Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

postgres: SSL mode creates temporary files in certain situations, we should not do that #87036

Open
gabor opened this issue Apr 29, 2024 · 0 comments
Open

postgres: SSL mode creates temporary files in certain situations, we should not do that #87036

gabor opened this issue Apr 29, 2024 · 0 comments
Assignees
@gabor
Labels
datasource/Postgres internal for issues made by grafanistas

Comments

@gabor
Copy link
Contributor

gabor commented Apr 29, 2024
edited

the postgres go library we currently use ( lib/pq ) requires the TLS certificates to be files on the disk.
so, when the user simply pastes the certificates into the datasource config page, this won't work.
to fix this,we create temporary files on the disk.

we should find another approach, where temporary files are not needed, because the current approach makes it hard to do improvements, like multi-tenancy.

what we tried and did not work:

  • lib/pq supports the sslinline flag, that should allow us to directly insert the certificate-content into the connection string. unfortunately, currently, if you specify sslinline, it is mandatory to have client certificates configured ( ssl: allow sslinline without client certs lib/pq#1140 )

what should work, is #87037
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gabor gabor

Labels
datasource/Postgres internal for issues made by grafanistas
Projects
OSS Big Tent
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gabor