New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhancement/Enable non-SSL connections to the database #170
Enhancement/Enable non-SSL connections to the database #170
Conversation
Currently, whenever the database is changed from the default SQLite via the DATABASE_URL environment variable, the connection to the database is forced to be SSL. This is a great default for production use-cases. However, in some scenarios, users may not want to use SSL, e.g. when testing against a local MySQL or PostgreSQL database. This change enables users to explicitly request a non-SSL connection to the database by passing the `?sslmode=disable` (or similar) query argument in the DATABASE_URL environment variable. For backwards compatibility, if the `sslmode` is not set explicitly in the connection URL, the code still defaults to requiring SSL on the connection.
Can this be merged, please? |
Tagging @Hironsan for visibility. |
Merged. Thanks! |
New merge leads to an error:
TypeError: 'sslmode' is an invalid keyword argument for this function |
@c-w looks like {
'default': {
'NAME': 'postgres',
'USER': 'postgres',
'PASSWORD': 'mysecretpassword',
'HOST': 'database',
'PORT': '',
'CONN_MAX_AGE': 600,
'OPTIONS': {
'sslmode': 'require'
},
'ENGINE': 'django.db.backends.postgresql_psycopg2'
}
} |
@deltatree Could you please let me know what environment settings you're using? With the default SQLite mode, I'm seeing correct behavior any errors and this was confirmed in the CI too. I'm assuming you're using |
@deltatree I confirmed that this is an issue in dj-database-url which always sets the sslmode even if the underlying engine doesn't support SSL. I've implemented a work-around for this in #189. I also tested the behavior with an older version of the code before the merge of this pull request and it seems to exhibit the same behavior so I believe this is not a regression but a newly discovered bug in its own right. Just to confirm, could you please share your environment settings so that I can properly reproduce? Thanks! |
@c-w can be reproduced via $ docker run -ti --rm -e "DATABASE_URL=postgresql://postgres:passwd@database/postgres?sslmode=disabled" chakkiworks/doccano:latest python app/manage.py shell
Python 3.6.8 (default, Mar 27 2019, 08:53:45)
[GCC 6.3.0 20170516] on linux
Type "help", "copyright", "credits" or "license" for more information.
(InteractiveConsole)
>>> from django.conf import settings
>>> settings.DATABASES['default']
{'sslmode': 'require'} |
@dveselov Thanks for providing the repro steps. I can confirm the behavior. Looks like this is an issue in django-heroku which seems to always override sslmode=True. I've pushed a work-around for this issue to #189 in commit e5c935a. |
Currently, whenever the database is changed from the default SQLite via the DATABASE_URL environment variable, the connection to the database is forced to be SSL. This is a great default for production use-cases. However, in some scenarios, users may not want to use SSL, e.g. when testing against a local MySQL or PostgreSQL database.
This change enables users to explicitly request a non-SSL connection to the database by passing the
?sslmode=disable
(or similar) query argument in the DATABASE_URL environment variable.For backwards compatibility, if the
sslmode
is not set explicitly in the connection URL, the code still defaults to requiring SSL on the connection.