diff --git a/make/common/templates/adminserver/env b/make/common/templates/adminserver/env index fa34d342b..bbfc92756 100644 --- a/make/common/templates/adminserver/env +++ b/make/common/templates/adminserver/env @@ -18,6 +18,7 @@ POSTGRESQL_PORT=$db_port POSTGRESQL_USERNAME=$db_user POSTGRESQL_PASSWORD=$db_password POSTGRESQL_DATABASE=registry +POSTGRESQL_SSLMODE=disable LDAP_GROUP_BASEDN=$ldap_group_basedn LDAP_GROUP_FILTER=$ldap_group_filter LDAP_GROUP_GID=$ldap_group_gid @@ -48,6 +49,7 @@ CLAIR_DB_HOST=$clair_db_host CLAIR_DB_PORT=$clair_db_port CLAIR_DB_USERNAME=$clair_db_username CLAIR_DB=$clair_db +CLAIR_DB_SSLMODE=disable RESET=$reload_config UAA_ENDPOINT=$uaa_endpoint UAA_CLIENTID=$uaa_clientid diff --git a/src/adminserver/systemcfg/systemcfg.go b/src/adminserver/systemcfg/systemcfg.go index 432e9e044..ddb260055 100644 --- a/src/adminserver/systemcfg/systemcfg.go +++ b/src/adminserver/systemcfg/systemcfg.go @@ -147,6 +147,7 @@ var ( env: "CLAIR_DB_PORT", parse: parseStringToInt, }, + common.ClairDBSSLMode: "CLAIR_DB_SSLMODE", common.UAAEndpoint: "UAA_ENDPOINT", common.UAAClientID: "UAA_CLIENTID", common.UAAClientSecret: "UAA_CLIENTSECRET", @@ -210,6 +211,7 @@ var ( env: "CLAIR_DB_PORT", parse: parseStringToInt, }, + common.ClairDBSSLMode: "CLAIR_DB_SSLMODE", common.UAAEndpoint: "UAA_ENDPOINT", common.UAAClientID: "UAA_CLIENTID", common.UAAClientSecret: "UAA_CLIENTSECRET", @@ -430,6 +432,7 @@ func GetDatabaseFromCfg(cfg map[string]interface{}) *models.Database { postgresql.Username = utils.SafeCastString(cfg[common.PostGreSQLUsername]) postgresql.Password = utils.SafeCastString(cfg[common.PostGreSQLPassword]) postgresql.Database = utils.SafeCastString(cfg[common.PostGreSQLDatabase]) + postgresql.SSLMode = utils.SafeCastString(cfg[common.PostGreSQLSSLMode]) database.PostGreSQL = postgresql return database } diff --git a/src/common/const.go b/src/common/const.go index 7a7f499af..159d7bf4f 100644 --- a/src/common/const.go +++ b/src/common/const.go @@ -88,6 +88,7 @@ const ( ClairDBPort = "clair_db_port" ClairDB = "clair_db" ClairDBUsername = "clair_db_username" + ClairDBSSLMode = "clair_db_sslmode" UAAEndpoint = "uaa_endpoint" UAAClientID = "uaa_client_id" UAAClientSecret = "uaa_client_secret" diff --git a/src/common/dao/base.go b/src/common/dao/base.go index 6b013e354..ab87d03a9 100644 --- a/src/common/dao/base.go +++ b/src/common/dao/base.go @@ -52,7 +52,7 @@ func InitClairDB(clairDB *models.PostGreSQL) error { usr: clairDB.Username, pwd: clairDB.Password, database: clairDB.Database, - sslmode: false, + sslmode: clairDB.SSLMode, } if err := p.Register(ClairDBAlias); err != nil { return err @@ -108,7 +108,7 @@ func getDatabase(database *models.Database) (db Database, err error) { database.PostGreSQL.Username, database.PostGreSQL.Password, database.PostGreSQL.Database, - false) + database.PostGreSQL.SSLMode) default: err = fmt.Errorf("invalid database: %s", database.Type) } diff --git a/src/common/dao/pgsql.go b/src/common/dao/pgsql.go index 77f4d01a2..685f2ad35 100644 --- a/src/common/dao/pgsql.go +++ b/src/common/dao/pgsql.go @@ -36,16 +36,7 @@ type pgsql struct { usr string pwd string database string - sslmode bool -} - -type pgsqlSSLMode bool - -func (pm pgsqlSSLMode) String() string { - if bool(pm) { - return "enable" - } - return "disable" + sslmode string } // Name returns the name of PostgreSQL @@ -56,11 +47,14 @@ func (p *pgsql) Name() string { // String ... func (p *pgsql) String() string { return fmt.Sprintf("type-%s host-%s port-%s databse-%s sslmode-%q", - p.Name(), p.host, p.port, p.database, pgsqlSSLMode(p.sslmode)) + p.Name(), p.host, p.port, p.database, p.sslmode) } // NewPGSQL returns an instance of postgres -func NewPGSQL(host string, port string, usr string, pwd string, database string, sslmode bool) Database { +func NewPGSQL(host string, port string, usr string, pwd string, database string, sslmode string) Database { + if len(sslmode) == 0 { + sslmode = "disable" + } return &pgsql{ host: host, port: port, @@ -86,14 +80,14 @@ func (p *pgsql) Register(alias ...string) error { an = alias[0] } info := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s", - p.host, p.port, p.usr, p.pwd, p.database, pgsqlSSLMode(p.sslmode)) + p.host, p.port, p.usr, p.pwd, p.database, p.sslmode) return orm.RegisterDataBase(an, "postgres", info) } // UpgradeSchema calls migrate tool to upgrade schema to the latest based on the SQL scripts. func (p *pgsql) UpgradeSchema() error { - dbURL := fmt.Sprintf("postgres://%s:%s@%s:%s/%s?sslmode=%s", p.usr, p.pwd, p.host, p.port, p.database, pgsqlSSLMode(p.sslmode)) + dbURL := fmt.Sprintf("postgres://%s:%s@%s:%s/%s?sslmode=%s", p.usr, p.pwd, p.host, p.port, p.database, p.sslmode) // For UT path := os.Getenv("POSTGRES_MIGRATION_SCRIPTS_PATH") if len(path) == 0 { diff --git a/src/common/models/config.go b/src/common/models/config.go index 6d120cea7..7d99d7c29 100644 --- a/src/common/models/config.go +++ b/src/common/models/config.go @@ -50,6 +50,7 @@ type PostGreSQL struct { Username string `json:"username"` Password string `json:"password,omitempty"` Database string `json:"database"` + SSLMode string `json:"sslmode"` } // Email ... diff --git a/src/ui/config/config.go b/src/ui/config/config.go index 8bd5a9e70..cf6c2d32b 100644 --- a/src/ui/config/config.go +++ b/src/ui/config/config.go @@ -410,6 +410,7 @@ func Database() (*models.Database, error) { postgresql.Username = utils.SafeCastString(cfg[common.PostGreSQLUsername]) postgresql.Password = utils.SafeCastString(cfg[common.PostGreSQLPassword]) postgresql.Database = utils.SafeCastString(cfg[common.PostGreSQLDatabase]) + postgresql.SSLMode = utils.SafeCastString(cfg[common.PostGreSQLSSLMode]) database.PostGreSQL = postgresql return database, nil @@ -471,6 +472,7 @@ func ClairDB() (*models.PostGreSQL, error) { clairDB.Username = utils.SafeCastString(cfg[common.ClairDBUsername]) clairDB.Password = utils.SafeCastString(cfg[common.ClairDBPassword]) clairDB.Database = utils.SafeCastString(cfg[common.ClairDB]) + clairDB.SSLMode = utils.SafeCastString(cfg[common.ClairDBSSLMode]) return clairDB, nil }