ENGCOM-2983: Feature/issue 13561 2.3 #18075

 - Merge Pull Request #18075 from bnymn/magento2:feature/issue-13561-2.3
 - Merged commits:
   1. 41e1793
   2. 3b67548
   3. def50d5
   4. 7c7cc9b
   5. ddad680
   6. fa659d2
   7. 968a59c
   8. 5cfad03
   9. 7c7760b
   10. 6f19bf0
   11. d97af67
   12. 6cd243d
   13. 7b13705
   14. 93931d2
   15. db60f71
   16. d27e9a4
   17. f06a4b7
   18. 309e906
   19. f04a5a9
   20. f7ee0cc
   21. c4cc952
   22. 26980d8

Author: magento-engcom-team

lib/internal/Magento/Framework/Config/ConfigOptionsListConstants.php

@@ -21,6 +21,7 @@ class ConfigOptionsListConstants
     const CONFIG_PATH_CRYPT_KEY = 'crypt/key';
     const CONFIG_PATH_SESSION_SAVE = 'session/save';
     const CONFIG_PATH_RESOURCE_DEFAULT_SETUP = 'resource/default_setup/connection';
+    const CONFIG_PATH_DB_CONNECTION_DEFAULT_DRIVER_OPTIONS = 'db/connection/default/driver_options';
     const CONFIG_PATH_DB_CONNECTION_DEFAULT = 'db/connection/default';
     const CONFIG_PATH_DB_CONNECTIONS = 'db/connection';
     const CONFIG_PATH_DB_PREFIX = 'db/table_prefix';
@@ -64,6 +65,10 @@ class ConfigOptionsListConstants
     const INPUT_KEY_DB_MODEL = 'db-model';
     const INPUT_KEY_DB_INIT_STATEMENTS = 'db-init-statements';
     const INPUT_KEY_DB_ENGINE = 'db-engine';
+    const INPUT_KEY_DB_SSL_KEY = 'db-ssl-key';
+    const INPUT_KEY_DB_SSL_CERT = 'db-ssl-cert';
+    const INPUT_KEY_DB_SSL_CA = 'db-ssl-ca';
+    const INPUT_KEY_DB_SSL_VERIFY = 'db-ssl-verify';
     const INPUT_KEY_RESOURCE = 'resource';
     const INPUT_KEY_SKIP_DB_VALIDATION = 'skip-db-validation';
     const INPUT_KEY_CACHE_HOSTS = 'http-cache-hosts';
@@ -104,6 +109,20 @@ class ConfigOptionsListConstants
     const KEY_MODEL = 'model';
     const KEY_INIT_STATEMENTS = 'initStatements';
     const KEY_ACTIVE = 'active';
+    const KEY_DRIVER_OPTIONS = 'driver_options';
+    /**#@-*/
+
+    /**#@+
+     * Array keys for database driver options configurations
+     */
+    const KEY_MYSQL_SSL_KEY = \PDO::MYSQL_ATTR_SSL_KEY;
+    const KEY_MYSQL_SSL_CERT = \PDO::MYSQL_ATTR_SSL_CERT;
+    const KEY_MYSQL_SSL_CA = \PDO::MYSQL_ATTR_SSL_CA;
+    /**
+     * Constant \PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT cannot be used as it was introduced in PHP 7.1.4
+     * and Magento 2 is currently supporting PHP 7.1.3.
+     */
+    const KEY_MYSQL_SSL_VERIFY = 1014;
     /**#@-*/
 
     /**

setup/src/Magento/Setup/Controller/DatabaseCheck.php

@@ -5,11 +5,15 @@
  */
 namespace Magento\Setup\Controller;
 
+use Magento\Framework\Config\ConfigOptionsListConstants;
 use Magento\Setup\Validator\DbValidator;
 use Zend\Json\Json;
 use Zend\Mvc\Controller\AbstractActionController;
 use Zend\View\Model\JsonModel;
 
+/**
+ * Class DatabaseCheck
+ */
 class DatabaseCheck extends AbstractActionController
 {
     /**
@@ -37,12 +41,45 @@ public function indexAction()
         try {
             $params = Json::decode($this->getRequest()->getContent(), Json::TYPE_ARRAY);
             $password = isset($params['password']) ? $params['password'] : '';
-            $this->dbValidator->checkDatabaseConnection($params['name'], $params['host'], $params['user'], $password);
+            $driverOptions = [];
+            if ($this->isDriverOptionsGiven($params)) {
+                if (empty($params['driverOptionsSslVerify'])) {
+                    $params['driverOptionsSslVerify'] = 0;
+                }
+                $driverOptions = [
+                    ConfigOptionsListConstants::KEY_MYSQL_SSL_KEY => $params['driverOptionsSslKey'],
+                    ConfigOptionsListConstants::KEY_MYSQL_SSL_CERT => $params['driverOptionsSslCert'],
+                    ConfigOptionsListConstants::KEY_MYSQL_SSL_CA => $params['driverOptionsSslCa'],
+                    ConfigOptionsListConstants::KEY_MYSQL_SSL_VERIFY => (int) $params['driverOptionsSslVerify'],
+                ];
+            }
+            $this->dbValidator->checkDatabaseConnectionWithDriverOptions(
+                $params['name'],
+                $params['host'],
+                $params['user'],
+                $password,
+                $driverOptions
+            );
             $tablePrefix = isset($params['tablePrefix']) ? $params['tablePrefix'] : '';
             $this->dbValidator->checkDatabaseTablePrefix($tablePrefix);
             return new JsonModel(['success' => true]);
         } catch (\Exception $e) {
             return new JsonModel(['success' => false, 'error' => $e->getMessage()]);
         }
     }
+
+    /**
+     * Is Driver Options Given
+     *
+     * @param array $params
+     * @return bool
+     */
+    private function isDriverOptionsGiven($params)
+    {
+        return !(
+            empty($params['driverOptionsSslKey']) ||
+            empty($params['driverOptionsSslCert']) ||
+            empty($params['driverOptionsSslCa'])
+        );
+    }
 }

setup/src/Magento/Setup/Model/ConfigGenerator.php

@@ -14,10 +14,12 @@
 use Magento\Framework\Config\ConfigOptionsListConstants;
 use Magento\Framework\App\State;
 use Magento\Framework\Math\Random;
+use Magento\Setup\Model\ConfigOptionsList\DriverOptions;
 
 /**
  * Creates deployment config data based on user input array
- * this class introduced to break down Magento\Setup\Model\ConfigOptionsList::createConfig
+ *
+ * This class introduced to break down {@see Magento\Setup\Model\ConfigOptionsList::createConfig}
  */
 class ConfigGenerator
 {
@@ -61,28 +63,37 @@ class ConfigGenerator
      */
     private $cryptKeyGenerator;
 
+    /**
+     * @var DriverOptions
+     */
+    private $driverOptions;
+
     /**
      * Constructor
      *
      * @param Random $random Deprecated since 100.2.0
      * @param DeploymentConfig $deploymentConfig
      * @param ConfigDataFactory|null $configDataFactory
      * @param CryptKeyGeneratorInterface|null $cryptKeyGenerator
+     * @param DriverOptions|null $driverOptions
      */
     public function __construct(
         Random $random,
         DeploymentConfig $deploymentConfig,
         ConfigDataFactory $configDataFactory = null,
-        CryptKeyGeneratorInterface $cryptKeyGenerator = null
+        CryptKeyGeneratorInterface $cryptKeyGenerator = null,
+        DriverOptions $driverOptions = null
     ) {
         $this->random = $random;
         $this->deploymentConfig = $deploymentConfig;
         $this->configDataFactory = $configDataFactory ?? ObjectManager::getInstance()->get(ConfigDataFactory::class);
         $this->cryptKeyGenerator = $cryptKeyGenerator ?? ObjectManager::getInstance()->get(CryptKeyGenerator::class);
+        $this->driverOptions = $driverOptions ?? ObjectManager::getInstance()->get(DriverOptions::class);
     }
 
     /**
      * Creates encryption key config data
+     *
      * @param array $data
      * @return ConfigData
      */
@@ -179,6 +190,9 @@ public function createDbConfig(array $data)
             $configData->set($dbConnectionPrefix . ConfigOptionsListConstants::KEY_ACTIVE, '1');
         }
 
+        $driverOptions = $this->driverOptions->getDriverOptions($data);
+        $configData->set($dbConnectionPrefix . ConfigOptionsListConstants::KEY_DRIVER_OPTIONS, $driverOptions);
+
         return $configData;
     }
 

setup/src/Magento/Setup/Model/ConfigOptionsList.php

@@ -13,6 +13,7 @@
 use Magento\Framework\Setup\Option\FlagConfigOption;
 use Magento\Framework\Setup\Option\SelectConfigOption;
 use Magento\Framework\Setup\Option\TextConfigOption;
+use Magento\Setup\Model\ConfigOptionsList\DriverOptions;
 use Magento\Setup\Validator\DbValidator;
 
 /**
@@ -54,17 +55,24 @@ class ConfigOptionsList implements ConfigOptionsListInterface
         \Magento\Setup\Model\ConfigOptionsList\Lock::class,
     ];
 
+    /**
+     * @var DriverOptions
+     */
+    private $driverOptions;
+
     /**
      * Constructor
      *
      * @param ConfigGenerator $configGenerator
      * @param DbValidator $dbValidator
      * @param KeyValidator|null $encryptionKeyValidator
+     * @param DriverOptions|null $driverOptions
      */
     public function __construct(
         ConfigGenerator $configGenerator,
         DbValidator $dbValidator,
-        KeyValidator $encryptionKeyValidator = null
+        KeyValidator $encryptionKeyValidator = null,
+        DriverOptions $driverOptions = null
     ) {
         $this->configGenerator = $configGenerator;
         $this->dbValidator = $dbValidator;
@@ -73,11 +81,11 @@ public function __construct(
             $this->configOptionsCollection[] = $objectManager->get($className);
         }
         $this->encryptionKeyValidator = $encryptionKeyValidator ?: $objectManager->get(KeyValidator::class);
+        $this->driverOptions = $driverOptions ?? $objectManager->get(DriverOptions::class);
     }
 
     /**
      * @inheritdoc
-     *
      * @SuppressWarnings(PHPMD.ExcessiveMethodLength)
      */
     public function getOptions()
@@ -164,6 +172,36 @@ public function getOptions()
                 ConfigOptionsListConstants::CONFIG_PATH_CACHE_HOSTS,
                 'http Cache hosts'
             ),
+            new TextConfigOption(
+                ConfigOptionsListConstants::INPUT_KEY_DB_SSL_KEY,
+                TextConfigOption::FRONTEND_WIZARD_TEXT,
+                ConfigOptionsListConstants::CONFIG_PATH_DB_CONNECTION_DEFAULT_DRIVER_OPTIONS .
+                '/' . ConfigOptionsListConstants::KEY_MYSQL_SSL_KEY,
+                'Full path of client key file in order to establish db connection through SSL',
+                null
+            ),
+            new TextConfigOption(
+                ConfigOptionsListConstants::INPUT_KEY_DB_SSL_CERT,
+                TextConfigOption::FRONTEND_WIZARD_TEXT,
+                ConfigOptionsListConstants::CONFIG_PATH_DB_CONNECTION_DEFAULT_DRIVER_OPTIONS .
+                '/' . ConfigOptionsListConstants::KEY_MYSQL_SSL_CERT,
+                'Full path of client certificate file in order to establish db connection through SSL',
+                null
+            ),
+            new TextConfigOption(
+                ConfigOptionsListConstants::INPUT_KEY_DB_SSL_CA,
+                TextConfigOption::FRONTEND_WIZARD_TEXT,
+                ConfigOptionsListConstants::CONFIG_PATH_DB_CONNECTION_DEFAULT_DRIVER_OPTIONS .
+                '/' . ConfigOptionsListConstants::KEY_MYSQL_SSL_CA,
+                'Full path of server certificate file in order to establish db connection through SSL',
+                null
+            ),
+            new FlagConfigOption(
+                ConfigOptionsListConstants::INPUT_KEY_DB_SSL_VERIFY,
+                ConfigOptionsListConstants::CONFIG_PATH_DB_CONNECTION_DEFAULT_DRIVER_OPTIONS .
+                '/' . ConfigOptionsListConstants::KEY_MYSQL_SSL_VERIFY,
+                'Verify server certification'
+            ),
         ];
 
         foreach ($this->configOptionsCollection as $configOptionsList) {
@@ -349,12 +387,14 @@ private function validateDbSettings(array $options, DeploymentConfig $deployment
         ) {
             try {
                 $options = $this->getDbSettings($options, $deploymentConfig);
+                $driverOptions = $this->driverOptions->getDriverOptions($options);
 
-                $this->dbValidator->checkDatabaseConnection(
+                $this->dbValidator->checkDatabaseConnectionWithDriverOptions(
                     $options[ConfigOptionsListConstants::INPUT_KEY_DB_NAME],
                     $options[ConfigOptionsListConstants::INPUT_KEY_DB_HOST],
                     $options[ConfigOptionsListConstants::INPUT_KEY_DB_USER],
-                    $options[ConfigOptionsListConstants::INPUT_KEY_DB_PASSWORD]
+                    $options[ConfigOptionsListConstants::INPUT_KEY_DB_PASSWORD],
+                    $driverOptions
                 );
             } catch (\Exception $exception) {
                 $errors[] = $exception->getMessage();

setup/src/Magento/Setup/Model/ConfigOptionsList/DriverOptions.php

@@ -0,0 +1,72 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Setup\Model\ConfigOptionsList;
+
+use Magento\Framework\Config\ConfigOptionsListConstants;
+
+/**
+ * MySql driver options
+ */
+class DriverOptions
+{
+    /**
+     * Get driver options.
+     *
+     * @param array $options
+     * @return array
+     */
+    public function getDriverOptions(array $options): array
+    {
+        $driverOptionKeys = [
+            ConfigOptionsListConstants::KEY_MYSQL_SSL_KEY => ConfigOptionsListConstants::INPUT_KEY_DB_SSL_KEY,
+            ConfigOptionsListConstants::KEY_MYSQL_SSL_CERT => ConfigOptionsListConstants::INPUT_KEY_DB_SSL_CERT,
+            ConfigOptionsListConstants::KEY_MYSQL_SSL_CA => ConfigOptionsListConstants::INPUT_KEY_DB_SSL_CA,
+        ];
+        $booleanDriverOptionKeys = [
+            ConfigOptionsListConstants::KEY_MYSQL_SSL_VERIFY => ConfigOptionsListConstants::INPUT_KEY_DB_SSL_VERIFY,
+        ];
+        $driverOptions = [];
+        foreach ($driverOptionKeys as $configKey => $driverOptionKey) {
+            if ($this->optionExists($options, $driverOptionKey)) {
+                $driverOptions[$configKey] = $options[$driverOptionKey];
+            }
+        }
+        foreach ($booleanDriverOptionKeys as $configKey => $driverOptionKey) {
+            $driverOptions[$configKey] = $this->booleanValue($options, $driverOptionKey);
+        }
+
+        return $driverOptions;
+    }
+
+    /**
+     * Check if provided option exists.
+     *
+     * @param array $options
+     * @param string $driverOptionKey
+     * @return bool
+     */
+    private function optionExists(array $options, string $driverOptionKey): bool
+    {
+        return isset($options[$driverOptionKey])
+            && ($options[$driverOptionKey] === false || !empty($options[$driverOptionKey]));
+    }
+
+    /**
+     * Transforms checkbox flag value into boolean.
+     *
+     * @see https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/checkbox#value
+     *
+     * @param array $options
+     * @param string $driverOptionKey
+     * @return bool
+     */
+    private function booleanValue(array $options, string $driverOptionKey): bool
+    {
+        return isset($options[$driverOptionKey]) && (bool)$options[$driverOptionKey];
+    }
+}