Search code examples
mysqlazurehyperledger-fabrichyperledger-fabric-ca

fabric-ca-server connect to azure mysql: this authentication plugin is not supported

I am baffled why I am unable to start the fabric-ca-server using azure's MySql database, I keep on getting this authentication plugin is not supported

Using the exact same connectionstring in a simple go script works:

    db, err := sql.Open("mysql", sqlConnString)
    if err != nil {
        return "", err
    }
    defer db.Close()
    rows, err := db.Query(sqlString)
    if err != nil {
        return "", err
    }

    columns, err := rows.Columns()
    ...

However starting the fabric-ca-server with:

fabric-ca-server start --db.datasource="user@server:pw@tcp(server.mysql.database.azure.com:3306)/fabricca?parseTime=true&allowNativePasswords=true" --db.type=mysql -b admin:admin

Results in the error:

2019/08/07 23:39:35 [DEBUG] Initializing DB
2019/08/07 23:39:35 [DEBUG] Initializing 'mysql' database at '****:****@tcp(server.mysql.database.azure.com:3306)/fabricca?parseTime=true'
2019/08/07 23:39:35 [DEBUG] Using MySQL database, connecting to database...
2019/08/07 23:39:35 [DEBUG] Database Name: fabricca
2019/08/07 23:39:35 [DEBUG] Connecting to MySQL server, using connection string: ****:****@tcp(server.mysql.database.azure.com:3306)/?parseTime=true
2019/08/07 23:39:35 [ERROR] Error occurred initializing database: Failed to connect to MySQL database: this authentication plugin is not supported

I have tried with the following versions, same results

  • 1.4.0
  • 1.4.1
  • 1.4.2

With the following parameters:

  • < none >
  • ?parseTime=true
  • ?parseTime=true&allowNativePasswords=true

The mysql server is of version 5.7

I have tried creating the database before hand and starting without an existing database

I have tried with an admin user, a specific user with all grants for the selected database

I tried creating users with a different password plugins (defaults to mysql_native_password on azure mysql 5.7)

However the error keeps popping up. There does not seem to be anything wrong with the connection string as I can use it in other go scripts without any issues.

Tried it with tls & without tls. The only difference I can see that is being used is: https://github.com/hyperledger/fabric-ca/blob/477f5a2e8200232a50a3751976f6fa3d3f9062c9/lib/server/db/mysql/mysql.go#L66

Did anyone encounter this issue before, or know what is going on ?

Solution

  • Unfortunately, it looks like we are still using a very old version of the mysql driver which did not support authentication plugins at all. I assume your sample code pulled down a more recent version of the driver.