Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update packages/pg/lib/connection-parameters.js. Fix SSL issue (#2723) #2994

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update packages/pg/lib/connection-parameters.js. Fix SSL issue (#2723) #2994

wants to merge 1 commit into from

Conversation

dapeleg-dn
Copy link

No description provided.

@dapeleg-dn
Copy link
Author

dapeleg-dn commented Jun 1, 2023
edited

This fixes 2723 and #2934

@dapeleg-dn dapeleg-dn marked this pull request as ready for review June 1, 2023 11:49
This was referenced Jun 1, 2023
Open
Open
brianc
brianc requested changes Jun 1, 2023
View reviewed changes
Copy link
Owner

@brianc brianc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I appreciate the effort and thought here! A couple of concerns

  1. all code merged needs supporting tests. Having to support this code base long after you may move on from postgres or even node.js its the only way I can keep my sanity

  2. don't use sync APIs - any file reading needs to be non-blocking.

packages/pg/lib/connection-parameters.js Outdated Show resolved Hide resolved
packages/pg/lib/connection-parameters.js Outdated Show resolved Hide resolved
packages/pg/lib/connection-parameters.js Outdated Show resolved Hide resolved
@dapeleg-dn dapeleg-dn force-pushed the pr-2723 branch 2 times, most recently from 775622b to 94599e9 Compare June 5, 2023 14:18
@dapeleg-dn
Copy link
Author

dapeleg-dn commented Jun 5, 2023
edited

@brianc, please take a look. I force-pushed the code. I walked in a slightly different way, allowing you to mix TLS definitions in both environment variables and connection string or config options.

Tests have been added as well for your request.

See my comment above regarding the sync/async discussion.

@dapeleg-dn dapeleg-dn requested a review from brianc June 5, 2023 14:46
@dapeleg-dn
Copy link
Author

@brianc, are you okay with the changes?

charmander
charmander requested changes Aug 16, 2023
View reviewed changes
packages/pg/lib/connection-parameters.js
@@ -1,6 +1,7 @@
'use strict'

var dns = require('dns')
const _ = require('lodash')
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Undeclared dependency, and too heavy just to check if an object is empty (should pull in just https://www.npmjs.com/package/lodash.isempty if really necessary).

packages/pg/test/unit/connection-parameters/environment-variable-tests.js
@@ -3,6 +3,11 @@ var helper = require('../test-helper')
const Suite = require('../../suite')

var assert = require('assert')
const fs = require('fs')

const tmp = require('tmp')
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another undeclared dependency. Can the files just be part of the repo instead of written dynamically by test code?

packages/pg/lib/connection-parameters.js
const fs = caFileName || crtFileName || keyFileName ? require('fs') : null
var result = {}
if (caFileName) {
result.ca = fs.readFileSync(caFileName).toString()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implicit sync calls that happen on every connection might not be good (one good reason for user code to be responsible for this…)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Regarding sync / async, read this: #2994 (comment)

packages/pg/lib/connection-parameters.js
}
} else if (typeof this.ssl === 'object') {
var sslCandidate = fillInSSLVariablesFromEnvironment({})
this.ssl = Object.assign(this.ssl, sslCandidate)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potentially modifies user-provided config.ssl object in place.

Suggested change
this.ssl = Object.assign(this.ssl, sslCandidate)
this.ssl = {...this.ssl, ...sslCandidate}

packages/pg/lib/connection-parameters.js
@@ -33,6 +34,27 @@ var readSSLConfigFromEnvironment = function () {
return defaults.ssl
}

var fillInSSLVariablesFromEnvironment = function(existingSsl) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

existingSsl is always {}?

@adaboese
Copy link

Is there some workaround while this is being worked on? currently it seems I am blocked from using node-postgres with Google Cloud SQL.

@charmander
Copy link
Collaborator

@adaboese You can pass your SSL configuration in the ssl property of the pg configuration object instead of implicitly through environment variables (and that ssl property can still be constructed from the same environment variables if you want).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@charmander charmander charmander requested changes

@brianc brianc Awaiting requested review from brianc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@dapeleg-dn @adaboese @charmander @brianc