infra: Set sslrootcert for db connection

Questspace-v2 · Nov 5, 2023 · 4c5f8c3 · 4c5f8c3
1 parent 00df5f9
commit 4c5f8c3
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 17 deletions.
diff --git a/infra/k8s/questspace-backend.yaml b/infra/k8s/questspace-backend.yaml
@@ -43,7 +43,7 @@ spec:
         - name: docker-registry-secret
       containers:
         - name: backend-container
-          image: cr.yandex/crpl9s9mvc8h74r32rk4/backend:0.1.0
+          image: cr.yandex/crpl9s9mvc8h74r32rk4/backend:0.1.3
           imagePullPolicy: Always
           ports:
             - containerPort: 80

diff --git a/src/internal/dbconfig/config.go b/src/internal/dbconfig/config.go
@@ -2,28 +2,35 @@ package dbconfig
 
 import (
 	"fmt"
+	"os"
+	"path"
 
 	"gopkg.in/yaml.v3"
 
 	"questspace/pkg/application"
 )
 
+var defaultCrtPath = path.Join(os.Getenv("HOME"), ".postgresql", "root.crt")
+
 type Config struct {
-	Host     string `yaml:"host"`
-	Port     uint16 `yaml:"port"`
-	Database string `yaml:"database"`
-	User     string `yaml:"user"`
-	Password string `yaml:"password"`
-	SSLMode  string `yaml:"sslmode,omitempty"`
+	Host        string `yaml:"host"`
+	Port        uint16 `yaml:"port"`
+	Database    string `yaml:"database"`
+	User        string `yaml:"user"`
+	Password    string `yaml:"password"`
+	SSLMode     string `yaml:"sslmode,omitempty"`
+	SSLRootCert string `yaml:"sslrootcert,omitempty"`
 }
 
 func (c *Config) GetDSN() string {
-	sslMode := c.SSLMode
 	if c.SSLMode == "" {
-		sslMode = "disable"
+		c.SSLMode = "disable"
+	}
+	if c.SSLRootCert == "" {
+		c.SSLRootCert = defaultCrtPath
 	}
-	return fmt.Sprintf("host=%s port=%d dbname=%s user=%s password=%s sslmode=%s target_session_attrs=write",
-		c.Host, c.Port, c.Database, c.User, c.Password, sslMode)
+	return fmt.Sprintf("host=%s port=%d dbname=%s user=%s password=%s sslmode=%s sslrootcert=%s target_session_attrs=read-write",
+		c.Host, c.Port, c.Database, c.User, c.Password, c.SSLMode, c.SSLRootCert)
 }
 
 func (c *Config) UnmarshalYAML(value *yaml.Node) error {

diff --git a/src/pkg/application/application.go b/src/pkg/application/application.go
@@ -37,18 +37,21 @@ func (a App) Logger() *zap.Logger {
 
 func Run(initFunc func(app App) error, configHolder interface{}) {
 	// TODO(svayp11): configure settings for gin engine
-	app := App{context: context.Background(), engine: gin.New()}
 	args, err := getCLIArgs()
 	if err != nil {
 		fmt.Printf("failed to read environment: %+v", err)
 		os.Exit(1)
 	}
-
 	logger, err := GetLoggerFromEnvironment(args.Environment)
 	if err != nil {
 		fmt.Printf("Failed to get logger from environment: %+v", err)
 		os.Exit(1)
 	}
+	if err := SetEnvMode(args.Environment); err != nil {
+		logger.Error("Failed to set environment mode", zap.Stringer("target_mode", &args.Environment), zap.Error(err))
+	}
+
+	app := App{context: context.Background(), engine: gin.New()}
 
 	_, err = os.Stat(".env")
 	if err != nil && !errors.Is(err, os.ErrNotExist) {
@@ -64,10 +67,6 @@ func Run(initFunc func(app App) error, configHolder interface{}) {
 		logger.Warn("Not found .env file")
 	}
 
-	if err := SetEnvMode(args.Environment); err != nil {
-		logger.Error("Failed to set environment mode", zap.Stringer("target_mode", &args.Environment), zap.Error(err))
-	}
-
 	app.logger = logger
 	app.engine.Use(ginzap.Ginzap(app.logger, time.RFC3339, false))
 	app.engine.Use(func(c *gin.Context) {