b4da7cfbfb
Related issue: https://github.com/github/gh-ost/issues/521 - Add --ssl-cert and --ssl-key options to specify SSL public/private key files - Allow combining --ssl-allow-insecure with other --ssl* flags. `mysql.RegisterTLSConfig` allows combining the corresponding parameters in the `tls.Config` it receives, so gh-ost should allow this. I found being able to pass --ssl-allow-insecure along with --ssl-ca, --ssl-cert, and --ssl-key useful in testing. - Use the same TLS config everywhere. Since the CLI only supports a single set of --ssl* configuration parameters, this should be fine -- `mysql.RegisterTLSConfig` documentation indicates the TLS config given will not be modified, so it can safely be used in many goroutines provided we also do not modify it. The previous implementation did not work when the TLS config was duplicated, which happens when gh-ost walks up the replication chain trying to find the master. This is because, when the config is duplicated, we must call `RegisterTLSConfig` again with the new config. This config is exactly the same, so it's easiest to side-step the issue by registering the TLS config once and using it everywhere.
85 lines
2.4 KiB
Go
85 lines
2.4 KiB
Go
/*
|
|
Copyright 2016 GitHub Inc.
|
|
See https://github.com/github/gh-ost/blob/master/LICENSE
|
|
*/
|
|
|
|
package mysql
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"testing"
|
|
|
|
"github.com/outbrain/golib/log"
|
|
test "github.com/outbrain/golib/tests"
|
|
)
|
|
|
|
func init() {
|
|
log.SetLevel(log.ERROR)
|
|
}
|
|
|
|
func TestNewConnectionConfig(t *testing.T) {
|
|
c := NewConnectionConfig()
|
|
test.S(t).ExpectEquals(c.Key.Hostname, "")
|
|
test.S(t).ExpectEquals(c.Key.Port, 0)
|
|
test.S(t).ExpectEquals(c.ImpliedKey.Hostname, "")
|
|
test.S(t).ExpectEquals(c.ImpliedKey.Port, 0)
|
|
test.S(t).ExpectEquals(c.User, "")
|
|
test.S(t).ExpectEquals(c.Password, "")
|
|
}
|
|
|
|
func TestDuplicateCredentials(t *testing.T) {
|
|
c := NewConnectionConfig()
|
|
c.Key = InstanceKey{Hostname: "myhost", Port: 3306}
|
|
c.User = "gromit"
|
|
c.Password = "penguin"
|
|
c.tlsConfig = &tls.Config{
|
|
InsecureSkipVerify: true,
|
|
ServerName: "feathers",
|
|
}
|
|
|
|
dup := c.DuplicateCredentials(InstanceKey{Hostname: "otherhost", Port: 3310})
|
|
test.S(t).ExpectEquals(dup.Key.Hostname, "otherhost")
|
|
test.S(t).ExpectEquals(dup.Key.Port, 3310)
|
|
test.S(t).ExpectEquals(dup.ImpliedKey.Hostname, "otherhost")
|
|
test.S(t).ExpectEquals(dup.ImpliedKey.Port, 3310)
|
|
test.S(t).ExpectEquals(dup.User, "gromit")
|
|
test.S(t).ExpectEquals(dup.Password, "penguin")
|
|
test.S(t).ExpectEquals(dup.tlsConfig, c.tlsConfig)
|
|
}
|
|
|
|
func TestDuplicate(t *testing.T) {
|
|
c := NewConnectionConfig()
|
|
c.Key = InstanceKey{Hostname: "myhost", Port: 3306}
|
|
c.User = "gromit"
|
|
c.Password = "penguin"
|
|
|
|
dup := c.Duplicate()
|
|
test.S(t).ExpectEquals(dup.Key.Hostname, "myhost")
|
|
test.S(t).ExpectEquals(dup.Key.Port, 3306)
|
|
test.S(t).ExpectEquals(dup.ImpliedKey.Hostname, "myhost")
|
|
test.S(t).ExpectEquals(dup.ImpliedKey.Port, 3306)
|
|
test.S(t).ExpectEquals(dup.User, "gromit")
|
|
test.S(t).ExpectEquals(dup.Password, "penguin")
|
|
}
|
|
|
|
func TestGetDBUri(t *testing.T) {
|
|
c := NewConnectionConfig()
|
|
c.Key = InstanceKey{Hostname: "myhost", Port: 3306}
|
|
c.User = "gromit"
|
|
c.Password = "penguin"
|
|
|
|
uri := c.GetDBUri("test")
|
|
test.S(t).ExpectEquals(uri, "gromit:penguin@tcp(myhost:3306)/test?interpolateParams=true&autocommit=true&charset=utf8mb4,utf8,latin1&tls=false")
|
|
}
|
|
|
|
func TestGetDBUriWithTLSSetup(t *testing.T) {
|
|
c := NewConnectionConfig()
|
|
c.Key = InstanceKey{Hostname: "myhost", Port: 3306}
|
|
c.User = "gromit"
|
|
c.Password = "penguin"
|
|
c.tlsConfig = &tls.Config{}
|
|
|
|
uri := c.GetDBUri("test")
|
|
test.S(t).ExpectEquals(uri, "gromit:penguin@tcp(myhost:3306)/test?interpolateParams=true&autocommit=true&charset=utf8mb4,utf8,latin1&tls=ghost")
|
|
}
|