Seeking Guidance on Teleport's MySQL Automatic User Provisioning and Access Control

[snizs]

Hi,
I'm in the process of implementing MySQL automatic user provisioning in Teleport. While the users are being correctly created in the database, they all end up assigned to the default role teleport-auto-user. I am attempting to utilize the db_object_import_rule to not only restrict access to certain tables within a database but also to couple these restrictions with specific Teleport roles for user assignments. However, this isn't working as anticipated. I am unsure if my understanding or implementation is off. My expectation was that combining db_object_import_rule with a Teleport role would allow me to control access for automatically provisioned users to specific databases and tables effectively. Or should we manually create db roles in Mysql and assign it to teleport role(this worked for me).But I like to know if the db role can also be auto created in Mysql. Below, I will share a sample configurations I am using for both the role and the rule. Could someone clarify if my approach is correct or suggest what I might be missing?
spec: AWS RDS Mysql version 8.0.33, teleport -15.2.1

Terraform teleport role config
`resource "teleport_role" "db_rw_access" {
version = "v7"
metadata = {
name = "db-dev-common-rw-access"
description = "Accessing with read/write rights to all common tables in dev databases. Currently under testing with db import rule"
labels = merge(
local.tags,
{
"teleport.dev/origin" = "dynamic"
}
)
}

spec = {
options = {
forward_agent = false
max_session_ttl = "24h0m0s"
port_forwarding = true
client_idle_timeout = "1h"
disconnect_expired_cert = true
permit_x11_forwarding = false
request_access = "denied"
create_db_user_mode = 2
}
allow = {
db_names = [
"*",
]
db_labels = {
"Environment" = [
"dev",
]
"Name" = [
"dev-common-mysql"
]
}
db_permissions = [
{
match = {
"dev" = ["common_tables"]
"Environment" = [
"dev",
]
}
permissions = [
"SELECT",
]
}
]
}
deny = {
logins = [
"anonymous",
]
db_users = [
"root",
"admin",
]
}
}
}`

db_object_import_rule

`kind: db_object_import_rule
metadata:
name: dev_common_tables

spec:
priority: 10
database_labels:
- name: 'Environment'
values:
- 'dev'
- name: 'Name'
values:
- 'dev-common-mysql'
mappings:
- add_labels:
dev: common_tables
match:
procedure_names:
- ''
table_names:
- 'CMS'
view_names:
- ''
scope:
database_names:
- 'lp_staging'
version: v1
`

[urwah1996]

@snizs , were you able to figure this out and get it working on aws mysql?