Skip to content

Commit

Permalink
Merge pull request #65 from Duologic/duologic/postgresql-sslmode
Browse files Browse the repository at this point in the history 
Add SSLMode for PostgreSQL
  • Loading branch information
@jdotw
jdotw authored Mar 16, 2022
2 parents 63a2ea7 + cd57c41 commit 7cb321f
Show file tree
Hide file tree
Showing 12 changed files with 39 additions and 19 deletions.
5 changes: 5 additions & 0 deletions apis/postgresql/v1alpha1/provider_types.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ type ProviderConfigSpec struct {
// PostgreSQL instance. Same as PGDATABASE environment variable.
// +kubebuilder:default="postgres"
DefaultDatabase string `json:"defaultDatabase,omitempty"`
// Defines the SSL mode used to set up a connection to the provided
// PostgreSQL instance
// +kubebuilder:validation:Enum=disable;require;verify-ca;verify-full
// +optional
SSLMode string `json:"sslMode"`
}

const (
Expand Down
8 changes: 8 additions & 0 deletions package/crds/postgresql.sql.crossplane.io_providerconfigs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,14 @@ spec:
default: postgres
description: Defines the database name used to set up a connection to the provided PostgreSQL instance. Same as PGDATABASE environment variable.
type: string
sslMode:
description: Defines the SSL mode used to set up a connection to the provided PostgreSQL instance
enum:
- disable
- require
- verify-ca
- verify-full
type: string
required:
- credentials
type: object
Expand Down
14 changes: 10 additions & 4 deletions pkg/clients/postgresql/postgresql.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,26 +23,31 @@ type postgresDB struct {
dsn string
endpoint string
port string
sslmode string
}

// New returns a new PostgreSQL database client. The default database name is
// an empty string. The underlying pq library will default to either using the
// value of PGDATABASE, or if unset, the hardcoded string 'postgres'.
func New(creds map[string][]byte, database string) xsql.DB {
// The sslmode defines the mode used to set up the connection for the provider.
func New(creds map[string][]byte, database, sslmode string) xsql.DB {
// TODO(negz): Support alternative connection secret formats?
endpoint := string(creds[xpv1.ResourceCredentialsSecretEndpointKey])
port := string(creds[xpv1.ResourceCredentialsSecretPortKey])
username := string(creds[xpv1.ResourceCredentialsSecretUserKey])
password := string(creds[xpv1.ResourceCredentialsSecretPasswordKey])
dsn := DSN(username, password, endpoint, port, database, sslmode)

return postgresDB{
dsn: DSN(username, password, endpoint, port, database),
dsn: dsn,
endpoint: endpoint,
port: port,
sslmode: sslmode,
}
}

// DSN returns the DSN URL
func DSN(username, password, endpoint, port, database string) string {
func DSN(username, password, endpoint, port, database, sslmode string) string {
// Use net/url UserPassword to encode the username and password
// This will ensure that any special characters in the username or password
// are percent-encoded for use in the user info portion of the DSN URL
Expand All @@ -51,7 +56,8 @@ func DSN(username, password, endpoint, port, database string) string {
userInfo.String() + "@" +
endpoint + ":" +
port + "/" +
database
database +
"?sslmode=" + sslmode
}

// ExecTx executes an array of queries, committing if all are successful and
Expand Down
5 changes: 3 additions & 2 deletions pkg/clients/postgresql/postgresql_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,9 @@ func TestDSNURLEscaping(t *testing.T) {
user := "username"
rawPass := "password^"
encPass := "password%5E"
dsn := DSN(user, rawPass, endpoint, port, db)
if dsn != "postgres://"+user+":"+encPass+"@"+endpoint+":"+port+"/"+db {
sslmode := "require"
dsn := DSN(user, rawPass, endpoint, port, db, sslmode)
if dsn != "postgres://"+user+":"+encPass+"@"+endpoint+":"+port+"/"+db+"?sslmode="+sslmode {
t.Errorf("DSN string did not match expected output with userinfo URL encoded")
}
}
4 changes: 2 additions & 2 deletions pkg/controller/postgresql/database/reconciler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ func Setup(mgr ctrl.Manager, l logging.Logger) error {
type connector struct {
kube client.Client
usage resource.Tracker
newDB func(creds map[string][]byte, database string) xsql.DB
newDB func(creds map[string][]byte, database string, sslmode string) xsql.DB
}

func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
Expand Down Expand Up @@ -119,7 +119,7 @@ func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.E
return nil, errors.Wrap(err, errGetSecret)
}

return &external{db: c.newDB(s.Data, pc.Spec.DefaultDatabase)}, nil
return &external{db: c.newDB(s.Data, pc.Spec.DefaultDatabase, pc.Spec.SSLMode)}, nil
}

type external struct{ db xsql.DB }
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/postgresql/database/reconciler_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func TestConnect(t *testing.T) {
type fields struct {
kube client.Client
usage resource.Tracker
newDB func(creds map[string][]byte, database string) xsql.DB
newDB func(creds map[string][]byte, database string, sslmode string) xsql.DB
}

type args struct {
Expand Down
6 changes: 3 additions & 3 deletions pkg/controller/postgresql/extension/reconciler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ func Setup(mgr ctrl.Manager, l logging.Logger) error {
type connector struct {
kube client.Client
usage resource.Tracker
newDB func(creds map[string][]byte, database string) xsql.DB
newDB func(creds map[string][]byte, database string, sslmode string) xsql.DB
}

func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
Expand Down Expand Up @@ -112,10 +112,10 @@ func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.E
// We do not want to create an extension on the default DB
// if the user was expecting a database name to be resolved.
if cr.Spec.ForProvider.Database != nil {
return &external{db: c.newDB(s.Data, *cr.Spec.ForProvider.Database)}, nil
return &external{db: c.newDB(s.Data, *cr.Spec.ForProvider.Database, pc.Spec.SSLMode)}, nil
}

return &external{db: c.newDB(s.Data, pc.Spec.DefaultDatabase)}, nil
return &external{db: c.newDB(s.Data, pc.Spec.DefaultDatabase, pc.Spec.SSLMode)}, nil
}

type external struct{ db xsql.DB }
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/postgresql/extension/reconciler_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ func TestConnect(t *testing.T) {
type fields struct {
kube client.Client
usage resource.Tracker
newDB func(creds map[string][]byte, database string) xsql.DB
newDB func(creds map[string][]byte, database string, sslmode string) xsql.DB
}

type args struct {
Expand Down
4 changes: 2 additions & 2 deletions pkg/controller/postgresql/grant/reconciler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ func Setup(mgr ctrl.Manager, l logging.Logger) error {
type connector struct {
kube client.Client
usage resource.Tracker
newDB func(creds map[string][]byte, database string) xsql.DB
newDB func(creds map[string][]byte, database string, sslmode string) xsql.DB
}

func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
Expand Down Expand Up @@ -120,7 +120,7 @@ func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.E
return nil, errors.Wrap(err, errGetSecret)
}
return &external{
db: c.newDB(s.Data, pc.Spec.DefaultDatabase),
db: c.newDB(s.Data, pc.Spec.DefaultDatabase, pc.Spec.SSLMode),
kube: c.kube,
}, nil
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/postgresql/grant/reconciler_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ func TestConnect(t *testing.T) {
type fields struct {
kube client.Client
usage resource.Tracker
newDB func(creds map[string][]byte, database string) xsql.DB
newDB func(creds map[string][]byte, database string, sslmode string) xsql.DB
}

type args struct {
Expand Down
4 changes: 2 additions & 2 deletions pkg/controller/postgresql/role/reconciler.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ func Setup(mgr ctrl.Manager, l logging.Logger) error {
type connector struct {
kube client.Client
usage resource.Tracker
newDB func(creds map[string][]byte, database string) xsql.DB
newDB func(creds map[string][]byte, database string, sslmode string) xsql.DB
}

func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.ExternalClient, error) {
Expand Down Expand Up @@ -118,7 +118,7 @@ func (c *connector) Connect(ctx context.Context, mg resource.Managed) (managed.E
}

return &external{
db: c.newDB(s.Data, pc.Spec.DefaultDatabase),
db: c.newDB(s.Data, pc.Spec.DefaultDatabase, pc.Spec.SSLMode),
kube: c.kube,
}, nil
}
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/postgresql/role/reconciler_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ func TestConnect(t *testing.T) {
type fields struct {
kube client.Client
usage resource.Tracker
newDB func(creds map[string][]byte, database string) xsql.DB
newDB func(creds map[string][]byte, database string, sslmode string) xsql.DB
}

type args struct {
Expand Down

0 comments on commit 7cb321f

Please sign in to comment.