Cld 9544 provisioner fix mysql db connection string (#1139)

* fix external database connection string format

* add secrets tests

* remove skip_tls_verify flag

* change back tls verify flag

Author: andrleite

internal/tools/aws/database.go

@@ -168,10 +168,10 @@ func (d *RDSDatabase) GenerateDatabaseSecret(store model.InstallationDatabaseSto
 	}
 	rdsCluster := dbClusters.DBClusters[0]
 
-	var databaseConnectionString, databaseReadReplicasString, databaseConnectionCheck string
+	var databaseConnectionString, databaseReadReplicasString, databaseConnectionCheck, dataSourceURL string
 	switch d.databaseType {
 	case model.DatabaseEngineTypeMySQL:
-		databaseConnectionString, databaseReadReplicasString =
+		databaseConnectionString, databaseReadReplicasString, dataSourceURL =
 			MattermostMySQLConnStrings(
 				"mattermost",
 				installationSecret.MasterUsername,
@@ -199,6 +199,7 @@ func (d *RDSDatabase) GenerateDatabaseSecret(store model.InstallationDatabaseSto
 		ConnectionString:       databaseConnectionString,
 		DBCheckURL:             databaseConnectionCheck,
 		ReadReplicasURL:        databaseReadReplicasString,
+		DataSourceURL:          dataSourceURL,
 	}
 
 	logger.Debug("AWS multitenant database configuration generated for cluster installation")

internal/tools/aws/database_multitenant.go

@@ -246,9 +246,9 @@ func (d *RDSMultitenantDatabase) GenerateDatabaseSecret(store model.Installation
 		return nil, errors.Wrap(err, "failed to get secret value for database")
 	}
 
-	var databaseConnectionString, databaseReadReplicasString, databaseConnectionCheck string
+	var databaseConnectionString, databaseReadReplicasString, databaseConnectionCheck, dataSourceURL string
 	if d.databaseType == model.DatabaseEngineTypeMySQL {
-		databaseConnectionString, databaseReadReplicasString =
+		databaseConnectionString, databaseReadReplicasString, dataSourceURL =
 			MattermostMySQLConnStrings(
 				installationDatabaseName,
 				installationSecret.MasterUsername,
@@ -272,6 +272,7 @@ func (d *RDSMultitenantDatabase) GenerateDatabaseSecret(store model.Installation
 		ConnectionString:       databaseConnectionString,
 		DBCheckURL:             databaseConnectionCheck,
 		ReadReplicasURL:        databaseReadReplicasString,
+		DataSourceURL:          dataSourceURL,
 	}
 
 	logger.Debug("AWS RDS multitenant database configuration generated for cluster installation")

internal/tools/aws/helpers_sql.go

@@ -29,13 +29,14 @@ type SQLDatabaseManager interface {
 
 // MattermostMySQLConnStrings formats the connection string used for accessing a
 // Mattermost database.
-func MattermostMySQLConnStrings(schema, username, password string, dbCluster *rdsTypes.DBCluster) (string, string) {
-	dbConnection := fmt.Sprintf("mysql://%s:%s@tcp(%s:3306)/%s?charset=utf8mb4%%2Cutf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+func MattermostMySQLConnStrings(schema, username, password string, dbCluster *rdsTypes.DBCluster) (string, string, string) {
+	datasourceConnection := fmt.Sprintf("%s:%s@tcp(%s:3306)/%s?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
 		username, password, *dbCluster.Endpoint, schema)
-	readReplicas := fmt.Sprintf("%s:%s@tcp(%s:3306)/%s?charset=utf8mb4%%2Cutf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+	dbConnection := fmt.Sprintf("mysql://%s", datasourceConnection)
+	readReplicas := fmt.Sprintf("%s:%s@tcp(%s:3306)/%s?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
 		username, password, *dbCluster.ReaderEndpoint, schema)
 
-	return dbConnection, readReplicas
+	return dbConnection, readReplicas, datasourceConnection
 }
 
 // RDSMySQLConnString formats the connection string used by the provisioner for

internal/tools/aws/secret.go

@@ -16,6 +16,7 @@ type InstallationDBSecret struct {
 	ConnectionString       string
 	DBCheckURL             string
 	ReadReplicasURL        string
+	DataSourceURL          string // MySQL datasource URL without mysql:// prefix
 }
 
 // ToK8sSecret creates Kubernetes secret from InstallationDBSecret.
@@ -32,6 +33,10 @@ func (s InstallationDBSecret) ToK8sSecret(disableDBCheck bool) *corev1.Secret {
 	if !disableDBCheck && s.DBCheckURL != "" {
 		secret.StringData["DB_CONNECTION_CHECK_URL"] = s.DBCheckURL
 	}
+	// Add datasource URL without prefix for MySQL configurations
+	if s.DataSourceURL != "" {
+		secret.StringData["MM_SQLSETTINGS_DATASOURCE"] = s.DataSourceURL
+	}
 
 	return &secret
 }

internal/tools/aws/secret_test.go

@@ -76,6 +76,47 @@ func TestInstallationDBSecret_ToK8sSecret(t *testing.T) {
 				},
 			},
 		},
+		{
+			description: "MySQL secret with datasource URL",
+			installationSecret: InstallationDBSecret{
+				InstallationSecretName: "mysql-secret",
+				ConnectionString:       "mysql://user:pass@tcp(db.example.com:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+				DBCheckURL:             "http://db.example.com:3306",
+				ReadReplicasURL:        "user:pass@tcp(db-ro.example.com:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+				DataSourceURL:          "user:pass@tcp(db.example.com:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+			},
+			disableDBCheck: false,
+			expectedSecret: &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "mysql-secret",
+				},
+				StringData: map[string]string{
+					"DB_CONNECTION_STRING":              "mysql://user:pass@tcp(db.example.com:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+					"MM_SQLSETTINGS_DATASOURCEREPLICAS": "user:pass@tcp(db-ro.example.com:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+					"DB_CONNECTION_CHECK_URL":           "http://db.example.com:3306",
+					"MM_SQLSETTINGS_DATASOURCE":         "user:pass@tcp(db.example.com:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+				},
+			},
+		},
+		{
+			description: "MySQL secret without datasource URL",
+			installationSecret: InstallationDBSecret{
+				InstallationSecretName: "mysql-secret-no-datasource",
+				ConnectionString:       "mysql://user:pass@tcp(db.example.com:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+				ReadReplicasURL:        "user:pass@tcp(db-ro.example.com:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+				DataSourceURL:          "", // Empty datasource URL
+			},
+			disableDBCheck: false,
+			expectedSecret: &corev1.Secret{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "mysql-secret-no-datasource",
+				},
+				StringData: map[string]string{
+					"DB_CONNECTION_STRING":              "mysql://user:pass@tcp(db.example.com:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+					"MM_SQLSETTINGS_DATASOURCEREPLICAS": "user:pass@tcp(db-ro.example.com:3306)/mattermost?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s&tls=skip-verify",
+				},
+			},
+		},
 	} {
 		t.Run(testCase.description, func(t *testing.T) {
 			k8sSecret := testCase.installationSecret.ToK8sSecret(testCase.disableDBCheck)