diff --git a/README.md b/README.md index 0643abb8..f9faa947 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,8 @@ cf set-env DATABASE_CONNECTION_PARAMS '{"tcpKeepAlive": "true", "conn *:warning: If you set `DATABASE_URL` as JDBC connection string (prefixed with `jdbc:` and including parameters, `DATABASE_CONNECTION_PARAMS` is not required.* +To allow connection to an AWS RDS database the buildpack selects the regional CA certificate stored in [`rds-certificates`](etc/rds-certificates). If the region's certificate doesn't exist, the buildpack will fail with an error `Could not find database CA certificate in map`. + #### Supported VCAP Schemas Cloud Foundry database services are detected from Cloud Foundry service bindings ([VCAP](https://docs.cloudfoundry.org/devguide/deploy-apps/environment-variable.html#VCAP-SERVICES)) and translated into Mendix Runtime configuration. In case no database service is bound, the fallback is the environment variable `DATABASE_URL`. diff --git a/buildpack/infrastructure/database.py b/buildpack/infrastructure/database.py index 189fefbd..b4d3f7a0 100644 --- a/buildpack/infrastructure/database.py +++ b/buildpack/infrastructure/database.py @@ -332,19 +332,22 @@ def init(self): if database_type == "PostgreSQL": jdbc_params.update({"tcpKeepAlive": "true"}) - if database_type == "PostgreSQL" and config["DatabaseHost"].split(":")[ - 0 - ].endswith(".rds.amazonaws.com"): - database_region = config["DatabaseHost"].split('.')[2] - jdbc_params.update( - { - "sslrootcert": os.path.expandvars( - "$HOME/.postgresql/"+region_pem_map[database_region] - ) - } - ) - jdbc_params.update({"sslmode": "verify-full"}) - + try: + if database_type == "PostgreSQL" and config["DatabaseHost"].split(":")[ + 0 + ].endswith(".rds.amazonaws.com"): + database_region = config["DatabaseHost"].split('.')[2] + jdbc_params.update( + { + "sslrootcert": os.path.expandvars( + "$HOME/.postgresql/"+region_pem_map[database_region] + ) + } + ) + jdbc_params.update({"sslmode": "verify-full"}) + except: + raise Exception("Could not find database CA certificate in map") + if database_type == "PostgreSQL" and not self.url.startswith("jdbc:"): self.extract_inline_cert(jdbc_params, self.SSLCERT, "postgresql.crt") self.extract_inline_cert(jdbc_params, self.SSLKEY, "postgresql.pk8") @@ -561,7 +564,7 @@ def stage(buildpack_dir, build_dir): util.mkdir_p(os.path.join(build_dir, ".postgresql")) for key, value in region_pem_map.items(): shutil.copy( - os.path.join(buildpack_dir, "etc", value), + os.path.join(buildpack_dir, "etc/rds-certificates", value), os.path.join(build_dir, ".postgresql", value ), ) diff --git a/etc/af-south-1-bundle.pem b/etc/rds-certificates/af-south-1-bundle.pem similarity index 100% rename from etc/af-south-1-bundle.pem rename to etc/rds-certificates/af-south-1-bundle.pem diff --git a/etc/amazon-rds-ca.pem b/etc/rds-certificates/amazon-rds-ca.pem similarity index 100% rename from etc/amazon-rds-ca.pem rename to etc/rds-certificates/amazon-rds-ca.pem diff --git a/etc/ap-east-1-bundle.pem b/etc/rds-certificates/ap-east-1-bundle.pem similarity index 100% rename from etc/ap-east-1-bundle.pem rename to etc/rds-certificates/ap-east-1-bundle.pem diff --git a/etc/ap-northeast-1-bundle.pem b/etc/rds-certificates/ap-northeast-1-bundle.pem similarity index 100% rename from etc/ap-northeast-1-bundle.pem rename to etc/rds-certificates/ap-northeast-1-bundle.pem diff --git a/etc/ap-northeast-2-bundle.pem b/etc/rds-certificates/ap-northeast-2-bundle.pem similarity index 100% rename from etc/ap-northeast-2-bundle.pem rename to etc/rds-certificates/ap-northeast-2-bundle.pem diff --git a/etc/ap-northeast-3-bundle.pem b/etc/rds-certificates/ap-northeast-3-bundle.pem similarity index 100% rename from etc/ap-northeast-3-bundle.pem rename to etc/rds-certificates/ap-northeast-3-bundle.pem diff --git a/etc/ap-south-1-bundle.pem b/etc/rds-certificates/ap-south-1-bundle.pem similarity index 100% rename from etc/ap-south-1-bundle.pem rename to etc/rds-certificates/ap-south-1-bundle.pem diff --git a/etc/ap-south-2-bundle.pem b/etc/rds-certificates/ap-south-2-bundle.pem similarity index 100% rename from etc/ap-south-2-bundle.pem rename to etc/rds-certificates/ap-south-2-bundle.pem diff --git a/etc/ap-southeast-1-bundle.pem b/etc/rds-certificates/ap-southeast-1-bundle.pem similarity index 100% rename from etc/ap-southeast-1-bundle.pem rename to etc/rds-certificates/ap-southeast-1-bundle.pem diff --git a/etc/ap-southeast-2-bundle.pem b/etc/rds-certificates/ap-southeast-2-bundle.pem similarity index 100% rename from etc/ap-southeast-2-bundle.pem rename to etc/rds-certificates/ap-southeast-2-bundle.pem diff --git a/etc/ap-southeast-3-bundle.pem b/etc/rds-certificates/ap-southeast-3-bundle.pem similarity index 100% rename from etc/ap-southeast-3-bundle.pem rename to etc/rds-certificates/ap-southeast-3-bundle.pem diff --git a/etc/ap-southeast-4-bundle.pem b/etc/rds-certificates/ap-southeast-4-bundle.pem similarity index 100% rename from etc/ap-southeast-4-bundle.pem rename to etc/rds-certificates/ap-southeast-4-bundle.pem diff --git a/etc/ca-central-1-bundle.pem b/etc/rds-certificates/ca-central-1-bundle.pem similarity index 100% rename from etc/ca-central-1-bundle.pem rename to etc/rds-certificates/ca-central-1-bundle.pem diff --git a/etc/downloudpem.sh b/etc/rds-certificates/downloudpem.sh similarity index 100% rename from etc/downloudpem.sh rename to etc/rds-certificates/downloudpem.sh diff --git a/etc/eu-central-1-bundle.pem b/etc/rds-certificates/eu-central-1-bundle.pem similarity index 100% rename from etc/eu-central-1-bundle.pem rename to etc/rds-certificates/eu-central-1-bundle.pem diff --git a/etc/eu-central-2-bundle.pem b/etc/rds-certificates/eu-central-2-bundle.pem similarity index 100% rename from etc/eu-central-2-bundle.pem rename to etc/rds-certificates/eu-central-2-bundle.pem diff --git a/etc/eu-north-1-bundle.pem b/etc/rds-certificates/eu-north-1-bundle.pem similarity index 100% rename from etc/eu-north-1-bundle.pem rename to etc/rds-certificates/eu-north-1-bundle.pem diff --git a/etc/eu-south-1-bundle.pem b/etc/rds-certificates/eu-south-1-bundle.pem similarity index 100% rename from etc/eu-south-1-bundle.pem rename to etc/rds-certificates/eu-south-1-bundle.pem diff --git a/etc/eu-south-2-bundle.pem b/etc/rds-certificates/eu-south-2-bundle.pem similarity index 100% rename from etc/eu-south-2-bundle.pem rename to etc/rds-certificates/eu-south-2-bundle.pem diff --git a/etc/eu-west-1-bundle.pem b/etc/rds-certificates/eu-west-1-bundle.pem similarity index 100% rename from etc/eu-west-1-bundle.pem rename to etc/rds-certificates/eu-west-1-bundle.pem diff --git a/etc/eu-west-2-bundle.pem b/etc/rds-certificates/eu-west-2-bundle.pem similarity index 100% rename from etc/eu-west-2-bundle.pem rename to etc/rds-certificates/eu-west-2-bundle.pem diff --git a/etc/eu-west-3-bundle.pem b/etc/rds-certificates/eu-west-3-bundle.pem similarity index 100% rename from etc/eu-west-3-bundle.pem rename to etc/rds-certificates/eu-west-3-bundle.pem diff --git a/etc/global-bundle.pem b/etc/rds-certificates/global-bundle.pem similarity index 100% rename from etc/global-bundle.pem rename to etc/rds-certificates/global-bundle.pem diff --git a/etc/il-central-1-bundle.pem b/etc/rds-certificates/il-central-1-bundle.pem similarity index 100% rename from etc/il-central-1-bundle.pem rename to etc/rds-certificates/il-central-1-bundle.pem diff --git a/etc/me-central-1-bundle.pem b/etc/rds-certificates/me-central-1-bundle.pem similarity index 100% rename from etc/me-central-1-bundle.pem rename to etc/rds-certificates/me-central-1-bundle.pem diff --git a/etc/me-south-1-bundle.pem b/etc/rds-certificates/me-south-1-bundle.pem similarity index 100% rename from etc/me-south-1-bundle.pem rename to etc/rds-certificates/me-south-1-bundle.pem diff --git a/etc/sa-east-1-bundle.pem b/etc/rds-certificates/sa-east-1-bundle.pem similarity index 100% rename from etc/sa-east-1-bundle.pem rename to etc/rds-certificates/sa-east-1-bundle.pem diff --git a/etc/us-east-1-bundle.pem b/etc/rds-certificates/us-east-1-bundle.pem similarity index 100% rename from etc/us-east-1-bundle.pem rename to etc/rds-certificates/us-east-1-bundle.pem diff --git a/etc/us-east-2-bundle.pem b/etc/rds-certificates/us-east-2-bundle.pem similarity index 100% rename from etc/us-east-2-bundle.pem rename to etc/rds-certificates/us-east-2-bundle.pem diff --git a/etc/us-west-1-bundle.pem b/etc/rds-certificates/us-west-1-bundle.pem similarity index 100% rename from etc/us-west-1-bundle.pem rename to etc/rds-certificates/us-west-1-bundle.pem diff --git a/etc/us-west-2-bundle.pem b/etc/rds-certificates/us-west-2-bundle.pem similarity index 100% rename from etc/us-west-2-bundle.pem rename to etc/rds-certificates/us-west-2-bundle.pem