From 8db7b774f27268da77481e42f217a8432dd06cc3 Mon Sep 17 00:00:00 2001 From: Magic Cat <37407870+MonikaCat@users.noreply.github.com> Date: Tue, 18 Apr 2023 08:03:22 +0700 Subject: [PATCH] feat: add TSL support when connecting to database (#94) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description [BDU-494](https://forbole.atlassian.net/jira/software/c/projects/BDU/issues/BDU-494) ## Checklist - [x] Targeted PR against correct branch. - [x] Linked to Github issue with discussion and accepted design OR link to spec that describes this work. - [x] Wrote unit tests. - [x] Re-reviewed `Files changed` in the Github PR explorer. [BDU-494]: https://forbole.atlassian.net/browse/BDU-494?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ --------- Co-authored-by: Riccardo --- CHANGELOG.md | 2 +- database/config/config.go | 14 +++++++++++++- database/postgresql/postgresql.go | 14 +++++++++++++- database/postgresql/postgresql_test.go | 4 ++++ types/env/const.go | 6 +++++- 5 files changed, 36 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d69e0262..b21194fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ ## Unreleased ### Changes - ([\#93](https://github.com/forbole/juno/pull/93)) Decode IBC transfer data to JSON for `/ibc.core.channel.v1.MsgRecvPacket` message - +- ([\#94](https://github.com/forbole/juno/pull/94)) Added TSL support when connecting to database ## v4.1.0 ### Changes diff --git a/database/config/config.go b/database/config/config.go index 42fd4bc6..e4b29856 100644 --- a/database/config/config.go +++ b/database/config/config.go @@ -8,6 +8,10 @@ type Config struct { MaxIdleConnections int `yaml:"max_idle_connections"` PartitionSize int64 `yaml:"partition_size"` PartitionBatchSize int64 `yaml:"partition_batch"` + SSLModeEnable string `yaml:"ssl_mode_enable"` + SSLRootCert string `yaml:"ssl_root_cert"` + SSLCert string `yaml:"ssl_cert"` + SSLKey string `yaml:"ssl_key"` } func (c *Config) getURL() *url.URL { @@ -44,7 +48,7 @@ func (c *Config) GetSSLMode() string { } func NewDatabaseConfig( - url string, + url, sslModeEnable, sslRootCert, sslCert, sslKey string, maxOpenConnections int, maxIdleConnections int, partitionSize int64, batchSize int64, ) Config { @@ -54,6 +58,10 @@ func NewDatabaseConfig( MaxIdleConnections: maxIdleConnections, PartitionSize: partitionSize, PartitionBatchSize: batchSize, + SSLModeEnable: sslModeEnable, + SSLRootCert: sslRootCert, + SSLCert: sslCert, + SSLKey: sslKey, } } @@ -61,6 +69,10 @@ func NewDatabaseConfig( func DefaultDatabaseConfig() Config { return NewDatabaseConfig( "postgresql://user:password@localhost:5432/database-name?sslmode=disable&search_path=public", + "false", + "", + "", + "", 1, 1, 100000, diff --git a/database/postgresql/postgresql.go b/database/postgresql/postgresql.go index 8e6df0c5..6c33db18 100644 --- a/database/postgresql/postgresql.go +++ b/database/postgresql/postgresql.go @@ -24,7 +24,19 @@ import ( // from config. It returns a database connection handle or an error if the // connection fails. func Builder(ctx *database.Context) (database.Database, error) { - postgresDb, err := sqlx.Open("postgres", utils.GetEnvOr(env.DatabaseURI, ctx.Cfg.URL)) + dbURI := utils.GetEnvOr(env.DatabaseURI, ctx.Cfg.URL) + dbEnableSSL := utils.GetEnvOr(env.DatabaseSSLModeEnable, ctx.Cfg.SSLModeEnable) + + // Configure SSL certificates (optional) + if dbEnableSSL == "true" { + dbRootCert := utils.GetEnvOr(env.DatabaseSSLRootCert, ctx.Cfg.SSLRootCert) + dbCert := utils.GetEnvOr(env.DatabaseSSLCert, ctx.Cfg.SSLCert) + dbKey := utils.GetEnvOr(env.DatabaseSSLKey, ctx.Cfg.SSLKey) + dbURI += fmt.Sprintf(" sslmode=require sslrootcert=%s sslcert=%s sslkey=%s", + dbRootCert, dbCert, dbKey) + } + + postgresDb, err := sqlx.Open("postgres", dbURI) if err != nil { return nil, err } diff --git a/database/postgresql/postgresql_test.go b/database/postgresql/postgresql_test.go index 96e15db3..104172db 100644 --- a/database/postgresql/postgresql_test.go +++ b/database/postgresql/postgresql_test.go @@ -34,6 +34,10 @@ func (suite *DbTestSuite) SetupTest() { // Build the database dbCfg := databaseconfig.NewDatabaseConfig( "postgres://bdjuno:password@localhost:6433/bdjuno?sslmode=disable&search_path=public", + "false", + "", + "", + "", -1, -1, 100000, diff --git a/types/env/const.go b/types/env/const.go index 09c3f9ec..fe97f78c 100644 --- a/types/env/const.go +++ b/types/env/const.go @@ -1,5 +1,9 @@ package env const ( - DatabaseURI = "JUNO_DATABASE_URL" + DatabaseURI = "JUNO_DATABASE_URL" + DatabaseSSLModeEnable = "JUNO_DATABASE_SSL_MODE_ENABLED" + DatabaseSSLRootCert = "JUNO_DATABASE_SSL_ROOT_CERT" + DatabaseSSLCert = "JUNO_DATABASE_SSL_CERT" + DatabaseSSLKey = "JUNO_DATABASE_SSL_KEY" )