New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: PGSql MTLS support #31067
feat: PGSql MTLS support #31067
Conversation
WalkthroughThe update introduces SSL certificate validation for the Postgres plugin, enhancing security by verifying server certificates against known CAs. It adds two verification levels, Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
...ins/postgresPlugin/src/main/java/com/external/plugins/utils/StringCertValidatingFactory.java
Outdated
Show resolved
Hide resolved
...ins/postgresPlugin/src/main/java/com/external/plugins/utils/StringCertValidatingFactory.java
Outdated
Show resolved
Hide resolved
...ins/postgresPlugin/src/main/java/com/external/plugins/utils/StringCertValidatingFactory.java
Outdated
Show resolved
Hide resolved
...ins/postgresPlugin/src/main/java/com/external/plugins/utils/StringCertValidatingFactory.java
Outdated
Show resolved
Hide resolved
...erver/appsmith-plugins/postgresPlugin/src/main/java/com/external/plugins/PostgresPlugin.java
Outdated
Show resolved
Hide resolved
…o feat/pgsql-ca-cert-auth-support
Failed server tests
|
/build-deploy-preview |
Deploying Your Preview: https://github.com/appsmithorg/appsmith/actions/runs/7914129925. |
Deploy-Preview-URL: https://ce-31067.dp.appsmith.com |
This PR has not seen activitiy for a while. It will be closed in 7 days unless further activity is detected. |
…o feat/pgsql-ca-cert-auth-support
Failed server tests
|
app/server/appsmith-interfaces/src/main/java/com/appsmith/external/helpers/RSAKeyUtil.java
Outdated
Show resolved
Hide resolved
...erver/appsmith-plugins/postgresPlugin/src/main/java/com/external/plugins/PostgresPlugin.java
Show resolved
Hide resolved
.../postgresPlugin/src/main/java/com/external/plugins/utils/MutualTLSCertValidatingFactory.java
Show resolved
Hide resolved
…o feat/pgsql-ca-cert-auth-support
Description
Mutual TLS, or mTLS for short, is a method for mutual authentication. mTLS ensures that the parties at each end of a network connection are who they claim to be by verifying that they both have the correct private key.
This PR adds support for mTLS for postgres datasource. Unlike the standard way of storing the certs in disk, we store them in the database. This has been achieved via the custom implementation of SSL Factory. The postgres driver support passing the custom ssl factory while creating connection, which then will be used for handling and establishing the connection.
PR fixes following issue(s)
Fixes #31326
Type of change
Testing
How Has This Been Tested?
Test Plan
Issues raised during DP testing
Checklist:
Dev activity
QA activity:
Test Plan Approved
label after Cypress tests were reviewedTest Plan Approved
label after JUnit tests were reviewedSummary by CodeRabbit
VERIFY_CA
andVERIFY_FULL
modes for SSL verification, ensuring a higher level of security for database communications.