/
sql_mysql.go
executable file
·127 lines (110 loc) · 3.68 KB
/
sql_mysql.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
package azurefilebroker
import (
"fmt"
"crypto/tls"
"crypto/x509"
"time"
"code.cloudfoundry.org/goshims/sqlshim"
"code.cloudfoundry.org/lager"
"github.com/go-sql-driver/mysql"
)
type mysqlVariant struct {
sql sqlshim.Sql
dbConnectionString string
caCert string
hostNameInCertificate string
dbName string
logger lager.Logger
}
func NewMySqlVariant(logger lager.Logger, username, password, host, port, dbName, caCert, hostNameInCertificate string) SqlVariant {
return NewMySqlVariantWithSqlObject(logger, username, password, host, port, dbName, caCert, hostNameInCertificate, &sqlshim.SqlShim{})
}
func NewMySqlVariantWithSqlObject(logger lager.Logger, username, password, host, port, dbName, caCert, hostNameInCertificate string, sql sqlshim.Sql) SqlVariant {
return &mysqlVariant{
sql: sql,
dbConnectionString: fmt.Sprintf("%s:%s@tcp(%s:%s)/%s", username, password, host, port, dbName),
caCert: caCert,
hostNameInCertificate: hostNameInCertificate,
dbName: dbName,
logger: logger,
}
}
func (c *mysqlVariant) Connect() (sqlshim.SqlDB, error) {
logger := c.logger.Session("mysql-connection-connect")
logger.Info("start")
defer logger.Info("end")
if c.caCert != "" {
logger.Info("secure-mysql-with-certificate")
cfg, err := mysql.ParseDSN(c.dbConnectionString)
if err != nil {
err := fmt.Errorf("Invalid connection string for %s", c.dbName)
logger.Error("invalid-db-connection-string", err)
return nil, err
}
certBytes := []byte(c.caCert)
caCertPool := x509.NewCertPool()
if ok := caCertPool.AppendCertsFromPEM(certBytes); !ok {
err := fmt.Errorf("Invalid CA Cert for %s", c.dbName)
logger.Error("failed-to-parse-sql-ca", err)
return nil, err
}
tlsConfig := &tls.Config{
InsecureSkipVerify: false,
RootCAs: caCertPool,
ServerName: c.hostNameInCertificate,
}
ourKey := "azurefilebroker-tls"
mysql.RegisterTLSConfig(ourKey, tlsConfig)
cfg.TLSConfig = ourKey
cfg.Timeout = 10 * time.Minute
cfg.ReadTimeout = 10 * time.Minute
cfg.WriteTimeout = 10 * time.Minute
c.dbConnectionString = cfg.FormatDSN()
} else if c.hostNameInCertificate != "" {
logger.Info("secure-mysql-without-certificate")
err := mysql.RegisterTLSConfig("custom", &tls.Config{
ServerName: c.hostNameInCertificate,
})
if err != nil {
err := fmt.Errorf("Invalid hostNameInCertificate for %s", c.dbName)
logger.Error("failed-to-register-tlsconfig", err)
return nil, err
}
c.dbConnectionString = fmt.Sprintf("%s?allowNativePasswords=true&tls=custom", c.dbConnectionString)
}
sqlDB, err := c.sql.Open("mysql", c.dbConnectionString)
return sqlDB, err
}
func (c *mysqlVariant) GetInitializeDatabaseSQL() []string {
return []string{
`CREATE TABLE IF NOT EXISTS service_instances(
id VARCHAR(255) PRIMARY KEY,
service_id VARCHAR(255),
plan_id VARCHAR(255),
organization_guid VARCHAR(255),
space_guid VARCHAR(255),
target_name VARCHAR(4096),
hash_key VARCHAR(255),
value VARCHAR(4096),
UNIQUE (hash_key)
)`,
`CREATE TABLE IF NOT EXISTS service_bindings(
id VARCHAR(255) PRIMARY KEY,
value VARCHAR(4096)
)`,
`CREATE TABLE IF NOT EXISTS file_shares(
id VARCHAR(255) PRIMARY KEY,
instance_id VARCHAR(255),
FOREIGN KEY instance_id(instance_id) REFERENCES service_instances(id),
file_share_name VARCHAR(255),
value VARCHAR(4096),
CONSTRAINT file_share UNIQUE (instance_id, file_share_name)
)`,
}
}
func (c *mysqlVariant) GetAppLockSQL() string {
return "SELECT GET_LOCK(?, ?)"
}
func (c *mysqlVariant) GetReleaseAppLockSQL() string {
return "SELECT RELEASE_LOCK(?)"
}