From b097a03366cc183806d643822c62c04cca01671c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= <jiri.suchomel@suse.com>
Date: Wed, 20 Sep 2017 13:58:00 +0200
Subject: [PATCH] database: Support SSL connection for db_maker user from ruby
 library

---
 .../database/libraries/provider_database_mysql.rb    | 12 ++++++++++--
 .../libraries/provider_database_mysql_user.rb        | 12 ++++++++++--
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/chef/cookbooks/database/libraries/provider_database_mysql.rb b/chef/cookbooks/database/libraries/provider_database_mysql.rb
index 8f329e16a6..a492d0c5a8 100644
--- a/chef/cookbooks/database/libraries/provider_database_mysql.rb
+++ b/chef/cookbooks/database/libraries/provider_database_mysql.rb
@@ -74,13 +74,21 @@ def schema_present?(database_name)
         end
 
         def client
-          @client ||= Mysql2::Client.new(
+          client_options = {
             host: new_resource.connection[:host],
             socket: new_resource.connection[:socket],
             username: new_resource.connection[:username],
             password: new_resource.connection[:password],
             port: new_resource.connection[:port]
-          )
+          }
+          if new_resource.connection[:ssl][:enabled]
+            if new_resource.connection[:ssl][:insecure]
+              client_options[:sslverify] = false
+            else
+              client_options[:sslca] = new_resource.connection[:ssl][:ca_certs]
+            end
+          end
+          @client ||= Mysql2::Client.new(client_options)
         end
 
         def close_client
diff --git a/chef/cookbooks/database/libraries/provider_database_mysql_user.rb b/chef/cookbooks/database/libraries/provider_database_mysql_user.rb
index 22b55a62db..71858e7096 100644
--- a/chef/cookbooks/database/libraries/provider_database_mysql_user.rb
+++ b/chef/cookbooks/database/libraries/provider_database_mysql_user.rb
@@ -111,13 +111,21 @@ def user_present?(username, host)
         end
 
         def client
-          @client ||= Mysql2::Client.new(
+          client_options = {
             host: new_resource.connection[:host],
             socket: new_resource.connection[:socket],
             username: new_resource.connection[:username],
             password: new_resource.connection[:password],
             port: new_resource.connection[:port]
-          )
+          }
+          if new_resource.connection[:ssl][:enabled]
+            if new_resource.connection[:ssl][:insecure]
+              client_options[:sslverify] = false
+            else
+              client_options[:sslca] = new_resource.connection[:ssl][:ca_certs]
+            end
+          end
+          @client ||= Mysql2::Client.new(client_options)
         end
 
         def close_client