Operator can't use TLS encryption for system users

General

Escalation

General

Escalation

Description

Operator uses the below logic for connecting to MySQL:

queries.go

— https://github.com/percona/percona-xtradb-cluster-operator/blob/main/pkg/pxc/queries/queries.go#L56-L96

It does not enforce the tls parameter to be set to preferred or anything higher than than (like true). The default value is forced, meaning, it will not use TLS connections.

It's easily solveable by changing the value of tls parameter from the default false

— https://github.com/go-sql-driver/mysql#tls

A small example:

The below example will fail:

After allowing it:

it works fine:

Environment

None

AFFECTED CS IDs

CS0032781

Activity

Slava Sarzhan January 5, 2023 at 1:35 PM

Thank you for the bug report. The issue was fixed.

Done

Details
Assignee
Slava Sarzhan
Reporter
Iwo Panowicz
Needs QA
Yes
Fix versions
1.13.0
Affects versions
1.12.0
Priority
Critical

Smart Checklist

Created January 4, 2023 at 2:36 PM

Updated March 5, 2024 at 5:29 PM

Resolved April 26, 2023 at 3:11 PM

Operator can't use TLS encryption for system users

Description

Environment

AFFECTED CS IDs

Activity

Slava Sarzhan January 5, 2023 at 1:35 PM

DetailsAssigneeSlava SarzhanSlava SarzhanReporterIwo PanowiczIwo PanowiczNeeds QAYesFix versions1.13.0Affects versions1.12.0PriorityCritical

Details

Assignee

Reporter

Needs QA

Fix versions

Affects versions

Priority

Smart ChecklistOpen Smart Checklist

Smart Checklist

Details
Assignee
Slava Sarzhan
Reporter
Iwo Panowicz
Needs QA
Yes
Fix versions
1.13.0
Affects versions
1.12.0
Priority
Critical

Smart Checklist