This is an automated email from the ASF dual-hosted git repository.

klesh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake.git


The following commit(s) were added to refs/heads/main by this push:
     new 00e4c71ec fix: db_url add tls=skip-verify and add tls connection 
(#6145)
00e4c71ec is described below

commit 00e4c71ecaf0d78e44fb750b05cd8643e22d3dee
Author: abeizn <[email protected]>
AuthorDate: Tue Sep 26 17:23:45 2023 +0800

    fix: db_url add tls=skip-verify and add tls connection (#6145)
    
    * fix: db_url add tls=skip-verify
    
    * fix: add tls connection
    
    * fix: ci lint
    
    * fix: rename addLocal to sanitizeQuery
    
    * fix: adjust tls=custom to DB_URL
    
    ---------
    
    Co-authored-by: Klesh Wong <[email protected]>
---
 backend/core/runner/db.go                 | 37 ++++++++++++++++++++++++++++---
 backend/core/runner/db_test.go            |  4 ++--
 backend/python/pydevlake/pydevlake/ipc.py |  3 +++
 backend/server/services/locking.go        |  2 +-
 4 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/backend/core/runner/db.go b/backend/core/runner/db.go
index 0a98704a4..72febf504 100644
--- a/backend/core/runner/db.go
+++ b/backend/core/runner/db.go
@@ -19,8 +19,12 @@ package runner
 
 import (
        "context"
+       "crypto/tls"
+       "crypto/x509"
+       "database/sql"
        "fmt"
        "net/url"
+       "os"
        "strings"
        "time"
 
@@ -28,6 +32,7 @@ import (
        "github.com/apache/incubator-devlake/core/dal"
        "github.com/apache/incubator-devlake/core/errors"
        "github.com/apache/incubator-devlake/core/log"
+       tlsMysql "github.com/go-sql-driver/mysql"
        "gorm.io/driver/mysql"
        "gorm.io/driver/postgres"
        "gorm.io/gorm"
@@ -104,11 +109,14 @@ func getUserString(u *url.URL) string {
        return userString
 }
 
-// addLocal adds loc=Local to the query string if it's not already there
-func addLocal(query url.Values) string {
+// sanitizeQuery add default value to query and remove ca-cert from query
+func sanitizeQuery(query url.Values) string {
        if query.Get("loc") == "" {
                query.Set("loc", "Local")
        }
+       if query.Get("ca-cert") != "" {
+               query.Del("ca-cert")
+       }
        return query.Encode()
 }
 
@@ -119,7 +127,30 @@ func getDbConnection(dbUrl string, conf *gorm.Config) 
(*gorm.DB, error) {
        }
        switch strings.ToLower(u.Scheme) {
        case "mysql":
-               dbUrl = fmt.Sprintf("%s@tcp(%s)%s?%s", getUserString(u), 
u.Host, u.Path, addLocal(u.Query()))
+               dbUrl = fmt.Sprintf("%s@tcp(%s)%s?%s", getUserString(u), 
u.Host, u.Path, sanitizeQuery(u.Query()))
+               if u.Query().Get("tls") != "" && u.Query().Get("ca-cert") != "" 
{
+                       rootCertPool := x509.NewCertPool()
+                       pem, err := os.ReadFile(u.Query().Get("ca-cert"))
+                       if err != nil {
+                               return nil, err
+                       }
+                       if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
+                               return nil, err
+                       }
+                       err = tlsMysql.RegisterTLSConfig("custom", 
&tls.Config{RootCAs: rootCertPool})
+                       if err != nil {
+                               return nil, err
+                       }
+                       db, err := sql.Open("mysql", dbUrl)
+                       if err != nil {
+                               return nil, err
+                       }
+                       gormDB, err := gorm.Open(mysql.New(mysql.Config{
+                               Conn: db,
+                       }), &gorm.Config{})
+
+                       return gormDB, err
+               }
                return gorm.Open(mysql.Open(dbUrl), conf)
        case "postgresql", "postgres", "pg":
                return gorm.Open(postgres.Open(dbUrl), conf)
diff --git a/backend/core/runner/db_test.go b/backend/core/runner/db_test.go
index 550a8fc3e..002960cf0 100644
--- a/backend/core/runner/db_test.go
+++ b/backend/core/runner/db_test.go
@@ -60,8 +60,8 @@ func Test_addLocal(t *testing.T) {
        }
        for _, tt := range tests {
                t.Run(tt.name, func(t *testing.T) {
-                       if got := addLocal(tt.args.query); got != tt.want {
-                               t.Errorf("addLocal() = %v, want %v", got, 
tt.want)
+                       if got := sanitizeQuery(tt.args.query); got != tt.want {
+                               t.Errorf("sanitizeQuery() = %v, want %v", got, 
tt.want)
                        }
                })
        }
diff --git a/backend/python/pydevlake/pydevlake/ipc.py 
b/backend/python/pydevlake/pydevlake/ipc.py
index ee308189d..18a6a7322 100644
--- a/backend/python/pydevlake/pydevlake/ipc.py
+++ b/backend/python/pydevlake/pydevlake/ipc.py
@@ -131,6 +131,9 @@ def create_db_engine(db_url) -> Engine:
         del connect_args['parseTime']
     if 'loc' in connect_args:
         del connect_args['loc']
+    if 'tls' in connect_args:
+        del connect_args['tls']
+        connect_args['ssl'] = {'verify_cert': 'False'}
     try:
         engine = create_engine(base_url, connect_args=connect_args)
         tables = SubtaskRun.metadata.tables
diff --git a/backend/server/services/locking.go 
b/backend/server/services/locking.go
index 6a74ad4da..1adc48dd5 100644
--- a/backend/server/services/locking.go
+++ b/backend/server/services/locking.go
@@ -59,7 +59,7 @@ func lockDatabase() {
        // 3. update the record
        select {
        case <-c:
-       case <-time.After(3 * time.Second):
+       case <-time.After(10 * time.Second):
                panic(fmt.Errorf("locking _devlake_locking_stub timeout, the 
database might be locked by another devlake instance"))
        }
 }

Reply via email to