Pass ssl params in databases options.
This commit is contained in:
parent
f3e7596fe4
commit
310dbad9d0
|
@ -0,0 +1 @@
|
|||
web: python manage.py runserver "0.0.0.0:${PORT:-5000}"
|
|
@ -1,6 +1,7 @@
|
|||
# Django settings for charting_library_charts project.
|
||||
|
||||
import os
|
||||
import pathlib
|
||||
|
||||
DEBUG = False
|
||||
TEMPLATE_DEBUG = DEBUG
|
||||
|
@ -13,6 +14,8 @@ ADMINS = (
|
|||
|
||||
MANAGERS = ADMINS
|
||||
|
||||
base_path = pathlib.Path(os.path.dirname(os.path.abspath(__file__))).parent
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'ssl_backend',
|
||||
|
@ -21,6 +24,14 @@ DATABASES = {
|
|||
'PASSWORD': os.getenv('DB_PASSWORD', 'postgres'),
|
||||
'HOST': os.getenv('DB_HOST', 'localhost'),
|
||||
'PORT': int(os.getenv('DB_PORT', '5432')),
|
||||
|
||||
|
||||
'OPTIONS': {
|
||||
'sslmode': 'verify-ca',
|
||||
'sslrootcert': base_path / "ssl" / "ca.pem",
|
||||
'sslcert': base_path / "ssl" / "client.pem",
|
||||
'sslkey': base_path / "ssl" / "client-key.pem",
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
|
|
2
notes.md
2
notes.md
|
@ -3,3 +3,5 @@ Ran `ALTER ROLE tv_backend SET search_path TO tv_backend` to point tv_backend to
|
|||
The below are useful for checking migrations
|
||||
`python manage.py migrate --plan`
|
||||
`python manage.py sqlmigrate model 0001` (model and 0001 from the above)
|
||||
|
||||
vscode and heroku can handle multiline env vars - using \n in terminal though breaks the ssl files
|
|
@ -1,13 +1,14 @@
|
|||
from django.db.backends.postgresql import base
|
||||
import os
|
||||
|
||||
import stat
|
||||
import pathlib
|
||||
|
||||
def maybe_write_ssl_files():
|
||||
# Need to pass ssl keys to as filepaths - but they are stored as env variables
|
||||
# So write them from env vars to ssl dir
|
||||
# Only write if they don't already exist or if the keys in the files are different
|
||||
|
||||
base_path = os.path.dirname(os.path.abspath(os.environ.get('PGSSLKEY')))
|
||||
base_path = pathlib.Path(os.path.dirname(os.path.abspath(__file__))).parent / "ssl"
|
||||
|
||||
if not os.path.exists(base_path):
|
||||
os.mkdir(base_path)
|
||||
|
@ -30,6 +31,11 @@ def maybe_write_ssl_files():
|
|||
with open(filepath, "w") as f:
|
||||
f.write(os.environ[env_var])
|
||||
|
||||
if env_var == "SSL_CLIENT_KEY_PEM":
|
||||
try:
|
||||
os.chmod(filepath, stat.S_IREAD | stat.S_IWRITE)
|
||||
finally:
|
||||
pass
|
||||
|
||||
class DatabaseWrapper(base.DatabaseWrapper):
|
||||
def get_new_connection(self, conn_params):
|
||||
|
|
Loading…
Reference in New Issue