Fixed as per review comments

Author: ongdisheng

ibis-server/app/model/__init__.py

@@ -1,6 +1,7 @@
 from __future__ import annotations
 
 from abc import ABC
+from enum import Enum
 
 from pydantic import BaseModel, Field, SecretStr
 from starlette.status import (
@@ -197,3 +198,9 @@ class UnprocessableEntityError(CustomHttpError):
 
 class NotFoundError(CustomHttpError):
     status_code = HTTP_404_NOT_FOUND
+
+
+class SSLMode(str, Enum):
+    DISABLED = "disabled"
+    ENABLED = "enabled"
+    VERIFY_CA = "verify_ca"

ibis-server/app/model/data_source.py

@@ -28,16 +28,11 @@
     QuerySnowflakeDTO,
     QueryTrinoDTO,
     SnowflakeConnectionInfo,
+    SSLMode,
     TrinoConnectionInfo,
 )
 
 
-class SSLMode(str, Enum):
-    DISABLE = "Disable"
-    REQUIRE = "Require"
-    VERIFY_CA = "Verify CA"
-
-
 class DataSource(StrEnum):
     bigquery = auto()
     canner = auto()
@@ -187,13 +182,13 @@ def _create_ssl_context(info: ConnectionInfo) -> Optional[ssl.SSLContext]:
             info.ssl_mode.get_secret_value() if hasattr(info, "ssl_mode") else None
         )
 
-        if not ssl_mode or ssl_mode == SSLMode.DISABLE:
+        if not ssl_mode or ssl_mode == SSLMode.DISABLED:
             return None
 
         ctx = ssl.create_default_context()
         ctx.check_hostname = False
 
-        if ssl_mode == SSLMode.REQUIRE:
+        if ssl_mode == SSLMode.ENABLED:
             ctx.verify_mode = ssl.CERT_NONE
         elif ssl_mode == SSLMode.VERIFY_CA:
             ctx.verify_mode = ssl.CERT_REQUIRED

ibis-server/tests/routers/v2/connector/test_mysql.py

@@ -7,6 +7,7 @@
 from sqlalchemy import text
 from testcontainers.mysql import MySqlContainer
 
+from app.model import SSLMode
 from app.model.validator import rules
 from tests.conftest import file_path
 
@@ -111,6 +112,13 @@ def mysql(request) -> MySqlContainer:
     return mysql
 
 
+@pytest.fixture(scope="module")
+def mysql_ssl_off(request) -> MySqlContainer:
+    mysql = MySqlContainer(image="mysql:8.0.40").with_command("--ssl=0").start()
+    request.addfinalizer(mysql.stop)
+    return mysql
+
+
 async def test_query(client, manifest_str, mysql: MySqlContainer):
     connection_info = _to_connection_info(mysql)
     response = await client.post(
@@ -404,6 +412,38 @@ async def test_metadata_db_version(client, mysql: MySqlContainer):
     assert response.text == '"8.0.40"'
 
 
+@pytest.mark.parametrize(
+    "ssl_mode, expected_error",
+    [
+        (SSLMode.ENABLED, "Bad handshake"),
+        (SSLMode.VERIFY_CA, "cafile, capath and cadata cannot be all omitted"),
+    ],
+)
+async def test_connection_invalid_ssl_mode(
+    client, mysql_ssl_off: MySqlContainer, ssl_mode, expected_error
+):
+    connection_info = _to_connection_info(mysql_ssl_off)
+    connection_info["sslMode"] = ssl_mode
+
+    with pytest.raises(Exception) as excinfo:
+        await client.post(
+            url=f"{base_url}/metadata/version",
+            json={"connectionInfo": connection_info},
+        )
+    assert expected_error in str(excinfo.value)
+
+
+async def test_connection_valid_ssl_mode(client, mysql_ssl_off: MySqlContainer):
+    connection_info = _to_connection_info(mysql_ssl_off)
+    connection_info["sslMode"] = SSLMode.DISABLED
+    response = await client.post(
+        url=f"{base_url}/metadata/version",
+        json={"connectionInfo": connection_info},
+    )
+    assert response.status_code == 200
+    assert response.text == '"8.0.40"'
+
+
 def _to_connection_info(mysql: MySqlContainer):
     return {
         "host": mysql.get_container_host_ip(),