fix(universal): don't set sslsni option if not disabled (#5419)

* fix(universal): don't set sslsni option if not disabled * refactor: more robust connection string creation Signed-off-by: Mike Beaumont <mjboamail@gmail.com>
kumahq · Dec 5, 2022 · 2791963 · 2791963
1 parent 8ac3a2f
commit 2791963
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 11 deletions.
diff --git a/pkg/config/plugins/resources/postgres/config.go b/pkg/config/plugins/resources/postgres/config.go
@@ -51,17 +51,31 @@ func (cfg PostgresStoreConfig) ConnectionString() (string, error) {
 		return "", err
 	}
 	escape := func(value string) string { return strings.ReplaceAll(strings.ReplaceAll(value, `\`, `\\`), `'`, `\'`) }
-	boolOption := func(value bool) string {
-		if value {
-			return "1"
-		} else {
-			return "0"
-		}
+	intVariable := func(name string, value int) string {
+		return fmt.Sprintf("%s=%d", name, value)
+	}
+	variable := func(name, value string) string {
+		return fmt.Sprintf("%s=%s", name, value)
+	}
+	quotedVariable := func(name, value string) string {
+		return fmt.Sprintf("%s='%s'", name, escape(value))
+	}
+	variables := []string{
+		quotedVariable("host", cfg.Host),
+		intVariable("port", cfg.Port),
+		quotedVariable("user", cfg.User),
+		quotedVariable("password", cfg.Password),
+		quotedVariable("dbname", cfg.DbName),
+		intVariable("connect_timeout", cfg.ConnectionTimeout),
+		variable("sslmode", mode),
+		quotedVariable("sslcert", cfg.TLS.CertPath),
+		quotedVariable("sslkey", cfg.TLS.KeyPath),
+		quotedVariable("sslrootcert", cfg.TLS.CAPath),
+	}
+	if cfg.TLS.DisableSSLSNI {
+		variables = append(variables, "sslsni=0")
 	}
-	return fmt.Sprintf(
-		`host='%s' port=%d user='%s' password='%s' dbname='%s' connect_timeout=%d sslmode=%s sslcert='%s' sslkey='%s' sslrootcert='%s' sslsni=%s`,
-		escape(cfg.Host), cfg.Port, escape(cfg.User), escape(cfg.Password), escape(cfg.DbName), cfg.ConnectionTimeout, mode, escape(cfg.TLS.CertPath), escape(cfg.TLS.KeyPath), escape(cfg.TLS.CAPath), boolOption(!cfg.TLS.DisableSSLSNI),
-	), nil
+	return strings.Join(variables, " "), nil
 }
 
 // Modes available here https://godoc.org/github.com/lib/pq

diff --git a/pkg/config/plugins/resources/postgres/config_test.go b/pkg/config/plugins/resources/postgres/config_test.go
@@ -120,7 +120,7 @@ var _ = Describe("PostgresStoreConfig", func() {
 				MinReconnectInterval: 10 * time.Second,
 				MaxReconnectInterval: 10 * time.Second,
 			},
-			expected: `host='localhost' port=0 user='postgres' password='postgres' dbname='kuma' connect_timeout=0 sslmode=verify-full sslcert='/path' sslkey='/path' sslrootcert='/path' sslsni=1`,
+			expected: `host='localhost' port=0 user='postgres' password='postgres' dbname='kuma' connect_timeout=0 sslmode=verify-full sslcert='/path' sslkey='/path' sslrootcert='/path'`,
 		}),
 		Entry("password needing escape without sslsni", stringTestCase{
 			given: postgres.PostgresStoreConfig{