Fixed #28322 -- Added dbshell support for MySQL client TLS certs.
This commit is contained in:
Paul Tiplady
Tim Graham
parent
a469e158a9
commit
335a8d7895
|
|
@ -14,7 +14,9 @@ class DatabaseClient(BaseDatabaseClient):
|
||||||
passwd = settings_dict['OPTIONS'].get('passwd', settings_dict['PASSWORD'])
|
passwd = settings_dict['OPTIONS'].get('passwd', settings_dict['PASSWORD'])
|
||||||
host = settings_dict['OPTIONS'].get('host', settings_dict['HOST'])
|
host = settings_dict['OPTIONS'].get('host', settings_dict['HOST'])
|
||||||
port = settings_dict['OPTIONS'].get('port', settings_dict['PORT'])
|
port = settings_dict['OPTIONS'].get('port', settings_dict['PORT'])
|
||||||
cert = settings_dict['OPTIONS'].get('ssl', {}).get('ca')
|
server_ca = settings_dict['OPTIONS'].get('ssl', {}).get('ca')
|
||||||
|
client_cert = settings_dict['OPTIONS'].get('ssl', {}).get('cert')
|
||||||
|
client_key = settings_dict['OPTIONS'].get('ssl', {}).get('key')
|
||||||
defaults_file = settings_dict['OPTIONS'].get('read_default_file')
|
defaults_file = settings_dict['OPTIONS'].get('read_default_file')
|
||||||
# Seems to be no good way to set sql_mode with CLI.
|
# Seems to be no good way to set sql_mode with CLI.
|
||||||
|
|
||||||
|
|
@ -31,8 +33,12 @@ class DatabaseClient(BaseDatabaseClient):
|
||||||
args += ["--host=%s" % host]
|
args += ["--host=%s" % host]
|
||||||
if port:
|
if port:
|
||||||
args += ["--port=%s" % port]
|
args += ["--port=%s" % port]
|
||||||
if cert:
|
if server_ca:
|
||||||
args += ["--ssl-ca=%s" % cert]
|
args += ["--ssl-ca=%s" % server_ca]
|
||||||
|
if client_cert:
|
||||||
|
args += ["--ssl-cert=%s" % client_cert]
|
||||||
|
if client_key:
|
||||||
|
args += ["--ssl-key=%s" % client_key]
|
||||||
if db:
|
if db:
|
||||||
args += [db]
|
args += [db]
|
||||||
return args
|
return args
|
||||||
|
|
|
||||||
|
|
@ -210,6 +210,8 @@ Management Commands
|
||||||
* On Oracle, :djadmin:`inspectdb` can now introspect ``AutoField`` if the
|
* On Oracle, :djadmin:`inspectdb` can now introspect ``AutoField`` if the
|
||||||
column is created as an identity column.
|
column is created as an identity column.
|
||||||
|
|
||||||
|
* On MySQL, :djadmin:`dbshell` now supports client-side TLS certificates.
|
||||||
|
|
||||||
Migrations
|
Migrations
|
||||||
~~~~~~~~~~
|
~~~~~~~~~~
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -59,14 +59,21 @@ class MySqlDbshellCommandTestCase(SimpleTestCase):
|
||||||
def test_ssl_certificate_is_added(self):
|
def test_ssl_certificate_is_added(self):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
['mysql', '--user=someuser', '--password=somepassword',
|
['mysql', '--user=someuser', '--password=somepassword',
|
||||||
'--host=somehost', '--port=444', '--ssl-ca=sslca', 'somedbname'],
|
'--host=somehost', '--port=444', '--ssl-ca=sslca',
|
||||||
|
'--ssl-cert=sslcert', '--ssl-key=sslkey', 'somedbname'],
|
||||||
self.get_command_line_arguments({
|
self.get_command_line_arguments({
|
||||||
'NAME': 'somedbname',
|
'NAME': 'somedbname',
|
||||||
'USER': 'someuser',
|
'USER': 'someuser',
|
||||||
'PASSWORD': 'somepassword',
|
'PASSWORD': 'somepassword',
|
||||||
'HOST': 'somehost',
|
'HOST': 'somehost',
|
||||||
'PORT': 444,
|
'PORT': 444,
|
||||||
'OPTIONS': {'ssl': {'ca': 'sslca'}},
|
'OPTIONS': {
|
||||||
|
'ssl': {
|
||||||
|
'ca': 'sslca',
|
||||||
|
'cert': 'sslcert',
|
||||||
|
'key': 'sslkey',
|
||||||
|
},
|
||||||
|
},
|
||||||
}))
|
}))
|
||||||
|
|
||||||
def get_command_line_arguments(self, connection_settings):
|
def get_command_line_arguments(self, connection_settings):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue