rubysslamazon-rdsruby-datamapper

Ruby Datamapper connection with SSL to MariaDB on Amazon RDS


How do I establish a ruby Datamapper connection to MariaDB on Amazon RDS with SSL?

Here's what I did:

A non-SSL connection works when testing with:

uri = 'mysql://user:pass@host:port/db_name'
connection = DataObjects::Connection.new(uri)
=> #<DataObjects::Mysql::Connection:0x000056179a3a5921

connection.secure?
=> false

According to the MySQL datamapper wiki, an ssl connection requires the following options: :ssl_ca, :client_key, and :client_cert.

This would result in the following code:

uri = 'mysql://user:pass@host:port/db_name?'
ssl_opts = 'ssl[ssl_ca]=file&ssl[client_key]=file&ssl[client_cert]=file'

connection = DataObjects::Connection.new(uri + ssl_opts)
connection.secure?
=> false

However the only files get is the RDS combind CA bundle, refered from the RDS docs

I do not have a client_cert at all.

Connecting with the mysql client on cli works with SSL:

mysql --ssl -h host -u user -p pass db_name
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 1638
Server version: 10.1.26-MariaDB MariaDB Server

Solution

  • There's only one parameter required: :ssl => {:ca_cert => 'pem_file'}.

    However it looks like using uri string for configuration does not work. The reason is a limitation in Addressable::Uri. It cannot handle query strings which aim to represent hashes with more than 1 level.

    The good news is that it works using DataMapper.setup with a config Hash:

    DataMapper.setup(:default, 
        :adapter  => 'mysql', 
        :user     => 'user',
        :database => 'db_name',
        :host     => 'host',
        :password => 'pass',
        :ssl => { 
            :ca_cert  => '/path/to/rds-combined-ca-bundle.pem'
        }
    )