mirror of
https://github.com/quay/quay.git
synced 2026-01-27 18:42:52 +03:00
9ab64f2052
* Add SSL client authentication by extending libpg connection parameter support as well as network parameters * chore: go fmt --------- Co-authored-by: Michaela Lang <milang@redhat.com>
86 lines
2.3 KiB
Go
86 lines
2.3 KiB
Go
package database
|
|
|
|
import (
|
|
"io/ioutil"
|
|
"os"
|
|
|
|
"github.com/quay/quay/config-tool/pkg/lib/shared"
|
|
)
|
|
|
|
// Validate checks the configuration settings for this field group
|
|
func (fg *DatabaseFieldGroup) Validate(opts shared.Options) []shared.ValidationError {
|
|
|
|
fgName := "Database"
|
|
|
|
// Make empty errors
|
|
errors := []shared.ValidationError{}
|
|
|
|
// Check field is not empty
|
|
if fg.DbUri == "" {
|
|
newError := shared.ValidationError{
|
|
Tags: []string{"DB_URI"},
|
|
FieldGroup: fgName,
|
|
Message: "DB_URI is required.",
|
|
}
|
|
errors = append(errors, newError)
|
|
return errors
|
|
}
|
|
|
|
ca := ""
|
|
if fg.DbConnectionArgs.Ssl != nil {
|
|
ca = fg.DbConnectionArgs.Ssl.Ca
|
|
}
|
|
|
|
sslrootcertTmpPath := fg.DbConnectionArgs.SslRootCert
|
|
if fg.DbConnectionArgs.SslRootCert == "" {
|
|
if fg.DbConnectionArgs.SslMode == "verify-full" || fg.DbConnectionArgs.SslMode == "verify-ca" {
|
|
// Write database.pem needed for db validation, if any, to a temp file
|
|
tmpCert, err := ioutil.TempFile("/tmp", "database.*.pem")
|
|
if err != nil {
|
|
newError := shared.ValidationError{
|
|
Tags: []string{"DB_URI"},
|
|
FieldGroup: fgName,
|
|
Message: "Could write database certificate to temporary file. Error: " + err.Error(),
|
|
}
|
|
errors = append(errors, newError)
|
|
return errors
|
|
}
|
|
|
|
defer func() {
|
|
tmpCert.Close()
|
|
os.Remove(tmpCert.Name())
|
|
}()
|
|
|
|
if _, err := tmpCert.Write(opts.Certificates["database.pem"]); err != nil {
|
|
newError := shared.ValidationError{
|
|
Tags: []string{"DB_URI"},
|
|
FieldGroup: fgName,
|
|
Message: "Could write database certificate to temporary file. Error: " + err.Error(),
|
|
}
|
|
errors = append(errors, newError)
|
|
return errors
|
|
}
|
|
|
|
sslrootcertTmpPath = tmpCert.Name()
|
|
}
|
|
} else {
|
|
sslrootcertTmpPath = fg.DbConnectionArgs.SslRootCert
|
|
}
|
|
|
|
// Connect to database
|
|
err := shared.ValidateDatabaseConnection(opts, fg.DbUri, ca, fg.DbConnectionArgs.Threadlocals, fg.DbConnectionArgs.Autorollback, fg.DbConnectionArgs.SslMode, sslrootcertTmpPath, fgName)
|
|
if err != nil {
|
|
newError := shared.ValidationError{
|
|
Tags: []string{"DB_URI"},
|
|
FieldGroup: fgName,
|
|
Message: "Could not connect to database. Error: " + err.Error(),
|
|
}
|
|
errors = append(errors, newError)
|
|
return errors
|
|
}
|
|
|
|
// Return errors
|
|
return errors
|
|
|
|
}
|