From 7d0f283c03aff9627b4d334ba5a43176eee6b406 Mon Sep 17 00:00:00 2001 From: Steven Danna Date: Tue, 18 Apr 2023 14:38:52 +0100 Subject: [PATCH] streamingccl: don't require TLS certificates Users may want to use password auth to simplify their replication setup. While we may recommend TLS certificate auth, I don't see a strong reason to _require_ it. Epic: none Release note: None --- .../streamingest/stream_ingestion_planning.go | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/pkg/ccl/streamingccl/streamingest/stream_ingestion_planning.go b/pkg/ccl/streamingccl/streamingest/stream_ingestion_planning.go index 43d7cf24b514..88c76a2aa04f 100644 --- a/pkg/ccl/streamingccl/streamingest/stream_ingestion_planning.go +++ b/pkg/ccl/streamingccl/streamingest/stream_ingestion_planning.go @@ -166,16 +166,6 @@ func ingestionPlanHook( if err != nil { return err } - q := streamURL.Query() - - // Operator should specify a postgres scheme address with cert authentication. - if hasPostgresAuthentication := (q.Get("sslmode") == "verify-full") && - q.Has("sslrootcert") && q.Has("sslkey") && q.Has("sslcert"); (streamURL.Scheme == "postgres") && - !hasPostgresAuthentication { - return errors.Errorf( - "stream replication address should have cert authentication if in postgres scheme: %s", streamAddress) - } - streamAddress = streamingccl.StreamAddress(streamURL.String()) // TODO(adityamaru): Add privileges checks. Probably the same as RESTORE.