Updated PDO Config to Support SSL connections

added new configuration keys to set up SSL CERTS and connection properties. Change-Id: I0302f3c6332da39468699062126600df7f247a37
2018-08-23 13:51:02 -03:00 · 2018-08-23 13:51:02 -03:00 · 7b7ebe628e
parent 0b72dc999d
commit 7b7ebe628e
2 changed files with 48 additions and 22 deletions
--- a/.env.example
+++ b/.env.example
@ -17,6 +17,12 @@ SS_DB_DATABASE=homestead
 SS_DB_USERNAME=homestead
 SS_DB_PASSWORD=secret

+DB_USE_SSL=false
+DB_MYSQL_ATTR_SSL_CA=
+DB_MYSQL_ATTR_SSL_KEY=
+DB_MYSQL_ATTR_SSL_CERT=
+DB_MYSQL_ATTR_SSL_CIPHER=DHE-RSA-AES256-SHA
+
 REDIS_HOST=127.0.0.1
 REDIS_PORT=port
 REDIS_DB=0
--- a/config/database.php
+++ b/config/database.php
@ -1,4 +1,44 @@
 <?php
+$use_ssl = env('DB_USE_SSL', false);
+
+$idp_db_config =  [
+    'driver'    => 'mysql',
+    'host'      => env('DB_HOST'),
+    'database'  => env('DB_DATABASE'),
+    'username'  => env('DB_USERNAME'),
+    'password'  => env('DB_PASSWORD'),
+    'port'      => env('DB_PORT', 3306),
+    'charset'   => 'utf8',
+    'collation' => 'utf8_unicode_ci',
+    'prefix'    => '',
+];
+
+$ss_db_config =  [
+    'driver'    => env('SS_DB_DRIVER'),
+    'host'      => env('SS_DB_HOST'),
+    'database'  => env('SS_DATABASE'),
+    'username'  => env('SS_DB_USERNAME'),
+    'password'  => env('SS_DB_PASSWORD'),
+    'port'      => env('SS_DB_PORT', 3306),
+    'charset'   => 'utf8',
+    'collation' => 'utf8_unicode_ci',
+    'prefix'    => '',
+];
+
+if($use_ssl){
+    $idp_db_config['options'] = [
+        PDO::MYSQL_ATTR_SSL_CA => env('DB_MYSQL_ATTR_SSL_CA','/etc/client-ssl/ca-cert.pem'),
+        PDO::MYSQL_ATTR_SSL_KEY =>  env('DB_MYSQL_ATTR_SSL_KEY','/etc/client-ssl/client-key.pem'),
+        PDO::MYSQL_ATTR_SSL_CERT  =>  env('DB_MYSQL_ATTR_SSL_CERT','/etc/client-ssl/client-cert.pem'),
+        PDO::MYSQL_ATTR_SSL_CIPHER =>  env('DB_MYSQL_ATTR_SSL_CIPHER', 'DHE-RSA-AES256-SHA'),
+    ];
+    $ss_db_config['options'] = [
+        PDO::MYSQL_ATTR_SSL_CA => env('DB_MYSQL_ATTR_SSL_CA','/etc/mysql-client-ssl/ca-cert.pem'),
+        PDO::MYSQL_ATTR_SSL_KEY =>  env('DB_MYSQL_ATTR_SSL_KEY','/etc/mysql-client-ssl/client-key.pem'),
+        PDO::MYSQL_ATTR_SSL_CERT  =>  env('DB_MYSQL_ATTR_SSL_CERT','/etc/mysql-client-ssl/client-cert.pem'),
+        PDO::MYSQL_ATTR_SSL_CIPHER =>  env('DB_MYSQL_ATTR_SSL_CIPHER', 'DHE-RSA-AES256-SHA'),
+    ];
+}

 return [

@ -46,29 +86,9 @@ return [

    'connections' => [
        //primary DB
-        'openstackid' => array(
-            'driver'    => 'mysql',
-            'host'      => env('DB_HOST'),
-            'database'  => env('DB_DATABASE'),
-            'username'  => env('DB_USERNAME'),
-            'password'  => env('DB_PASSWORD'),
-            'port'      => env('DB_PORT', 3306),
-            'charset'   => 'utf8',
-            'collation' => 'utf8_unicode_ci',
-            'prefix'    => '',
-        ),
+        'openstackid' => $idp_db_config,
        //secondary DB (SS OS)
-        'ss' => array(
-            'driver'    => env('SS_DB_DRIVER'),
-            'host'      => env('SS_DB_HOST'),
-            'database'  => env('SS_DATABASE'),
-            'username'  => env('SS_DB_USERNAME'),
-            'password'  => env('SS_DB_PASSWORD'),
-            'port'      => env('SS_DB_PORT', 3306),
-            'charset'   => 'utf8',
-            'collation' => 'utf8_unicode_ci',
-            'prefix'    => '',
-        ),
+        'ss' => $ss_db_config,
    ],

    /*