Reland "cidb: Remove the need for SSL connection"
This is a reland of 10e34bc0f9cfb0545e13567c19c81ad23f0997d5
Original change's description:
> cidb: Remove the need for SSL connection
>
> As part of the move to utilizing Cloud SQL Proxy, we need to disable SSL
> connections to the local proxy. All traffic, via the proxy, is
> encrypted therefore this is transparent once the proxy is in place.
>
> BUG=chromium:1038796
> TEST=tryjob
>
> Change-Id: I4f2497b5201a4e252be7faffced4f66e8981431d
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/1986763
> Reviewed-by: Dhanya Ganesh <dhanyaganesh@chromium.org>
> Reviewed-by: Sean Abraham <seanabraham@chromium.org>
> Tested-by: Mike Nichols <mikenichols@chromium.org>
> Commit-Queue: Mike Nichols <mikenichols@chromium.org>
> (cherry picked from commit 9b83ab5a9933478a9f704293e3be21e7c2e4f09f)
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/2001641
> Reviewed-by: Julan Hsu <julanhsu@google.com>
> Reviewed-by: Mike Nichols <mikenichols@chromium.org>
> Commit-Queue: Raju Konduru <rkonduru@google.com>
> Tested-by: Raju Konduru <rkonduru@google.com>
> (cherry picked from commit 5b133c89f795e20a847f524ffbaafa03045d5bb6)
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/2029115
Bug: chromium:1038796
Change-Id: Idd8ad2bf0a1d3d97fdf91a0fe61efded162f2170
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/2039500
Reviewed-by: Mike Nichols <mikenichols@chromium.org>
Commit-Queue: Raju Konduru <rkonduru@google.com>
Tested-by: Raju Konduru <rkonduru@google.com>
diff --git a/lib/cidb.py b/lib/cidb.py
index 55b169a..0b919f1 100644
--- a/lib/cidb.py
+++ b/lib/cidb.py
@@ -160,23 +160,6 @@
except IOError as e:
log.warning('Error reading %s from file %s: %s', key, file_path, e)
- def _UpdateSslArgs(self, key, db_credentials_dir, filename):
- """Read an ssl argument for the sql connection from the given file.
-
- side effect: store argument in self._ssl_args
-
- Args:
- key: Name of the ssl argument to read.
- db_credentials_dir: The directory containing the credentials.
- filename: Name of the file to read.
- """
- file_path = os.path.join(db_credentials_dir, filename)
- if os.path.exists(file_path):
- if 'ssl' not in self._ssl_args:
- self._ssl_args['ssl'] = {}
- self._ssl_args['ssl'][key] = file_path
- self._ssl_args['ssl']['check_hostname'] = True
-
def _UpdateConnectArgs(self, db_credentials_dir, for_service=False):
"""Update all connection args from |db_credentials_dir|."""
self._UpdateConnectUrlArgs('username', db_credentials_dir, 'user.txt')
@@ -185,10 +168,6 @@
if not for_service:
self._UpdateConnectUrlArgs('host', db_credentials_dir, 'host.txt')
self._UpdateConnectUrlArgs('port', db_credentials_dir, 'port.txt')
-
- self._UpdateSslArgs('cert', db_credentials_dir, 'client-cert.pem')
- self._UpdateSslArgs('key', db_credentials_dir, 'client-key.pem')
- self._UpdateSslArgs('ca', db_credentials_dir, 'server-ca.pem')
else:
self._UpdateConnectUrlQuery(
'unix_socket', db_credentials_dir, 'unix_socket.txt')
@@ -257,7 +236,6 @@
# mysql args that are optionally provided by files in db_credentials_dir
self._connect_url_args = {}
self._connect_url_args['query'] = {}
- self._ssl_args = {}
self._UpdateConnectArgs(db_credentials_dir, for_service=for_service)
tmp_connect_url = sqlalchemy.engine.url.URL(
@@ -268,7 +246,6 @@
# engine here because the real engine will be opened with a default
# database name given by |db_name|.
temp_engine = sqlalchemy.create_engine(tmp_connect_url,
- connect_args=self._ssl_args,
listeners=[self._listener_class()])
databases = self._ExecuteWithEngine('SHOW DATABASES',
@@ -611,7 +588,6 @@
return self._engine
else:
e = sqlalchemy.create_engine(self._connect_url,
- connect_args=self._ssl_args,
listeners=[self._listener_class()])
self._engine = e
self._engine_pid = pid