diff --git a/src/frontend/src/lib.rs b/src/frontend/src/lib.rs index 516adba5cf95c..a466bde4286c5 100644 --- a/src/frontend/src/lib.rs +++ b/src/frontend/src/lib.rs @@ -158,7 +158,7 @@ pub fn start(opts: FrontendOpts) -> Pin + Send>> { Box::pin(async move { let listen_addr = opts.listen_addr.clone(); let session_mgr = Arc::new(SessionManagerImpl::new(opts).await.unwrap()); - pg_serve(&listen_addr, session_mgr, Some(TlsConfig::new_default())) + pg_serve(&listen_addr, session_mgr, TlsConfig::new_default()) .await .unwrap(); }) diff --git a/src/utils/pgwire/src/pg_protocol.rs b/src/utils/pgwire/src/pg_protocol.rs index fcf368aeafae9..51ab737b47634 100644 --- a/src/utils/pgwire/src/pg_protocol.rs +++ b/src/utils/pgwire/src/pg_protocol.rs @@ -15,7 +15,6 @@ use std::any::Any; use std::collections::HashMap; use std::panic::AssertUnwindSafe; -use std::path::PathBuf; use std::pin::Pin; use std::str::Utf8Error; use std::sync::{Arc, LazyLock, Weak}; @@ -107,24 +106,17 @@ where #[derive(Debug, Clone)] pub struct TlsConfig { /// The path to the TLS certificate. - pub cert: PathBuf, + pub cert: String, /// The path to the TLS key. - pub key: PathBuf, + pub key: String, } impl TlsConfig { - pub fn new_default() -> Self { - let cert = PathBuf::new().join("tests/ssl/demo.crt"); - let key = PathBuf::new().join("tests/ssl/demo.key"); - let path_to_cur_proj = PathBuf::new().join("src/utils/pgwire"); - - Self { - // Now the demo crt and key are hard code generated via simple self-signed CA. - // In future it should change to configure by user. - // The path is mounted from project root. - cert: path_to_cur_proj.join(cert), - key: path_to_cur_proj.join(key), - } + pub fn new_default() -> Option { + let cert = std::env::var("RW_SSL_CERT").ok()?; + let key = std::env::var("RW_SSL_KEY").ok()?; + tracing::info!("RW_SSL_CERT={}, RW_SSL_KEY={}", cert, key); + Some(Self { cert, key }) } } diff --git a/src/utils/pgwire/tests/ssl/demo.crt b/src/utils/pgwire/tests/ssl/demo.crt deleted file mode 100644 index 876f9ed2d6f17..0000000000000 --- a/src/utils/pgwire/tests/ssl/demo.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDVjCCAj4CCQCKdLrYmf3SWzANBgkqhkiG9w0BAQUFADBtMQswCQYDVQQGEwJD -TjELMAkGA1UECAwCQ04xCzAJBgNVBAcMAkNOMQswCQYDVQQKDAJDTjELMAkGA1UE -CwwCQ04xFzAVBgNVBAMMDjEyNy4wLjAuMTo0NTY2MREwDwYJKoZIhvcNAQkBFgJD -TjAeFw0yMjEwMDkwMzQ3NDJaFw0yMzEwMDkwMzQ3NDJaMG0xCzAJBgNVBAYTAkNO -MQswCQYDVQQIDAJDTjELMAkGA1UEBwwCQ04xCzAJBgNVBAoMAkNOMQswCQYDVQQL -DAJDTjEXMBUGA1UEAwwOMTI3LjAuMC4xOjQ1NjYxETAPBgkqhkiG9w0BCQEWAkNO -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxq21OlGSYvdbXIkVE+Xp -08ja4y1Bgw0Z/Im13mSYEL3W234b5gHhddnZ2aXbeQVohd5V6wkebdSI9rRvaURW -ZwGGXJwWZyGdXAM731tVkYsVM4Bms/dja6L6C32ZzCLvLHz/vgdf5vuYZwBjfytq -s4ObhxZEwVc3ucXWxS3yx9ndrJfXg860TLtzkEIWPaUbFnt+/IZJ1QLMZdb3oJNe -5CUj2e+rjcwRPcO73GNSsnjG2uwQOt3XesU+oMoAEfg5MJMFYIm3q2FkCygaWTQb -5ao64DujP1Pcz3s3xR6wNVegYnzMStOxc1fkel33LNuzBJWzbceaQORv0p2XV3Wm -rwIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQBmR3JnNApmsgSpy2LtO02T/vZhiIEi -aBT8UoKR4TAbWfnpsrUR+QiS5aev4CvnFVCMkC5rhNFiRumLmd3wxie5cJ0SYCN/ -l9Iql/p3O/J+nHLoOfBqwpeypG/wGipi9cT7OZITWU0A7OBLk9Bo85f5GqlGsPVZ -XUoMMbY7JF5g3OfU8aIY9mH/g9Jpv1xGawQ6BtWTfkPT6lLDxs3ze8ocYKcfgP7x -KaGL2QUmTwP9WACcq/HCho/aKWi/N7iztZqlVQ2qk2t57ipHgsMlSVvlj0MalXpK -5YHJqwijuEpzoIluWibR5zkMB1K8ns4wqpMtDfosp5I0DKqBC0TarqQ5 ------END CERTIFICATE----- diff --git a/src/utils/pgwire/tests/ssl/demo.key b/src/utils/pgwire/tests/ssl/demo.key deleted file mode 100644 index a52b364005a41..0000000000000 --- a/src/utils/pgwire/tests/ssl/demo.key +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGrbU6UZJi91tc -iRUT5enTyNrjLUGDDRn8ibXeZJgQvdbbfhvmAeF12dnZpdt5BWiF3lXrCR5t1Ij2 -tG9pRFZnAYZcnBZnIZ1cAzvfW1WRixUzgGaz92NrovoLfZnMIu8sfP++B1/m+5hn -AGN/K2qzg5uHFkTBVze5xdbFLfLH2d2sl9eDzrRMu3OQQhY9pRsWe378hknVAsxl -1vegk17kJSPZ76uNzBE9w7vcY1KyeMba7BA63dd6xT6gygAR+DkwkwVgiberYWQL -KBpZNBvlqjrgO6M/U9zPezfFHrA1V6BifMxK07FzV+R6Xfcs27MElbNtx5pA5G/S -nZdXdaavAgMBAAECggEBAKiUDAoH3OYMbID/79qKYvVIoDHS3JuOKlaVorOpNz49 -Vmm3f4SSY/PTfX2ntaniZOXx2YUsn50hkXWDdGUljwqnyJIb/wZTB2pjdBH5NYnh -MYQZlwttBfb2uqO1VyJXIgnlpjpfl4guQwpi0gm9lTPsn7Lnuj8y+h2vOKTmb/IR -8YviR0D1V8YBJUsX3Hq4L1IKeaJrEUwVd2I2GJS809k+qUDNMLxomIUrxchkw8rc -BAbFzau+sixJLoR1zAIoo5WRwZd5Y9lD1n9yI2iLVusS/wqH9nvVZnblwxVrHbCp -a432lC38BoGy5lFgZraow8pV2wS8kiiXCIzBGimM+UECgYEA+y6v6ysC5b8AvNo8 -oYB3Sj+1CvMtt0THf96Lu6ikqPoI+HThswfwHTZJLJJI6L6z1lN3ISP6gE1yEJ4z -9dHahMjd5ZK9y1egtMkxETbXyIv3QvMfkn2OmgPrUi1/kWK9jkwLrBR1SQ19omNK -5q6rcNIfjhrkAqMEpVjx4o/O230CgYEAyn05tN38feHX1JjKwI75QEYjd4yxuA85 -enS+WX4Tku+DK1xCcgPh+HWBNlPjVbwVmciP+6QbqXoGV054pe2GA/bpbPSZ0fH4 -9fRmUgszaSkczlIQKjmrLNyrEVSsn1bcFgf+uXAUSWXrdRQ1Kvo7VTk7Ap5kDsW3 -ygQRP9W5apsCgYEA8Ro4XFiV2GfF0oD879z7JDcQlakkuaT4hiHdKM1Q+K3AjJTM -zGeTMMcZ6AGmoFnlD5ZgZFw/qIYuNgtVPuEniouwixuWuKetJ7tzMN3etK69MfNi -299PUUDv0ZrAt5H696rBDXU5u1yKuqPqkpEZGRtolKP1Nx65Z+l/jQSS/5UCgYBS -6KdCKUqC+H/46n7KDUB9Urqe7pqt9H3iZ/6wgfDdzvf0Pxhtuq1BoEtBxWNl7Vci -2n4p2O4CnJYQFW9M8U5YPTcih5yb2+nGO0XR/ggU3OKQkAVSZL5z5f6dYAA2VchT -tP5VS1DjJLod/CIw8LhukrpYviXV7prsOnIdoxMCVQKBgC4F8zOCYTkhbDQc0VW9 -ggksa/X8LtuyAIc80UhKjAzQC2Los+LI63fSctGITDfz2Vcj4cSwXW31H/5iKTr1 -ty1Z6jt9bpy7xkUGTq427ahu+0Gk/qgJ993UsTynJDKq888l7ShAVdXbGMPUc7rI -QveJPoDE1ZtozaHI7876BVZt ------END PRIVATE KEY-----