In my RDS instance pulumi statement I’m creating an

admin

account and I can successfully use it to connect to the db and run sql commands using the

mysql

CLI Doing sth like this to connect:

mysql -h <http://somelongstring.us-west-2.rds.amazonaws.com|somelongstring.us-west-2.rds.amazonaws.com> -u admin -p

So I think the RDS is getting correctly set up… it’s just these other

mysql

library additional statements that I’m having trouble with.

If I run

select user from mysql.user;

I even see the username

actualuser

in the results printed however when I try to log-in with that same

mysql

CLI I typed above I get Access Denied

Also if I connect to the db using the

admin

user and the CLI as I mentioned above and manually create a new user I have no problem granting them permissions or then using that new user with the CLI to connect back to the db… Just the user created through Pulumi mysql provider that is having issues.

ohhh I just realized this is why: https://www.pulumi.com/docs/reference/pkg/mysql/user/#host_nodejs the host you've set for the user is the rds instance address, try this

db_user = mysql.User(
    resource_name="db-user",
    user="actualuser",
  plaintext_password=secret_from_config,
    host=0.0.0.0,
    opts=mysql_opts)

Literally seconds before you sent me that message. It’s good to get confirmation from someone else though… I haven’t tried it yet.

I also only noticed maybe I’m using the wrong host value but wasn’t sure what to put there so thanks for the

0.0.0.0

suggestion 😛

Hmm still Access Denied 😞

grant

was the other smoking gun I found in the logs

Nvm based on documentation doesn’t seem related.

Trying host

%

next

THAT DID IT!

ok so it appears I do need

grant=True

after all

Earlier when I said I successfully got it to work… that line was left in my code from an earlier experiment… I removed it assuming it was a failed experiment now that I had finally gotten things to work but that just broke things again.

Based on the documentation for what that parameter should be doing, this behavior seems incorrect.

Should I file a bug somewhere?

See output below with and without `grant=True`:

mysql> show grants for webserver;
+---------------------------------------------------------+
| Grants for webserver@%                                  |
+---------------------------------------------------------+
| GRANT PROCESS ON *.* TO `webserver`@`%`                 |
| GRANT ALL PRIVILEGES ON `databasename`.* TO `webserver`@`%` |
+---------------------------------------------------------+
2 rows in set (0.03 sec)

mysql> show grants for webserver;
+---------------------------------------+
| Grants for webserver@%                |
+---------------------------------------+
| GRANT USAGE ON *.* TO `webserver`@`%` |
+---------------------------------------+
1 row in set (0.03 sec)