-
Notifications
You must be signed in to change notification settings - Fork 170
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: makes mutual TLS optional for postgres, mysql/mariadb and grpc (#…
…244) * feat: makes mutual TLS optional for postgres and mysql * feat: makes mutual TLS optional for gRPC * refactor: replaces deprecated grpc.WithInsecure() * docs: changes meaning of grpc tls option to client cert * chore: updates test go version to same as project version (1.18) * test: adds TLS and mutual TLS support to db and grpc test environments * chore: adds generated test certificates to .gitignore * chore: reduces test certificates to minimum key usage * chore: adds second client certificate which acts as unauthorized * test: adds mysql tls and mutual tls tests * refactor: postgres ssl config check * refactor: change connectTries to 0 for postgres to only have 1 retry by default like mysql * refactor: postgres sslmode and sslrootcert code * test: adds postgres tls and mutual tls tests * fix: treat grpc authOpts grpc_ca_cert, grpc_tls_cert, grpc_tls_key as file paths instead of actual file contents refactor: improves error logging * test: adds grpc tls and mutual tls tests * Fix postgres ssl modes `require`, ``verify-ca` and `verify-full` to work without explicit root certificate. * refactor: adds warning for unknown pg_sslmode style: removes empty lines * style: compress switch case Co-authored-by: Martin Abbrent <[email protected]>
- Loading branch information
Showing
23 changed files
with
756 additions
and
112 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,7 +6,10 @@ FROM debian:stable-slim as builder | |
#Change them for your needs. | ||
ENV MOSQUITTO_VERSION=1.6.10 | ||
ENV PLUGIN_VERSION=0.6.1 | ||
ENV GO_VERSION=1.13.8 | ||
ENV GO_VERSION=1.18 | ||
# Used in run-test-in-docker.sh to check if the script | ||
# is actually run in a container | ||
ENV MOSQUITTO_GO_AUTH_TEST_RUNNING_IN_A_CONTAINER=true | ||
|
||
WORKDIR /app | ||
|
||
|
@@ -68,5 +71,9 @@ RUN wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add - | |
apt-get install -y mongodb-org && \ | ||
rm -f /usr/bin/systemctl | ||
|
||
# Install CFSSL to generate test certificates required for tests | ||
RUN export PATH=$PATH:/usr/local/go/bin && go install github.com/cloudflare/cfssl/cmd/[email protected] && cp ~/go/bin/cfssl /usr/local/bin | ||
RUN export PATH=$PATH:/usr/local/go/bin && go install github.com/cloudflare/cfssl/cmd/[email protected] && cp ~/go/bin/cfssljson /usr/local/bin | ||
|
||
# Pre-compilation of test for speed-up latest re-run | ||
RUN export PATH=$PATH:/usr/local/go/bin && go test -c ./backends -o /dev/null |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.