Support configuring sslmode for the connection of database (#5861)

The sslmode of the connection with postgresql is hardcoded as "disable" currently, this commit expose it as an environment variable so that users can configure it

Signed-off-by: Wenkai Yin <yinw@vmware.com>

make/common/templates/adminserver/env

@@ -18,6 +18,7 @@ POSTGRESQL_PORT=$db_port
 POSTGRESQL_USERNAME=$db_user
 POSTGRESQL_PASSWORD=$db_password
 POSTGRESQL_DATABASE=registry
+POSTGRESQL_SSLMODE=disable
 LDAP_GROUP_BASEDN=$ldap_group_basedn
 LDAP_GROUP_FILTER=$ldap_group_filter
 LDAP_GROUP_GID=$ldap_group_gid
@@ -48,6 +49,7 @@ CLAIR_DB_HOST=$clair_db_host
 CLAIR_DB_PORT=$clair_db_port
 CLAIR_DB_USERNAME=$clair_db_username
 CLAIR_DB=$clair_db
+CLAIR_DB_SSLMODE=disable
 RESET=$reload_config
 UAA_ENDPOINT=$uaa_endpoint
 UAA_CLIENTID=$uaa_clientid

src/adminserver/systemcfg/systemcfg.go

@@ -147,6 +147,7 @@ var (
 			env:   "CLAIR_DB_PORT",
 			parse: parseStringToInt,
 		},
+		common.ClairDBSSLMode:  "CLAIR_DB_SSLMODE",
 		common.UAAEndpoint:     "UAA_ENDPOINT",
 		common.UAAClientID:     "UAA_CLIENTID",
 		common.UAAClientSecret: "UAA_CLIENTSECRET",
@@ -210,6 +211,7 @@ var (
 			env:   "CLAIR_DB_PORT",
 			parse: parseStringToInt,
 		},
+		common.ClairDBSSLMode:  "CLAIR_DB_SSLMODE",
 		common.UAAEndpoint:     "UAA_ENDPOINT",
 		common.UAAClientID:     "UAA_CLIENTID",
 		common.UAAClientSecret: "UAA_CLIENTSECRET",
@@ -430,6 +432,7 @@ func GetDatabaseFromCfg(cfg map[string]interface{}) *models.Database {
 	postgresql.Username = utils.SafeCastString(cfg[common.PostGreSQLUsername])
 	postgresql.Password = utils.SafeCastString(cfg[common.PostGreSQLPassword])
 	postgresql.Database = utils.SafeCastString(cfg[common.PostGreSQLDatabase])
+	postgresql.SSLMode = utils.SafeCastString(cfg[common.PostGreSQLSSLMode])
 	database.PostGreSQL = postgresql
 	return database
 }

src/common/const.go

@@ -88,6 +88,7 @@ const (
 	ClairDBPort                       = "clair_db_port"
 	ClairDB                           = "clair_db"
 	ClairDBUsername                   = "clair_db_username"
+	ClairDBSSLMode                    = "clair_db_sslmode"
 	UAAEndpoint                       = "uaa_endpoint"
 	UAAClientID                       = "uaa_client_id"
 	UAAClientSecret                   = "uaa_client_secret"

src/common/dao/base.go

@@ -52,7 +52,7 @@ func InitClairDB(clairDB *models.PostGreSQL) error {
 		usr:      clairDB.Username,
 		pwd:      clairDB.Password,
 		database: clairDB.Database,
-		sslmode:  false,
+		sslmode:  clairDB.SSLMode,
 	}
 	if err := p.Register(ClairDBAlias); err != nil {
 		return err
@@ -108,7 +108,7 @@ func getDatabase(database *models.Database) (db Database, err error) {
 			database.PostGreSQL.Username,
 			database.PostGreSQL.Password,
 			database.PostGreSQL.Database,
-			false)
+			database.PostGreSQL.SSLMode)
 	default:
 		err = fmt.Errorf("invalid database: %s", database.Type)
 	}

src/common/dao/pgsql.go

@@ -36,16 +36,7 @@ type pgsql struct {
 	usr      string
 	pwd      string
 	database string
-	sslmode  bool
-}
-
-type pgsqlSSLMode bool
-
-func (pm pgsqlSSLMode) String() string {
-	if bool(pm) {
-		return "enable"
-	}
-	return "disable"
+	sslmode  string
 }
 
 // Name returns the name of PostgreSQL
@@ -56,11 +47,14 @@ func (p *pgsql) Name() string {
 // String ...
 func (p *pgsql) String() string {
 	return fmt.Sprintf("type-%s host-%s port-%s databse-%s sslmode-%q",
-		p.Name(), p.host, p.port, p.database, pgsqlSSLMode(p.sslmode))
+		p.Name(), p.host, p.port, p.database, p.sslmode)
 }
 
 // NewPGSQL returns an instance of postgres
-func NewPGSQL(host string, port string, usr string, pwd string, database string, sslmode bool) Database {
+func NewPGSQL(host string, port string, usr string, pwd string, database string, sslmode string) Database {
+	if len(sslmode) == 0 {
+		sslmode = "disable"
+	}
 	return &pgsql{
 		host:     host,
 		port:     port,
@@ -86,14 +80,14 @@ func (p *pgsql) Register(alias ...string) error {
 		an = alias[0]
 	}
 	info := fmt.Sprintf("host=%s port=%s user=%s password=%s dbname=%s sslmode=%s",
-		p.host, p.port, p.usr, p.pwd, p.database, pgsqlSSLMode(p.sslmode))
+		p.host, p.port, p.usr, p.pwd, p.database, p.sslmode)
 
 	return orm.RegisterDataBase(an, "postgres", info)
 }
 
 // UpgradeSchema calls migrate tool to upgrade schema to the latest based on the SQL scripts.
 func (p *pgsql) UpgradeSchema() error {
-	dbURL := fmt.Sprintf("postgres://%s:%s@%s:%s/%s?sslmode=%s", p.usr, p.pwd, p.host, p.port, p.database, pgsqlSSLMode(p.sslmode))
+	dbURL := fmt.Sprintf("postgres://%s:%s@%s:%s/%s?sslmode=%s", p.usr, p.pwd, p.host, p.port, p.database, p.sslmode)
 	// For UT
 	path := os.Getenv("POSTGRES_MIGRATION_SCRIPTS_PATH")
 	if len(path) == 0 {

src/common/models/config.go

@@ -50,6 +50,7 @@ type PostGreSQL struct {
 	Username string `json:"username"`
 	Password string `json:"password,omitempty"`
 	Database string `json:"database"`
+	SSLMode  string `json:"sslmode"`
 }
 
 // Email ...

src/ui/config/config.go

@@ -410,6 +410,7 @@ func Database() (*models.Database, error) {
 	postgresql.Username = utils.SafeCastString(cfg[common.PostGreSQLUsername])
 	postgresql.Password = utils.SafeCastString(cfg[common.PostGreSQLPassword])
 	postgresql.Database = utils.SafeCastString(cfg[common.PostGreSQLDatabase])
+	postgresql.SSLMode = utils.SafeCastString(cfg[common.PostGreSQLSSLMode])
 	database.PostGreSQL = postgresql
 
 	return database, nil
@@ -471,6 +472,7 @@ func ClairDB() (*models.PostGreSQL, error) {
 	clairDB.Username = utils.SafeCastString(cfg[common.ClairDBUsername])
 	clairDB.Password = utils.SafeCastString(cfg[common.ClairDBPassword])
 	clairDB.Database = utils.SafeCastString(cfg[common.ClairDB])
+	clairDB.SSLMode = utils.SafeCastString(cfg[common.ClairDBSSLMode])
 	return clairDB, nil
 }