Skip to content

N
nexpie-grafana-theme
Commit b47410af by Carl Bergquist Committed by GitHub
Options

Merge pull request #6670 from tomkozlowski/feature/postgres-certs 

generalized database connection cert support and added to postgres
parents 9f4d06e8 c21ffcc6
Showing with 16 additions and 22 deletions
pkg/services/sqlstore/sqlstore.go
...@@ -23,12 +23,13 @@ import ( ...@@ -23,12 +23,13 @@ import (
_ "github.com/mattn/go-sqlite3" _ "github.com/mattn/go-sqlite3"
) )
type MySQLConfig struct {
SslMode string type DatabaseConfig struct {
CaCertPath string Type, Host, Name, User, Pwd, Path, SslMode string
ClientKeyPath string CaCertPath string
ClientCertPath string ClientKeyPath string
ServerCertName string ClientCertPath string
ServerCertName string
} }
var ( var (
...@@ -37,11 +38,8 @@ var ( ...@@ -37,11 +38,8 @@ var (
HasEngine bool HasEngine bool
DbCfg struct { DbCfg DatabaseConfig
Type, Host, Name, User, Pwd, Path, SslMode string
}
mysqlConfig MySQLConfig
UseSQLite3 bool UseSQLite3 bool
sqlog log.Logger = log.New("sqlstore") sqlog log.Logger = log.New("sqlstore")
) )
...@@ -118,8 +116,8 @@ func getEngine() (*xorm.Engine, error) { ...@@ -118,8 +116,8 @@ func getEngine() (*xorm.Engine, error) {
cnnstr = fmt.Sprintf("%s:%s@%s(%s)/%s?charset=utf8", cnnstr = fmt.Sprintf("%s:%s@%s(%s)/%s?charset=utf8",
DbCfg.User, DbCfg.Pwd, protocol, DbCfg.Host, DbCfg.Name) DbCfg.User, DbCfg.Pwd, protocol, DbCfg.Host, DbCfg.Name)
if mysqlConfig.SslMode == "true" || mysqlConfig.SslMode == "skip-verify" { if DbCfg.SslMode == "true" || DbCfg.SslMode == "skip-verify" {
tlsCert, err := makeCert("custom", mysqlConfig) tlsCert, err := makeCert("custom", DbCfg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
...@@ -141,7 +139,7 @@ func getEngine() (*xorm.Engine, error) { ...@@ -141,7 +139,7 @@ func getEngine() (*xorm.Engine, error) {
if DbCfg.User == "" { if DbCfg.User == "" {
DbCfg.User = "''" DbCfg.User = "''"
} }
cnnstr = fmt.Sprintf("user=%s password=%s host=%s port=%s dbname=%s sslmode=%s", DbCfg.User, DbCfg.Pwd, host, port, DbCfg.Name, DbCfg.SslMode) cnnstr = fmt.Sprintf("user=%s password=%s host=%s port=%s dbname=%s sslmode=%s sslcert=%s sslkey=%s sslrootcert=%s", DbCfg.User, DbCfg.Pwd, host, port, DbCfg.Name, DbCfg.SslMode, DbCfg.ClientCertPath, DbCfg.ClientKeyPath, DbCfg.CaCertPath)
case "sqlite3": case "sqlite3":
if !filepath.IsAbs(DbCfg.Path) { if !filepath.IsAbs(DbCfg.Path) {
DbCfg.Path = filepath.Join(setting.DataPath, DbCfg.Path) DbCfg.Path = filepath.Join(setting.DataPath, DbCfg.Path)
...@@ -189,13 +187,9 @@ func LoadConfig() { ...@@ -189,13 +187,9 @@ func LoadConfig() {
UseSQLite3 = true UseSQLite3 = true
} }
DbCfg.SslMode = sec.Key("ssl_mode").String() DbCfg.SslMode = sec.Key("ssl_mode").String()
DbCfg.CaCertPath = sec.Key("ca_cert_path").String()
DbCfg.ClientKeyPath = sec.Key("client_key_path").String()
DbCfg.ClientCertPath = sec.Key("client_cert_path").String()
DbCfg.ServerCertName = sec.Key("server_cert_name").String()
DbCfg.Path = sec.Key("path").MustString("data/grafana.db") DbCfg.Path = sec.Key("path").MustString("data/grafana.db")
if DbCfg.Type == "mysql" {
mysqlConfig.SslMode = DbCfg.SslMode
mysqlConfig.CaCertPath = sec.Key("ca_cert_path").String()
mysqlConfig.ClientKeyPath = sec.Key("client_key_path").String()
mysqlConfig.ClientCertPath = sec.Key("client_cert_path").String()
mysqlConfig.ServerCertName = sec.Key("server_cert_name").String()
}
} }
pkg/services/sqlstore/tls_mysql.go
...@@ -7,7 +7,7 @@ import ( ...@@ -7,7 +7,7 @@ import (
"io/ioutil" "io/ioutil"
) )
func makeCert(tlsPoolName string, config MySQLConfig) (*tls.Config, error) { func makeCert(tlsPoolName string, config DatabaseConfig) (*tls.Config, error) {
rootCertPool := x509.NewCertPool() rootCertPool := x509.NewCertPool()
pem, err := ioutil.ReadFile(config.CaCertPath) pem, err := ioutil.ReadFile(config.CaCertPath)
if err != nil { if err != nil {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment