phpunit support for secure database connection

Created on 5 September 2023, over 1 year ago
Updated 6 September 2023, over 1 year ago

Problem/Motivation

When you use PDO and connect to the database securely like when using Microsoft Azure databases phpunit won't work because the connection does not use a certificate.

Steps to reproduce

create a drupal installation. Add support for phpunit. Encrypt the database connection using https://blog.yannickjaquier.com/mariadb/data-in-transit-encryption-with-.... run phpunit tests.

Proposed resolution

Create two patches. One create a patch for Connection.php that add suport for a query parameter that specifies the path to the .pem or .cert file. I wanted to run it by the community before naming anything in case you have a preference. Heres is a code snipet that could work.

Connection.php:

diff --git a/core/lib/Drupal/Core/Database/Connection.php b/core/lib/Drupal/Core/Database/Connection.php
index 70e0dea87..ddb0c8c9f 100644
--- a/core/lib/Drupal/Core/Database/Connection.php
+++ b/core/lib/Drupal/Core/Database/Connection.php
@@ -1625,6 +1625,16 @@ public static function createConnectionOptionsFromUrl($url, $root) {
       'namespace' => $reflector->getNamespaceName(),
     ];
 
+    if(isset($url_components['query'])) {
+      $parts = parse_url($url);
+      parse_str($parts['query'], $query);
+      if(isset($query['pdo_pem_path'])) {
+        $database['pdo'] = array(
+          \PDO::MYSQL_ATTR_SSL_CA => $query['pdo_pem_path'],
+        );
+      }
+    }
+
     if (isset($url_components['port'])) {
       $database['port'] = $url_components['port'];
     }

And another patch for the install.inc:

diff --git a/core/includes/install.inc b/core/includes/install.inc
index 987186f56..4abbbc257 100644
--- a/core/includes/install.inc
+++ b/core/includes/install.inc
@@ -256,6 +256,21 @@ function drupal_get_database_types() {
  *   @endcode
  */
 function drupal_rewrite_settings($settings = [], $settings_file = NULL) {
+  if(isset($settings['databases'])) {
+    if(!isset($settings['databases']['default']['default']->value['pdo'])) {
+      if(getenv('SIMPLETEST_DB') != null) {
+        $url_components = parse_url(getenv('SIMPLETEST_DB'));
+        if(isset($url_components['query'])) {
+          parse_str($url_components['query'], $query);
+          if(isset($query['pdo_pem_path'])) {
+            $settings['databases']['default']['default']->value['pdo'] = array(
+              \PDO::MYSQL_ATTR_SSL_CA => $query['pdo_pem_path'],
+            );
+          }
+        }
+      }
+    }
+  }
   if (!isset($settings_file)) {
     $settings_file = \Drupal::service('site.path') . '/settings.php';
   }

Remaining tasks

Get a name for the query parameter.
Build the patches.

User interface changes

API changes

Data model changes

✨ Feature request
Status

Active

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States trigve hagen Washington DC

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024