misc.python.materialize.mysql_util
1# Copyright Materialize, Inc. and contributors. All rights reserved. 2# 3# Use of this software is governed by the Business Source License 4# included in the LICENSE file at the root of this repository. 5# 6# As of the Change Date specified in that file, in accordance with 7# the Business Source License, use of this software will be governed 8# by the Apache License, Version 2.0. 9 10from dataclasses import dataclass 11 12from materialize.mzcompose.composition import Composition 13 14 15@dataclass 16class MySqlSslContext: 17 ca: str 18 client_cert: str 19 client_key: str 20 21 22def retrieve_ssl_context_for_mysql(c: Composition) -> MySqlSslContext: 23 # MySQL generates self-signed certificates for SSL connections on startup, 24 # for both the server and client: 25 # https://dev.mysql.com/doc/refman/8.3/en/creating-ssl-rsa-files-using-mysql.html 26 # Grab the correct Server CA and Client Key and Cert from the MySQL container 27 # (and strip the trailing null byte): 28 ssl_ca = c.exec("mysql", "cat", "/var/lib/mysql/ca.pem", capture=True).stdout.split( 29 "\x00", 1 30 )[0] 31 ssl_client_cert = c.exec( 32 "mysql", "cat", "/var/lib/mysql/client-cert.pem", capture=True 33 ).stdout.split("\x00", 1)[0] 34 ssl_client_key = c.exec( 35 "mysql", "cat", "/var/lib/mysql/client-key.pem", capture=True 36 ).stdout.split("\x00", 1)[0] 37 38 return MySqlSslContext(ssl_ca, ssl_client_cert, ssl_client_key) 39 40 41def retrieve_invalid_ssl_context_for_mysql(c: Composition) -> MySqlSslContext: 42 # Use the TestCert service to obtain a wrong CA and client cert/key: 43 ssl_wrong_ca = c.run("test-certs", "cat", "/secrets/ca.crt", capture=True).stdout 44 ssl_wrong_client_cert = c.run( 45 "test-certs", "cat", "/secrets/certuser.crt", capture=True 46 ).stdout 47 ssl_wrong_client_key = c.run( 48 "test-certs", "cat", "/secrets/certuser.key", capture=True 49 ).stdout 50 return MySqlSslContext(ssl_wrong_ca, ssl_wrong_client_cert, ssl_wrong_client_key)
@dataclass
class
MySqlSslContext:
def
retrieve_ssl_context_for_mysql( c: materialize.mzcompose.composition.Composition) -> MySqlSslContext:
23def retrieve_ssl_context_for_mysql(c: Composition) -> MySqlSslContext: 24 # MySQL generates self-signed certificates for SSL connections on startup, 25 # for both the server and client: 26 # https://dev.mysql.com/doc/refman/8.3/en/creating-ssl-rsa-files-using-mysql.html 27 # Grab the correct Server CA and Client Key and Cert from the MySQL container 28 # (and strip the trailing null byte): 29 ssl_ca = c.exec("mysql", "cat", "/var/lib/mysql/ca.pem", capture=True).stdout.split( 30 "\x00", 1 31 )[0] 32 ssl_client_cert = c.exec( 33 "mysql", "cat", "/var/lib/mysql/client-cert.pem", capture=True 34 ).stdout.split("\x00", 1)[0] 35 ssl_client_key = c.exec( 36 "mysql", "cat", "/var/lib/mysql/client-key.pem", capture=True 37 ).stdout.split("\x00", 1)[0] 38 39 return MySqlSslContext(ssl_ca, ssl_client_cert, ssl_client_key)
def
retrieve_invalid_ssl_context_for_mysql( c: materialize.mzcompose.composition.Composition) -> MySqlSslContext:
42def retrieve_invalid_ssl_context_for_mysql(c: Composition) -> MySqlSslContext: 43 # Use the TestCert service to obtain a wrong CA and client cert/key: 44 ssl_wrong_ca = c.run("test-certs", "cat", "/secrets/ca.crt", capture=True).stdout 45 ssl_wrong_client_cert = c.run( 46 "test-certs", "cat", "/secrets/certuser.crt", capture=True 47 ).stdout 48 ssl_wrong_client_key = c.run( 49 "test-certs", "cat", "/secrets/certuser.key", capture=True 50 ).stdout 51 return MySqlSslContext(ssl_wrong_ca, ssl_wrong_client_cert, ssl_wrong_client_key)