Troubleshooting authentication_oci Plugin
Troubleshoot the issues you find with the authentication_oci
plugin.
Plugin Error Messages
The error messages are returned by the authentication_oci
plugin and are logged to performance_schema.error_log
.
Table 22-1 Plugin Error Messages
Error | Description |
---|---|
MY-13813
(ER_AUTHENTICATION_OCI_INVALID_AUTHENTICATION_STRING) |
Incorrect authentication string during To confirm your user is created correctly, run The tenancy OCID and either user OCID or group mapping are mandatory. |
MY-13814
(ER_AUTHENTICATION_OCI_NO_MATCHING_GROUPS) |
The user is not a member of the group listed in the authentication string. Ensure the user is a member of an IAM group mapped to a MySQL proxied user. |
MY-13815
(ER_AUTHENTICATION_OCI_NO_GROUPS_FOUND) |
Specified user is not a member of an IAM group. Ensure your user is a member of a group mapped to the appropriate proxied user. |
MY-13816 (ER_AUTHENTICATION_OCI_NONCE) |
API key mismatch. The public key retrieved from IAM does not correspond to the private key on the client. Ensure you are using the correct key pair and your public key is registered with the correct user in IAM and the correct private key, key path, and fingerprint are defined in your local config file. |
MY-13810
(ER_AUTHENTICATION_OCI_DOWNLOAD_PUBLIC_KEY) |
The public key for the specified user cannot be found. Ensure the
user's API key is properly registered in IAM. To confirm your keys
are correctly configured, attempt running a simple CLI command using
the OCI CLI. A command such as This error can also be raised in the event of a failure of
communication between the MySQL server and the IAM service. Check
the |
Command-Line Client Error Messages
These error messages might be returned by the command-line clients if you cannot connect.
Table 22-2 Command-Line Client Error Messages
Error | Description |
---|---|
ERROR 1827 (HY000): The password hash doesn't
have the expected format. |
The authentication string provided during Check the spelling of your parameters in the connection string. Ensure the OCIDs are correct - the tenancy OCID and the OCID of the IAM user. Make any corrections and retry. |
ERROR 1045 (28000): Access denied for user
<user>@<host> |
The permissions have not been set up correctly for the user or for
the |
Status Variables
The status variables of the authentication_oci
plugin
provide information on success or failure of connections to IMDS and IAM
endpoints.
Table 22-3 Status Variables
Status Variable | Description |
---|---|
authentication_oci_connection_failures |
Number of times the plugin received an unexpected reply (error > 405) from IAM endpoint for a GET or POST request |
authentication_oci_connection_success |
Number of times the plugin received expected reply from IAM endpoint for a GET or POST request |
authentication_oci_imds_failures |
Number of times the plugin failed to obtain the required information from IMDS. |
authentication_oci_imds_success |
Number of times communication with IMDS was successful. |
authentication_oci_principal_failures |
Number of times the plugin failed to obtain a JWT token |
authentication_oci_principal_success |
Number of times a JWT token was successfully issued |