From 2e71bd5ed26ad59e9cd157e855ec1584b89cbc42 Mon Sep 17 00:00:00 2001 From: Peter Junos Date: Mon, 4 Jul 2022 11:26:55 +0200 Subject: [PATCH] Add docs + small test --- mysql/resource_user.go | 2 ++ mysql/resource_user_test.go | 29 +++++++++++++++++++++++++++++ website/docs/r/user.html.markdown | 13 +++++++++++++ 3 files changed, 44 insertions(+) diff --git a/mysql/resource_user.go b/mysql/resource_user.go index 67e25b01..5adf2cbd 100644 --- a/mysql/resource_user.go +++ b/mysql/resource_user.go @@ -58,10 +58,12 @@ func resourceUser() *schema.Resource { DiffSuppressFunc: NewEmptyStringSuppressFunc, ConflictsWith: []string{"plaintext_password", "password"}, }, + "auth_string_hashed": { Type: schema.TypeString, Optional: true, DiffSuppressFunc: NewEmptyStringSuppressFunc, + RequiredWith: []string{"auth_plugin"}, ConflictsWith: []string{"plaintext_password", "password"}, }, diff --git a/mysql/resource_user_test.go b/mysql/resource_user_test.go index 3814a47d..769a3718 100644 --- a/mysql/resource_user_test.go +++ b/mysql/resource_user_test.go @@ -65,6 +65,24 @@ func TestAccUser_auth(t *testing.T) { resource.TestCheckResourceAttr("mysql_user.test", "auth_plugin", "mysql_no_login"), ), }, + { + Config: testAccUserConfig_auth_native, + Check: resource.ComposeTestCheckFunc( + testAccUserAuthExists("mysql_user.test"), + resource.TestCheckResourceAttr("mysql_user.test", "user", "jdoe"), + resource.TestCheckResourceAttr("mysql_user.test", "host", "example.com"), + resource.TestCheckResourceAttr("mysql_user.test", "auth_plugin", "mysql_native_password"), + ), + }, + { + Config: testAccUserConfig_auth_iam_plugin, + Check: resource.ComposeTestCheckFunc( + testAccUserAuthExists("mysql_user.test"), + resource.TestCheckResourceAttr("mysql_user.test", "user", "jdoe"), + resource.TestCheckResourceAttr("mysql_user.test", "host", "example.com"), + resource.TestCheckResourceAttr("mysql_user.test", "auth_plugin", "mysql_no_login"), + ), + }, }, }) } @@ -232,3 +250,14 @@ resource "mysql_user" "test" { auth_plugin = "mysql_no_login" } ` + +const testAccUserConfig_auth_native = ` +resource "mysql_user" "test" { + user = "jdoe" + host = "example.com" + auth_plugin = "mysql_native_password" + + # Hash of "password" + auth_string_hashed = "*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19" +} +` diff --git a/website/docs/r/user.html.markdown b/website/docs/r/user.html.markdown index be4090b7..540db2ab 100644 --- a/website/docs/r/user.html.markdown +++ b/website/docs/r/user.html.markdown @@ -36,6 +36,17 @@ resource "mysql_user" "nologin" { } ``` +## Example Usage with an Authentication Plugin and hashed password + +```hcl +resource "mysql_user" "nologin" { + user = "nologin" + host = "example.com" + auth_plugin = "mysql_native_password" + auth_string_hashed = "*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19" +} +``` + ## Argument Reference The following arguments are supported: @@ -45,6 +56,7 @@ The following arguments are supported: * `plaintext_password` - (Optional) The password for the user. This must be provided in plain text, so the data source for it must be secured. An _unsalted_ hash of the provided password is stored in state. Conflicts with `auth_plugin`. * `password` - (Optional) Deprecated alias of `plaintext_password`, whose value is *stored as plaintext in state*. Prefer to use `plaintext_password` instead, which stores the password as an unsalted hash. Conflicts with `auth_plugin`. * `auth_plugin` - (Optional) Use an [authentication plugin][ref-auth-plugins] to authenticate the user instead of using password authentication. Description of the fields allowed in the block below. Conflicts with `password` and `plaintext_password`. +* `auth_string_hashed` - (Optional) Use an already hashed string as a parameter to `auth_plugin`. This can be used with passwords as well as with other auth strings. * `tls_option` - (Optional) An TLS-Option for the `CREATE USER` or `ALTER USER` statement. The value is suffixed to `REQUIRE`. A value of 'SSL' will generate a `CREATE USER ... REQUIRE SSL` statement. See the [MYSQL `CREATE USER` documentation](https://dev.mysql.com/doc/refman/5.7/en/create-user.html) for more. Ignored if MySQL version is under 5.7.0. [ref-auth-plugins]: https://dev.mysql.com/doc/refman/5.7/en/authentication-plugins.html @@ -64,6 +76,7 @@ The `auth_plugin` value supports: [ref-mysql-no-login]: https://dev.mysql.com/doc/refman/5.7/en/no-login-pluggable-authentication.html +* any other auth plugin supported by MySQL. ## Attributes Reference The following attributes are exported: