Adds check_hostname parameter To MySQL #11713
Conversation
ghost
added
|
The |
|
The |
|
The |
1 similar comment
|
The |
| @@ -98,6 +98,7 @@ class Config: | |||
|
|
|||
| ca: Optional[str] | |||
| cert: Optional[str] | |||
| check_hostname: Optional[bool] | |||
There was a problem hiding this comment.
Where is this actually used in the code?
There was a problem hiding this comment.
Out of scope for this PR, but we might want to think about explicitly declaring these options in the code rather than passing the raw values directly to a python dict:
There was a problem hiding this comment.
Code wise I am adding a variable in the conf yaml file while also keeping it as an optional setting with default of true to allow DBM on MySQL to happen. In some cases, due to which db type they are using for MySQL, the permissions for the connection can strict as I believe the hostname must be the same as the one set in certificate but setting this to false can prevent this checking from happening and allow DBM to monitor their db. But user do have the option to change this value in the conf yaml file.
The check_hostname is used in the self._config.ssl and then assigned to ssl as a dictionary
What does this PR do?
Adds check_hostname parameter for PyMySQL Connection
Motivation
We have a customer who is trying to get database monitoring working on a Cloud SQL cluster, but due to security reasons, they have to connect directly to individual IPs within the cluster, rather than the external DNS address. This is a problem because their certificate is attached to the external DNS instead. PyMySQL (the lib we use) has a strict relationship between the certificate and the hostname, but there’s an option to disable it for situations such as this. We should update the SSL config to include this parameter.
Additional Notes
Review checklist (to be filled by reviewers)
changelog/andintegration/labels attached