-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] MySQL 8 + nonexistent user sometimes results in auth plugin switch #43
Comments
This test was being skipped for reasons described in trilogy-libraries#43. Instead of testing for a connection error by using a nonexistent user, we can use an existing user with the wrong password. This appears to avoid the authentication plugin flakiness, while still executing the code path we care about related to an "Access denied" connection error.
Nice digging!
Wild! I didn't realize that was an option too.
It's worth taking a look at what's in that packet to be sure. There's a warning in the docs about needing to check the length to make sure it's not actually some other packet that starts with an https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_basic_eof_packet.html
👍🏻 |
…to see if it gets around this bug trilogy-libraries/trilogy#43
See #41 and #42 for more context.
I had a bit more time to dig into this, and collected some data about what's going on. Since the context related to this bug is a bit spread out, I thought I'd open this issue to consolidate the information we have so far.
Background
Currently, we're skipping a test that's intended to test connection errors when we attempt to connect using a user account with insufficient privileges / a nonexistent user: https://github.com/adrianna-chang-shopify/trilogy/blob/b54138b188f19722d7f94614ae72064683e56276/contrib/ruby/test/client_test.rb#L533-L537
This test sometimes fails intermittently with:
on MySQL 8.0 (example CI build).
More Info
I added a couple of print statements to see what's going on:
Note that for all of these tests, I ran them using the CI dockerfiles, i.e.
MYSQL_VERSION=5.7 DOCKERFILE=Dockerfile.test.buster script/cibuild
andMYSQL_VERSION=8 DOCKERFILE=Dockerfile.test.buster script/cibuild
On MySQL5.7:
TEST ALWAYS PASSES. It immediately reads a packet error, and we see ER_ACCESS_DENIED_ERROR and raise the corresponding BaseConnectionError.
On MySQL8.0:
Okay, so all sorts of different things can happen when we run the tests on MySQL8, even with the same seed. This issue is not meant to be diagnostic, simply to share what I observed.
Sometimes the test passes in the same way MySQL5.7 does:
Sometimes the test passes, but with an attempted auth switch!
In this case, we performed an auth switch to
mysql_native_password
before seeing the access denied error.The test fails with a protocol violation error if we attempt to perform an auth switch to the unsupported
sha256_password
(we raise here):Other things I investigated
Setting the auth plugin default to
mysql_native_password
instead of MySQL8'scaching_sha2_password
:Results:
Didn't make a difference, still sometimes attempted to switch to
sha256_password
(failure), and other times attempted to switch tocaching_sha2_password
(test succeeded with auth switch, and then access denied error).Using the wrong password instead of a nonexistent user
Results:
This always passes with the expected access denied error, and I never saw an attempted auth switch here.
However, if I do the same thing for
root
user, I get aTRILOGY_UNEXPECTED_PACKET
error 🤷♀️Takeaways
TRILOGY_PACKET_EOF
as an auth switch here?native
) and an incorrect password, because this should still produce an access denied err without the auth switch flakiness.cc @composerinteralia @eileencodes @paarthmadan
The text was updated successfully, but these errors were encountered: