UPSTREAM: <carry>: Use ConnectionConfig fields when establishing sess…

…ion to initial contact point When host information was missing, driver used resolved IP address as TLS.ServerName Instead it should connect to Server specified in ConnectionConfig and use NodeDomain as SNI.
scylladb · Nov 7, 2022 · 2819177 · 2819177
1 parent e3e27db
commit 2819177
Show file tree

Hide file tree

Showing 4 changed files with 388 additions and 6 deletions.
diff --git a/host_source_scylla.go b/host_source_scylla.go
@@ -0,0 +1,7 @@
+package gocql
+
+func (h *HostInfo) SetDatacenter(dc string) {
+	h.mu.Lock()
+	defer h.mu.Unlock()
+	h.dataCenter = dc
+}
diff --git a/scyllacloud/config.go b/scyllacloud/config.go
@@ -171,8 +171,19 @@ func (cc *ConnectionConfig) getDataOrReadFile(data []byte, path string) ([]byte,
 }
 
 func (cc *ConnectionConfig) GetClientCertificate() (*tls.Certificate, error) {
-	confContext := cc.Contexts[cc.CurrentContext]
-	authInfo := cc.AuthInfos[confContext.AuthInfoName]
+	if len(cc.CurrentContext) == 0 {
+		return nil, fmt.Errorf("current context is empty")
+	}
+
+	confContext, ok := cc.Contexts[cc.CurrentContext]
+	if !ok {
+		return nil, fmt.Errorf("context %q does not exists", cc.CurrentContext)
+	}
+
+	authInfo, ok := cc.AuthInfos[confContext.AuthInfoName]
+	if !ok {
+		return nil, fmt.Errorf("autoInfo %q does not exists", confContext.AuthInfoName)
+	}
 
 	clientCert, err := cc.getDataOrReadFile(authInfo.ClientCertificateData, authInfo.ClientCertificatePath)
 	if err != nil {

diff --git a/scyllacloud/hostdialer.go b/scyllacloud/hostdialer.go
@@ -31,7 +31,7 @@ func NewSniHostDialer(connConfig *ConnectionConfig, dialer gocql.Dialer) *SniHos
 func (s *SniHostDialer) DialHost(ctx context.Context, host *gocql.HostInfo) (*gocql.DialedHost, error) {
 	hostID := host.HostID()
 	if len(hostID) == 0 {
-		return s.dialInitialContactPoint(ctx, host)
+		return s.dialInitialContactPoint(ctx)
 	}
 
 	dcName := host.DataCenter()
@@ -77,7 +77,7 @@ func (s *SniHostDialer) DialHost(ctx context.Context, host *gocql.HostInfo) (*go
 	})
 }
 
-func (s *SniHostDialer) dialInitialContactPoint(ctx context.Context, host *gocql.HostInfo) (*gocql.DialedHost, error) {
+func (s *SniHostDialer) dialInitialContactPoint(ctx context.Context) (*gocql.DialedHost, error) {
 	insecureSkipVerify := false
 	for _, dc := range s.connConfig.Datacenters {
 		if dc.InsecureSkipTLSVerify {
@@ -96,8 +96,22 @@ func (s *SniHostDialer) dialInitialContactPoint(ctx context.Context, host *gocql
 		return nil, fmt.Errorf("can't get root CA from configuration: %w", err)
 	}
 
-	return s.connect(ctx, s.dialer, host.HostnameAndPort(), &tls.Config{
-		ServerName:         host.Hostname(),
+	if len(s.connConfig.CurrentContext) == 0 {
+		return nil, fmt.Errorf("current context is empty")
+	}
+
+	contextConf, ok := s.connConfig.Contexts[s.connConfig.CurrentContext]
+	if !ok {
+		return nil, fmt.Errorf("context %q does not exists", s.connConfig.CurrentContext)
+	}
+
+	dcConf, ok := s.connConfig.Datacenters[contextConf.DatacenterName]
+	if !ok {
+		return nil, fmt.Errorf("datacenter %q does not exists", contextConf.DatacenterName)
+	}
+
+	return s.connect(ctx, s.dialer, dcConf.Server, &tls.Config{
+		ServerName:         dcConf.NodeDomain,
 		RootCAs:            ca,
 		InsecureSkipVerify: insecureSkipVerify,
 		Certificates:       []tls.Certificate{*clientCertificate},