API+ADMIN_API: add MySQL port option and MySQL SSL support

Change-Id: I85216d522242673c3f91e25cea88a435d547c158

libra/admin_api/app.py

@@ -44,7 +44,13 @@ def setup_app(pecan_config, args):
         'username': args.db_user,
         'password': args.db_pass,
         'host': args.db_host,
-        'schema': args.db_schema
+        'schema': args.db_schema,
+        'port': args.db_port,
+        'schema': args.db_schema,
+        'use_ssl': args.db_ssl,
+        'ssl_cert': args.db_ssl_cert,
+        'ssl_key': args.db_ssl_key,
+        'ssl_ca': args.db_ssl_ca
     }
     if args.debug:
         config['wsme'] = {'debug': True}
@@ -94,9 +100,24 @@ def main():
     options.parser.add_argument(
         '--db_host', help='MySQL host name'
     )
+    options.parser.add_argument(
+        '--db_port', help='MySQL port number', default=3306, type=int
+    )
     options.parser.add_argument(
         '--db_schema', help='MySQL schema for libra'
     )
+    options.parser.add_argument(
+        '--db_ssl', help='Enable MySQL SSL connections', action='store_true'
+    )
+    options.parser.add_argument(
+        '--db_ssl_cert', help='MySQL SSL certificate'
+    )
+    options.parser.add_argument(
+        '--db_ssl_key', help='MySQL SSL key'
+    )
+    options.parser.add_argument(
+        '--db_ssl_ca', help='MySQL SSL certificate authority'
+    )
     options.parser.add_argument(
         '--ssl_certfile',
         help='Path to an SSL certificate file'
@@ -112,6 +133,8 @@ def main():
         'db_user', 'db_pass', 'db_host', 'db_schema', 'ssl_certfile',
         'ssl_keyfile'
     ]
+    if args.db_ssl:
+        required_args.extend(['db_ssl_cert', 'db_ssl_key', 'db_ssl_ca'])
 
     missing_args = 0
     for req in required_args:

libra/admin_api/model/lbaas.py

@@ -20,14 +20,27 @@ import sqlalchemy.types as types
 from pecan import conf
 
 # TODO replace this with something better
-conn_string = '''mysql://%s:%s@%s/%s''' % (
+conn_string = '''mysql://%s:%s@%s:%d/%s''' % (
     conf.database.username,
     conf.database.password,
     conf.database.host,
+    conf.database.port,
     conf.database.schema
 )
 
-engine = create_engine(conn_string, isolation_level="READ COMMITTED")
+if conf.database.use_ssl:
+    ssl_args = {'ssl': {
+        'cert': conf.database.ssl_cert,
+        'key': conf.database.ssl_key,
+        'ca': conf.database.ssl_ca
+    }}
+
+    engine = create_engine(
+        conn_string, isolation_level="READ COMMITTED", connect_args=ssl_args
+    )
+else:
+    engine = create_engine(conn_string, isolation_level="READ COMMITTED")
+
 DeclarativeBase = declarative_base()
 metadata = DeclarativeBase.metadata
 metadata.bind = engine