Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for sslmode=verify-full for mysql and pg #1249

Merged
merged 13 commits into from
Jun 23, 2020

Conversation

doodlesbykumbi
Copy link
Contributor

@doodlesbykumbi doodlesbykumbi commented Jun 11, 2020

This means full verification of rootCA and hostname. The value for the hostname to check against is either 'sslhost' or 'host', 'sslhost' takes precedence when it is not empty.

What does this PR do?

  • What's changed? Why were these changes made?

    • Adds support for sslmode=verify-full for mysql and pg
    • Adds sslhost option that can override the host for certificate hostname verification
    • Add integration tests
  • How should the reviewer approach this PR, especially if manual tests are required?

    The entrypoint to the feature is internal/plugin/connectors/tcp/ssl/ssl.go. This file contains the TLS implementation for both mysql and pg.

  • Are there relevant screenshots you can add to the PR description?
    N/A

What ticket does this PR close?

Connected to #548

Checklists

Change log

  • The CHANGELOG has been updated, or
  • This PR does not include user-facing changes and doesn't require a CHANGELOG update

Test coverage

  • This PR includes new unit and integration tests to go with the code changes, or
  • The changes in this PR do not require tests

Documentation

@doodlesbykumbi doodlesbykumbi requested a review from a team as a code owner June 11, 2020 14:07
@doodlesbykumbi doodlesbykumbi force-pushed the verify-full-pg-mysql branch 2 times, most recently from aa9d057 to e3bb413 Compare June 16, 2020 10:01
@doodlesbykumbi doodlesbykumbi force-pushed the verify-full-pg-mysql branch 2 times, most recently from 7748772 to b3bb901 Compare June 16, 2020 13:31
CHANGELOG.md Outdated Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
@doodlesbykumbi doodlesbykumbi linked an issue Jun 17, 2020 that may be closed by this pull request
1 task
Copy link
Contributor

@BradleyBoutcher BradleyBoutcher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The central idea has already been implemented in our MsSQL connector, so I think this looks great.
Just one nit, and some codeclimate things that might need to be resolved. Otherwise, LGTM.

internal/plugin/connectors/tcp/ssl/ssl.go Outdated Show resolved Hide resolved
@doodlesbykumbi doodlesbykumbi force-pushed the verify-full-pg-mysql branch 2 times, most recently from 4c3c00a to efa1569 Compare June 22, 2020 14:29
@doodlesbykumbi doodlesbykumbi force-pushed the verify-full-pg-mysql branch 2 times, most recently from a7f88e5 to c0da649 Compare June 22, 2020 17:18
CHANGELOG.md Show resolved Hide resolved
Copy link
Contributor

@BradleyBoutcher BradleyBoutcher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@doodlesbykumbi doodlesbykumbi force-pushed the verify-full-pg-mysql branch 2 times, most recently from 86642d9 to 0e9a511 Compare June 22, 2020 21:01
@codeclimate
Copy link

codeclimate bot commented Jun 22, 2020

Code Climate has analyzed commit 1180aff and detected 5 issues on this pull request.

Here's the issue category breakdown:

Category Count
Duplication 4
Style 1

The test coverage on the diff in this pull request is 86.9% (50% is the threshold).

This pull request will bring the total coverage in the repository to 49.6% (1.2% change).

View more on Code Climate.

@izgeri
Copy link
Contributor

izgeri commented Jun 23, 2020

@doodlesbykumbi this is good to go! sorry for the delay

@doodlesbykumbi doodlesbykumbi merged commit b3a3c23 into master Jun 23, 2020
@doodlesbykumbi doodlesbykumbi deleted the verify-full-pg-mysql branch October 19, 2020 14:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

PostgreSQL and MySQL connectors support sslmode=verify-full
3 participants