mysql: allow TLS options in MySQL driver such as "skip-verify"

[nrhtr]

Hi,

We're using Goose with an Amazon Aurora (MySQL) instance with IAM authentication. We need to enable TLS in order for the clearText / IAM token authentication to work. If I try adding &tls=skip-verify this gets cleared by the normalizeMySQLDSN function in the driver.

We worked around this for ourselves by just patching the call to dsn = tlsReg.ReplaceAllString(...) but it would be nice if this was officially supported. I wonder if it would work to simply move this to inside the if tls statement, but I admit I don't quite understand the purpose of this code in the first place so this is pure speculation on my part.

Thanks for your time and for this really cool project!

[mfridman]

Good question, back in #180 there were some changes to add two flags: -ssl-cert string and -ssl-key string (mysql specific).

However, looking at that function we're stripping most of the supported tls options the go-sql-driver package exposes, reference .

Type:           bool / string
Valid Values:   true, false, skip-verify, preferred, <name>
Default:        false

Tbh I don't know why we're hard coding the tls config to custom instead of leaving the parsing to mysql.ParseDSN, not sure if @Songmu is around and/or remembers. I suspect instead of goose setting the tls config to "custom", the user could set this in their dsn, like &tls=custom ?

Either way, this looks like a bug in how we parse tls value and we should fix it.