首页 项目目录 关于我们
Sign In
rust
/
Materialize
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
Materialize
/
misc
/
python
/
materialize
/
mysql_util.py

mysql_util.py 2.0 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 
  1. # Copyright Materialize, Inc. and contributors. All rights reserved.
    2. 

  2. #
    3. 

  3. # Use of this software is governed by the Business Source License
    4. 

  4. # included in the LICENSE file at the root of this repository.
    5. 

  5. #
    6. 

  6. # As of the Change Date specified in that file, in accordance with
    7. 

  7. # the Business Source License, use of this software will be governed
    8. 

  8. # by the Apache License, Version 2.0.
    9. 

  9. 

  10. from dataclasses import dataclass
    11. 

  11. 

  12. from materialize.mzcompose.composition import Composition
    13. 

  13. 

  14. 

  15. @dataclass
    16. 

  16. class MySqlSslContext:
    17. 

  17.     ca: str
    18. 

  18.     client_cert: str
    19. 

  19.     client_key: str
    20. 

  20. 

  21. 

  22. def retrieve_ssl_context_for_mysql(c: Composition) -> MySqlSslContext:
    23. 

  23.     # MySQL generates self-signed certificates for SSL connections on startup,
    24. 

  24.     # for both the server and client:
    25. 

  25.     # https://dev.mysql.com/doc/refman/8.3/en/creating-ssl-rsa-files-using-mysql.html
    26. 

  26.     # Grab the correct Server CA and Client Key and Cert from the MySQL container
    27. 

  27.     # (and strip the trailing null byte):
    28. 

  28.     ssl_ca = c.exec("mysql", "cat", "/var/lib/mysql/ca.pem", capture=True).stdout.split(
    29. 

  29.         "\x00", 1
    30. 

  30.     )[0]
    31. 

  31.     ssl_client_cert = c.exec(
    32. 

  32.         "mysql", "cat", "/var/lib/mysql/client-cert.pem", capture=True
    33. 

  33.     ).stdout.split("\x00", 1)[0]
    34. 

  34.     ssl_client_key = c.exec(
    35. 

  35.         "mysql", "cat", "/var/lib/mysql/client-key.pem", capture=True
    36. 

  36.     ).stdout.split("\x00", 1)[0]
    37. 

  37. 

  38.     return MySqlSslContext(ssl_ca, ssl_client_cert, ssl_client_key)
    39. 

  39. 

  40. 

  41. def retrieve_invalid_ssl_context_for_mysql(c: Composition) -> MySqlSslContext:
    42. 

  42.     # Use the TestCert service to obtain a wrong CA and client cert/key:
    43. 

  43.     c.up({"name": "test-certs", "persistent": True})
    44. 

  44.     ssl_wrong_ca = c.run("test-certs", "cat", "/secrets/ca.crt", capture=True).stdout
    45. 

  45.     ssl_wrong_client_cert = c.run(
    46. 

  46.         "test-certs", "cat", "/secrets/certuser.crt", capture=True
    47. 

  47.     ).stdout
    48. 

  48.     ssl_wrong_client_key = c.run(
    49. 

  49.         "test-certs", "cat", "/secrets/certuser.key", capture=True
    50. 

  50.     ).stdout
    51. 

  51.     return MySqlSslContext(ssl_wrong_ca, ssl_wrong_client_cert, ssl_wrong_client_key)
    52.