tls support on mysql by using CA's pem

cmd/goose/driver_mysql.go

@@ -3,11 +3,13 @@
 package main
 
 import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
 	"log"
 
 	"github.com/go-sql-driver/mysql"
-
-	_ "github.com/go-sql-driver/mysql"
 	_ "github.com/ziutek/mymysql/godrv"
 )
 
@@ -34,3 +36,19 @@ func normalizeMySQLDSN(dsn string) (string, error) {
 	config.ParseTime = true
 	return config.FormatDSN(), nil
 }
+
+const tlsConfigKey = "custom"
+
+func registerTLSConfig(pemfile string) error {
+	rootCertPool := x509.NewCertPool()
+	pem, err := ioutil.ReadFile(pemfile)
+	if err != nil {
+		return err
+	}
+	if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
+		return fmt.Errorf("failed to append PEM: %q", pemfile)
+	}
+	return mysql.RegisterTLSConfig(tlsConfigKey, &tls.Config{
+		RootCAs: rootCertPool,
+	})
+}

cmd/goose/driver_no_mysql.go

@@ -10,3 +10,7 @@ import (
 func normalizeDBString(driver string, str string) string {
 	return str
 }
+
+func registerTLSConfig(_ string) error {
+	return nil
+}

cmd/goose/main.go

@@ -15,6 +15,7 @@ var (
 	verbose = flags.Bool("v", false, "enable verbose mode")
 	help    = flags.Bool("h", false, "print help")
 	version = flags.Bool("version", false, "print version")
+	sslCA   = flags.String("ssl-ca", "", "file path to root CA's certificates in pem format (only support on mysql)")
 )
 
 func main() {
@@ -35,6 +36,12 @@ func main() {
 		return
 	}
 
+	if *sslCA != "" {
+		if err := registerTLSConfig(*sslCA); err != nil {
+			log.Fatalf("goose run: %v", err)
+		}
+	}
+
 	switch args[0] {
 	case "create":
 		if err := goose.Run("create", nil, *dir, args[1:]...); err != nil {