client cert auth PR review updates

runwuf · runwuf · commit 2cde254ae8bc · 2022-10-05T17:51:36.000-07:00
diff --git a/aiven_mysql_migrate/migration.py b/aiven_mysql_migrate/migration.py
@@ -17,6 +17,7 @@
 import concurrent
 import enum
 import logging
+import os
 import pymysql
 import shlex
 import signal
@@ -207,6 +208,13 @@ def _check_bin_log_format(self):
             if row_format.upper() != "ROW":
                 raise UnsupportedBinLogFormatException(f"Unsupported binary log format: {row_format}, only ROW is supported")
 
+    def _check_ssl_files(self):
+        if not (config.SOURCE_SSL_CA is None and config.SOURCE_SSL_CERT is None and config.SOURCE_SSL_KEY is None):
+            if not (os.path.exists(config.SOURCE_SSL_CA) and os.path.exists(config.SOURCE_SSL_CERT) and
+                    os.path.exists(config.SOURCE_SSL_KEY)):
+                LOGGER.debug("SSL files:[%s],[%s],[%s]", config.SOURCE_SSL_CA, config.SOURCE_SSL_CERT, config.SOURCE_SSL_KEY)
+                raise WrongMigrationConfigurationException("SSL files error!")
+
     def run_checks(
         self,
         force_method: Optional[MySQLMigrateMethod] = None,
@@ -229,6 +237,7 @@ def run_checks(
             )
             migration_method = MySQLMigrateMethod.dump
 
+        self._check_ssl_files()
         self._check_connections()
         self._check_databases_count()
         if dbs_max_total_size is not None:
diff --git a/aiven_mysql_migrate/utils.py b/aiven_mysql_migrate/utils.py
@@ -63,7 +63,6 @@ def from_uri(
         options = parse_qs(res.query)
         ssl = not (options and options.get("ssl-mode", ["DISABLE"]) == ["DISABLE"])
 
-        LOGGER.debug("from_uri - sslca:[%s], sslcert:[%s], sslkey:[%s]", sslca, sslcert, sslkey)
         return MySQLConnectionInfo(
             hostname=res.hostname,
             port=port,
@@ -78,7 +77,13 @@ def from_uri(
 
     def to_uri(self):
         ssl_mode = "DISABLE" if not self.ssl else "REQUIRE"
-        ssl_auth = urllib.parse.urlencode(f"&ssl-ca={self.sslca}&ssl-cert={self.sslcert}&ssl-key={self.sslkey}") \
+
+        ssl_params = {
+            "ssl-ca": self.sslca,
+            "ssl-cert": self.sslcert,
+            "ssl-key": self.sslkey
+        }
+        ssl_auth = urllib.parse.urlencode(ssl_params) \
             if self.sslca and self.sslcert and self.sslcert else ""
         LOGGER.debug("ssl_auth:[%s]]", ssl_auth)
         return f"mysql://{self.username}:{self.password}@{self.hostname}:{self.port}/?ssl-mode={ssl_mode}{ssl_auth}"
@@ -107,7 +112,7 @@ def _connect(self):
             ssl_key=self.sslkey,
             user=self.username,
             write_timeout=config.MYSQL_WRITE_TIMEOUT,
-            )
+        )
 
     @property
     def version(self) -> str:
