dewrich closed pull request #2075: TO: allow ssl connection to db to be required
URL: https://github.com/apache/incubator-trafficcontrol/pull/2075
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/traffic_ops/app/conf/development/database.conf
b/traffic_ops/app/conf/development/database.conf
index a91d21b84..c19451d64 100644
--- a/traffic_ops/app/conf/development/database.conf
+++ b/traffic_ops/app/conf/development/database.conf
@@ -6,5 +6,6 @@
"user": "traffic_ops",
"password": "twelve",
"port": "5432",
+ "ssl": false,
"type": "Pg"
}
diff --git a/traffic_ops/app/conf/integration/database.conf
b/traffic_ops/app/conf/integration/database.conf
index 89e9ef4f2..7946c4cfc 100644
--- a/traffic_ops/app/conf/integration/database.conf
+++ b/traffic_ops/app/conf/integration/database.conf
@@ -5,5 +5,6 @@
"user": "traffic_ops",
"password": "twelve",
"port": "5432",
+ "ssl": false,
"type": "Pg"
}
diff --git a/traffic_ops/app/conf/production/database.conf
b/traffic_ops/app/conf/production/database.conf
index 19a81c19e..84284caaf 100644
--- a/traffic_ops/app/conf/production/database.conf
+++ b/traffic_ops/app/conf/production/database.conf
@@ -6,5 +6,6 @@
"user": "traffic_ops",
"password": "password",
"port": "5432",
+ "ssl": false,
"type": "Pg"
}
diff --git a/traffic_ops/app/conf/test/database.conf
b/traffic_ops/app/conf/test/database.conf
index f9f48168a..f41e45555 100644
--- a/traffic_ops/app/conf/test/database.conf
+++ b/traffic_ops/app/conf/test/database.conf
@@ -5,5 +5,6 @@
"user": "traffic_ops",
"password": "twelve",
"port": "5432",
+ "ssl": false,
"type": "Pg"
}
diff --git a/traffic_ops/app/lib/Schema.pm b/traffic_ops/app/lib/Schema.pm
index 7907530bb..9c57fb43d 100644
--- a/traffic_ops/app/lib/Schema.pm
+++ b/traffic_ops/app/lib/Schema.pm
@@ -48,7 +48,9 @@ sub get_dsn {
our $hostname = $db_info->{hostname};
our $port = $db_info->{port};
our $type = $db_info->{type};
- our $dsn = "DBI:$type:database=$dbname;host=$hostname;port=$port";
+ # add `ssl: true` to database.conf to require ssl
+ our $reqssl = $db_info->{ssl} ? 'require' : 'disable';
+ our $dsn =
"DBI:$type:database=$dbname;host=$hostname;port=$port;sslmode=$reqssl";
}
sub get_dbinfo {
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
