Comment 3 for bug 2003835

Progress update

The upgraded environments are also broken. However the way the caching_sha2_password_auth works (as documented at https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html) is the first time you connect it does a public-private encryption exchange but then the server cache's a hash you can re-authenticate with later using the same password.

On the working upgraded environment I hadn't restarted the MySQL server since upgrading mysql-router to 8.0.32. So it was still cached. In the cached case the auth code never calls into _auth.caching_sha2_password_auth and doens't hit the problematic code. But after a server restart it also fails.

It seems connecting with pymysql2 directly to mysql-server works; it only fails when going (for the first time; with no server cache) through mysql-router.

This leads to a workaround if someone hits this for now.. if you use the mysql CLI to manually login to the server with the specific user/password for each unit.. it will temporarily work.

Still looking into the cause/possible fix for the initial auth failure.