-
Notifications
You must be signed in to change notification settings - Fork 2.3k
-
Issue description
I'm connecting to MySQL using a password (token) generated through AWS IAM (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.Connecting.Go.html#UsingWithRDS.IAMDBAuth.Connecting.GoV2).
So the user needs to be created with a specific authentication and not "just" password:
CREATE USER jane_doe IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS'; (but the token is still a password that expire after 15 minutes).
When I use that token or even a random input (invalid password, of course) with that user, I receive the message that i'm not using a password.
Error 1045 (28000): Access denied for user 'XXXX'@'YY.YY.YY.YY' (using password: NO)
The weird thing is the (using password: NO) is just with my code, but in terminal the behaviour is OK (even with an incorrect password - just to ensure). To test if the token generation is valid or not, I printed the token generated with my code and I used it in the terminal (mysql -h ... -u .... -p(token)) and it works fine.
My last test, just to ensure if users without IAM authentication have the same behaviour, I tried with another user (without IAM auth - traditional password access) with an invalid password, and I'm receiving the expected output: Error 1045 (28000): Access denied for user 'XXXX'@'YY.YY.YY.YY' (using password: YES)
I changed all the settings that I can, but is still not working. I don't know if is a problem from my side or it's a lib issue.
Example code
username := m.Username password, err := auth.BuildAuthToken( m.ctx, endpoint, m.Region, m.Username, m.Creds, ) if err != nil { return err } cfg := mysql.NewConfig() cfg.User = username cfg.Passwd = password cfg.Net = "tcp" cfg.Addr = endpoint cfg.DBName = "XXXXX" cfg.AllowCleartextPasswords = true cfg.ParseTime = true fmt.Printf("%+v\n", cfg) connector, err := mysql.NewConnector(cfg) if err != nil { return err } db := sql.OpenDB(connector)
Error log
2024年03月23日T15:43:59.536-0300 ERROR provisioner/router.go:91 error getting databases {"error": "Error 1045 (28000): Access denied for user 'XXX'@'YY.YY.YY.YY' (using password: NO)"}
Configuration
Driver version (or git SHA): v1.8.0
Go version: go1.21.5 linux/amd64
Server version: MySQL 8.0.28
Server OS: AWS RDS
Beta Was this translation helpful? Give feedback.
All reactions
Replies: 2 comments
-
Is that an only log message? No log like "unknown auth plugin"?
I haven't use cleartext plugin so don't expect quick fix.
If you are Go developer, you can debug it by seeing around here.
Lines 348 to 354 in d7ddb8b
Lines 277 to 302 in d7ddb8b
Beta Was this translation helpful? Give feedback.
All reactions
-
It is not the driver issue.
I've connected to Amazon RDS Aurora using AWS IAM authentication, and it worked fine.
My tested code is here:
https://github.com/shogo82148/rdsmysql/blob/main/v2/README.md
There might be a problem with your code. Possible causes include:
- TLS is not enabled
- Please check the format of the endpoint. While the port number can be omitted in mysql.Config, it cannot be omitted in the arguments for auth.BuildAuthToken.
Beta Was this translation helpful? Give feedback.