Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(database): Add ssl support #777

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(database): Add ssl support #777

wants to merge 1 commit into from

Conversation

lusergit
Copy link
Collaborator

Adds ssl/tls support for the edgehog <-> database communication.
Closes #419.

@lusergit lusergit requested a review from noaccOS December 13, 2024 14:57
@coveralls
Copy link

coveralls commented Dec 13, 2024
edited
Loading

Pull Request Test Coverage Report for Build c395699918b813e65764d4f4c2f40f755362a414-PR-777

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+79.7%) to 79.675%
Totals Coverage Status
Change from base Build 12281651344: 79.7%
Covered Lines: 1227
Relevant Lines: 1540
💛 - Coveralls

@lusergit lusergit marked this pull request as ready for review December 16, 2024 10:23
noaccOS
noaccOS reviewed Dec 16, 2024
View reviewed changes
backend/config/runtime.exs Outdated Show resolved Hide resolved
@lusergit lusergit force-pushed the feat/db-ssl branch 6 times, most recently from 4f17a38 to 13150b2 Compare December 18, 2024 13:43
@lusergit
chore(database): Add ssl support
c395699 
Adds ssl/tls support for the edgehog <-> database communication.
Closes edgehog-device-manager#419.

Signed-off-by: Luca Zaninotto <[email protected]>
noaccOS
noaccOS reviewed Dec 18, 2024
View reviewed changes
backend/lib/edgehog/config.ex
certfile = System.get_env("DATABASE_SSL_CACERTFILE")

case {certfile, use_os_certs} do
{nil, false} ->
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should raise regardless in this condition.
While it is a good idea to handle the situation, given that we can inform the user about the correct environment variables to set, the user may also just want to use :verify_none, in which case it does not need to set them

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe I should have made this a private function, but this gets called only from line 172, so only if the user explicitly set DATABASE_SSL_VERIFY=true, in that case the configuration requires either a valid certificate or to use the os certificates

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@noaccOS noaccOS noaccOS left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Expose Ecto SSL configuration
3 participants
@lusergit @coveralls @noaccOS