Spaces:

DataEyond
/

Agentic-Service-Data-Eyond

Sleeping

Rifqi Hafizuddin commited on 4 days ago

Commit

060c8cc

1 Parent(s): 6c87346

[NOTICKET][DB] fix mysql pipeline

Files changed (1) hide show

src/pipeline/db_pipeline/db_pipeline_service.py CHANGED Viewed

@@ -63,8 +63,21 @@ class DbPipelineService:
                 port=credentials["port"],
                 database=credentials["database"],
             )
-            # pymysql: empty-dict ssl arg flips SSL on with defaults.
-            connect_args = {"ssl": {}} if credentials.get("ssl", True) else {}
             return create_engine(url, connect_args=connect_args)
         if db_type == "sqlserver":

                 port=credentials["port"],
                 database=credentials["database"],
             )
+            # pymysql only activates TLS when the `ssl` dict is truthy
+            # (empty dict is falsy and silently disables TLS). Use system-
+            # default CAs via certifi + hostname verification — required by
+            # managed MySQL providers like TiDB Cloud / PlanetScale / Aiven.
+            if credentials.get("ssl", True):
+                import certifi
+                connect_args = {
+                    "ssl": {
+                        "ca": certifi.where(),
+                        "check_hostname": True,
+                    }
+                }
+            else:
+                connect_args = {}
             return create_engine(url, connect_args=connect_args)
         if db_type == "sqlserver":