Skip to content

Commit

Permalink
Conditionally overwrite TLS parameters for MySQL secrets engine (#9729)
Browse files Browse the repository at this point in the history
* Conditionally overwrite TLS parameters in MySQL DSN

Overwrite MySQL TLS configuration in MySQL DSN only if have `tls_ca` or `tls_certificate_key` set
Current logic always overwrites it

* Add test for MySQL DSN with a valid TLS parameter in query string
  • Loading branch information
0x63lv authored Aug 17, 2020
1 parent 59d4571 commit 48db6d3
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
4 changes: 3 additions & 1 deletion plugins/database/mysql/connection_producer.go
Original file line number Diff line number Diff line change
Expand Up @@ -218,7 +218,9 @@ func (c *mySQLConnectionProducer) addTLStoDSN() (connURL string, err error) {
return "", fmt.Errorf("unable to parse connectionURL: %s", err)
}

config.TLSConfig = c.tlsConfigName
if len(c.tlsConfigName) > 0 {
config.TLSConfig = c.tlsConfigName
}

connURL = config.FormatDSN()

Expand Down
5 changes: 5 additions & 0 deletions plugins/database/mysql/connection_producer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,11 @@ func Test_addTLStoDSN(t *testing.T) {
tlsConfigName: "tlsTest101",
expectedResult: "user:pa?ssword?@tcp(localhost:3306)/test?tls=tlsTest101&foo=bar",
},
"tls, valid tls parameter in query string": {
rootUrl: "user:password@tcp(localhost:3306)/test?tls=true",
tlsConfigName: "",
expectedResult: "user:password@tcp(localhost:3306)/test?tls=true",
},
}

for name, test := range tests {
Expand Down

0 comments on commit 48db6d3

Please sign in to comment.