diff --git a/src/Application/Config.php b/src/Application/Config.php index 59961b8..4a2c065 100644 --- a/src/Application/Config.php +++ b/src/Application/Config.php @@ -87,7 +87,8 @@ public function getDatabaseCredentials() $configReader->getDatabaseUsername() ?? '', $configReader->getDatabasePassword() ?? '', $configReader->getDatabaseHost() ?? '', - $configReader->getDatabasePort() ?? '' + $configReader->getDatabasePort() ?? '', + // @TODO: Support SSL CA from config reader. ); return $this->databaseCredentials; @@ -103,7 +104,8 @@ public function getDatabaseCredentials() $this->get(Option::DB_USER, true) ?? '', $this->get(Option::DB_PASS, true) ?? '', $this->get(Option::DB_HOST, true) ?? 'localhost', - $this->get(Option::DB_PORT, true) ?? '3306' + $this->get(Option::DB_PORT, true) ?? '3306', + $this->get(Option::DB_SSL_CA, true) ?? null, ); } diff --git a/src/Application/Config/DatabaseCredentials.php b/src/Application/Config/DatabaseCredentials.php index 7239207..52652b7 100644 --- a/src/Application/Config/DatabaseCredentials.php +++ b/src/Application/Config/DatabaseCredentials.php @@ -29,18 +29,25 @@ class DatabaseCredentials */ private $port; + /** + * @var string + */ + private $sslCAPath; + public function __construct( string $name, string $username, string $password = null, string $host = 'localhost', - string $port = '3306' + string $port = '3306', + string $sslCAPath = null ) { $this->name = $name; $this->username = $username; $this->password = $password; $this->host = $host; $this->port = $port; + $this->sslCAPath = $sslCAPath; } /** @@ -83,11 +90,20 @@ public function getPort(): string return $this->port; } + public function getSSLCAPath(): ?string { + return $this->sslCAPath; + } + /** * @return \PDO */ public function createPDO(): \PDO { + $options = array() + if ($this->getSSLCAPath() !== null) { + $options[PDO::MYSQL_ATTR_SSL_CA] = $this->getSSLCAPath(); + $options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false; + } return new \PDO( sprintf( 'mysql:dbname=%s;host=%s;port=%s;charset=utf8', @@ -96,7 +112,8 @@ public function createPDO(): \PDO $this->getPort() ), $this->getUsername(), - $this->getPassword() + $this->getPassword(), + $options ); } } diff --git a/src/Application/Config/Option.php b/src/Application/Config/Option.php index f8c886c..875c74f 100644 --- a/src/Application/Config/Option.php +++ b/src/Application/Config/Option.php @@ -14,12 +14,14 @@ final class Option const DB_USER = 'db-user'; const DB_PASS = 'db-pass'; const DB_PORT = 'db-port'; + const DB_SSL_CA = 'db-ssl-ca'; const YAML_DB_HOST = 'db_host'; const YAML_DB_NAME = 'db_name'; const YAML_DB_USER = 'db_user'; const YAML_DB_PASS = 'db_pass'; const YAML_DB_PORT = 'db_port'; + const YAML_DB_SSL_CA = 'db_ssl_ca'; const TABLE_GROUPS = 'table-groups'; @@ -57,6 +59,7 @@ public static function allowUserToPersist() self::YAML_DB_USER, self::YAML_DB_PASS, self::YAML_DB_PORT, + self::YAML_DB_SSL_CA, self::YAML_STORAGE_ACCESS_KEY, self::YAML_STORAGE_SECRET_KEY, diff --git a/src/Command/BaseCommand.php b/src/Command/BaseCommand.php index 77f8666..12f227e 100644 --- a/src/Command/BaseCommand.php +++ b/src/Command/BaseCommand.php @@ -164,6 +164,12 @@ protected function configure() InputOption::VALUE_REQUIRED, 'Database name' ), + new InputOption( + Option::DB_SSL_CA, + null, + InputOption::VALUE_OPTIONAL, + 'Path to SSL CA e.g. /etc/ssl/my-cert.pem' + ), new InputOption( Option::ROOT_DIR, null, diff --git a/tests/Command/ConfigureCommandTest.php b/tests/Command/ConfigureCommandTest.php index df5acd5..83ca882 100644 --- a/tests/Command/ConfigureCommandTest.php +++ b/tests/Command/ConfigureCommandTest.php @@ -65,6 +65,7 @@ public function testInteractive() '', '', '', + '', 'yes' // Confirm write ]);