REVOKE ALL on AWS RDS instances

[krogon-dp]

Hi, Is there any specific reason this provider uses REVOKE ALL statement?

https://github.com/terraform-providers/terraform-provider-mysql/blob/master/mysql/resource_grant.go#L120

Once this command is OK when used with specified database name, RDS does not like this when used with * all databases.

mysql> grant all on test.* to 'aaa'@'%';
Query OK, 0 rows affected (0.05 sec)

mysql> revoke all on test.* from 'aaa'@'%';
Query OK, 0 rows affected (0.04 sec)

mysql> grant select on *.* to 'aaa'@'%';
Query OK, 0 rows affected (0.04 sec)

mysql> grant all on *.* to 'aaa'@'%';
ERROR 1045 (28000): Access denied for user 'rdstest'@'%' (using password: YES)

Why not to remove the same privileges that resource is holding?

[cemo]

@katbyte We hit same issue. Would you please review commit at https://github.com/krogon-dp/terraform-provider-mysql/commit/eed09ba7a0093018a46c2340494f31e15a29f5d3?

[jgpdc4u]

We had this same issue as well. That commit looks like a great solution. LGTM!

[damascenorakuten]

+1. I opened this issue as well.

[RTodorov]

Facing the same problem.....

[robertomczak]

+1 Any plan of releasing Fixes terraform-providers#19 … ?

[martin-walsh]

This issue still exists and is a blocker to any editing grants or removing any user on AWS RDS/Aurora databases.

The root of the issue is REVOKE ALL is not allowed and should be replaced by a comma separated list.

It should be noted that REVOKE ALL also interferes with multiple resource "mysql_grant" on the same level.

[martin-walsh]

Potential fix: https://github.com/terraform-providers/terraform-provider-mysql/pull/73