From 263c0e560b91ed73f2597890f7210f0f3e060b58 Mon Sep 17 00:00:00 2001 From: Mark Meyer Date: Fri, 21 Jul 2023 08:10:14 -0800 Subject: [PATCH 1/5] change db connection string to use ssl --- training/database/database.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/training/database/database.py b/training/database/database.py index 7c43b2b4..5e063425 100644 --- a/training/database/database.py +++ b/training/database/database.py @@ -7,6 +7,6 @@ # PostgreSQL URIs to use postgresql:// db_uri = settings.DB_URI.replace("postgres://", "postgresql://") -engine = create_engine(db_uri) +engine = create_engine(db_uri, connect_args={'sslmode': 'require'}) SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine) From 80c5f12521c0cd8af2e213c197874f0f503c20aa Mon Sep 17 00:00:00 2001 From: Mark Meyer Date: Fri, 21 Jul 2023 08:32:23 -0800 Subject: [PATCH 2/5] taking a wild guess to configure ssl on github's postgres service --- .github/workflows/backend-tests.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/backend-tests.yaml b/.github/workflows/backend-tests.yaml index 3d1c19ed..b5434d7b 100644 --- a/.github/workflows/backend-tests.yaml +++ b/.github/workflows/backend-tests.yaml @@ -20,6 +20,12 @@ jobs: image: postgres:12 # For best results, match version in use by cloud.gov RDS ports: - 5432:5432 + build: + context: ./dev/db + command: > + -c ssl=on + -c ssl_cert_file=/var/lib/postgresql/server.crt + -c ssl_key_file=/var/lib/postgresql/server.key env: POSTGRES_PASSWORD: postgres options: >- From 03714deb8c49de67b8b53ea8a22e5519c52f78ea Mon Sep 17 00:00:00 2001 From: Mark Meyer Date: Fri, 21 Jul 2023 08:38:33 -0800 Subject: [PATCH 3/5] no-op change to py file to get tests to run on github --- training/database/database.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/training/database/database.py b/training/database/database.py index 5e063425..906fc0f5 100644 --- a/training/database/database.py +++ b/training/database/database.py @@ -4,7 +4,7 @@ # cloud.gov provides the URI in postgres:// format, but SQLAlchemy requires -# PostgreSQL URIs to use postgresql:// +# PostgreSQL URIs to use postgresql:// db_uri = settings.DB_URI.replace("postgres://", "postgresql://") engine = create_engine(db_uri, connect_args={'sslmode': 'require'}) From a7fe82d81626e571feac77b172e02718d78f7010 Mon Sep 17 00:00:00 2001 From: Mark Meyer Date: Fri, 21 Jul 2023 08:40:13 -0800 Subject: [PATCH 4/5] revert - this did not work --- .github/workflows/backend-tests.yaml | 6 ------ training/database/database.py | 2 +- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/.github/workflows/backend-tests.yaml b/.github/workflows/backend-tests.yaml index b5434d7b..3d1c19ed 100644 --- a/.github/workflows/backend-tests.yaml +++ b/.github/workflows/backend-tests.yaml @@ -20,12 +20,6 @@ jobs: image: postgres:12 # For best results, match version in use by cloud.gov RDS ports: - 5432:5432 - build: - context: ./dev/db - command: > - -c ssl=on - -c ssl_cert_file=/var/lib/postgresql/server.crt - -c ssl_key_file=/var/lib/postgresql/server.key env: POSTGRES_PASSWORD: postgres options: >- diff --git a/training/database/database.py b/training/database/database.py index 906fc0f5..5e063425 100644 --- a/training/database/database.py +++ b/training/database/database.py @@ -4,7 +4,7 @@ # cloud.gov provides the URI in postgres:// format, but SQLAlchemy requires -# PostgreSQL URIs to use postgresql:// +# PostgreSQL URIs to use postgresql:// db_uri = settings.DB_URI.replace("postgres://", "postgresql://") engine = create_engine(db_uri, connect_args={'sslmode': 'require'}) From ff21248499ee14d90c29733e2fe384cb706c2e00 Mon Sep 17 00:00:00 2001 From: Mark Meyer Date: Mon, 24 Jul 2023 13:26:46 -0800 Subject: [PATCH 5/5] explicitly set sslmode to 'prefer' --- training/database/database.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/training/database/database.py b/training/database/database.py index 5e063425..3398964e 100644 --- a/training/database/database.py +++ b/training/database/database.py @@ -7,6 +7,6 @@ # PostgreSQL URIs to use postgresql:// db_uri = settings.DB_URI.replace("postgres://", "postgresql://") -engine = create_engine(db_uri, connect_args={'sslmode': 'require'}) +engine = create_engine(db_uri, connect_args={'sslmode': 'prefer'}) SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)