https://pulumi.com logo
#aws
Title
# aws
t

tall-winter-40504

01/13/2021, 8:29 PM
Hi… I’m trying to use the API here: https://www.pulumi.com/docs/reference/pkg/mysql/grant/ to create a user and grant them some permissions for a MySQL db in an RDS instance with no luck. Any help appreciated!
b

billowy-army-68599

01/13/2021, 8:31 PM
can you share the code you have any the problem you're facing?
t

tall-winter-40504

01/13/2021, 8:32 PM
I’m doing
Copy code
db_user = mysql.User(
    resource_name="db-user",
    user="actualuser",
  plaintext_password=secret_from_config,
    host=rds_instance.address,
    opts=mysql_opts)
where
mysql_opts
is:
Copy code
mysql_provider = mysql.Provider(
    resource_name="db-provider",
    endpoint=rds_instance.endpoint,
    username=rds_instance.username,
    password=config_secret,
)

mysql_opts = pulumi.ResourceOptions(provider=mysql_provider)
In my RDS instance pulumi statement I’m creating an
admin
account and I can successfully use it to connect to the db and run sql commands using the
mysql
CLI Doing sth like this to connect:
Copy code
mysql -h <http://somelongstring.us-west-2.rds.amazonaws.com|somelongstring.us-west-2.rds.amazonaws.com> -u admin -p
So I think the RDS is getting correctly set up… it’s just these other
mysql
library additional statements that I’m having trouble with.
If I run
select user from mysql.user;
I even see the username
actualuser
in the results printed however when I try to log-in with that same
mysql
CLI I typed above I get Access Denied
Also if I connect to the db using the
admin
user and the CLI as I mentioned above and manually create a new user I have no problem granting them permissions or then using that new user with the CLI to connect back to the db… Just the user created through Pulumi mysql provider that is having issues.
b

billowy-army-68599

01/13/2021, 9:36 PM
I suspect the issue might be related to
plaintext_password
- that takes a string, and your
secret_from_config
will actually be an output, so you may need to wrap it in an apply. Can you verify it's that by setting
plaintext_password
manually?
👍 1
t

tall-winter-40504

01/13/2021, 9:46 PM
tried with a simple string…. still can’t use the
mysql
CLI to access the db with that user due to Access Denied
b

billowy-army-68599

01/13/2021, 11:16 PM
you should be able to see the logs and verify the password is being set in mysql, i'd go there next
ohhh I just realized this is why: https://www.pulumi.com/docs/reference/pkg/mysql/user/#host_nodejs the host you've set for the user is the rds instance address, try this
Copy code
db_user = mysql.User(
    resource_name="db-user",
    user="actualuser",
  plaintext_password=secret_from_config,
    host=0.0.0.0,
    opts=mysql_opts)
@tall-winter-40504
t

tall-winter-40504

01/13/2021, 11:19 PM
Wow I just noticed the same 😛
Literally seconds before you sent me that message. It’s good to get confirmation from someone else though… I haven’t tried it yet.
I also only noticed maybe I’m using the wrong host value but wasn’t sure what to put there so thanks for the
0.0.0.0
suggestion 😛
Hmm still Access Denied 😞
grant
was the other smoking gun I found in the logs
Nvm based on documentation doesn’t seem related.
Trying host
%
next
THAT DID IT!
ok so it appears I do need
grant=True
after all
Earlier when I said I successfully got it to work… that line was left in my code from an earlier experiment… I removed it assuming it was a failed experiment now that I had finally gotten things to work but that just broke things again.
Based on the documentation for what that parameter should be doing, this behavior seems incorrect.
Should I file a bug somewhere?
See output below with and without `grant=True`:
Copy code
mysql> show grants for webserver;
+---------------------------------------------------------+
| Grants for webserver@%                                  |
+---------------------------------------------------------+
| GRANT PROCESS ON *.* TO `webserver`@`%`                 |
| GRANT ALL PRIVILEGES ON `databasename`.* TO `webserver`@`%` |
+---------------------------------------------------------+
2 rows in set (0.03 sec)

mysql> show grants for webserver;
+---------------------------------------+
| Grants for webserver@%                |
+---------------------------------------+
| GRANT USAGE ON *.* TO `webserver`@`%` |
+---------------------------------------+
1 row in set (0.03 sec)
2 Views