Enable mysql tls and remove cloudsqlproxy
This commit is contained in:
Tobie Morgan Hitchcock
parent
cc15f9d623
commit
fd0712398d
4 changed files with 44 additions and 94 deletions
57
cli/setup.go
57
cli/setup.go
|
|
@ -22,6 +22,8 @@ import (
|
|||
"regexp"
|
||||
"strings"
|
||||
|
||||
"encoding/pem"
|
||||
|
||||
"github.com/abcum/surreal/cnf"
|
||||
"github.com/abcum/surreal/log"
|
||||
"github.com/abcum/surreal/util/rand"
|
||||
|
|
@ -56,7 +58,7 @@ func setup() {
|
|||
}
|
||||
|
||||
if opts.DB.Path != "memory" {
|
||||
if ok, _ := regexp.MatchString(`^(s3|gcs|logr|file|mysql|rixxdb|dendrodb)://(.+)$`, opts.DB.Path); !ok {
|
||||
if ok, _ := regexp.MatchString(`^(logr|file|mysql|dendrodb)://(.+)$`, opts.DB.Path); !ok {
|
||||
log.Fatalf("Invalid path %s. Specify a valid data store configuration path", opts.DB.Path)
|
||||
}
|
||||
}
|
||||
|
|
@ -69,53 +71,22 @@ func setup() {
|
|||
log.Fatal("Specify a valid data file size policy. Valid sizes are greater than 0 and are specified in MB.")
|
||||
}
|
||||
|
||||
if strings.HasPrefix(opts.DB.Cert.CA, "-----") {
|
||||
var err error
|
||||
var doc *os.File
|
||||
if doc, err = os.Create("db.ca"); err != nil {
|
||||
log.Fatal("Can not decode PEM encoded CA into db.ca")
|
||||
}
|
||||
doc.Write([]byte(opts.DB.Cert.CA))
|
||||
doc.Close()
|
||||
opts.Cert.Crt = "db.ca"
|
||||
}
|
||||
|
||||
if strings.HasPrefix(opts.DB.Cert.Crt, "-----") {
|
||||
var err error
|
||||
var doc *os.File
|
||||
if doc, err = os.Create("db.key"); err != nil {
|
||||
log.Fatal("Can not decode PEM encoded certificate into db.crt")
|
||||
}
|
||||
doc.Write([]byte(opts.DB.Cert.Crt))
|
||||
doc.Close()
|
||||
opts.Cert.Crt = "db.crt"
|
||||
}
|
||||
|
||||
if strings.HasPrefix(opts.DB.Cert.Key, "-----") {
|
||||
var err error
|
||||
var doc *os.File
|
||||
if doc, err = os.Create("db.crt"); err != nil {
|
||||
log.Fatal("Can not decode PEM encoded private key into db.key")
|
||||
}
|
||||
doc.Write([]byte(opts.DB.Cert.Key))
|
||||
doc.Close()
|
||||
opts.Cert.Crt = "db.key"
|
||||
}
|
||||
|
||||
if opts.DB.Cert.CA != "" || opts.DB.Cert.Crt != "" || opts.DB.Cert.Key != "" {
|
||||
|
||||
opts.DB.Cert.SSL = true
|
||||
}
|
||||
|
||||
if opts.DB.Cert.CA == "" && opts.DB.Cert.SSL {
|
||||
log.Fatal("Specify a valid PEM encoded CA file.")
|
||||
}
|
||||
if dec, _ := pem.Decode([]byte(opts.DB.Cert.CA)); dec == nil || dec.Type != "CERTIFICATE" {
|
||||
log.Fatal("Specify a valid PEM encoded CA file.")
|
||||
}
|
||||
|
||||
if opts.DB.Cert.Crt == "" && opts.DB.Cert.SSL {
|
||||
log.Fatal("Specify a valid PEM encoded certificate file.")
|
||||
}
|
||||
if dec, _ := pem.Decode([]byte(opts.DB.Cert.Crt)); dec == nil || dec.Type != "CERTIFICATE" {
|
||||
log.Fatal("Specify a valid PEM encoded certificate file.")
|
||||
}
|
||||
|
||||
if dec, _ := pem.Decode([]byte(opts.DB.Cert.Key)); dec == nil || dec.Type != "RSA PRIVATE KEY" {
|
||||
log.Fatal("Specify a valid PEM encoded private key file.")
|
||||
}
|
||||
|
||||
if opts.DB.Cert.Key == "" && opts.DB.Cert.SSL {
|
||||
log.Fatal("Specify a valid PEM encoded private key file.")
|
||||
}
|
||||
|
||||
// --------------------------------------------------
|
||||
|
|
|
|||
45
glide.lock
generated
45
glide.lock
generated
|
|
@ -1,10 +1,6 @@
|
|||
hash: f40320fa34bbb59afd3c5b8720098d0639557fb70bea37d0b564b8a8d09c13e2
|
||||
updated: 2018-04-05T20:42:38.104761+01:00
|
||||
hash: cc325edb4f8ae4bfdaac8b068e01dfc5ed0d632d070c9d41181c32799e5449d3
|
||||
updated: 2018-04-06T00:06:11.90235+01:00
|
||||
imports:
|
||||
- name: cloud.google.com/go
|
||||
version: 01301d1df8060594708d76bda9062b0205b77e8b
|
||||
subpackages:
|
||||
- compute/metadata
|
||||
- name: github.com/abcum/bump
|
||||
version: 526934c541e071b5a330671c76434b9e32d55638
|
||||
- name: github.com/abcum/cork
|
||||
|
|
@ -32,17 +28,6 @@ imports:
|
|||
version: d150773194090feb6c897805a7bcea8d49544e2c
|
||||
- name: github.com/go-sql-driver/mysql
|
||||
version: a0583e0143b1624142adab07e0e97fe106d99561
|
||||
- name: github.com/golang/protobuf
|
||||
version: e09c5db296004fbe3f74490e84dcd62c3c5ddb1b
|
||||
subpackages:
|
||||
- proto
|
||||
- name: github.com/GoogleCloudPlatform/cloudsql-proxy
|
||||
version: 61590edac4c769d295cc5f48140ebeff88ccc5bf
|
||||
subpackages:
|
||||
- logging
|
||||
- proxy/certs
|
||||
- proxy/proxy
|
||||
- proxy/util
|
||||
- name: github.com/gorilla/websocket
|
||||
version: ea4d1f681babbce9545c9c5f3d5194a789c89f5b
|
||||
- name: github.com/hashicorp/errwrap
|
||||
|
|
@ -135,13 +120,6 @@ imports:
|
|||
- internal/socket
|
||||
- ipv4
|
||||
- ipv6
|
||||
- name: golang.org/x/oauth2
|
||||
version: 921ae394b9430ed4fb549668d7b087601bd60a81
|
||||
subpackages:
|
||||
- google
|
||||
- internal
|
||||
- jws
|
||||
- jwt
|
||||
- name: golang.org/x/sys
|
||||
version: 1d206c9fa8975fb4cf00df1dc8bf3283dc24ba0e
|
||||
subpackages:
|
||||
|
|
@ -156,25 +134,6 @@ imports:
|
|||
- language
|
||||
- transform
|
||||
- unicode/norm
|
||||
- name: google.golang.org/api
|
||||
version: 3097bf831ede4a24e08a3316254e29ca726383e3
|
||||
subpackages:
|
||||
- gensupport
|
||||
- googleapi
|
||||
- googleapi/internal/uritemplates
|
||||
- sqladmin/v1beta4
|
||||
- name: google.golang.org/appengine
|
||||
version: ad39d7fab7c60b2493fdc318c3d2cdb2128f92a4
|
||||
subpackages:
|
||||
- internal
|
||||
- internal/app_identity
|
||||
- internal/base
|
||||
- internal/datastore
|
||||
- internal/log
|
||||
- internal/modules
|
||||
- internal/remote_api
|
||||
- internal/urlfetch
|
||||
- urlfetch
|
||||
- name: gopkg.in/tylerb/graceful.v1
|
||||
version: 4654dfbb6ad53cb5e27f37d99b02e16c1872fbbb
|
||||
testImports:
|
||||
|
|
|
|||
|
|
@ -1,9 +1,5 @@
|
|||
package: github.com/abcum/surreal
|
||||
import:
|
||||
- package: github.com/GoogleCloudPlatform/cloudsql-proxy
|
||||
version: ^1.11.0
|
||||
subpackages:
|
||||
- proxy/proxy
|
||||
- package: github.com/Sirupsen/logrus
|
||||
version: ^1.0.5
|
||||
- package: github.com/abcum/bump
|
||||
|
|
|
|||
|
|
@ -17,6 +17,9 @@ package mysql
|
|||
import (
|
||||
"strings"
|
||||
|
||||
"crypto/tls"
|
||||
"crypto/x509"
|
||||
|
||||
"database/sql"
|
||||
|
||||
"github.com/abcum/surreal/cnf"
|
||||
|
|
@ -24,20 +27,41 @@ import (
|
|||
"github.com/abcum/surreal/log"
|
||||
|
||||
"github.com/go-sql-driver/mysql"
|
||||
|
||||
"github.com/GoogleCloudPlatform/cloudsql-proxy/proxy/proxy"
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
||||
mysql.RegisterDial("cloudsql", proxy.Dial)
|
||||
|
||||
kvs.Register("mysql", func(opts *cnf.Options) (db kvs.DB, err error) {
|
||||
|
||||
var pntr *sql.DB
|
||||
|
||||
path := strings.TrimPrefix(opts.DB.Path, "mysql://")
|
||||
|
||||
if cnf.Settings.DB.Cert.SSL {
|
||||
|
||||
cas := x509.NewCertPool()
|
||||
all := make([]tls.Certificate, 0, 1)
|
||||
car := []byte(cnf.Settings.DB.Cert.CA)
|
||||
crt := []byte(cnf.Settings.DB.Cert.Crt)
|
||||
key := []byte(cnf.Settings.DB.Cert.Key)
|
||||
|
||||
if ok := cas.AppendCertsFromPEM(car); !ok {
|
||||
log.WithPrefix("kvs").Errorln("Failed to append CA file.")
|
||||
}
|
||||
|
||||
par, err := tls.X509KeyPair(crt, key)
|
||||
if err != nil {
|
||||
log.WithPrefix("kvs").Errorln(err)
|
||||
}
|
||||
|
||||
mysql.RegisterTLSConfig("default", &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
RootCAs: cas,
|
||||
Certificates: append(all, par),
|
||||
})
|
||||
|
||||
}
|
||||
|
||||
pntr, err = sql.Open("mysql", path)
|
||||
if err != nil {
|
||||
log.WithPrefix("kvs").Errorln(err)
|
||||
|
|
|
|||
Loading…
Reference in a new issue