Merge pull request #43068 from mbayucot/42994-add-support-for-postgresql-certs-on-db-tasks
Add ssl support for postgresql database tasks
This commit is contained in:
commit
203e757fd3
@ -1,3 +1,31 @@
|
||||
* Add ssl support for postgresql database tasks
|
||||
|
||||
Add `PGSSLMODE`, `PGSSLCERT`, `PGSSLKEY` and `PGSSLROOTCERT` to pg_env from database config
|
||||
when running postgresql database tasks.
|
||||
|
||||
```yaml
|
||||
# config/database.yml
|
||||
|
||||
production:
|
||||
sslmode: verify-full
|
||||
sslcert: client.crt
|
||||
sslkey: client.key
|
||||
sslrootcert: ca.crt
|
||||
```
|
||||
|
||||
Environment variables
|
||||
|
||||
```
|
||||
PGSSLMODE=verify-full
|
||||
PGSSLCERT=client.crt
|
||||
PGSSLKEY=client.key
|
||||
PGSSLROOTCERT=ca.crt
|
||||
```
|
||||
|
||||
Fixes #42994
|
||||
|
||||
*Michael Bayucot*
|
||||
|
||||
* Avoid scoping update callbacks in `ActiveRecord::Relation#update!`.
|
||||
|
||||
Making it consistent with how scoping is applied only to the query in `ActiveRecord::Relation#update`
|
||||
|
@ -99,10 +99,14 @@ def establish_master_connection
|
||||
|
||||
def psql_env
|
||||
{}.tap do |env|
|
||||
env["PGHOST"] = db_config.host if db_config.host
|
||||
env["PGPORT"] = configuration_hash[:port].to_s if configuration_hash[:port]
|
||||
env["PGPASSWORD"] = configuration_hash[:password].to_s if configuration_hash[:password]
|
||||
env["PGUSER"] = configuration_hash[:username].to_s if configuration_hash[:username]
|
||||
env["PGHOST"] = db_config.host if db_config.host
|
||||
env["PGPORT"] = configuration_hash[:port].to_s if configuration_hash[:port]
|
||||
env["PGPASSWORD"] = configuration_hash[:password].to_s if configuration_hash[:password]
|
||||
env["PGUSER"] = configuration_hash[:username].to_s if configuration_hash[:username]
|
||||
env["PGSSLMODE"] = configuration_hash[:sslmode].to_s if configuration_hash[:sslmode]
|
||||
env["PGSSLCERT"] = configuration_hash[:sslcert].to_s if configuration_hash[:sslcert]
|
||||
env["PGSSLKEY"] = configuration_hash[:sslkey].to_s if configuration_hash[:sslkey]
|
||||
env["PGSSLROOTCERT"] = configuration_hash[:sslrootcert].to_s if configuration_hash[:sslrootcert]
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -383,6 +383,18 @@ def test_structure_dump_with_env
|
||||
end
|
||||
end
|
||||
|
||||
def test_structure_dump_with_ssl_env
|
||||
expected_env = { "PGSSLMODE" => "verify-full", "PGSSLCERT" => "client.crt", "PGSSLKEY" => "client.key", "PGSSLROOTCERT" => "root.crt" }
|
||||
expected_command = [expected_env, "pg_dump", "--schema-only", "--no-privileges", "--no-owner", "--file", @filename, "my-app-db"]
|
||||
|
||||
assert_called_with(Kernel, :system, expected_command, returns: true) do
|
||||
ActiveRecord::Tasks::DatabaseTasks.structure_dump(
|
||||
@configuration.merge(sslmode: "verify-full", sslcert: "client.crt", sslkey: "client.key", sslrootcert: "root.crt"),
|
||||
@filename
|
||||
)
|
||||
end
|
||||
end
|
||||
|
||||
def test_structure_dump_with_extra_flags
|
||||
expected_command = [{}, "pg_dump", "--schema-only", "--no-privileges", "--no-owner", "--file", @filename, "--noop", "my-app-db"]
|
||||
|
||||
@ -550,6 +562,21 @@ def test_structure_load_with_env
|
||||
end
|
||||
end
|
||||
|
||||
def test_structure_load_with_ssl_env
|
||||
filename = "awesome-file.sql"
|
||||
expected_env = { "PGSSLMODE" => "verify-full", "PGSSLCERT" => "client.crt", "PGSSLKEY" => "client.key", "PGSSLROOTCERT" => "root.crt" }
|
||||
expected_command = [expected_env, "psql", "--set", "ON_ERROR_STOP=1", "--quiet", "--no-psqlrc", "--file", filename, "--noop", @configuration["database"]]
|
||||
|
||||
assert_called_with(Kernel, :system, expected_command, returns: true) do
|
||||
with_structure_load_flags(["--noop"]) do
|
||||
ActiveRecord::Tasks::DatabaseTasks.structure_load(
|
||||
@configuration.merge(sslmode: "verify-full", sslcert: "client.crt", sslkey: "client.key", sslrootcert: "root.crt"),
|
||||
filename
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def test_structure_load_with_hash_extra_flags_for_a_different_driver
|
||||
filename = "awesome-file.sql"
|
||||
expected_command = [{}, "psql", "--set", "ON_ERROR_STOP=1", "--quiet", "--no-psqlrc", "--file", filename, @configuration["database"]]
|
||||
|
Loading…
Reference in New Issue
Block a user