Skip to content

Commit

Permalink
added error handling for missing certificates and updated readme
Browse files Browse the repository at this point in the history
  • Loading branch information
azourigal authored and msvolenski committed Jan 12, 2024
1 parent 7c570d2 commit daf7987
Show file tree
Hide file tree
Showing 33 changed files with 19 additions and 14 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -196,6 +196,8 @@ cf set-env <YOUR_APP> DATABASE_CONNECTION_PARAMS '{"tcpKeepAlive": "true", "conn

*:warning: If you set `DATABASE_URL` as JDBC connection string (prefixed with `jdbc:` and including parameters, `DATABASE_CONNECTION_PARAMS` is not required.*

To allow connection to an AWS RDS database the buildpack selects the regional CA certificate stored in [`rds-certificates`](etc/rds-certificates). If the region's certificate doesn't exist, the buildpack will fail with an error `Could not find database CA certificate in map`.

#### Supported VCAP Schemas

Cloud Foundry database services are detected from Cloud Foundry service bindings ([VCAP](https://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES)) and translated into Mendix Runtime configuration. In case no database service is bound, the fallback is the environment variable `DATABASE_URL`.
Expand Down
31 changes: 17 additions & 14 deletions buildpack/infrastructure/database.py
Original file line number Diff line number Diff line change
Expand Up @@ -332,19 +332,22 @@ def init(self):
if database_type == "PostgreSQL":
jdbc_params.update({"tcpKeepAlive": "true"})

if database_type == "PostgreSQL" and config["DatabaseHost"].split(":")[
0
].endswith(".rds.amazonaws.com"):
database_region = config["DatabaseHost"].split('.')[2]
jdbc_params.update(
{
"sslrootcert": os.path.expandvars(
"$HOME/.postgresql/"+region_pem_map[database_region]
)
}
)
jdbc_params.update({"sslmode": "verify-full"})

try:
if database_type == "PostgreSQL" and config["DatabaseHost"].split(":")[
0
].endswith(".rds.amazonaws.com"):
database_region = config["DatabaseHost"].split('.')[2]
jdbc_params.update(
{
"sslrootcert": os.path.expandvars(
"$HOME/.postgresql/"+region_pem_map[database_region]
)
}
)
jdbc_params.update({"sslmode": "verify-full"})
except:
raise Exception("Could not find database CA certificate in map")

if database_type == "PostgreSQL" and not self.url.startswith("jdbc:"):
self.extract_inline_cert(jdbc_params, self.SSLCERT, "postgresql.crt")
self.extract_inline_cert(jdbc_params, self.SSLKEY, "postgresql.pk8")
Expand Down Expand Up @@ -561,7 +564,7 @@ def stage(buildpack_dir, build_dir):
util.mkdir_p(os.path.join(build_dir, ".postgresql"))
for key, value in region_pem_map.items():
shutil.copy(
os.path.join(buildpack_dir, "etc", value),
os.path.join(buildpack_dir, "etc/rds-certificates", value),
os.path.join(build_dir, ".postgresql", value ),
)

Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.

0 comments on commit daf7987

Please sign in to comment.