feat: enable configuration of the tls parameter for the mysql connection. i.e. tls=preferred (#1300)

embroede · gaius-qi · commit d7b1bef09b7e · 2023-06-28T17:33:31.000+08:00
* Default to tls=preferred for mysql connection For communication from manager to mysql server, use `tls=preferred` parameter to enable TLS whenever possible. Signed-off-by: Edward Broeder <eddie.broeder@intel.com> * Make mysql tls parameter configurable Allow the user to specify the tls setting for the mysql connection. An example would be setting tls to "preferred", or "true". This is separate to the tlsConfig config parameter, which is used to set up a custom tls config, where tls key/certs are specified. See the tls parameter section in the below link: https://pkg.go.dev/github.com/go-sql-driver/mysql#section-readme Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
diff --git a/manager/config/config.go b/manager/config/config.go
@@ -91,7 +91,10 @@ type MysqlConfig struct {
 	// Enable migration
 	Migrate bool `yaml:"migrate" mapstructure:"migrate"`
 
-	// TLS configuration
+	// TLS mode (can be one of "true", "false", "skip-verify",  or "preferred")
+	TLSConfig string `yaml:"tlsConfig" mapstructure:"tlsConfig"`
+
+	// Custom TLS configuration (overrides "TLSConfig" setting above)
 	TLS *TLSConfig `yaml:"tls" mapstructure:"tls"`
 }
 
diff --git a/manager/config/config_test.go b/manager/config/config_test.go
@@ -48,11 +48,12 @@ func TestManagerConfig_Load(t *testing.T) {
 		},
 		Database: &DatabaseConfig{
 			Mysql: &MysqlConfig{
-				User:     "foo",
-				Password: "foo",
-				Host:     "foo",
-				Port:     3306,
-				DBName:   "foo",
+				User:      "foo",
+				Password:  "foo",
+				Host:      "foo",
+				Port:      3306,
+				DBName:    "foo",
+				TLSConfig: "preferred",
 				TLS: &TLSConfig{
 					Cert:               "foo",
 					Key:                "foo",
diff --git a/manager/config/testdata/manager.yaml b/manager/config/testdata/manager.yaml
@@ -17,6 +17,7 @@ database:
     host: foo
     port: 3306
     dbname: foo
+    tlsConfig: preferred
     tls:
       cert: foo
       key: foo
diff --git a/manager/database/mysql.go b/manager/database/mysql.go
@@ -94,6 +94,8 @@ func formatDSN(cfg *config.MysqlConfig) (string, error) {
 		if err := mysql.RegisterTLSConfig("custom", tls); err != nil {
 			return "", err
 		}
+	} else if cfg.TLSConfig != "" { // If no custom config is specified, use tlsConfig parameter if it is set
+		mysqlCfg.TLSConfig = cfg.TLSConfig
 	}
 
 	return mysqlCfg.FormatDSN(), nil

Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,8 @@ func formatDSN(cfg *config.MysqlConfig) (string, error) {`
`94`	`94`	`if err := mysql.RegisterTLSConfig("custom", tls); err != nil {`
`95`	`95`	`return "", err`
`96`	`96`	`}`
	`97`	`+ } else if cfg.TLSConfig != "" { // If no custom config is specified, use tlsConfig parameter if it is set`
	`98`	`+ mysqlCfg.TLSConfig = cfg.TLSConfig`
`97`	`99`	`}`
`98`	`100`
`99`	`101`	`return mysqlCfg.FormatDSN(), nil`