MySQL password read

pendo-io · Feb 25, 2021 · e9c9a93 · e9c9a93
1 parent b4f7c1e
commit e9c9a93
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,12 @@
 **This repository is an unofficial fork**
 
-Most of the work was done by winebarrel/terraform-provider-mysql.
+The fork is mostly based of the official (now archived) repo.
+The provider has also some extra changes and solves almost all the reported
+issues.
+
+I incorporated changes by winebarrel/terraform-provider-mysql. Because I found
+out about that repo only after some work, PR cannot be created easily now.
+Feel free to create a PR with my code to their repo or the other way around.
 
 [![Build Status](https://www.travis-ci.com/petoju/terraform-provider-mysql.svg?branch=master)](https://www.travis-ci.com/petoju/terraform-provider-mysql)
 

diff --git a/mysql/resource_user_password.go b/mysql/resource_user_password.go
@@ -2,6 +2,7 @@ package mysql
 
 import (
 	"fmt"
+	"log"
 
 	"github.com/gofrs/uuid"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -66,7 +67,46 @@ func SetUserPassword(d *schema.ResourceData, meta interface{}) error {
 }
 
 func ReadUserPassword(d *schema.ResourceData, meta interface{}) error {
-	// This is obviously not possible.
+	db := meta.(*MySQLConfiguration).Db
+
+	results, err := db.Query(`SELECT IF(PASSWORD(?) = authentication_string,'OK','FAIL') result, plugin FROM mysql.user WHERE user = ? AND host = ?`,
+		d.Get("plaintext_password").(string),
+		d.Get("user").(string),
+		d.Get("host").(string),
+	)
+	if err != nil {
+		// For now, we expect we are root.
+		return err
+	}
+
+	for results.Next() {
+		var plugin string
+		var correct string
+		err = results.Scan(&plugin, &correct)
+		if err != nil {
+			return err
+		}
+
+		if plugin != "mysql_native_password" {
+			// We don't know whether the password is fine; it probably is.
+			return nil
+		}
+
+		if correct == "FAIL" {
+			d.SetId("")
+			return nil
+		}
+
+		if correct == "OK" {
+			return nil
+		}
+
+		return fmt.Errorf("Unexpected result of query: correct: %v; plugin: %v", correct, plugin)
+	}
+
+	// User doesn't exist. Password is certainly wrong in mysql, destroy the resource.
+	log.Printf("User and host doesn't exist %s@%s", d.Get("user").(string), d.Get("host").(string))
+	d.SetId("")
 	return nil
 }