Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #216 added support for user with x509 enabled #294

Merged
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions Dockerfile.local
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
FROM golang:1.17-buster@sha256:3e663ba6af8281b04975b0a34a14d538cdd7d284213f83f05aaf596b80a8c725 as builder

COPY . /src
WORKDIR /src
RUN make dist

FROM scratch AS exporter
COPY --from=builder /src/bin/ /
20 changes: 16 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@ Options:
applies missing (out-of-order) migrations
-certfile string
file path to root CA's certificates in pem format (only support on mysql)
-sslcert string
file path to SSL certificates in pem format (only support on mysql)
-sslkey string
file path to SSL key in pem format (only support on mysql)
-dir string
directory with migration files (default ".")
-h print help
Expand Down Expand Up @@ -239,7 +243,7 @@ language plpgsql;
Go 1.16 introduced new feature: [compile-time embedding](https://pkg.go.dev/embed/) files into binary and
corresponding [filesystem abstraction](https://pkg.go.dev/io/fs/).

This feature can be used only for applying existing migrations. Modifying operations such as
This feature can be used only for applying existing migrations. Modifying operations such as
`fix` and `create` will continue to operate on OS filesystem even if using embedded files. This is expected
behaviour because `io/fs` interfaces allows read-only access.

Expand All @@ -250,16 +254,16 @@ package main
import (
"database/sql"
"embed"

"github.com/pressly/goose/v3"
)

//go:embed migrations/*.sql
var embedMigrations embed.FS

func main() {
var db *sql.DB
// setup database
var db *sql.DB
// setup database

goose.SetBaseFS(embedMigrations)

Expand Down Expand Up @@ -312,6 +316,14 @@ func Down(tx *sql.Tx) error {
}
```

# Development

This can be used to build local `goose` binaries without having the latest Go version installed locally.

```bash
DOCKER_BUILDKIT=1 docker build -f Dockerfile.local --output bin .
```

# Hybrid Versioning
Please, read the [versioning problem](https://github.com/pressly/goose/issues/63#issuecomment-428681694) first.

Expand Down
21 changes: 18 additions & 3 deletions cmd/goose/driver_mysql.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ import (
// the parameter `parseTime` set to true. This allows internal goose logic
// to assume that DATETIME/DATE/TIMESTAMP can be scanned into the time.Time
// type.
func normalizeDBString(driver string, str string, certfile string) string {
func normalizeDBString(driver string, str string, certfile string, sslcert string, sslkey string) string {
if driver == "mysql" {
var isTLS = certfile != ""
if isTLS {
if err := registerTLSConfig(certfile); err != nil {
if err := registerTLSConfig(certfile, sslcert, sslkey); err != nil {
log.Fatalf("goose run: %v", err)
}
}
Expand Down Expand Up @@ -55,7 +55,7 @@ func normalizeMySQLDSN(dsn string, tls bool) (string, error) {
return config.FormatDSN(), nil
}

func registerTLSConfig(pemfile string) error {
func registerTLSConfig(pemfile string, sslcert string, sslkey string) error {
rootCertPool := x509.NewCertPool()
pem, err := ioutil.ReadFile(pemfile)
if err != nil {
Expand All @@ -64,6 +64,21 @@ func registerTLSConfig(pemfile string) error {
if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
return fmt.Errorf("failed to append PEM: %q", pemfile)
}

if sslcert != "" && sslkey != "" {
arulrajnet marked this conversation as resolved.
Show resolved Hide resolved
clientCert := make([]tls.Certificate, 0, 1)
certs, err := tls.LoadX509KeyPair(sslcert, sslkey)
if err != nil {
return fmt.Errorf("failed to load x509 keypair: %w", err)
}
clientCert = append(clientCert, certs)

return mysql.RegisterTLSConfig(tlsConfigKey, &tls.Config{
RootCAs: rootCertPool,
Certificates: clientCert,
})
}

return mysql.RegisterTLSConfig(tlsConfigKey, &tls.Config{
RootCAs: rootCertPool,
})
Expand Down
4 changes: 3 additions & 1 deletion cmd/goose/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ var (
certfile = flags.String("certfile", "", "file path to root CA's certificates in pem format (only support on mysql)")
sequential = flags.Bool("s", false, "use sequential numbering for new migrations")
allowMissing = flags.Bool("allow-missing", false, "applies missing (out-of-order) migrations")
sslcert = flags.String("ssl-cert", "", "file path to SSL certificates in pem format (only support on mysql)")
sslkey = flags.String("ssl-key", "", "file path to SSL key in pem format (only support on mysql)")
)

var (
Expand Down Expand Up @@ -78,7 +80,7 @@ func main() {
if driver == "sqlite3" {
driver = "sqlite"
}
db, err := goose.OpenDBWithDriver(driver, normalizeDBString(driver, dbstring, *certfile))
db, err := goose.OpenDBWithDriver(driver, normalizeDBString(driver, dbstring, *certfile, *sslcert, *sslkey))
if err != nil {
log.Fatalf("-dbstring=%q: %v\n", dbstring, err)
}
Expand Down