Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ssl.mode for PG CDC doc #2678

Merged
merged 4 commits into from
Oct 14, 2024
Merged

Update ssl.mode for PG CDC doc #2678

merged 4 commits into from
Oct 14, 2024

Conversation

WanYixian
Copy link
Contributor

Description

  • Add verify-ca, and verify-full for SSL.mode
  • Add ssl.root.cert

Related code PR

risingwavelabs/risingwave#18015

Related doc issue

Resolve #2605

Rendered preview

PG:
image

MySQL:
image

Checklist

  • I have checked the doc site preview, and the updated parts look good.
  • I have acquired the approval from the owner (and optionally the reviewers) of the code PR and at least one tech writer (emile-00, hengm3467, & WanYixian).

@aws-amplify-us-east-1 AWS Amplify (us-east-1)
Copy link

This pull request is automatically being deployed by Amplify Hosting (learn more).

Access this pull request here: https://pr-2678.d2fbku9n2b6wde.amplifyapp.com

StrikeW
StrikeW reviewed Oct 14, 2024
View reviewed changes
docs/guides/ingest-from-mysql-cdc.md Outdated
@@ -168,7 +168,8 @@ All the fields listed below are required. Note that the value of these parameter
|database.name| Name of the database. Note that RisingWave cannot read data from a built-in MySQL database, such as `mysql`, `sys`, etc.|
|table.name| Name of the table that you want to ingest data from. |
|server.id| Required if creating a shared source. A numeric ID of the database client. It must be unique across all database processes that are running in the MySQL cluster. If not specified, RisingWave will generate a random ID.|
|ssl.mode| Optional. The `ssl.mode` parameter determines the level of SSL/TLS encryption for secure communication with MySQL. It accepts three values: `disabled`, `preferred`, and `required`. The default value is `disabled`. When set to `required`, it enforces TLS for establishing a connection.|
|ssl.mode| Optional. The `ssl.mode` parameter determines the level of SSL/TLS encryption for secure communication with MySQL. Accepted values are `disabled`, `preferred`,`required`, `verify-ca`, and `verify-full`. The default value is `disabled`. When set to `required`, `verify-ca`, or `verify-full`, it enforces TLS for establishing a connection.|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually the risingwavelabs/risingwave#18015 is for Postgres source only, so we don't need to change doc of MySQL.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Saw the supported values for ssl.mode in MySQL cdc also changed, so still no need to document this? 🤔
image

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can scroll up a bit, mysql source will reject those PG specific options. The intention of code here is to make them a no-op.

docs/guides/ingest-from-mysql-cdc.md Outdated
@@ -168,7 +168,8 @@ All the fields listed below are required. Note that the value of these parameter
|database.name| Name of the database. Note that RisingWave cannot read data from a built-in MySQL database, such as `mysql`, `sys`, etc.|
|table.name| Name of the table that you want to ingest data from. |
|server.id| Required if creating a shared source. A numeric ID of the database client. It must be unique across all database processes that are running in the MySQL cluster. If not specified, RisingWave will generate a random ID.|
|ssl.mode| Optional. The `ssl.mode` parameter determines the level of SSL/TLS encryption for secure communication with MySQL. It accepts three values: `disabled`, `preferred`, and `required`. The default value is `disabled`. When set to `required`, it enforces TLS for establishing a connection.|
|ssl.mode| Optional. The `ssl.mode` parameter determines the level of SSL/TLS encryption for secure communication with MySQL. Accepted values are `disabled`, `preferred`,`required`, `verify-ca`, and `verify-full`. The default value is `disabled`. When set to `required`, `verify-ca`, or `verify-full`, it enforces TLS for establishing a connection.|
| ssl.root.cert | Optional. Specify the root certificate secret.|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ditto

docs/guides/ingest-from-postgres-cdc.md Outdated
@@ -202,7 +202,8 @@ Unless specified otherwise, the fields listed are required. Note that the value
|schema.name| Optional. Name of the schema. By default, the value is `public`. |
|table.name| Name of the table that you want to ingest data from. |
|slot.name| Optional. The [replication slot](https://www.postgresql.org/docs/14/logicaldecoding-explanation.html#LOGICALDECODING-REPLICATION-SLOTS) for this PostgreSQL source. By default, a unique slot name will be randomly generated. Each source should have a unique slot name. Valid replication slot names must contain only lowercase letters, numbers, and underscores, and be no longer than 63 characters.|
|ssl.mode| Optional. The `ssl.mode` parameter determines the level of SSL/TLS encryption for secure communication with Postgres. It accepts three values: `disabled`, `preferred`, and `required`. The default value is `disabled`. When set to `required`, it enforces TLS for establishing a connection.|
|ssl.mode| Optional. The `ssl.mode` parameter determines the level of SSL/TLS encryption for secure communication with Postgres. Accepted values are `disabled`, `preferred`, `required`, `verify-ca`, and `verify-full`. The default value is `disabled`. <ul><li>When set to `required`, it enforces TLS for establishing a connection; </li><li>When set to `verify-ca`, it verifies that the server is trustworthy by checking the certificate chain up to the root certificate stored on the client;</li><li>When set to `verify-full`, it verifies the certificate and also ensures the server hostname matches the name in the certificate.</li></ul> |
| ssl.root.cert | Optional. Specify the root certificate secret.|
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we need to clarify the term secret, which is related to the our own secret manager. The user needs to CREATE SECRET first before filling in here.

@WanYixian WanYixian changed the title Update ssl.mode for PG and MySQL CDC doc Update ssl.mode for PG CDC doc Oct 14, 2024
@WanYixian
Copy link
Contributor Author

All updated, please take another look @StrikeW

StrikeW
StrikeW approved these changes Oct 14, 2024
View reviewed changes
Copy link
Contributor

@StrikeW StrikeW left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@WanYixian WanYixian merged commit 38a20f5 into main Oct 14, 2024
3 checks passed
@WanYixian WanYixian deleted the wyx/resolve_2605 branch October 14, 2024 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@StrikeW StrikeW StrikeW approved these changes

@hengm3467 hengm3467 Awaiting requested review from hengm3467

@emile-00 emile-00 Awaiting requested review from emile-00

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Document: feat(cdc): support for verify-ca and verify-full of Postgres SSL
2 participants
@WanYixian @StrikeW