Implement mTLS support in both the mysql backend and probes.

pkg/group/mysql.go

@@ -77,7 +77,7 @@ func NewMySQLBackend(throttler *throttle.Throttler) (*MySQLBackend, error) {
 	if settings.BackendMySQLHost == "" {
 		return nil, nil
 	}
-	uri, err := mysql.MakeUri(
+	url, err := mysql.NewURL(
 		settings.BackendMySQLHost,
 		settings.BackendMySQLPort,
 		settings.BackendMySQLSchema,
@@ -93,14 +93,14 @@ func NewMySQLBackend(throttler *throttle.Throttler) (*MySQLBackend, error) {
 		return nil, err
 	}
 
-	db, _, err := sqlutils.GetDB(uri)
+	db, _, err := sqlutils.GetDB(url.String())
 	if err != nil {
 		return nil, err
 	}
 
 	db.SetMaxOpenConns(maxConnections)
 	db.SetMaxIdleConns(maxConnections)
-	log.Debugf("created db at: %s", uri)
+	log.Debugf("created db at: %s", url.Redacted())
 	hostname, err := os.Hostname()
 	if err != nil {
 		return nil, err

pkg/mysql/mysql_throttle_metric.go

@@ -88,7 +88,7 @@ func ReadThrottleMetric(probe *Probe, clusterName string) (mySQLThrottleMetric *
 		}()
 	}(mySQLThrottleMetric, started)
 
-	db, fromCache, err := sqlutils.GetDB(probe.Uri)
+	db, fromCache, err := sqlutils.GetDB(probe.Url.String())
 	if err != nil {
 		mySQLThrottleMetric.Err = err
 		return mySQLThrottleMetric

pkg/mysql/probe.go

@@ -7,6 +7,7 @@ package mysql
 
 import (
 	"fmt"
+	"net/url"
 	"time"
 )
 
@@ -19,7 +20,7 @@ const (
 // Probe is the minimal configuration required to connect to a MySQL server
 type Probe struct {
 	Key                 InstanceKey
-	Uri                 string
+	Url                 *url.URL
 	MetricQuery         string
 	CacheMillis         int
 	QueryInProgress     int64
@@ -44,14 +45,14 @@ func NewProbes() *Probes {
 // NewProbe allocates memory for a new Probe value and returns its address, or an error in case tlsConfiguration parameters were
 // provided, but TLS configuration couldn't be registered. If that's the case, the address of the probe will be nil.
 func NewProbe(key *InstanceKey, user, password, databaseName, tlsCaCertPath, tlsClientCertPath, tlsClientKeyPath string, tlsSkipVerify bool, metricQuery string, cacheMillis int, httpCheckPath string, httpCheckPort int) (*Probe, error) {
-	uri, err := MakeUri(key.Hostname, key.Port, user, password, databaseName, tlsCaCertPath, tlsClientCertPath, tlsClientKeyPath, tlsSkipVerify, probeTimeout)
+	url, err := NewURL(key.Hostname, key.Port, user, password, databaseName, tlsCaCertPath, tlsClientCertPath, tlsClientKeyPath, tlsSkipVerify, probeTimeout)
 	if err != nil {
 		return nil, fmt.Errorf("cannot create probe. Cause:  %w", err)
 	}
 
 	p := Probe{
 		Key:           *key,
-		Uri:           uri,
+		Url:           url,
 		MetricQuery:   metricQuery,
 		CacheMillis:   cacheMillis,
 		HttpCheckPath: httpCheckPath,

pkg/mysql/uri.go → pkg/mysql/url.go

@@ -7,23 +7,23 @@ import (
 	"fmt"
 	"io/ioutil"
 	"net"
+	"net/url"
 	"time"
 
 	"github.com/go-sql-driver/mysql"
 )
 
-const timeout = 10 * time.Millisecond
-
-// MakeUri creates a new string representing the URI for the mysql driver to connect to, including timeout, charset and tls settings.
-// In case the URI cannot be created due to a wrong TLS configuration, an error is returned.
-func MakeUri(hostname string, port int, databaseName, user, password, tlsCaCerPath, tlsClientCertPath, tlsClientKeyPath string, tlsSkipVerify bool, timeout time.Duration) (uri string, err error) {
+// NewURL creates a new string representing the URI for the mysql driver to connect to, including timeout, charset and tls settings.
+// In case the URL cannot be created due to a wrong TLS configuration, an error is returned.
+func NewURL(hostname string, port int, databaseName, user, password, tlsCaCerPath, tlsClientCertPath, tlsClientKeyPath string, tlsSkipVerify bool, timeout time.Duration) (*url.URL, error) {
+	var err error
 	tlsKey := "false"
 
 	if tlsCaCerPath != "" || tlsClientCertPath != "" || tlsClientKeyPath != "" {
 		tlsKey = fmt.Sprintf("%s:%d", hostname, port)
 		err = registerTlsConfig(tlsKey, tlsCaCerPath, tlsClientCertPath, tlsClientKeyPath, tlsSkipVerify)
 		if err != nil {
-			return "", err
+			return nil, err
 		}
 	}
 
@@ -33,8 +33,8 @@ func MakeUri(hostname string, port int, databaseName, user, password, tlsCaCerPa
 		hostname = fmt.Sprintf("[%s]", hostname)
 	}
 
-	uri = fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?interpolateParams=true&charset=utf8mb4,utf8,latin1&tls=%s&timeout=%dms", user, password, hostname, port, databaseName, tlsKey, timeout.Milliseconds())
-	return uri, err
+	s := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?interpolateParams=true&charset=utf8mb4,utf8,latin1&tls=%s&timeout=%dms", user, password, hostname, port, databaseName, tlsKey, timeout.Milliseconds())
+	return url.Parse(s)
 }
 
 // registerTlsConfig registers the certificates under a given key which is calculated based on the