1
// Copyright (c) 2020 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package cmd
6

7
import (
8
	"context"
9
	"crypto/tls"
10
	"crypto/x509"
11
	"database/sql"
12
	_ "embed"
13
	"errors"
14
	"fmt"
15
	"net"
16
	"os"
17
	"strings"
18
	"time"
19

20
	"github.com/go-sql-driver/mysql"
21
	"github.com/spf13/cobra"
22
	"github.com/spf13/viper"
23

24
	"github.com/gitpod-io/gitpod/common-go/log"
25
)
26

27
const migrationTableName = "migrations"
28

29
//go:embed resources/latest-migration.txt
30
var latestMigrationName string
31

32
// databaseCmd represents the database command
33
var databaseCmd = &cobra.Command{
34
	Use:   "database",
35
	Short: "waits for a MySQL database to become available",
36
	Long: `Uses the default db env config of a Gitpod deployment to try and
37
connect to a MySQL database, specifically DB_HOST, DB_PORT, DB_PASSWORD,
38
DB_CA_CERT and DB_USER(=gitpod)`,
39
	PreRun: func(cmd *cobra.Command, args []string) {
40
		err := viper.BindPFlags(cmd.Flags())
41
		if err != nil {
42
			log.WithError(err).Fatal("cannot bind Viper to pflags")
43
		}
44
	},
45
	Run: func(cmd *cobra.Command, args []string) {
46
		timeout := getTimeout()
47
		ctx, cancel := context.WithTimeout(cmd.Context(), timeout)
48
		defer cancel()
49

50
		cfg := mysql.NewConfig()
51
		cfg.Addr = net.JoinHostPort(viper.GetString("host"), viper.GetString("port"))
52
		cfg.Net = "tcp"
53
		cfg.User = viper.GetString("username")
54
		cfg.Passwd = viper.GetString("password")
55

56
		// Must be "gitpod"
57
		// Align to https://github.com/gitpod-io/gitpod/blob/884d922e8e33d8b936ec18d7fe3c8dcffde42b5a/components/gitpod-db/go/conn.go#L37
58
		cfg.DBName = "gitpod"
59
		cfg.Timeout = 1 * time.Second
60

61
		dsn := cfg.FormatDSN()
62
		censoredDSN := dsn
63
		if cfg.Passwd != "" {
64
			censoredDSN = strings.Replace(dsn, cfg.Passwd, "*****", -1)
65
		}
66

67
		caCert := viper.GetString("caCert")
68
		if caCert != "" {
69
			rootCertPool := x509.NewCertPool()
70
			if ok := rootCertPool.AppendCertsFromPEM([]byte(caCert)); !ok {
71
				fail("Failed to append DB CA cert.")
72
			}
73

74
			tlsConfigName := "custom"
75
			err := mysql.RegisterTLSConfig(tlsConfigName, &tls.Config{
76
				RootCAs:    rootCertPool,
77
				MinVersion: tls.VersionTLS12, // semgrep finding: set lower boundary to exclude insecure TLS1.0
78
			})
79
			if err != nil {
80
				fail(fmt.Sprintf("Failed to register DB CA cert: %+v", err))
81
			}
82
			cfg.TLSConfig = tlsConfigName
83
		}
84

85
		migrationName := GetLatestMigrationName()
86
		migrationCheck := viper.GetBool("migration-check")
87
		log.WithField("timeout", timeout.String()).WithField("dsn", censoredDSN).WithField("migration", migrationName).WithField("migrationCheck", migrationCheck).Info("waiting for database")
88
		var lastErr error
89
		log.Info("attempting to check if database is available")
90
		for ctx.Err() == nil {
91
			if err := checkDbAvailable(ctx, cfg, migrationName, migrationCheck); err != nil {
92
				if lastErr == nil || (lastErr != nil && err.Error() != lastErr.Error()) {
93
					// log if error is new or changed
94
					log.WithError(err).Error("database not available")
95
					log.Info("attempting to check if database is available")
96
				} else {
97
					log.WithError(err).Debug("database not available, attempting to check again")
98
				}
99
				lastErr = err
100
				<-time.After(time.Second)
101
			} else {
102
				break
103
			}
104
		}
105

106
		if ctx.Err() != nil {
107
			log.WithError(ctx.Err()).WithError(lastErr).Error("database did not become available in time")
108
			fail(fmt.Sprintf("database did not become available in time(%s): %+v", timeout.String(), lastErr))
109
		} else {
110
			log.Info("database became available")
111
		}
112
	},
113
}
114

115
func GetLatestMigrationName() string {
116
	return strings.TrimSpace(latestMigrationName)
117
}
118

119
// checkDbAvailable will connect and check if database is connectable
120
// with migrations and migrationCheck set, it will also check if the latest migration has been applied
121
func checkDbAvailable(ctx context.Context, cfg *mysql.Config, migration string, migrationCheck bool) (err error) {
122
	db, err := sql.Open("mysql", cfg.FormatDSN())
123
	if err != nil {
124
		return err
125
	}
126
	// ignore error
127
	defer db.Close()
128

129
	// if migration name is not set, just ping the database
130
	if migration == "" || !migrationCheck {
131
		return db.PingContext(ctx)
132
	}
133

134
	row := db.QueryRowContext(ctx, "SELECT name FROM "+migrationTableName+" ORDER BY `timestamp` DESC LIMIT 1")
135
	var dbLatest string
136
	if err := row.Scan(&dbLatest); err != nil {
137
		if errors.Is(err, sql.ErrNoRows) {
138
			return fmt.Errorf("failed to check migrations: no row found")
139
		}
140
		return fmt.Errorf("failed to check migrations: %w", err)
141
	}
142
	if dbLatest != migration {
143
		return fmt.Errorf("expected migration %s, but found %s", migration, dbLatest)
144
	}
145

146
	log.WithField("want", migration).WithField("got", dbLatest).Info("migrated")
147

148
	return nil
149
}
150

151
func init() {
152
	rootCmd.AddCommand(databaseCmd)
153

154
	databaseCmd.Flags().StringP("host", "H", os.Getenv("DB_HOST"), "Host to try and connect to")
155
	databaseCmd.Flags().StringP("port", "p", envOrDefault("DB_PORT", "3306"), "Port to connect on")
156
	databaseCmd.Flags().StringP("password", "P", os.Getenv("DB_PASSWORD"), "Password to use when connecting")
157
	databaseCmd.Flags().StringP("username", "u", envOrDefault("DB_USERNAME", "gitpod"), "Username to use when connected")
158
	databaseCmd.Flags().StringP("caCert", "", os.Getenv("DB_CA_CERT"), "Custom CA cert (chain) to use when connected")
159

160
	databaseCmd.Flags().BoolP("migration-check", "", false, "Enable to check if the latest migration has been applied")
161
}
162

163