Fixed #28322 -- Added dbshell support for MySQL client TLS certs.

This commit is contained in:
Paul Tiplady 2017-06-19 15:11:25 -07:00 committed by Tim Graham
parent a469e158a9
commit 335a8d7895
3 changed files with 20 additions and 5 deletions

View File

@ -14,7 +14,9 @@ class DatabaseClient(BaseDatabaseClient):
passwd = settings_dict['OPTIONS'].get('passwd', settings_dict['PASSWORD']) passwd = settings_dict['OPTIONS'].get('passwd', settings_dict['PASSWORD'])
host = settings_dict['OPTIONS'].get('host', settings_dict['HOST']) host = settings_dict['OPTIONS'].get('host', settings_dict['HOST'])
port = settings_dict['OPTIONS'].get('port', settings_dict['PORT']) port = settings_dict['OPTIONS'].get('port', settings_dict['PORT'])
cert = settings_dict['OPTIONS'].get('ssl', {}).get('ca') server_ca = settings_dict['OPTIONS'].get('ssl', {}).get('ca')
client_cert = settings_dict['OPTIONS'].get('ssl', {}).get('cert')
client_key = settings_dict['OPTIONS'].get('ssl', {}).get('key')
defaults_file = settings_dict['OPTIONS'].get('read_default_file') defaults_file = settings_dict['OPTIONS'].get('read_default_file')
# Seems to be no good way to set sql_mode with CLI. # Seems to be no good way to set sql_mode with CLI.
@ -31,8 +33,12 @@ class DatabaseClient(BaseDatabaseClient):
args += ["--host=%s" % host] args += ["--host=%s" % host]
if port: if port:
args += ["--port=%s" % port] args += ["--port=%s" % port]
if cert: if server_ca:
args += ["--ssl-ca=%s" % cert] args += ["--ssl-ca=%s" % server_ca]
if client_cert:
args += ["--ssl-cert=%s" % client_cert]
if client_key:
args += ["--ssl-key=%s" % client_key]
if db: if db:
args += [db] args += [db]
return args return args

View File

@ -210,6 +210,8 @@ Management Commands
* On Oracle, :djadmin:`inspectdb` can now introspect ``AutoField`` if the * On Oracle, :djadmin:`inspectdb` can now introspect ``AutoField`` if the
column is created as an identity column. column is created as an identity column.
* On MySQL, :djadmin:`dbshell` now supports client-side TLS certificates.
Migrations Migrations
~~~~~~~~~~ ~~~~~~~~~~

View File

@ -59,14 +59,21 @@ class MySqlDbshellCommandTestCase(SimpleTestCase):
def test_ssl_certificate_is_added(self): def test_ssl_certificate_is_added(self):
self.assertEqual( self.assertEqual(
['mysql', '--user=someuser', '--password=somepassword', ['mysql', '--user=someuser', '--password=somepassword',
'--host=somehost', '--port=444', '--ssl-ca=sslca', 'somedbname'], '--host=somehost', '--port=444', '--ssl-ca=sslca',
'--ssl-cert=sslcert', '--ssl-key=sslkey', 'somedbname'],
self.get_command_line_arguments({ self.get_command_line_arguments({
'NAME': 'somedbname', 'NAME': 'somedbname',
'USER': 'someuser', 'USER': 'someuser',
'PASSWORD': 'somepassword', 'PASSWORD': 'somepassword',
'HOST': 'somehost', 'HOST': 'somehost',
'PORT': 444, 'PORT': 444,
'OPTIONS': {'ssl': {'ca': 'sslca'}}, 'OPTIONS': {
'ssl': {
'ca': 'sslca',
'cert': 'sslcert',
'key': 'sslkey',
},
},
})) }))
def get_command_line_arguments(self, connection_settings): def get_command_line_arguments(self, connection_settings):