From 9b8772b6b68287e7691d5fcabf94f66d9a10b6e5 Mon Sep 17 00:00:00 2001
From: Allen Averbukh <aaverbukh@linkedin.com>
Date: Mon, 25 Aug 2025 14:52:29 -0700
Subject: [PATCH 1/3] add ssl config to the build data source method

---
 .../github/ambry/config/AccountStatsMySqlConfig.java   |  3 +++
 .../ambry/config/MysqlRepairRequestsDbConfig.java      |  2 ++
 .../accountstats/AccountStatsMySqlStoreFactory.java    |  2 +-
 .../main/java/com/github/ambry/mysql/MySqlUtils.java   | 10 ++++++++++
 .../ambry/repair/MysqlRepairRequestsDbFactory.java     |  2 +-
 5 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/ambry-api/src/main/java/com/github/ambry/config/AccountStatsMySqlConfig.java b/ambry-api/src/main/java/com/github/ambry/config/AccountStatsMySqlConfig.java
index 05d5960fd7..a9c7b49ced 100644
--- a/ambry-api/src/main/java/com/github/ambry/config/AccountStatsMySqlConfig.java
+++ b/ambry-api/src/main/java/com/github/ambry/config/AccountStatsMySqlConfig.java
@@ -23,6 +23,8 @@ public class AccountStatsMySqlConfig {
   public static final String ENABLE_REWRITE_BATCHED_STATEMENT = PREFIX + "enable.rewrite.batched.statements";
   public static final String CONNECTION_IDLE_TIMEOUT = PREFIX + "connection.idle.timeout.ms";
   public static final String LOCAL_BACKUP_FILE_PATH = PREFIX + "local.backup.file.path";
+  public final SSLConfig sslConfig;
+
 
   /**
    * Serialized json containing the information about all mysql end points. This information should be of the following form:
@@ -108,5 +110,6 @@ public AccountStatsMySqlConfig(VerifiableProperties verifiableProperties) {
     enableRewriteBatchedStatement = verifiableProperties.getBoolean(ENABLE_REWRITE_BATCHED_STATEMENT, false);
     connectionIdleTimeoutMs = verifiableProperties.getLong(CONNECTION_IDLE_TIMEOUT, 60 * 1000);
     localBackupFilePath = verifiableProperties.getString(LOCAL_BACKUP_FILE_PATH, "");
+    sslConfig = new SSLConfig(verifiableProperties);
   }
 }
diff --git a/ambry-api/src/main/java/com/github/ambry/config/MysqlRepairRequestsDbConfig.java b/ambry-api/src/main/java/com/github/ambry/config/MysqlRepairRequestsDbConfig.java
index 97531ffd01..a8735f37bf 100644
--- a/ambry-api/src/main/java/com/github/ambry/config/MysqlRepairRequestsDbConfig.java
+++ b/ambry-api/src/main/java/com/github/ambry/config/MysqlRepairRequestsDbConfig.java
@@ -20,6 +20,7 @@ public class MysqlRepairRequestsDbConfig {
   public static final String DB_INFO = PREFIX + "db.info";
   public static final String LOCAL_POOL_SIZE = PREFIX + "local.pool.size";
   public static final String LIST_MAX_RESULTS = PREFIX + "list.max.results";
+  public final SSLConfig sslConfig;
 
   /**
    * Serialized json array containing the information about all mysql end points.
@@ -44,5 +45,6 @@ public MysqlRepairRequestsDbConfig(VerifiableProperties verifiableProperties) {
     this.dbInfo = verifiableProperties.getString(DB_INFO);
     this.localPoolSize = verifiableProperties.getIntInRange(LOCAL_POOL_SIZE, 5, 1, Integer.MAX_VALUE);
     this.listMaxResults = verifiableProperties.getIntInRange(LIST_MAX_RESULTS, 100, 1, Integer.MAX_VALUE);
+    this.sslConfig = new SSLConfig(verifiableProperties);
   }
 }
diff --git a/ambry-mysql/src/main/java/com/github/ambry/accountstats/AccountStatsMySqlStoreFactory.java b/ambry-mysql/src/main/java/com/github/ambry/accountstats/AccountStatsMySqlStoreFactory.java
index 0971cb0603..2f0e054ae5 100644
--- a/ambry-mysql/src/main/java/com/github/ambry/accountstats/AccountStatsMySqlStoreFactory.java
+++ b/ambry-mysql/src/main/java/com/github/ambry/accountstats/AccountStatsMySqlStoreFactory.java
@@ -77,7 +77,7 @@ public AccountStatsStore getAccountStatsStore() throws Exception {
 
   private HikariDataSource buildDataSource(DbEndpoint dbEndpoint) {
     HikariConfig hikariConfig = new HikariConfig();
-    hikariConfig.setJdbcUrl(dbEndpoint.getUrl());
+    hikariConfig.setJdbcUrl(dbEndpoint.getUrlWithSSL(accountStatsMySqlConfig.sslConfig));
     hikariConfig.setUsername(dbEndpoint.getUsername());
     hikariConfig.setPassword(dbEndpoint.getPassword());
     hikariConfig.setMaximumPoolSize(accountStatsMySqlConfig.poolSize);
diff --git a/ambry-mysql/src/main/java/com/github/ambry/mysql/MySqlUtils.java b/ambry-mysql/src/main/java/com/github/ambry/mysql/MySqlUtils.java
index 79198c8bd1..1162a49409 100644
--- a/ambry-mysql/src/main/java/com/github/ambry/mysql/MySqlUtils.java
+++ b/ambry-mysql/src/main/java/com/github/ambry/mysql/MySqlUtils.java
@@ -161,6 +161,16 @@ public String getUrl() {
       return url;
     }
 
+    public String getUrlWithSSL(SSLConfig sslConfig) {
+      if (sslConfig == null) {
+        return url;
+      }
+      if (sslMode != null && sslMode != SSLMode.NONE) {
+        return addSslSettingsToUrl(url, sslConfig, sslMode);
+      }
+      return url;
+    }
+
     /**
      * @return Data center of the db
      */
diff --git a/ambry-mysql/src/main/java/com/github/ambry/repair/MysqlRepairRequestsDbFactory.java b/ambry-mysql/src/main/java/com/github/ambry/repair/MysqlRepairRequestsDbFactory.java
index 39df8dd7b9..481e75ac46 100644
--- a/ambry-mysql/src/main/java/com/github/ambry/repair/MysqlRepairRequestsDbFactory.java
+++ b/ambry-mysql/src/main/java/com/github/ambry/repair/MysqlRepairRequestsDbFactory.java
@@ -78,7 +78,7 @@ public MysqlRepairRequestsDb getRepairRequestsDb() {
    */
   public HikariDataSource buildDataSource(MySqlUtils.DbEndpoint dbEndpoint) {
     HikariConfig hikariConfig = new HikariConfig();
-    hikariConfig.setJdbcUrl(dbEndpoint.getUrl());
+    hikariConfig.setJdbcUrl(dbEndpoint.getUrlWithSSL(config.sslConfig));
     hikariConfig.setUsername(dbEndpoint.getUsername());
     hikariConfig.setPassword(dbEndpoint.getPassword());
     hikariConfig.setMaximumPoolSize(config.localPoolSize);

From 00afcbfa631a8f2de72f0593abfa99fbc0985a42 Mon Sep 17 00:00:00 2001
From: Allen Averbukh <aaverbukh@linkedin.com>
Date: Mon, 25 Aug 2025 16:31:12 -0700
Subject: [PATCH 2/3] added sslconfig

---
 .../java/com/github/ambry/config/AccountStatsMySqlConfig.java    | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ambry-api/src/main/java/com/github/ambry/config/AccountStatsMySqlConfig.java b/ambry-api/src/main/java/com/github/ambry/config/AccountStatsMySqlConfig.java
index a9c7b49ced..acc802e6c3 100644
--- a/ambry-api/src/main/java/com/github/ambry/config/AccountStatsMySqlConfig.java
+++ b/ambry-api/src/main/java/com/github/ambry/config/AccountStatsMySqlConfig.java
@@ -25,7 +25,6 @@ public class AccountStatsMySqlConfig {
   public static final String LOCAL_BACKUP_FILE_PATH = PREFIX + "local.backup.file.path";
   public final SSLConfig sslConfig;
 
-
   /**
    * Serialized json containing the information about all mysql end points. This information should be of the following form:
    * <pre>

From 29dd32e41c495c7308e946c9eeca0b555fd25d18 Mon Sep 17 00:00:00 2001
From: Allen Averbukh <aaverbukh@linkedin.com>
Date: Mon, 25 Aug 2025 16:35:14 -0700
Subject: [PATCH 3/3] fixed geturl

---
 .../src/main/java/com/github/ambry/mysql/MySqlUtils.java  | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ambry-mysql/src/main/java/com/github/ambry/mysql/MySqlUtils.java b/ambry-mysql/src/main/java/com/github/ambry/mysql/MySqlUtils.java
index 1162a49409..907de6df63 100644
--- a/ambry-mysql/src/main/java/com/github/ambry/mysql/MySqlUtils.java
+++ b/ambry-mysql/src/main/java/com/github/ambry/mysql/MySqlUtils.java
@@ -161,11 +161,17 @@ public String getUrl() {
       return url;
     }
 
+    /**
+     * @return Url of the db with SSL info
+     */
     public String getUrlWithSSL(SSLConfig sslConfig) {
       if (sslConfig == null) {
         return url;
       }
-      if (sslMode != null && sslMode != SSLMode.NONE) {
+      if (sslMode == null) {
+        return addSslSettingsToUrl(url, sslConfig, SSLMode.VERIFY_CA);
+      }
+      else if (sslMode != null && sslMode != SSLMode.NONE) {
         return addSslSettingsToUrl(url, sslConfig, sslMode);
       }
       return url;