Bugfix: Allow enabling TLS for sql tool without requiring key/cert. (#…

…1252) * Bugfix: Allow enabling TLS for sql tool without requiring key/cert. This allows using TLS for transport but not authentication, consistent with temporal server. Prior to this fix it was not possible to use the SQL tool to connect to Postgres which required TLS for transport security but was not setup to use TLS for authentication. * Don't validate TLS config inside sql tool. The config will be validated during connection anyway. Remove related test. * Remove tests that are no longer relevant. Also rename file according to golang conventions.
temporalio · Feb 3, 2021 · 69da561 · 69da561
1 parent 9d9d8bf
commit 69da561
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 37 deletions.
diff --git a/tools/sql/clitest/handlerTest.go → tools/sql/clitest/handler_test.go b/tools/sql/clitest/handlerTest.go → tools/sql/clitest/handler_test.go
@@ -31,7 +31,6 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
 
-	"go.temporal.io/server/common/auth"
 	"go.temporal.io/server/common/service/config"
 	"go.temporal.io/server/environment"
 	"go.temporal.io/server/tools/common/schema"
@@ -85,28 +84,4 @@ func (s *HandlerTestSuite) TestValidateConnectConfig() {
 	cfg.DatabaseName = "foobar"
 	s.Nil(sql.ValidateConnectConfig(cfg, false))
 	s.Nil(sql.ValidateConnectConfig(cfg, true))
-
-	cfg.TLS = &auth.TLS{}
-	cfg.TLS.Enabled = true
-	s.NotNil(sql.ValidateConnectConfig(cfg, false))
-	s.NotNil(sql.ValidateConnectConfig(cfg, true))
-
-	cfg.TLS.CaFile = "ca.pem"
-	s.Nil(sql.ValidateConnectConfig(cfg, false))
-	s.Nil(sql.ValidateConnectConfig(cfg, true))
-
-	cfg.TLS.KeyFile = "key_file"
-	cfg.TLS.CertFile = ""
-	s.NotNil(sql.ValidateConnectConfig(cfg, false))
-	s.NotNil(sql.ValidateConnectConfig(cfg, true))
-
-	cfg.TLS.KeyFile = ""
-	cfg.TLS.CertFile = "cert_file"
-	s.NotNil(sql.ValidateConnectConfig(cfg, false))
-	s.NotNil(sql.ValidateConnectConfig(cfg, true))
-
-	cfg.TLS.KeyFile = "key_file"
-	cfg.TLS.CertFile = "cert_file"
-	s.Nil(sql.ValidateConnectConfig(cfg, false))
-	s.Nil(sql.ValidateConnectConfig(cfg, true))
 }
diff --git a/tools/sql/handler.go b/tools/sql/handler.go
@@ -265,19 +265,7 @@ func ValidateConnectConfig(cfg *config.SQL, isDryRun bool) error {
 		}
 		cfg.DatabaseName = schema.DryrunDBName
 	}
-	if cfg.TLS != nil && cfg.TLS.Enabled {
-		enabledCaFile := cfg.TLS.CaFile != ""
-		enabledCertFile := cfg.TLS.CertFile != ""
-		enabledKeyFile := cfg.TLS.KeyFile != ""
 
-		if (enabledCertFile && !enabledKeyFile) || (!enabledCertFile && enabledKeyFile) {
-			return schema.NewConfigError("must have both CertFile and KeyFile set")
-		}
-
-		if !enabledCaFile && !enabledCertFile && !enabledKeyFile {
-			return schema.NewConfigError("must provide tls certs to use")
-		}
-	}
 	return nil
 }