Skip to content

postgres: add WITH tls options #6787

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

postgres: add WITH tls options #6787

wants to merge 3 commits into from

Conversation

uce
Copy link
Contributor

@uce uce commented May 18, 2021
edited
Loading

This PR depends on changes to rust-postgres that are currently PR'd to the upstream project. 3fcde15 pulls in the changes based on top of the HEAD of our fork.

The logic to configure the SslConnector is part of rust-postgres/postgres-openssl (see linked PR). I found it hard to justify why we would want to have the additional sslmodes upstream without an easy way to make use of them upstream. If there are concerns about the changes upstream, we should be able to easily pull them into our repo.

Users can now specify TLS configuration as in:

CREATE MATERIALIZED SOURCE "mz_source"
FROM POSTGRES HOST 'host=postgres port=5432 user=cert_user sslmode=verify-ca dbname=postgres'
PUBLICATION 'mz_source'
WITH (
  sslcert = '/share/secrets/cert_user.crt',
  sslkey = '/share/secrets/cert_user.key',
  sslrootcert = '/share/secrets/ca.crt'
);

The key names are based on the official Postgres keys.

@uce uce requested a review from petrosagg May 18, 2021 14:59
@uce uce force-pushed the 6716-with_options branch from 723f87a to ef962cb Compare May 18, 2021 15:07
uce added 2 commits May 18, 2021 17:17
@uce
deps: use uce/rust-postgres@6716-ssl_modes
a505d2e
@uce
postgres: add WITH tls options
6091ec6 
Adds the following `WITH` options to Postgres sources:
- `sslcert`
- `sslkey`
- `sslrootcert`

The options are validated to be existings files and translated to a
`TlsConfig` for `postgres-openssl` which configures the `SslConnector`
for the respective sslmode.
@uce uce force-pushed the 6716-with_options branch from ef962cb to 6091ec6 Compare May 18, 2021 15:17
@uce
Copy link
Contributor Author

uce commented May 20, 2021

Closing in favor of #6803.

@uce uce closed this May 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@petrosagg petrosagg Awaiting requested review from petrosagg

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@uce