Pass ssl params in databases options.
This commit is contained in:
parent
f3e7596fe4
commit
310dbad9d0
|
@ -0,0 +1 @@
|
||||||
|
web: python manage.py runserver "0.0.0.0:${PORT:-5000}"
|
|
@ -1,6 +1,7 @@
|
||||||
# Django settings for charting_library_charts project.
|
# Django settings for charting_library_charts project.
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
import pathlib
|
||||||
|
|
||||||
DEBUG = False
|
DEBUG = False
|
||||||
TEMPLATE_DEBUG = DEBUG
|
TEMPLATE_DEBUG = DEBUG
|
||||||
|
@ -13,6 +14,8 @@ ADMINS = (
|
||||||
|
|
||||||
MANAGERS = ADMINS
|
MANAGERS = ADMINS
|
||||||
|
|
||||||
|
base_path = pathlib.Path(os.path.dirname(os.path.abspath(__file__))).parent
|
||||||
|
|
||||||
DATABASES = {
|
DATABASES = {
|
||||||
'default': {
|
'default': {
|
||||||
'ENGINE': 'ssl_backend',
|
'ENGINE': 'ssl_backend',
|
||||||
|
@ -21,6 +24,14 @@ DATABASES = {
|
||||||
'PASSWORD': os.getenv('DB_PASSWORD', 'postgres'),
|
'PASSWORD': os.getenv('DB_PASSWORD', 'postgres'),
|
||||||
'HOST': os.getenv('DB_HOST', 'localhost'),
|
'HOST': os.getenv('DB_HOST', 'localhost'),
|
||||||
'PORT': int(os.getenv('DB_PORT', '5432')),
|
'PORT': int(os.getenv('DB_PORT', '5432')),
|
||||||
|
|
||||||
|
|
||||||
|
'OPTIONS': {
|
||||||
|
'sslmode': 'verify-ca',
|
||||||
|
'sslrootcert': base_path / "ssl" / "ca.pem",
|
||||||
|
'sslcert': base_path / "ssl" / "client.pem",
|
||||||
|
'sslkey': base_path / "ssl" / "client-key.pem",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
2
notes.md
2
notes.md
|
@ -3,3 +3,5 @@ Ran `ALTER ROLE tv_backend SET search_path TO tv_backend` to point tv_backend to
|
||||||
The below are useful for checking migrations
|
The below are useful for checking migrations
|
||||||
`python manage.py migrate --plan`
|
`python manage.py migrate --plan`
|
||||||
`python manage.py sqlmigrate model 0001` (model and 0001 from the above)
|
`python manage.py sqlmigrate model 0001` (model and 0001 from the above)
|
||||||
|
|
||||||
|
vscode and heroku can handle multiline env vars - using \n in terminal though breaks the ssl files
|
|
@ -1,13 +1,14 @@
|
||||||
from django.db.backends.postgresql import base
|
from django.db.backends.postgresql import base
|
||||||
import os
|
import os
|
||||||
|
import stat
|
||||||
|
import pathlib
|
||||||
|
|
||||||
def maybe_write_ssl_files():
|
def maybe_write_ssl_files():
|
||||||
# Need to pass ssl keys to as filepaths - but they are stored as env variables
|
# Need to pass ssl keys to as filepaths - but they are stored as env variables
|
||||||
# So write them from env vars to ssl dir
|
# So write them from env vars to ssl dir
|
||||||
# Only write if they don't already exist or if the keys in the files are different
|
# Only write if they don't already exist or if the keys in the files are different
|
||||||
|
|
||||||
base_path = os.path.dirname(os.path.abspath(os.environ.get('PGSSLKEY')))
|
base_path = pathlib.Path(os.path.dirname(os.path.abspath(__file__))).parent / "ssl"
|
||||||
|
|
||||||
if not os.path.exists(base_path):
|
if not os.path.exists(base_path):
|
||||||
os.mkdir(base_path)
|
os.mkdir(base_path)
|
||||||
|
@ -30,6 +31,11 @@ def maybe_write_ssl_files():
|
||||||
with open(filepath, "w") as f:
|
with open(filepath, "w") as f:
|
||||||
f.write(os.environ[env_var])
|
f.write(os.environ[env_var])
|
||||||
|
|
||||||
|
if env_var == "SSL_CLIENT_KEY_PEM":
|
||||||
|
try:
|
||||||
|
os.chmod(filepath, stat.S_IREAD | stat.S_IWRITE)
|
||||||
|
finally:
|
||||||
|
pass
|
||||||
|
|
||||||
class DatabaseWrapper(base.DatabaseWrapper):
|
class DatabaseWrapper(base.DatabaseWrapper):
|
||||||
def get_new_connection(self, conn_params):
|
def get_new_connection(self, conn_params):
|
||||||
|
|
Loading…
Reference in New Issue