Ruby Datamapper connection with SSL to MariaDB on Amazon RDS

Question

How do I establish a ruby Datamapper connection to MariaDB on Amazon RDS with SSL?

Here's what I did:

A non-SSL connection works when testing with:

uri = 'mysql://user:pass@host:port/db_name'
connection = DataObjects::Connection.new(uri)
=> #<DataObjects::Mysql::Connection:0x000056179a3a5921

connection.secure?
=> false

According to the MySQL datamapper wiki, an ssl connection requires the following options: :ssl_ca, :client_key, and :client_cert.

This would result in the following code:

uri = 'mysql://user:pass@host:port/db_name?'
ssl_opts = 'ssl[ssl_ca]=file&ssl[client_key]=file&ssl[client_cert]=file'

connection = DataObjects::Connection.new(uri + ssl_opts)
connection.secure?
=> false

However the only files get is the RDS combind CA bundle, refered from the RDS docs

I do not have a client_cert at all.

Connecting with the mysql client on cli works with SSL:

mysql --ssl -h host -u user -p pass db_name
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 1638
Server version: 10.1.26-MariaDB MariaDB Server

Answer 1

In doc

https://github.com/datamapper/do/wiki/MySQL

It also says

• as tested only ca_cert was required to connect to RDS.

So try adding only ca_cert path and do a test

Answer 2

There's only one parameter required: :ssl => {:ca_cert => 'pem_file'}.

However it looks like using uri string for configuration does not work. The reason is a limitation in Addressable::Uri. It cannot handle query strings which aim to represent hashes with more than 1 level.

The good news is that it works using DataMapper.setup with a config Hash:

DataMapper.setup(:default, 
    :adapter  => 'mysql', 
    :user     => 'user',
    :database => 'db_name',
    :host     => 'host',
    :password => 'pass',
    :ssl => { 
        :ca_cert  => '/path/to/rds-combined-ca-bundle.pem'
    }
)