The upgraded environments are also broken. However the way the caching_sha2_password_auth works (as documented at https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html) is the first time you connect it does a public-private encryption exchange but then the server cache's a hash you can re-authenticate with later using the same password.
On the working upgraded environment I hadn't restarted the MySQL server since upgrading mysql-router to 8.0.32. So it was still cached. In the cached case the auth code never calls into _auth.caching_sha2_password_auth and doens't hit the problematic code. But after a server restart it also fails.
It seems connecting with pymysql2 directly to mysql-server works; it only fails when going (for the first time; with no server cache) through mysql-router.
This leads to a workaround if someone hits this for now.. if you use the mysql CLI to manually login to the server with the specific user/password for each unit.. it will temporarily work.
Still looking into the cause/possible fix for the initial auth failure.
Progress update
The upgraded environments are also broken. However the way the caching_ sha2_password_ auth works (as documented at https:/ /dev.mysql. com/doc/ refman/ 8.0/en/ caching- sha2-pluggable- authentication. html) is the first time you connect it does a public-private encryption exchange but then the server cache's a hash you can re-authenticate with later using the same password.
On the working upgraded environment I hadn't restarted the MySQL server since upgrading mysql-router to 8.0.32. So it was still cached. In the cached case the auth code never calls into _auth.caching_ sha2_password_ auth and doens't hit the problematic code. But after a server restart it also fails.
It seems connecting with pymysql2 directly to mysql-server works; it only fails when going (for the first time; with no server cache) through mysql-router.
This leads to a workaround if someone hits this for now.. if you use the mysql CLI to manually login to the server with the specific user/password for each unit.. it will temporarily work.
Still looking into the cause/possible fix for the initial auth failure.