Skip to content

Commit

Permalink
handle inline certificates
Browse files Browse the repository at this point in the history
  • Loading branch information
Rohit Chatterjee committed Dec 6, 2024
1 parent 140a1f2 commit 4ac1bf1
Showing 1 changed file with 31 additions and 2 deletions.
33 changes: 31 additions & 2 deletions dbt_automation/utils/postgres.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
"""helpers for postgres"""

import os
import tempfile
from logging import basicConfig, getLogger, INFO
import psycopg2
from sshtunnel import SSHTunnelForwarder
Expand Down Expand Up @@ -36,11 +37,39 @@ def get_connection(conn_info):
"user",
"password",
"database",
"sslmode",
"sslrootcert",
]:
if key in conn_info:
connect_params[key] = conn_info[key]

if "sslmode" in conn_info:
# sslmode can be a string or a boolean or a dict
if isinstance(conn_info["sslmode"], str):
# "require", "disable", "verify-ca", "verify-full"
connect_params["sslmode"] = conn_info["sslmode"]
elif isinstance(conn_info["sslmode"], bool):
# true = require, false = disable
connect_params["sslmode"] = (
"require" if conn_info["sslmode"] else "disable"
)
elif (
isinstance(conn_info["sslmode"], dict)
and "mode" in conn_info["sslmode"]
):
# mode is "require", "disable", "verify-ca", "verify-full" etc
connect_params["sslmode"] = conn_info["sslmode"]["mode"]
if "ca_certificate" in conn_info["sslmode"]:
# connect_params['sslcert'] needs a file path but
# conn_info['sslmode']['ca_certificate']
# is a string (i.e. the actual certificate). so we write
# it to disk and pass the file path
with tempfile.NamedTemporaryFile(delete=False) as fp:
fp.write(conn_info["ssl_mode"]["ca_certificate"].encode())
connect_params["sslrootcert"] = fp.name
connect_params["sslcert"] = fp.name

if "sslrootcert" in conn_info:
connect_params["sslrootcert"] = conn_info["sslrootcert"]

connection = psycopg2.connect(**connect_params)
return connection

Expand Down

0 comments on commit 4ac1bf1

Please sign in to comment.