cidb: Remove the need for SSL connection
As part of the move to utilizing Cloud SQL Proxy, we need to disable SSL
connections to the local proxy. All traffic, via the proxy, is
encrypted therefore this is transparent once the proxy is in place.
BUG=chromium:1038796
TEST=tryjob
Change-Id: I4f2497b5201a4e252be7faffced4f66e8981431d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/1986763
Reviewed-by: Dhanya Ganesh <dhanyaganesh@chromium.org>
Reviewed-by: Sean Abraham <seanabraham@chromium.org>
Tested-by: Mike Nichols <mikenichols@chromium.org>
Commit-Queue: Mike Nichols <mikenichols@chromium.org>
(cherry picked from commit 9b83ab5a9933478a9f704293e3be21e7c2e4f09f)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/2001641
Reviewed-by: Julan Hsu <julanhsu@google.com>
Reviewed-by: Mike Nichols <mikenichols@chromium.org>
Commit-Queue: Raju Konduru <rkonduru@google.com>
Tested-by: Raju Konduru <rkonduru@google.com>
diff --git a/lib/cidb.py b/lib/cidb.py
index 55b169a..0b919f1 100644
--- a/lib/cidb.py
+++ b/lib/cidb.py
@@ -160,23 +160,6 @@
except IOError as e:
log.warning('Error reading %s from file %s: %s', key, file_path, e)
- def _UpdateSslArgs(self, key, db_credentials_dir, filename):
- """Read an ssl argument for the sql connection from the given file.
-
- side effect: store argument in self._ssl_args
-
- Args:
- key: Name of the ssl argument to read.
- db_credentials_dir: The directory containing the credentials.
- filename: Name of the file to read.
- """
- file_path = os.path.join(db_credentials_dir, filename)
- if os.path.exists(file_path):
- if 'ssl' not in self._ssl_args:
- self._ssl_args['ssl'] = {}
- self._ssl_args['ssl'][key] = file_path
- self._ssl_args['ssl']['check_hostname'] = True
-
def _UpdateConnectArgs(self, db_credentials_dir, for_service=False):
"""Update all connection args from |db_credentials_dir|."""
self._UpdateConnectUrlArgs('username', db_credentials_dir, 'user.txt')
@@ -185,10 +168,6 @@
if not for_service:
self._UpdateConnectUrlArgs('host', db_credentials_dir, 'host.txt')
self._UpdateConnectUrlArgs('port', db_credentials_dir, 'port.txt')
-
- self._UpdateSslArgs('cert', db_credentials_dir, 'client-cert.pem')
- self._UpdateSslArgs('key', db_credentials_dir, 'client-key.pem')
- self._UpdateSslArgs('ca', db_credentials_dir, 'server-ca.pem')
else:
self._UpdateConnectUrlQuery(
'unix_socket', db_credentials_dir, 'unix_socket.txt')
@@ -257,7 +236,6 @@
# mysql args that are optionally provided by files in db_credentials_dir
self._connect_url_args = {}
self._connect_url_args['query'] = {}
- self._ssl_args = {}
self._UpdateConnectArgs(db_credentials_dir, for_service=for_service)
tmp_connect_url = sqlalchemy.engine.url.URL(
@@ -268,7 +246,6 @@
# engine here because the real engine will be opened with a default
# database name given by |db_name|.
temp_engine = sqlalchemy.create_engine(tmp_connect_url,
- connect_args=self._ssl_args,
listeners=[self._listener_class()])
databases = self._ExecuteWithEngine('SHOW DATABASES',
@@ -611,7 +588,6 @@
return self._engine
else:
e = sqlalchemy.create_engine(self._connect_url,
- connect_args=self._ssl_args,
listeners=[self._listener_class()])
self._engine = e
self._engine_pid = pid
