cidb: Remove the need for SSL connection

As part of the move to utilizing Cloud SQL Proxy, we need to disable SSL
connections to the local proxy.  All traffic, via the proxy, is
encrypted therefore this is transparent once the proxy is in place.

BUG=chromium:1038796
TEST=tryjob

Change-Id: I4f2497b5201a4e252be7faffced4f66e8981431d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/1986763
Reviewed-by: Dhanya Ganesh <dhanyaganesh@chromium.org>
Reviewed-by: Sean Abraham <seanabraham@chromium.org>
Tested-by: Mike Nichols <mikenichols@chromium.org>
Commit-Queue: Mike Nichols <mikenichols@chromium.org>
(cherry picked from commit 9b83ab5a9933478a9f704293e3be21e7c2e4f09f)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/2128903
Reviewed-by: Keith Haddow <haddowk@chromium.org>
Commit-Queue: Keith Haddow <haddowk@chromium.org>
Tested-by: Keith Haddow <haddowk@chromium.org>
diff --git a/lib/cidb.py b/lib/cidb.py
index 32500bc..67126d9 100644
--- a/lib/cidb.py
+++ b/lib/cidb.py
@@ -160,23 +160,6 @@
     except IOError as e:
       log.warning('Error reading %s from file %s: %s', key, file_path, e)
 
-  def _UpdateSslArgs(self, key, db_credentials_dir, filename):
-    """Read an ssl argument for the sql connection from the given file.
-
-    side effect: store argument in self._ssl_args
-
-    Args:
-      key: Name of the ssl argument to read.
-      db_credentials_dir: The directory containing the credentials.
-      filename: Name of the file to read.
-    """
-    file_path = os.path.join(db_credentials_dir, filename)
-    if os.path.exists(file_path):
-      if 'ssl' not in self._ssl_args:
-        self._ssl_args['ssl'] = {}
-      self._ssl_args['ssl'][key] = file_path
-      self._ssl_args['ssl']['check_hostname'] = True
-
   def _UpdateConnectArgs(self, db_credentials_dir, for_service=False):
     """Update all connection args from |db_credentials_dir|."""
     self._UpdateConnectUrlArgs('username', db_credentials_dir, 'user.txt')
@@ -185,10 +168,6 @@
     if not for_service:
       self._UpdateConnectUrlArgs('host', db_credentials_dir, 'host.txt')
       self._UpdateConnectUrlArgs('port', db_credentials_dir, 'port.txt')
-
-      self._UpdateSslArgs('cert', db_credentials_dir, 'client-cert.pem')
-      self._UpdateSslArgs('key', db_credentials_dir, 'client-key.pem')
-      self._UpdateSslArgs('ca', db_credentials_dir, 'server-ca.pem')
     else:
       self._UpdateConnectUrlQuery(
           'unix_socket', db_credentials_dir, 'unix_socket.txt')
@@ -257,7 +236,6 @@
     # mysql args that are optionally provided by files in db_credentials_dir
     self._connect_url_args = {}
     self._connect_url_args['query'] = {}
-    self._ssl_args = {}
     self._UpdateConnectArgs(db_credentials_dir, for_service=for_service)
 
     tmp_connect_url = sqlalchemy.engine.url.URL(
@@ -268,7 +246,6 @@
     # engine here because the real engine will be opened with a default
     # database name given by |db_name|.
     temp_engine = sqlalchemy.create_engine(tmp_connect_url,
-                                           connect_args=self._ssl_args,
                                            listeners=[self._listener_class()])
 
     databases = self._ExecuteWithEngine('SHOW DATABASES',
@@ -611,7 +588,6 @@
       return self._engine
     else:
       e = sqlalchemy.create_engine(self._connect_url,
-                                   connect_args=self._ssl_args,
                                    listeners=[self._listener_class()])
       self._engine = e
       self._engine_pid = pid