Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable support for verify-ca SSL mode for cases when hostname verification is not possible/required #2462

Merged
merged 1 commit into from Aug 20, 2023
Merged

Enable support for verify-ca SSL mode for cases when hostname verification is not possible/required #2462

merged 1 commit into from Aug 20, 2023

Conversation

anshrupani
Copy link
Contributor

What is this change about?

Bosh docs claim that bosh provides support for the director DB TLS config property skip_host_verify, but unfortunately there was not implementation in the code or support in the director specs template. This PR provides support for this property, enabling another SSL verification mode (verify-ca for postgres, verify_ca for mysql2). This will especially be useful for enabling TLS communication with GCP databases, where hostname verification is currently not possible.

What tests have you run against this PR?

Ran the director unit tests and verified the usage of a dev-release with this feature on a development environment.

How should this change be described in bosh release notes?

Provide support for verify-ca SSL mode by enabling skip_host_verify director DB TLS config.

Does this PR introduce a breaking change?

No

Tag your pair, your PM, and/or team!

@Malsourie

Malsourie
Malsourie approved these changes Aug 14, 2023
View reviewed changes
Copy link
Contributor

@Malsourie Malsourie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jpalermo jpalermo requested review from a team, ragaskar and ystros and removed request for a team August 17, 2023 14:45
aramprice
aramprice approved these changes Aug 17, 2023
View reviewed changes
Copy link
Member

@aramprice aramprice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@jpalermo jpalermo merged commit 45a062f into cloudfoundry:main Aug 20, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aramprice aramprice aramprice approved these changes

@Malsourie Malsourie Malsourie approved these changes

@ragaskar ragaskar Awaiting requested review from ragaskar ragaskar was automatically assigned from cloudfoundry/wg-foundational-infrastructure-vm-deployment-lifecycle-bosh-approvers

@ystros ystros Awaiting requested review from ystros ystros was automatically assigned from cloudfoundry/wg-foundational-infrastructure-vm-deployment-lifecycle-bosh-approvers

Assignees
No one assigned
Labels
None yet
Projects
Foundational Infrastructure Working Group
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@anshrupani @aramprice @Malsourie @jpalermo