Postgres/MySQL Source Strict Encrypt: stop enforce SSL if ssl mode disabled #19025
Conversation
…andatory-ssl' into 18992/vmaltsev-postgres-source-mandatory-ssl
github-actions
bot
added
the
area/documentation
|
@VitaliiMaltsev once this is published and merged, please don't forget to unpin connector version in cloud |
All of jdbc strict encrypt connectors will still enforce SSL except postgres and mysql in case of customer choose ssl mode disabled during connection setup |
|
@VitaliiMaltsev Can we add a test case that specifically tests for |
| @@ -114,7 +115,13 @@ public static Map<String, String> parseJdbcParameters(final String jdbcPropertie | |||
| * @return true: if ssl has not been set or it has been set with true, false: in all other cases | |||
| */ | |||
| public static boolean useSsl(final JsonNode config) { | |||
| return !config.has(SSL_KEY) || config.get(SSL_KEY).asBoolean(); | |||
| if (!config.has(SSL_KEY)) { | |||
There was a problem hiding this comment.
Can we update the javadoc description to update what this method now does so it's not de-synced from what this method originally did?
There was a problem hiding this comment.
Can we update the javadoc description to update what this method now does so it's not de-synced from what this method originally did?
updated javadoc
| @@ -210,6 +210,42 @@ void testUssSslWithSslSetAndValueIntegerTrue() { | |||
| assertTrue(sslSet); | |||
| } | |||
|
|
|||
| @Test | |||
| void testUseSslWithEmptySslKeyAndSslModeVerifyFull() { | |||
There was a problem hiding this comment.
These tests are good, let's also add an integration test for both source-mysql-strict-encrypt and source-postgres-strict-encrypt that cover the scenario that was failing for the customer which is when SSH tunnel was set and their ssl_mode: disabled
There was a problem hiding this comment.
These tests are good, let's also add an integration test for both source-mysql-strict-encrypt and source-postgres-strict-encrypt that cover the scenario that was failing for the customer which is when SSH tunnel was set and their ssl_mode: disabled
@ryankfu i added a couple of tests for postgres and mysql in order to cover such a case that the user encountered (when SSH tunnel was set and ssl_mode: disabled)
|
/test connector=connectors/source-postgres-strict-encrypt
Build PassedTest summary info: |
|
/test connector=connectors/source-mysql
|
|
/test connector=connectors/source-mysql
Build PassedTest summary info: |
|
/test connector=connectors/source-postgres
Build PassedTest summary info: |
|
/test connector=connectors/source-postgres-strict-encrypt
Build PassedTest summary info: |
|
/test connector=connectors/source-mysql-strict-encrypt
Build PassedTest summary info: |
|
/publish connector=connectors/source-mysql-strict-encrypt
if you have connectors that successfully published but failed definition generation, follow step 4 here |
|
/publish connector=connectors/source-mysql
if you have connectors that successfully published but failed definition generation, follow step 4 here |
|
/publish connector=connectors/source-postgres-strict-encrypt
if you have connectors that successfully published but failed definition generation, follow step 4 here |
Affected Connector ReportNOTE
|
| Connector | Version | Changelog | Publish |
|---|---|---|---|
source-alloydb |
1.0.17 |
✅ | ✅ |
source-alloydb-strict-encrypt |
1.0.17 |
✅ | ⚠ (not in seed) |
source-mysql |
1.0.12 |
✅ | ✅ |
source-mysql-strict-encrypt |
1.0.12 |
✅ | ⚠ (not in seed) |
source-postgres-strict-encrypt |
1.0.23 |
✅ | ⚠ (not in seed) |
- See "Actionable Items" below for how to resolve warnings and errors.
✅ Destinations (0)
| Connector | Version | Changelog | Publish |
|---|
- See "Actionable Items" below for how to resolve warnings and errors.
Actionable Items
(click to expand)
| Category | Status | Actionable Item |
|---|---|---|
| Version | ❌ mismatch |
The version of the connector is different from its normal variant. Please bump the version of the connector. |
| ⚠ doc not found |
The connector does not seem to have a documentation file. This can be normal (e.g. basic connector like source-jdbc is not published or documented). Please double-check to make sure that it is not a bug. |
|
| Changelog | ⚠ doc not found |
The connector does not seem to have a documentation file. This can be normal (e.g. basic connector like source-jdbc is not published or documented). Please double-check to make sure that it is not a bug. |
| ❌ changelog missing |
There is no chnagelog for the current version of the connector. If you are the author of the current version, please add a changelog. | |
| Publish | ⚠ not in seed |
The connector is not in the seed file (e.g. source_definitions.yaml), so its publication status cannot be checked. This can be normal (e.g. some connectors are cloud-specific, and only listed in the cloud seed file). Please double-check to make sure that it is not a bug. |
| ❌ diff seed version |
The connector exists in the seed file, but the latest version is not listed there. This usually means that the latest version is not published. Please use the /publish command to publish the latest version. |
|
/publish connector=connectors/source-postgres
if you have connectors that successfully published but failed definition generation, follow step 4 here |
…//github.com/airbytehq/airbyte into 18992/vmaltsev-postgres-source-mandatory-ssl
VitaliiMaltsev
deleted the
18992/vmaltsev-postgres-source-mandatory-ssl
branch
…sabled (#19025) * Postgres/MySQL Source Strict Encrypt: stop enforce SSL if ssl mode disabled * fixed checkstyle * updated changelog * add tests * replaced MySQL test to mysql-strict-encrypt module * fixed Connection Refused for mysql test * replaced Postgres Source strict-encrypt tests into new class * bump version * auto-bump connector version * auto-bump connector version Co-authored-by: Octavia Squidington III <[email protected]>
What
Fix for #18992
How
Stop enforce ssl=true if ssl mode disabled or disable for MySQL Strict Encrypt and Postgres Strict Encrypt
🚨 User Impact 🚨
none
Pre-merge Checklist
Expand the relevant checklist and delete the others.
New Connector
Community member or Airbyter
airbyte_secret./gradlew :airbyte-integrations:connectors:<name>:integrationTest.README.mdbootstrap.md. See description and examplesdocs/integrations/<source or destination>/<name>.mdincluding changelog. See changelog exampledocs/integrations/README.mdairbyte-integrations/builds.mdAirbyter
If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.
/test connector=connectors/<name>command is passing/publishcommand described hereUpdating a connector
Community member or Airbyter
airbyte_secret./gradlew :airbyte-integrations:connectors:<name>:integrationTest.README.mdbootstrap.md. See description and examplesdocs/integrations/<source or destination>/<name>.mdincluding changelog. See changelog exampleAirbyter
If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.
/test connector=connectors/<name>command is passing/publishcommand described hereConnector Generator
-scaffoldin their name) have been updated with the latest scaffold by running./gradlew :airbyte-integrations:connector-templates:generator:testScaffoldTemplatesthen checking in your changesTests
Unit
Put your unit tests output here.
Integration
Put your integration tests output here.
Acceptance
Put your acceptance tests output here.