fix: update authentication-plugin for mysql users

closes overhangio#1095
MySQL users created in MySQL 5.7 used the mysql-native-password authentication plugin
This plugin has been deprecated in MySQL 8.4 and onwards
We therefore update the users to the caching_sha2_password plugin

tutor/commands/upgrade/common.py

@@ -42,6 +42,24 @@ def upgrade_from_nutmeg(context: click.Context, config: Config) -> None:
         "lms", "./manage.py lms compute_grades -v1 --all_courses"
     )
 
+def get_mysql_change_authentication_plugin_query(config: Config) -> str:
+    plugins = list(plugins.iter_loaded())
+
+    def generate_mysql_authentication_plugin_update_query(username: str, password: str, host: str) -> str:
+        return f"ALTER USER '{username}'@'{host}' IDENTIFIED with caching_sha2_password BY '{password}';\n"
+
+    host = "%"
+    query = ""
+    query += generate_mysql_authentication_plugin_update_query(config["MYSQL_ROOT_USERNAME"], config["MYSQL_ROOT_PASSWORD"], host)
+    query += generate_mysql_authentication_plugin_update_query(config["OPENEDX_MYSQL_USERNAME"], config["OPENEDX_MYSQL_PASSWORD"], host)
+
+    for plugin in plugins:
+        plugin_uppercase = plugin.upper()
+        if f"{plugin_uppercase}_MYSQL_USERNAME" in config and f"{plugin_uppercase}_MYSQL_PASSWORD" in config:
+            query += generate_mysql_authentication_plugin_update_query(config[f"{plugin_uppercase}_MYSQL_USERNAME"], config[f"{plugin_uppercase}_MYSQL_PASSWORD"], host)
+
+    return query
+
 
 def get_mongo_upgrade_parameters(
     docker_version: str, compatibility_version: str

tutor/commands/upgrade/compose.py

@@ -1,6 +1,7 @@
 from time import sleep
 
 import click
+import shlex
 
 from tutor import config as tutor_config
 from tutor import env as tutor_env
@@ -157,7 +158,33 @@ def upgrade_from_olive(context: click.Context, config: Config) -> None:
     )
     upgrade_mongodb(context, config, "4.2.17", "4.2")
     upgrade_mongodb(context, config, "4.4.22", "4.4")
+
+    if not config["RUN_MYSQL"]:
+        fmt.echo_info(
+            "You are not running MySQL (RUN_MYSQL=false). It is your "
+            "responsibility to upgrade your MySQL instance to v8.4. There is "
+            "nothing left to do to upgrade from Olive."
+        )
+        return
+
+    context.invoke(compose.start, detach=True, services=["mysql"])
+    fmt.echo_info("Waiting for MySQL to boot...")
+    sleep(30)
+
+    query = common_upgrade.get_mysql_change_authentication_plugin_query(config)
+
+    context.invoke(
+        compose.execute,
+        args=[
+            "mysql",
+            "bash",
+            "-e",
+            "-c",
+            f"mysql --user={config['MYSQL_ROOT_USERNAME']} --password='{config['MYSQL_ROOT_PASSWORD']}' --host={config['MYSQL_HOST']} --port={config['MYSQL_PORT']} --skip-column-names --silent " + shlex.join([f"--database={config['OPENEDX_MYSQL_DATABASE']}","-e", query])
 
+        ],
+    )
+
 
 def upgrade_from_quince(context: click.Context, config: Config) -> None:
     click.echo(fmt.title("Upgrading from Quince"))

tutor/templates/k8s/deployments.yml

@@ -397,7 +397,6 @@ spec:
             - "--character-set-server=utf8mb4"
             - "--collation-server=utf8mb4_unicode_ci"
             - "--binlog-expire-logs-seconds=259200"
-            - "--mysql-native-password=ON"
           env:
             - name: MYSQL_ROOT_PASSWORD
               value: "{{ MYSQL_ROOT_PASSWORD }}"

tutor/templates/local/docker-compose.yml

@@ -44,7 +44,6 @@ services:
       --character-set-server=utf8mb4
       --collation-server=utf8mb4_unicode_ci
       --binlog-expire-logs-seconds=259200
-      --mysql-native-password=ON
     restart: unless-stopped
     user: "999:999"
     volumes: