Canner
feat(wren-ui): Added FE Support for MySQL SSL Connection
Description
This PR introduces SSL connection handling for MySQL data source by adding a Select menu and an Upload component for Certificate Authority (CA) Certificate in the setup form. Meanwhile, existing logic has also been modified to include these fields when passing connection info to the engine. Fix #886
UI Screenshot
-
When a client who requires SSL uploads the necessary CA certificate (
VERIFY_CA), the connection succeeds: -
When a client who requires SSL attempts to connect without uploading CA certificate, the connection fails:
Summary by CodeRabbit
Release Notes
-
New Features
- Added SSL configuration options for MySQL connections.
- Introduced SSL mode selection (DISABLED, ENABLED, VERIFY_CA).
- Implemented SSL certificate file upload for MySQL data sources.
-
Improvements
- Enhanced security configuration for database connections.
- Added validation for SSL certificate requirements.
-
User Interface
- New SSL mode dropdown in MySQL connection settings.
- Option to upload SSL certificate files.
- Improved user experience for SSL certificate handling.
Walkthrough
This pull request introduces comprehensive SSL configuration support for MySQL data sources in the Wren UI. The changes span multiple files, adding a new SSLMode enumeration, updating connection information interfaces, and enhancing the MySQL properties component to allow SSL certificate uploads. The modifications enable users to configure different SSL modes (DISABLED, ENABLED, VERIFY_CA) and provide an optional SSL CA certificate for secure database connections.
Changes
| File | Change Summary |
|---|---|
wren-ui/src/apollo/server/types/sslMode.ts |
Added new SSLMode enum with DISABLED, ENABLED, and VERIFY_CA modes |
wren-ui/src/apollo/server/types/index.ts |
Added export for sslMode module |
wren-ui/src/apollo/server/repositories/projectRepository.ts |
Updated MYSQL_CONNECTION_INFO interface with sslMode and optional sslCA |
wren-ui/src/apollo/server/dataSource.ts |
Updated sensitiveProps and toIbisConnectionInfo to handle SSL configuration |
wren-ui/src/components/pages/setup/dataSources/MySQLProperties.tsx |
Added SSL mode selection and file upload component |
wren-ui/src/utils/error/dictionary.ts |
Added new SSL certificate error message |
wren-ui/src/apollo/server/adaptors/tests/ibisAdaptor.test.ts |
Updated test cases to handle SSL configuration |
Assessment against linked issues
| Objective | Addressed | Explanation |
|---|---|---|
| MySQL SSL Connection Configuration [#886] | ✅ | |
| Provide SSL mode selection [#886] | ✅ | |
| Support SSL CA certificate upload [#886] | ✅ |
Possibly related PRs
- #1207: Changes related to Trino connector SSL configurations
Suggested reviewers
- onlyjackfrost
Poem
🐰 SSL Secrets, Encrypted and Bright
A Rabbit's Tale of Connection's Might
MySQL dances with certificates new
Security wrapped in a digital hue
Encryption's magic, now crystal clear! 🔒
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
🪧 Tips
Chat
There are 3 ways to chat with CodeRabbit:
- Review comments: Directly reply to a review comment made by CodeRabbit. Example:
I pushed a fix in commit <commit_id>, please review it.Generate unit testing code for this file.Open a follow-up GitHub issue for this discussion.
- Files and specific lines of code (under the "Files changed" tab): Tag
@coderabbitaiin a new review comment at the desired location with your query. Examples:@coderabbitai generate unit testing code for this file.@coderabbitai modularize this function.
- PR comments: Tag
@coderabbitaiin a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:@coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.@coderabbitai read src/utils.ts and generate unit testing code.@coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.@coderabbitai help me debug CodeRabbit configuration file.
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.
CodeRabbit Commands (Invoked using PR comments)
@coderabbitai pauseto pause the reviews on a PR.@coderabbitai resumeto resume the paused reviews.@coderabbitai reviewto trigger an incremental review. This is useful when automatic reviews are disabled for the repository.@coderabbitai full reviewto do a full review from scratch and review all the files again.@coderabbitai summaryto regenerate the summary of the PR.@coderabbitai generate docstringsto generate docstrings for this PR. (Beta)@coderabbitai resolveresolve all the CodeRabbit review comments.@coderabbitai configurationto show the current CodeRabbit configuration for the repository.@coderabbitai helpto get help.
Other keywords and placeholders
- Add
@coderabbitai ignoreanywhere in the PR description to prevent this PR from being reviewed. - Add
@coderabbitai summaryto generate the high-level summary at a specific location in the PR description. - Add
@coderabbitaianywhere in the PR title to generate the title automatically.
CodeRabbit Configuration File (.coderabbit.yaml)
- You can programmatically configure CodeRabbit by adding a
.coderabbit.yamlfile to the root of your repository. - Please see the configuration documentation for more information.
- If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation:
# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
Documentation and Community
- Visit our Documentation for detailed information on how to use CodeRabbit.
- Join our Discord Community to get help, request features, and share feedback.
- Follow us on X/Twitter for updates and announcements.
![coderabbitai[bot] avatar](https://avatars.githubusercontent.com/in/347564?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi, I’m exploring ways to allow users to select a file from their local system and display its absolute file path, instead of typing the path into the input box themselves. I’ve looked into the Ant Design Upload component, but it appears to only display the file name due to browser security restrictions. I’d greatly appreciate any suggestions or alternative approaches. Thank you! 😊
hi @ongdisheng any reason you close this PR ? looks like a good contribution to me!
I'm thinking we should provide some options for users to pick instead of a Use SSL toggle. Just some quick thoughts:
SSL Mode ref: https://dev.mysql.com/doc/refman/8.4/en/connection-options.html#option_general_ssl-mode
- DISABLED: Establish an unencrypted connection.
- REQUIRED: Establish an encrypted connection if the server supports encrypted connections. The connection attempt fails if an encrypted connection cannot be established.
- VERIFY_CA: Like REQUIRED, but additionally verify the server Certificate Authority (CA) certificate against the configured CA certificates. The connection attempt fails if no valid matching CA certificates are found.
If users choose VERIFY_CA, we then show the upload inputs for them to upload CA.
cc @fredalai @andreashimin @onlyjackfrost chime in if you guys want.
I think you might want to work on some implementation on backend as well.
Hi @wwwy3y3, thank you for the feedback! I closed the PR earlier as I felt the current implementation wasn't quite up to the mark. I’ve reopened it as a draft and will continue working on it 😊.