Add custom postgres backend for ssl. Add ProcFile.

2023-04-08 21:33:55 -07:00 · 2023-04-08 21:33:55 -07:00 · f3e7596fe4
parent 26f2d80efb
commit f3e7596fe4
8 changed files with 46 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,4 @@
 *\.vscode*
 python_environment/*
 environment/*
+ssl
--- a/0
+++ b/0
--- a/charting_library_charts/settings.py
+++ b/charting_library_charts/settings.py
@ -15,7 +15,7 @@ MANAGERS = ADMINS

 DATABASES = {
 	'default': {
-		'ENGINE': 'django.db.backends.postgresql_psycopg2',
+		'ENGINE': 'ssl_backend',
 		'NAME': os.getenv('DB_NAME', 'charting_library'),
 		'USER': os.getenv('DB_USER', 'postgres'),
 		'PASSWORD': os.getenv('DB_PASSWORD', 'postgres'),
--- a/notes.md
+++ b/notes.md
@ -0,0 +1,5 @@
+Ran `ALTER ROLE tv_backend SET search_path TO tv_backend` to point tv_backend to the correct schema.
+
+The below are useful for checking migrations
+`python manage.py migrate --plan`
+`python manage.py sqlmigrate model 0001` (model and 0001 from the above)
--- a/requirements.txt
+++ b/requirements.txt
@ -1,4 +1,4 @@
 Django==2.2.28
-psycopg2<2.9
+psycopg2-binary
 jsonfield==2.1.1
 django-prometheus==2.2.0
--- a/runtime.txt
+++ b/runtime.txt
@ -0,0 +1 @@
+python-3.9.16
--- a/ssl_backend/init.py
+++ b/ssl_backend/init.py
--- a/ssl_backend/base.py
+++ b/ssl_backend/base.py
@ -0,0 +1,37 @@
+from django.db.backends.postgresql import base
+import os
+
+
+def maybe_write_ssl_files():
+    # Need to pass ssl keys to as filepaths - but they are stored as env variables
+    # So write them from env vars to ssl dir
+    # Only write if they don't already exist or if the keys in the files are different
+
+    base_path = os.path.dirname(os.path.abspath(os.environ.get('PGSSLKEY')))
+
+    if not os.path.exists(base_path):
+        os.mkdir(base_path)
+    for env_var, filename in [
+        ("SSL_CA_PEM", "ca.pem"),
+        ("SSL_CLIENT_PEM", "client.pem"),
+        ("SSL_CLIENT_KEY_PEM", "client-key.pem"),
+    ]:
+        filepath = os.path.join(base_path, filename)
+        write_file = False
+        if os.path.exists(filepath):
+            with open(filepath, "r") as f:
+                existing_file = f.read()
+            if existing_file != os.environ[env_var]:
+                write_file = True
+        else:
+            write_file = True
+
+        if write_file:
+            with open(filepath, "w") as f:
+                f.write(os.environ[env_var])
+
+
+class DatabaseWrapper(base.DatabaseWrapper):
+    def get_new_connection(self, conn_params):
+        maybe_write_ssl_files()
+        return super().get_new_connection(conn_params)