Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for creating users with the caching_sha2_password auth plugin #2780

Merged
merged 2 commits into from
Dec 9, 2024
Merged

Add support for creating users with the caching_sha2_password auth plugin #2780

merged 2 commits into from
Dec 9, 2024

Conversation

fulghum
Copy link
Contributor

@fulghum fulghum commented Dec 4, 2024

This change enables customers to create users configured to authenticate with the caching_sha2_password auth plugin. The generated authentication string uses the same logic as MySQL's caching_sha2_password auth plugin. Users created with caching_sha2_password can not yet authenticate with a GMS server – the next change in this series will enable that.

Example usage:

CREATE USER fred@localhost identified with caching_sha2_password by 'pa$$w0rd';

Depends on: dolthub/vitess#387

Related to: dolthub/dolt#8496

@fulghum fulghum force-pushed the fulghum/auth-refactor branch 2 times, most recently from 6e60c1e to 9e6e50f Compare December 4, 2024 22:59
@fulghum fulghum force-pushed the fulghum/auth-refactor branch from 2dc03cf to b963680 Compare December 5, 2024 00:58
@fulghum fulghum requested a review from zachmu December 5, 2024 19:46
zachmu
zachmu reviewed Dec 5, 2024
View reviewed changes
Copy link
Member

@zachmu zachmu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks fine, but do we have any top-level integration tests that validate creating a user with a certain password and then connecting with it?

@fulghum
Copy link
Contributor Author

fulghum commented Dec 6, 2024
edited
Loading

This looks fine, but do we have any top-level integration tests that validate creating a user with a certain password and then connecting with it?

Thanks! Yup – I'm working on those tests currently. This change enables creating users for caching_sha2_password auth, but they still can't log in yet. The next PR will include the changes to enable the caching_sha2_password auth method in our auth server, and that PR will include the tests to connect to the server with caching_sha2_password configured accounts. That will be enough for people to opt-in to using caching_sha2_password, but we'll still keep mysql_native_password as our default for a bit longer to make sure we get the kinks worked out.

@fulghum fulghum merged commit e99d9e2 into main Dec 9, 2024
7 of 8 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Dec 11, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zachmu zachmu zachmu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fulghum @zachmu