From 4deacf2b50ec2f54c555fe7ed0342c429aff06b0 Mon Sep 17 00:00:00 2001
From: arnis <8789226+0x63lv@users.noreply.github.com>
Date: Tue, 18 Aug 2020 01:30:15 +0300
Subject: [PATCH] Conditionally overwrite TLS parameters for MySQL secrets
 engine (#9729)

* Conditionally overwrite TLS parameters in MySQL DSN

Overwrite MySQL TLS configuration in MySQL DSN only if have `tls_ca` or `tls_certificate_key` set
Current logic always overwrites it

* Add test for MySQL DSN with a valid TLS parameter in query string
---
 plugins/database/mysql/connection_producer.go      | 4 +++-
 plugins/database/mysql/connection_producer_test.go | 5 +++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/plugins/database/mysql/connection_producer.go b/plugins/database/mysql/connection_producer.go
index 4e3437200..bf4b6581a 100644
--- a/plugins/database/mysql/connection_producer.go
+++ b/plugins/database/mysql/connection_producer.go
@@ -218,7 +218,9 @@ func (c *mySQLConnectionProducer) addTLStoDSN() (connURL string, err error) {
 		return "", fmt.Errorf("unable to parse connectionURL: %s", err)
 	}
 
-	config.TLSConfig = c.tlsConfigName
+	if len(c.tlsConfigName) > 0 {
+		config.TLSConfig = c.tlsConfigName
+	}
 
 	connURL = config.FormatDSN()
 
diff --git a/plugins/database/mysql/connection_producer_test.go b/plugins/database/mysql/connection_producer_test.go
index 7da5a0520..4213d57c4 100644
--- a/plugins/database/mysql/connection_producer_test.go
+++ b/plugins/database/mysql/connection_producer_test.go
@@ -45,6 +45,11 @@ func Test_addTLStoDSN(t *testing.T) {
 			tlsConfigName:  "tlsTest101",
 			expectedResult: "user:pa?ssword?@tcp(localhost:3306)/test?tls=tlsTest101&foo=bar",
 		},
+		"tls, valid tls parameter in query string": {
+			rootUrl:        "user:password@tcp(localhost:3306)/test?tls=true",
+			tlsConfigName:  "",
+			expectedResult: "user:password@tcp(localhost:3306)/test?tls=true",
+		},
 	}
 
 	for name, test := range tests {