-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PMM-12880 Proper skip for MySQL TLS certs. #2909
base: main
Are you sure you want to change the base?
Conversation
case len(s.Files()) != 0: | ||
cfg.Params["tls"] = "custom" | ||
case s.TLSSkipVerify: | ||
cfg.Params["tls"] = skipVerify |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is mandatory to have "custom" as the first case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you please add it as a comment there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and also add that TLSSkipVerify for custom is handled in pmm-agent side
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@BupycHuk Sure. Added on both places (exporter, QAN agents) :
https://github.com/percona/pmm/pull/2909/files#diff-55a051531f2bd4996142e7a3723954354b3c3e7ae921ca0e5b024178d9550f3aR341-R342
case len(s.Files()) != 0: | ||
cfg.Params["tls"] = "custom" | ||
case s.TLSSkipVerify: | ||
cfg.Params["tls"] = skipVerify |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is mandatory to have "custom" as the first case.
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #2909 +/- ##
==========================================
+ Coverage 43.28% 43.31% +0.03%
==========================================
Files 399 399
Lines 41394 41395 +1
==========================================
+ Hits 17916 17930 +14
+ Misses 21477 21465 -12
+ Partials 2001 2000 -1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
err = mysql.RegisterTLSConfig("custom", &tls.Config{ | ||
RootCAs: ca, | ||
Certificates: []tls.Certificate{cert}, | ||
InsecureSkipVerify: tlsSkipVerify, // #nosec G402 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Originally missed there for "custom" ones at all.
case len(s.Files()) != 0: | ||
cfg.Params["tls"] = "custom" | ||
case s.TLSSkipVerify: | ||
cfg.Params["tls"] = skipVerify |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
could you please add it as a comment there?
case len(s.Files()) != 0: | ||
cfg.Params["tls"] = "custom" | ||
case s.TLSSkipVerify: | ||
cfg.Params["tls"] = skipVerify |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and also add that TLSSkipVerify for custom is handled in pmm-agent side
PMM-12880
Link to the Feature Build: Percona-Lab/pmm-submodules#3593