2016-03-30 15:43:40 +02:00
|
|
|
/*
|
|
|
|
Copyright 2016 GitHub Inc.
|
2016-05-16 11:09:17 +02:00
|
|
|
See https://github.com/github/gh-ost/blob/master/LICENSE
|
2016-03-30 15:43:40 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
package mysql
|
|
|
|
|
2016-04-04 15:29:02 +02:00
|
|
|
import (
|
2019-01-31 10:03:48 -06:00
|
|
|
"crypto/tls"
|
|
|
|
"crypto/x509"
|
|
|
|
"errors"
|
2016-04-04 15:29:02 +02:00
|
|
|
"fmt"
|
2019-01-31 10:03:48 -06:00
|
|
|
"io/ioutil"
|
2016-08-05 16:50:09 -07:00
|
|
|
"net"
|
2019-01-31 10:03:48 -06:00
|
|
|
|
|
|
|
"github.com/go-sql-driver/mysql"
|
2016-04-04 15:29:02 +02:00
|
|
|
)
|
|
|
|
|
2019-02-22 10:33:19 -08:00
|
|
|
const (
|
|
|
|
TLS_CONFIG_KEY = "ghost"
|
|
|
|
)
|
|
|
|
|
2016-03-30 15:43:40 +02:00
|
|
|
// ConnectionConfig is the minimal configuration required to connect to a MySQL server
|
|
|
|
type ConnectionConfig struct {
|
2016-06-19 17:55:37 +02:00
|
|
|
Key InstanceKey
|
|
|
|
User string
|
|
|
|
Password string
|
|
|
|
ImpliedKey *InstanceKey
|
2019-01-31 10:03:48 -06:00
|
|
|
tlsConfig *tls.Config
|
2016-03-30 15:43:40 +02:00
|
|
|
}
|
2016-04-04 15:29:02 +02:00
|
|
|
|
|
|
|
func NewConnectionConfig() *ConnectionConfig {
|
|
|
|
config := &ConnectionConfig{
|
|
|
|
Key: InstanceKey{},
|
|
|
|
}
|
2016-06-19 17:55:37 +02:00
|
|
|
config.ImpliedKey = &config.Key
|
2016-04-04 15:29:02 +02:00
|
|
|
return config
|
|
|
|
}
|
|
|
|
|
2016-10-11 16:42:19 +02:00
|
|
|
// DuplicateCredentials creates a new connection config with given key and with same credentials as this config
|
|
|
|
func (this *ConnectionConfig) DuplicateCredentials(key InstanceKey) *ConnectionConfig {
|
2016-04-04 15:29:02 +02:00
|
|
|
config := &ConnectionConfig{
|
2019-01-31 10:03:48 -06:00
|
|
|
Key: key,
|
|
|
|
User: this.User,
|
|
|
|
Password: this.Password,
|
|
|
|
tlsConfig: this.tlsConfig,
|
2016-04-04 15:29:02 +02:00
|
|
|
}
|
2016-06-19 17:55:37 +02:00
|
|
|
config.ImpliedKey = &config.Key
|
2016-04-04 15:29:02 +02:00
|
|
|
return config
|
|
|
|
}
|
|
|
|
|
2016-10-11 16:42:19 +02:00
|
|
|
func (this *ConnectionConfig) Duplicate() *ConnectionConfig {
|
|
|
|
return this.DuplicateCredentials(this.Key)
|
|
|
|
}
|
|
|
|
|
2016-04-04 15:29:02 +02:00
|
|
|
func (this *ConnectionConfig) String() string {
|
2019-01-31 10:03:48 -06:00
|
|
|
return fmt.Sprintf("%s, user=%s, usingTLS=%t", this.Key.DisplayString(), this.User, this.tlsConfig != nil)
|
2016-04-04 15:29:02 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (this *ConnectionConfig) Equals(other *ConnectionConfig) bool {
|
2016-06-19 17:55:37 +02:00
|
|
|
return this.Key.Equals(&other.Key) || this.ImpliedKey.Equals(other.ImpliedKey)
|
2016-04-04 15:29:02 +02:00
|
|
|
}
|
|
|
|
|
2019-02-22 10:33:19 -08:00
|
|
|
func (this *ConnectionConfig) UseTLS(caCertificatePath, clientCertificate, clientKey string, allowInsecure bool) error {
|
2019-01-31 10:03:48 -06:00
|
|
|
var rootCertPool *x509.CertPool
|
2019-02-22 10:33:19 -08:00
|
|
|
var certs []tls.Certificate
|
2019-02-04 14:46:08 -06:00
|
|
|
var err error
|
|
|
|
|
2019-02-22 10:33:19 -08:00
|
|
|
if caCertificatePath == "" {
|
|
|
|
rootCertPool, err = x509.SystemCertPool()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
rootCertPool = x509.NewCertPool()
|
|
|
|
pem, err := ioutil.ReadFile(caCertificatePath)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
|
|
|
|
return errors.New("could not add ca certificate to cert pool")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if clientCertificate != "" || clientKey != "" {
|
|
|
|
cert, err := tls.LoadX509KeyPair(clientCertificate, clientKey)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
2019-01-31 10:03:48 -06:00
|
|
|
}
|
2019-02-22 10:33:19 -08:00
|
|
|
certs = []tls.Certificate{cert}
|
2019-01-31 10:03:48 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
this.tlsConfig = &tls.Config{
|
2019-02-22 10:33:19 -08:00
|
|
|
Certificates: certs,
|
2019-01-31 10:03:48 -06:00
|
|
|
RootCAs: rootCertPool,
|
2019-02-04 16:21:25 -06:00
|
|
|
InsecureSkipVerify: allowInsecure,
|
2019-01-31 10:03:48 -06:00
|
|
|
}
|
|
|
|
|
2019-02-22 10:33:19 -08:00
|
|
|
return mysql.RegisterTLSConfig(TLS_CONFIG_KEY, this.tlsConfig)
|
2019-01-31 10:03:48 -06:00
|
|
|
}
|
|
|
|
|
|
|
|
func (this *ConnectionConfig) TLSConfig() *tls.Config {
|
|
|
|
return this.tlsConfig
|
|
|
|
}
|
|
|
|
|
2018-03-12 16:17:53 +02:00
|
|
|
func (this *ConnectionConfig) GetDBUri(databaseName string) string {
|
2016-09-07 14:24:11 +02:00
|
|
|
hostname := this.Key.Hostname
|
|
|
|
var ip = net.ParseIP(hostname)
|
2016-08-05 16:50:09 -07:00
|
|
|
if (ip != nil) && (ip.To4() == nil) {
|
|
|
|
// Wrap IPv6 literals in square brackets
|
2016-09-07 14:24:11 +02:00
|
|
|
hostname = fmt.Sprintf("[%s]", hostname)
|
2016-08-05 16:50:09 -07:00
|
|
|
}
|
2018-03-07 16:30:02 +02:00
|
|
|
interpolateParams := true
|
2019-01-31 17:23:19 -06:00
|
|
|
// go-mysql-driver defaults to false if tls param is not provided; explicitly setting here to
|
|
|
|
// simplify construction of the DSN below.
|
2019-01-31 10:03:48 -06:00
|
|
|
tlsOption := "false"
|
|
|
|
if this.tlsConfig != nil {
|
2019-02-22 10:33:19 -08:00
|
|
|
tlsOption = TLS_CONFIG_KEY
|
2019-01-31 10:03:48 -06:00
|
|
|
}
|
|
|
|
return fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?interpolateParams=%t&autocommit=true&charset=utf8mb4,utf8,latin1&tls=%s", this.User, this.Password, hostname, this.Key.Port, databaseName, interpolateParams, tlsOption)
|
2016-04-04 15:29:02 +02:00
|
|
|
}
|