From 257eee3fc3b6c4f941d1016efb668846ec1446ca Mon Sep 17 00:00:00 2001
From: jessebye <8467862+jessebye@users.noreply.github.com>
Date: Thu, 9 Jan 2025 16:40:21 -0800
Subject: [PATCH 1/2] fix: ignore host when comparing role grants

---
 mysql/resource_grant.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mysql/resource_grant.go b/mysql/resource_grant.go
index 9ff12c5d7..caa53eab5 100644
--- a/mysql/resource_grant.go
+++ b/mysql/resource_grant.go
@@ -311,7 +311,8 @@ func (t *RoleGrant) ConflictsWithGrant(other MySQLGrant) bool {
 	if !ok {
 		return false
 	}
-	return otherTyped.GetUserOrRole() == t.GetUserOrRole()
+	// Only compare Name, since the Host is irrelevant and may not match what is returned from MySQL
+	return otherTyped.GetUserOrRole().Name == t.GetUserOrRole().Name
 }
 
 func resourceGrant() *schema.Resource {

From 5f07e22c93bfd7193cb2410c0de60a31c1fa075b Mon Sep 17 00:00:00 2001
From: jessebye <8467862+jessebye@users.noreply.github.com>
Date: Mon, 13 Jan 2025 09:40:57 -0800
Subject: [PATCH 2/2] test: add test case for role-to-role grant

---
 mysql/resource_grant_test.go | 43 ++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)

diff --git a/mysql/resource_grant_test.go b/mysql/resource_grant_test.go
index 5bdeb90ef..6b7e97012 100644
--- a/mysql/resource_grant_test.go
+++ b/mysql/resource_grant_test.go
@@ -405,6 +405,27 @@ func TestAccGrant_complexRoleGrants(t *testing.T) {
 	})
 }
 
+func TestAccGrant_roleToRoleGrant(t *testing.T) {
+	dbName := fmt.Sprintf("tf-test-%d", rand.Intn(100))
+	roleName1 := fmt.Sprintf("TFRole1-%d", rand.Intn(100))
+	roleName2 := fmt.Sprintf("TFRole2-%d", rand.Intn(100))
+	resource.Test(t, resource.TestCase{
+		PreCheck: func() {
+			testAccPreCheck(t)
+			testAccPreCheckSkipRds(t)
+			testAccPreCheckSkipNotMySQLVersionMin(t, "8.0.0")
+			testAccPreCheckSkipTiDB(t)
+		},
+		ProviderFactories: testAccProviderFactories,
+		CheckDestroy:      testAccGrantCheckDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccGrantConfigRoleToRole(dbName, roleName1, roleName2),
+			},
+		},
+	})
+}
+
 func prepareTable(dbname string, tableName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		ctx := context.Background()
@@ -847,6 +868,28 @@ func testAccGrantConfigComplexRoleGrants(user string) string {
 	}`, user)
 }
 
+func testAccGrantConfigRoleToRole(dbName string, roleName1 string, roleName2 string) string {
+	return fmt.Sprintf(`
+resource "mysql_database" "test" {
+  name = "%s"
+}
+
+resource "mysql_role" "test1" {
+  name = "%s"
+}
+
+resource "mysql_role" "test2" {
+  name = "%s"
+}
+
+resource "mysql_grant" "test" {
+  role       = "${mysql_role.test1.name}"
+  database   = "${mysql_database.test.name}"
+  roles      = ["${mysql_role.test2.name}"]
+}
+`, dbName, roleName1, roleName2)
+}
+
 func prepareProcedure(dbname string, procedureName string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		ctx := context.Background()