Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: enable configuration of the tls parameter for the mysql connection. i.e. tls=preferred #1300

Merged
merged 6 commits into from
Jun 28, 2022
Merged

feat: enable configuration of the tls parameter for the mysql connection. i.e. tls=preferred #1300

merged 6 commits into from
Jun 28, 2022

Conversation

embroede
Copy link
Contributor

@embroede embroede commented May 11, 2022
edited

Description

Enable configuration of the tls parameter for the mysql connection. An example would be setting tls to "preferred", or "true". This is separate from the tlsConfig (renamed from tls) parameter in manager.yaml, which is used to setup a custom tls config, where tls key/certs are specified. This will fix the case where the manager cannot connect to a server that requires TLS.

See the tls parameter section in the below link:
https://pkg.go.dev/github.com/go-sql-driver/mysql#section-readme

Related Issue

#1299

Motivation and Context

Currently Manager cannot connect to a MySQL database that requires TLS, without fully configuring certs/keys (functionality added in #1015). By making this configurable, TLS can be used (even with only password authentication).

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation Update (if none of the other choices apply)

Checklist

  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.

@embroede embroede requested a review from a team as a code owner May 11, 2022 06:44
@embroede
Default to tls=preferred for mysql connection
9309fcc 
For communication from manager to mysql server, use `tls=preferred`
parameter to enable TLS whenever possible.

Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
@embroede embroede changed the title Default to tls=preferred for mysql connection feat: default to tls=preferred for mysql connection May 11, 2022
@jim3ma jim3ma requested a review from gaius-qi May 11, 2022 09:21
@gaius-qi
Copy link
Member

Can tls be changed to manager configuration?

https://github.com/dragonflyoss/Dragonfly2/blob/main/manager/config/config.go#L71

@embroede
Copy link
Contributor Author

@gaius-qi Yes I like that better, I will make the change.

@gaius-qi
Copy link
Member

@gaius-qi Yes I like that better, I will make the change.

Thx

@gaius-qi gaius-qi linked an issue May 18, 2022 that may be closed by this pull request
Manager counts the surviving number of dfdaemons #1313
Closed
@gaius-qi gaius-qi removed a link to an issue May 18, 2022
Manager counts the surviving number of dfdaemons #1313
Closed
@embroede
Make mysql tls parameter configurable
d77a12f 
Allow the user to specify the tls setting for the
mysql connection. An example would be setting tls
to "preferred", or "true". This is separate to
the tlsConfig config parameter, which is used to
set up a custom tls config, where tls key/certs
are specified.

See the tls parameter section in the below link:
https://pkg.go.dev/github.com/go-sql-driver/mysql#section-readme

Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
@embroede
Copy link
Contributor Author

embroede commented May 27, 2022
edited

@gaius-qi I have updated the PR to add it to the configuration, and created a PR to update the docs here: dragonflyoss/d7y.io#79

@gaius-qi
Copy link
Member

You can refer to harbor, TLSConfig is used to set the SSL mode, do not rename the TLS configuration.

When ssl mode is preferred and skip-verify set InsecureSkipVerify to true.

https://github.com/goharbor/harbor/blob/main/src/vendor/github.com/go-sql-driver/mysql/dsn.go#L48

gaius-qi
gaius-qi requested changes May 30, 2022
View reviewed changes
manager/config/config.go Outdated Show resolved Hide resolved
gaius-qi
gaius-qi requested changes May 30, 2022
View reviewed changes
manager/config/config_test.go Outdated Show resolved Hide resolved
manager/database/mysql.go Outdated Show resolved Hide resolved
@embroede
Rename config parameters
8d0a6be 
Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
@embroede embroede changed the title feat: default to tls=preferred for mysql connection feat: enable configuration of the tls parameter for the mysql connection. i.e. tls=preferred Jun 9, 2022
@embroede
Use mysqlCfg.TLSConfig instead of mysqlCfg.Params
14a92c3 
Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
@embroede
Format config_test.go with gofmt -s
3cd74ed 
Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
@gaius-qi
Copy link
Member

Please fix unit tests. @embroede

2022-06-27T12:42:43.5657961Z === RUN   TestManagerConfig_Load
2022-06-27T12:42:43.5658567Z     config_test.go:107: 
2022-06-27T12:42:43.5659014Z         	Error Trace:	config_test.go:107
2022-06-27T12:42:43.5659405Z         	Error:      	Not equal: 
2022-06-27T12:42:43.5662766Z         	            	expected: &config.Config{Options:base.Options{Console:false, Verbose:false, PProfPort:0, Telemetry:base.TelemetryOption{Jaeger:"", ServiceName:""}}, Server:(*config.ServerConfig)(0xc00005b840), Database:(*config.DatabaseConfig)(0xc000338330), Cache:(*config.CacheConfig)(0xc000338340), ObjectStorage:(*config.ObjectStorageConfig)(0xc000012900), Metrics:(*config.MetricsConfig)(0xc00004f4c0)}
2022-06-27T12:42:43.5666560Z         	            	actual  : &config.Config{Options:base.Options{Console:false, Verbose:false, PProfPort:0, Telemetry:base.TelemetryOption{Jaeger:"", ServiceName:""}}, Server:(*config.ServerConfig)(0xc00005bb00), Database:(*config.DatabaseConfig)(0xc000339610), Cache:(*config.CacheConfig)(0xc000339b20), ObjectStorage:(*config.ObjectStorageConfig)(0xc000012fc0), Metrics:(*config.MetricsConfig)(0xc00004fc80)}
2022-06-27T12:42:43.5667595Z         	            	
2022-06-27T12:42:43.5667961Z         	            	Diff:
2022-06-27T12:42:43.5668504Z         	            	--- Expected
2022-06-27T12:42:43.5668899Z         	            	+++ Actual
2022-06-27T12:42:43.5669429Z         	            	@@ -33,3 +33,3 @@
2022-06-27T12:42:43.5669999Z         	            	    Migrate: (bool) false,
2022-06-27T12:42:43.5670858Z         	            	-   TLSConfig: (string) (len=9) "preferred",
2022-06-27T12:42:43.5671408Z         	            	+   TLSConfig: (string) "",
2022-06-27T12:42:43.5671986Z         	            	    TLS: (*config.TLSConfig)({
2022-06-27T12:42:43.5672378Z         	Test:       	TestManagerConfig_Load
2022-06-27T12:42:43.5672763Z --- FAIL: TestManagerConfig_Load (0.01s)
2022-06-27T12:42:43.5673014Z FAIL

@embroede
Add test data for new tlsConfig parameter
ad6094c 
Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
@embroede
Copy link
Contributor Author

@gaius-qi Sorry about that, fixed.

gaius-qi
gaius-qi approved these changes Jun 28, 2022
View reviewed changes
Copy link
Member

@gaius-qi gaius-qi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

cndoit18
cndoit18 approved these changes Jun 28, 2022
View reviewed changes
Copy link
Member

@cndoit18 cndoit18 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

hyy0322
hyy0322 approved these changes Jun 28, 2022
View reviewed changes
Copy link

@hyy0322 hyy0322 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gaius-qi gaius-qi merged commit 4830796 into dragonflyoss:main Jun 28, 2022
gaius-qi pushed a commit that referenced this pull request Jun 28, 2023
@embroede @gaius-qi
feat: enable configuration of the tls parameter for the mysql connect…
d7b1bef 
…ion. i.e. tls=preferred (#1300)

* Default to tls=preferred for mysql connection

For communication from manager to mysql server, use `tls=preferred`
parameter to enable TLS whenever possible.

Signed-off-by: Edward Broeder <eddie.broeder@intel.com>

* Make mysql tls parameter configurable

Allow the user to specify the tls setting for the
mysql connection. An example would be setting tls
to "preferred", or "true". This is separate to
the tlsConfig config parameter, which is used to
set up a custom tls config, where tls key/certs
are specified.

See the tls parameter section in the below link:
https://pkg.go.dev/github.com/go-sql-driver/mysql#section-readme

Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gaius-qi gaius-qi gaius-qi approved these changes

@hyy0322 hyy0322 hyy0322 approved these changes

@cndoit18 cndoit18 cndoit18 approved these changes

@ansinlee ansinlee Awaiting requested review from ansinlee ansinlee is a code owner automatically assigned from dragonflyoss/dragonfly2-reviewers

@zzy987 zzy987 Awaiting requested review from zzy987 zzy987 is a code owner automatically assigned from dragonflyoss/dragonfly2-reviewers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@embroede @gaius-qi @hyy0322 @cndoit18