-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adds check_hostname parameter To MySQL #11713
Conversation
The |
The |
The |
1 similar comment
The |
@@ -98,6 +98,7 @@ class Config: | |||
|
|||
ca: Optional[str] | |||
cert: Optional[str] | |||
check_hostname: Optional[bool] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where is this actually used in the code?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Out of scope for this PR, but we might want to think about explicitly declaring these options in the code rather than passing the raw values directly to a python dict:
ssl = dict(self._config.ssl) if self._config.ssl else None |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code wise I am adding a variable in the conf yaml file while also keeping it as an optional setting with default of true to allow DBM on MySQL to happen. In some cases, due to which db type they are using for MySQL, the permissions for the connection can strict as I believe the hostname must be the same as the one set in certificate but setting this to false can prevent this checking from happening and allow DBM to monitor their db. But user do have the option to change this value in the conf yaml file.
The check_hostname is used in the self._config.ssl and then assigned to ssl as a dictionary
What does this PR do?
Adds check_hostname parameter for PyMySQL Connection
Motivation
We have a customer who is trying to get database monitoring working on a Cloud SQL cluster, but due to security reasons, they have to connect directly to individual IPs within the cluster, rather than the external DNS address. This is a problem because their certificate is attached to the external DNS instead. PyMySQL (the lib we use) has a strict relationship between the certificate and the hostname, but there’s an option to disable it for situations such as this. We should update the SSL config to include this parameter.
Additional Notes
Review checklist (to be filled by reviewers)
changelog/
andintegration/
labels attached