deploy mysql version

mipo1357 · Oct 21, 2022 · 4529895 · 4529895
1 parent 1134200
commit 4529895
Show file tree

Hide file tree

Showing 24 changed files with 186 additions and 276 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-# Copyright 2020 Google LLC
+# Copyright 2019 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -42,9 +42,9 @@ RUN set -x && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -
 
 # Copy the binary to the production image from the builder stage.
 COPY --from=builder /app/server /app/server
-# Copy any certificates IFF present.
-COPY ./certs /app/certs
 
+# Copy any certificates IF present.
+COPY ./certs /app/certs
 # Run the web service on container startup.
 WORKDIR /app
 CMD ["/app/server"]
diff --git a/README.md b/README.md
@@ -3,8 +3,8 @@
 1. GCP コンソールからプロジェクトを作成する
 2. terraform をインストールしておく
 3. gcloud もインストールしておく
-4. gcloud でログインしておく
-5. `gsutil mb gs://バケット名`
-6. コンソールから container registory の API を有効化
-7. `terraform init`
-8. `terraform apply`
+4. gcloud でログインしておく(デフォルト設定を使用する場合は credential が正しいかどうかチェック)
+5. `gsutil mb -l asia gs://バケット名`
+6. コンソールから container registory と cloud run の API を有効化
+7. `terraform init -backend-config=./backend.conf`
+8. `terraform apply -var-file=./terraform.tfvars` 実運用ではシークレットな変数などはシークレットマネージャーに。
diff --git a/cloudsql.go b/cloudsql.go
@@ -1,4 +1,4 @@
-// Copyright 2020 Google LLC
+// Copyright 2019 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -50,7 +50,7 @@ func getDB() *sql.DB {
 func migrateDB(db *sql.DB) error {
 	createVotes := `CREATE TABLE IF NOT EXISTS votes (
 		id SERIAL NOT NULL,
-		created_at timestamp NOT NULL,
+		created_at datetime NOT NULL,
 		candidate VARCHAR(6) NOT NULL,
 		PRIMARY KEY (id)
 	);`
@@ -176,26 +176,26 @@ func mustConnect() *sql.DB {
 // configureConnectionPool sets database connection pool properties.
 // For more information, see https://golang.org/pkg/database/sql
 func configureConnectionPool(db *sql.DB) {
-	// [START cloud_sql_postgres_databasesql_limit]
+	// [START cloud_sql_mysql_databasesql_limit]
 	// Set maximum number of connections in idle connection pool.
 	db.SetMaxIdleConns(5)
 
 	// Set maximum number of open connections to the database.
 	db.SetMaxOpenConns(7)
-	// [END cloud_sql_postgres_databasesql_limit]
+	// [END cloud_sql_mysql_databasesql_limit]
 
-	// [START cloud_sql_postgres_databasesql_lifetime]
+	// [START cloud_sql_mysql_databasesql_lifetime]
 	// Set Maximum time (in seconds) that a connection can remain open.
 	db.SetConnMaxLifetime(1800 * time.Second)
-	// [END cloud_sql_postgres_databasesql_lifetime]
+	// [END cloud_sql_mysql_databasesql_lifetime]
 
-	// [START cloud_sql_postgres_databasesql_backoff]
+	// [START cloud_sql_mysql_databasesql_backoff]
 	// database/sql does not support specifying backoff
-	// [END cloud_sql_postgres_databasesql_backoff]
-	// [START cloud_sql_postgres_databasesql_timeout]
+	// [END cloud_sql_mysql_databasesql_backoff]
+	// [START cloud_sql_mysql_databasesql_timeout]
 	// The database/sql package currently doesn't offer any functionality to
 	// configure connection timeout.
-	// [END cloud_sql_postgres_databasesql_timeout]
+	// [END cloud_sql_mysql_databasesql_timeout]
 }
 
 // Votes handles HTTP requests to alternatively show the voting app or to save a
@@ -255,10 +255,10 @@ func saveVote(w http.ResponseWriter, r *http.Request, db *sql.DB) {
 		return
 	}
 
-	// [START cloud_sql_postgres_databasesql_connection]
-	insertVote := "INSERT INTO votes(candidate, created_at) VALUES($1, NOW())"
+	// [START cloud_sql_mysql_databasesql_connection]
+	insertVote := "INSERT INTO votes(candidate, created_at) VALUES(?, NOW())"
 	_, err := db.Exec(insertVote, team)
-	// [END cloud_sql_postgres_databasesql_connection]
+	// [END cloud_sql_mysql_databasesql_connection]
 
 	if err != nil {
 		log.Printf("saveVote: unable to save vote: %v", err)

diff --git a/cloudsql_test.go b/cloudsql_test.go
@@ -59,13 +59,13 @@ func dbConfigFromEnv(t *testing.T, ct connType) dbConfig {
 		return n
 	}
 	d := dbConfig{
-		user:         testEnv("POSTGRES_USER"),
-		pass:         testEnv("POSTGRES_PASSWORD"),
-		name:         testEnv("POSTGRES_DATABASE"),
-		port:         testEnv("POSTGRES_PORT"),
-		host:         testEnv("POSTGRES_HOST"),
-		unixPath:     testEnv("POSTGRES_UNIX_SOCKET"),
-		instConnName: testEnv("POSTGRES_INSTANCE"),
+		user:         testEnv("MYSQL_USER"),
+		pass:         testEnv("MYSQL_PASSWORD"),
+		name:         testEnv("MYSQL_DATABASE"),
+		port:         testEnv("MYSQL_PORT"),
+		host:         testEnv("MYSQL_HOST"),
+		unixPath:     testEnv("MYSQL_UNIX_SOCKET"),
+		instConnName: testEnv("MYSQL_INSTANCE"),
 	}
 	// Zero out all but requested conn type
 	switch ct {

diff --git a/cmd/app/main.go b/cmd/app/main.go
@@ -19,7 +19,7 @@ import (
 	"net/http"
 	"os"
 
-	cloudsql "github.com/GoogleCloudPlatform/golang-samples/cloudsql/postgres/database-sql"
+	cloudsql "github.com/GoogleCloudPlatform/golang-samples/cloudsql/mysql/database-sql"
 )
 
 func main() {

diff --git a/connect_connector.go b/connect_connector.go
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// [START cloud_sql_postgres_databasesql_connect_connector]
+// [START cloud_sql_mysql_databasesql_connect_connector]
 package cloudsql
 
 import (
@@ -24,15 +24,14 @@ import (
 	"os"
 
 	"cloud.google.com/go/cloudsqlconn"
-	"github.com/jackc/pgx/v4"
-	"github.com/jackc/pgx/v4/stdlib"
+	"github.com/go-sql-driver/mysql"
 )
 
 func connectWithConnector() (*sql.DB, error) {
 	mustGetenv := func(k string) string {
 		v := os.Getenv(k)
 		if v == "" {
-			log.Fatalf("Warning: %s environment variable not set.\n", k)
+			log.Fatalf("Warning: %s environment variable not set.", k)
 		}
 		return v
 	}
@@ -41,58 +40,33 @@ func connectWithConnector() (*sql.DB, error) {
 	// Cloud Secret Manager (https://cloud.google.com/secret-manager) to help
 	// keep secrets safe.
 	var (
-		// Either a DB_USER or a DB_IAM_USER should be defined. If both are
-		// defined, DB_IAM_USER takes precedence.
-		dbUser                 = os.Getenv("DB_USER")                   // e.g. 'my-db-user'
-		dbIAMUser              = os.Getenv("DB_IAM_USER")               // e.g. '[email protected]'
+		dbUser                 = mustGetenv("DB_USER")                  // e.g. 'my-db-user'
 		dbPwd                  = mustGetenv("DB_PASS")                  // e.g. 'my-db-password'
 		dbName                 = mustGetenv("DB_NAME")                  // e.g. 'my-database'
 		instanceConnectionName = mustGetenv("INSTANCE_CONNECTION_NAME") // e.g. 'project:region:instance'
 		usePrivate             = os.Getenv("PRIVATE_IP")
 	)
-	if dbUser == "" && dbIAMUser == "" {
-		log.Fatal("Warning: One of DB_USER or DB_IAM_USER must be defined")
-	}
 
-	dsn := fmt.Sprintf("user=%s password=%s database=%s", dbUser, dbPwd, dbName)
-	config, err := pgx.ParseConfig(dsn)
+	d, err := cloudsqlconn.NewDialer(context.Background())
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("cloudsqlconn.NewDialer: %v", err)
 	}
-	config.DialFunc = func(ctx context.Context, network, instance string) (net.Conn, error) {
-		if dbIAMUser != "" {
-			// [START cloud_sql_postgres_databasesql_auto_iam_authn]
-			d, err := cloudsqlconn.NewDialer(ctx, cloudsqlconn.WithIAMAuthN())
-			if err != nil {
-				return nil, err
+	mysql.RegisterDialContext("cloudsqlconn",
+		func(ctx context.Context, addr string) (net.Conn, error) {
+			if usePrivate != "" {
+				return d.Dial(ctx, instanceConnectionName, cloudsqlconn.WithPrivateIP())
 			}
 			return d.Dial(ctx, instanceConnectionName)
-			// [END cloud_sql_postgres_databasesql_auto_iam_authn]
-		}
-		if usePrivate != "" {
-			d, err := cloudsqlconn.NewDialer(
-				ctx,
-				cloudsqlconn.WithDefaultDialOptions(cloudsqlconn.WithPrivateIP()),
-			)
-			if err != nil {
-				return nil, err
-			}
-			return d.Dial(ctx, instanceConnectionName)
-		}
-		// Use the Cloud SQL connector to handle connecting to the instance.
-		// This approach does *NOT* require the Cloud SQL proxy.
-		d, err := cloudsqlconn.NewDialer(ctx)
-		if err != nil {
-			return nil, err
-		}
-		return d.Dial(ctx, instanceConnectionName)
-	}
-	dbURI := stdlib.RegisterConnConfig(config)
-	dbPool, err := sql.Open("pgx", dbURI)
+		})
+
+	dbURI := fmt.Sprintf("%s:%s@cloudsqlconn(localhost:3306)/%s?parseTime=true",
+		dbUser, dbPwd, dbName)
+
+	dbPool, err := sql.Open("mysql", dbURI)
 	if err != nil {
 		return nil, fmt.Errorf("sql.Open: %v", err)
 	}
 	return dbPool, nil
 }
 
-// [END cloud_sql_postgres_databasesql_connect_connector]
+// [END cloud_sql_mysql_databasesql_connect_connector]
diff --git a/connect_tcp.go b/connect_tcp.go
@@ -12,25 +12,26 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// [START cloud_sql_postgres_databasesql_connect_tcp]
-// [START cloud_sql_postgres_databasesql_connect_tcp_sslcerts]
-// [START cloud_sql_postgres_databasesql_sslcerts]
+// [START cloud_sql_mysql_databasesql_connect_tcp]
+// [START cloud_sql_mysql_databasesql_connect_tcp_sslcerts]
+// [START cloud_sql_mysql_databasesql_sslcerts]
 package cloudsql
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"database/sql"
+	"errors"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"os"
 
-	// Note: If connecting using the App Engine Flex Go runtime, use
-	// "github.com/jackc/pgx/stdlib" instead, since v4 requires
-	// Go modules which are not supported by App Engine Flex.
-	_ "github.com/jackc/pgx/v4/stdlib"
+	"github.com/go-sql-driver/mysql"
 )
 
 // connectTCPSocket initializes a TCP connection pool for a Cloud SQL
-// instance of Postgres.
+// instance of MySQL.
 func connectTCPSocket() (*sql.DB, error) {
 	mustGetenv := func(k string) string {
 		v := os.Getenv(k)
@@ -46,15 +47,15 @@ func connectTCPSocket() (*sql.DB, error) {
 	var (
 		dbUser    = mustGetenv("DB_USER")       // e.g. 'my-db-user'
 		dbPwd     = mustGetenv("DB_PASS")       // e.g. 'my-db-password'
-		dbTCPHost = mustGetenv("INSTANCE_HOST") // e.g. '127.0.0.1' ('172.17.0.1' if deployed to GAE Flex)
-		dbPort    = mustGetenv("DB_PORT")       // e.g. '5432'
 		dbName    = mustGetenv("DB_NAME")       // e.g. 'my-database'
+		dbPort    = mustGetenv("DB_PORT")       // e.g. '3306'
+		dbTCPHost = mustGetenv("INSTANCE_HOST") // e.g. '127.0.0.1' ('172.17.0.1' if deployed to GAE Flex)
 	)
 
-	dbURI := fmt.Sprintf("host=%s user=%s password=%s port=%s database=%s",
-		dbTCPHost, dbUser, dbPwd, dbPort, dbName)
+	dbURI := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s?parseTime=true",
+		dbUser, dbPwd, dbTCPHost, dbPort, dbName)
 
-	// [END cloud_sql_postgres_databasesql_connect_tcp]
+	// [END cloud_sql_mysql_databasesql_connect_tcp]
 	// (OPTIONAL) Configure SSL certificates
 	// For deployments that connect directly to a Cloud SQL instance without
 	// using the Cloud SQL Proxy, configuring SSL certificates will ensure the
@@ -64,13 +65,30 @@ func connectTCPSocket() (*sql.DB, error) {
 			dbCert = mustGetenv("DB_CERT") // e.g. '/path/to/my/client-cert.pem'
 			dbKey  = mustGetenv("DB_KEY")  // e.g. '/path/to/my/client-key.pem'
 		)
-		dbURI += fmt.Sprintf(" sslmode=require sslrootcert=%s sslcert=%s sslkey=%s",
-			dbRootCert, dbCert, dbKey)
+		pool := x509.NewCertPool()
+		pem, err := ioutil.ReadFile(dbRootCert)
+		if err != nil {
+			return nil, err
+		}
+		if ok := pool.AppendCertsFromPEM(pem); !ok {
+			return nil, errors.New("unable to append root cert to pool")
+		}
+		cert, err := tls.LoadX509KeyPair(dbCert, dbKey)
+		if err != nil {
+			return nil, err
+		}
+		mysql.RegisterTLSConfig("cloudsql", &tls.Config{
+			RootCAs:               pool,
+			Certificates:          []tls.Certificate{cert},
+			InsecureSkipVerify:    true,
+			VerifyPeerCertificate: verifyPeerCertFunc(pool),
+		})
+		dbURI += "&tls=cloudsql"
 	}
-	// [START cloud_sql_postgres_databasesql_connect_tcp]
+	// [START cloud_sql_mysql_databasesql_connect_tcp]
 
 	// dbPool is the pool of database connections.
-	dbPool, err := sql.Open("pgx", dbURI)
+	dbPool, err := sql.Open("mysql", dbURI)
 	if err != nil {
 		return nil, fmt.Errorf("sql.Open: %v", err)
 	}
@@ -82,6 +100,28 @@ func connectTCPSocket() (*sql.DB, error) {
 	return dbPool, nil
 }
 
-// [END cloud_sql_postgres_databasesql_sslcerts]
-// [END cloud_sql_postgres_databasesql_connect_tcp_sslcerts]
-// [END cloud_sql_postgres_databasesql_connect_tcp]
+// [END cloud_sql_mysql_databasesql_connect_tcp]
+
+// verifyPeerCertFunc returns a function that verifies the peer certificate is
+// in the cert pool.
+func verifyPeerCertFunc(pool *x509.CertPool) func([][]byte, [][]*x509.Certificate) error {
+	return func(rawCerts [][]byte, _ [][]*x509.Certificate) error {
+		if len(rawCerts) == 0 {
+			return errors.New("no certificates available to verify")
+		}
+
+		cert, err := x509.ParseCertificate(rawCerts[0])
+		if err != nil {
+			return err
+		}
+
+		opts := x509.VerifyOptions{Roots: pool}
+		if _, err = cert.Verify(opts); err != nil {
+			return err
+		}
+		return nil
+	}
+}
+
+// [END cloud_sql_mysql_databasesql_sslcerts]
+// [END cloud_sql_mysql_databasesql_connect_tcp_sslcerts]