From 257eee3fc3b6c4f941d1016efb668846ec1446ca Mon Sep 17 00:00:00 2001 From: jessebye <8467862+jessebye@users.noreply.github.com> Date: Thu, 9 Jan 2025 16:40:21 -0800 Subject: [PATCH 1/2] fix: ignore host when comparing role grants --- mysql/resource_grant.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mysql/resource_grant.go b/mysql/resource_grant.go index 9ff12c5d7..caa53eab5 100644 --- a/mysql/resource_grant.go +++ b/mysql/resource_grant.go @@ -311,7 +311,8 @@ func (t *RoleGrant) ConflictsWithGrant(other MySQLGrant) bool { if !ok { return false } - return otherTyped.GetUserOrRole() == t.GetUserOrRole() + // Only compare Name, since the Host is irrelevant and may not match what is returned from MySQL + return otherTyped.GetUserOrRole().Name == t.GetUserOrRole().Name } func resourceGrant() *schema.Resource { From 5f07e22c93bfd7193cb2410c0de60a31c1fa075b Mon Sep 17 00:00:00 2001 From: jessebye <8467862+jessebye@users.noreply.github.com> Date: Mon, 13 Jan 2025 09:40:57 -0800 Subject: [PATCH 2/2] test: add test case for role-to-role grant --- mysql/resource_grant_test.go | 43 ++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/mysql/resource_grant_test.go b/mysql/resource_grant_test.go index 5bdeb90ef..6b7e97012 100644 --- a/mysql/resource_grant_test.go +++ b/mysql/resource_grant_test.go @@ -405,6 +405,27 @@ func TestAccGrant_complexRoleGrants(t *testing.T) { }) } +func TestAccGrant_roleToRoleGrant(t *testing.T) { + dbName := fmt.Sprintf("tf-test-%d", rand.Intn(100)) + roleName1 := fmt.Sprintf("TFRole1-%d", rand.Intn(100)) + roleName2 := fmt.Sprintf("TFRole2-%d", rand.Intn(100)) + resource.Test(t, resource.TestCase{ + PreCheck: func() { + testAccPreCheck(t) + testAccPreCheckSkipRds(t) + testAccPreCheckSkipNotMySQLVersionMin(t, "8.0.0") + testAccPreCheckSkipTiDB(t) + }, + ProviderFactories: testAccProviderFactories, + CheckDestroy: testAccGrantCheckDestroy, + Steps: []resource.TestStep{ + { + Config: testAccGrantConfigRoleToRole(dbName, roleName1, roleName2), + }, + }, + }) +} + func prepareTable(dbname string, tableName string) resource.TestCheckFunc { return func(s *terraform.State) error { ctx := context.Background() @@ -847,6 +868,28 @@ func testAccGrantConfigComplexRoleGrants(user string) string { }`, user) } +func testAccGrantConfigRoleToRole(dbName string, roleName1 string, roleName2 string) string { + return fmt.Sprintf(` +resource "mysql_database" "test" { + name = "%s" +} + +resource "mysql_role" "test1" { + name = "%s" +} + +resource "mysql_role" "test2" { + name = "%s" +} + +resource "mysql_grant" "test" { + role = "${mysql_role.test1.name}" + database = "${mysql_database.test.name}" + roles = ["${mysql_role.test2.name}"] +} +`, dbName, roleName1, roleName2) +} + func prepareProcedure(dbname string, procedureName string) resource.TestCheckFunc { return func(s *terraform.State) error { ctx := context.Background()