[Django] #28322: `manage.py dbshell` does not support mysql client certificates
Django
-------------------------------------+-------------------------------------
Reporter: Paul | Owner: Paul Tiplady
Tiplady |
Type: | Status: assigned
Uncategorized |
Component: Database | Version: 1.11
layer (models, ORM) |
Severity: Normal | Keywords:
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-------------------------------------+-------------------------------------
A common security procedure for DB access is to require mutual TLS for the
DB connection, e.g. as implemented by Google Cloud SQL for their hosted
MySQL offering.
This involves specifying a server certificate, client certificate, and
client key when connecting.
Django already supports this configuration, it looks like this:
{{{
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'HOST': db_host,
'NAME': 'test',
'USER': 'root',
'PASSWORD': 'root',
'OPTIONS': {
'ssl': {
'ca': 'server-ca.pem',
'cert': 'client-cert.pem',
'key': 'client-key.pem',
}
},
},
}
}}}
However the dbshell command does not support the client cert params
('cert' and 'key'), though it is aware of the server cert param 'ca'.
Should be a trivial fix to add in support for the other 'ssl' parameters
required here, I'll take a look.
--
Ticket URL: <https://code.djangoproject.com/ticket/28322>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
-------------------------------------+-------------------------------------
Reporter: Paul Tiplady | Owner: Paul
Type: | Tiplady
Cleanup/optimization | Status: assigned
Component: Core (Management | Version: 1.11
commands) |
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
* type: Uncategorized => Cleanup/optimization
* stage: Unreviewed => Accepted
* component: Database layer (models, ORM) => Core (Management commands)
--
Ticket URL: <https://code.djangoproject.com/ticket/28322#comment:1>
Django
-------------------------------------+-------------------------------------
Reporter: Paul Tiplady | Owner: Paul
Type: | Tiplady
Cleanup/optimization | Status: assigned
Component: Core (Management | Version: 1.11
commands) |
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
* has_patch: 0 => 1
Comment:
Pull request here: https://github.com/django/django/pull/8657
(Needs CLA, I'm currently running that by legal).
This is my first contribution to Django so please nitpick if I've done
something slightly wrong ;)
--
Ticket URL: <https://code.djangoproject.com/ticket/28322#comment:2>
Django
-------------------------------------+-------------------------------------
Reporter: Paul Tiplady | Owner: Paul
Type: | Tiplady
Component: Core (Management | Version: 1.11
commands) |
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"335a8d7895a0d73df3d41fac750ff8f412a989b2" 335a8d78]:
{{{
#!CommitTicketReference repository=""
revision="335a8d7895a0d73df3d41fac750ff8f412a989b2"
Fixed #28322 -- Added dbshell support for MySQL client TLS certs.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28322#comment:3>