this comment.
Thanks - please fix (don't use) quoteIdentifiers as it's used for different kind of identifiers.
Also please make sure your PR passes all the tests. You can test it easily using make test in your shell or look at failed tests in this PR.
mysql/resource_role.go
Outdated
| roleName := d.Get("name").(string) | ||
|
|
||
| sql := fmt.Sprintf("CREATE ROLE '%s'", roleName) | ||
| sql := fmt.Sprintf("CREATE ROLE %s", quoteIdentifier(roleName)) |
There was a problem hiding this comment.
Please leave the old solution here. It's maybe counter-intuitive, but quote identifier uses backticks - and this needs apostrophes.
Backticks work only on MariaDB as far as I know. That applies to all calls with roles.
mysql/resource_role.go
Outdated
| d.SetId("") | ||
| return nil | ||
| errorNumber := mysqlErrorNumber(err) | ||
| if errorNumber == 1133 || errorNumber == 1396 { |
There was a problem hiding this comment.
When would error 1396 happen? Should we handle that?
Maybe I'd add 1141 here (ER_NONEXISTING_GRANT).
There was a problem hiding this comment.
https://www.bytebase.com/reference/mysql/error/1396-operation-failed-for-user/
This error occurs when trying to perform a user management operation (such as CREATE USER, DROP USER, or GRANT) on a MySQL user that either already exists (for CREATE) or doesn't exist (for DROP or GRANT). It indicates a mismatch between the expected and actual state of the user account.
There was a problem hiding this comment.
But you're not running any of these. And based on the link, it could be an "internal error" of non-flushed user. In that case, we probably don't want to arbitrarily drop the resource from TF that exists in reality.
Yeah, doing that as part of the PR. |
jutaz
force-pushed
the
feature/mysql-role-import-support
branch
from
8b8353e to
c52aabd
Compare
- Change quoteRoleName to use single quotes (e.g., 'name') instead of backticks
- Change formatUserIdentifier to use single quotes (e.g., 'user'@'host')
- Both functions now escape single quotes by doubling them ('')
- This provides better compatibility across MySQL/MariaDB versions
- Supports @ in usernames for GCP IAM compatibility
- unescapeRoleName already handles doubled single quotes
- quoteRoleName now uses backticks with doubled-backtick escaping - UserOrRole.SQLString() uses backticks for roles (Host == ''), single quotes for users - unescapeRoleName already handles both doubled backticks and doubled single quotes - formatUserIdentifier continues using single quotes for user@host format
jutaz
force-pushed
the
feature/mysql-role-import-support
branch
from
a33f573 to
1ac6e33
Compare
2 participants
Closes #267