feat: added tls config

[Avi98]

Component/Part

backend -> Database cofig

Description

This PR fixes #3063

Steps

• Added implementation
• Added / updated tests
• Added / updated documentation
• Added changelog snippet
• I read the contribution documentation and
  made sure that:
  • My commits are signed-off to accept the DCO.
  • This PR targets the correct branch: master for 1.x & docs, develop for 2.x

[ErikMichelson]

Thanks for your contribution!

I haven't tested the code yet, these are just some things I saw when having a look at the code.

[Avi98]

Thanks for your contribution!

I haven't tested the code yet, these are just some things I saw when looking at the code.

Erik, I have added an env flag HD_DATABASE_SSL for validating the SSL/TLS config. If the flag is absent, the SSL/TLS joi validation will not work.

environment variable	default	example	description
HD_DATABASE_SSL	'0'	1	Pass this value when SSL/TLS configuration is needed

Tested joi validation for following condition

1. When HD_DATABASE_SSL=1 & HD_DATABASE_TYPE=postgres SSL/TLS env config for postgres should be present.
2. When HD_DATABASE_SSL=1 & HD_DATABASE_TYPE=mysql SSL/TLS env config SSL/TLS for mysql/Mariadb should be present.
3. HD_DATABASE_SSL is not there (backward compatible) SSL/TLS validation is not added

Screen.Recording.2024-03-08.at.6.07.25.PM.mov

[ErikMichelson]

This gets in the right direction! :)

What still surprises me is the reason we need completely separate environment variables for postgres and maraidb/mysql? I get that you intended to make explicit which options are only relevant for the chosen database type. But having for example both HD_SQL_SSL_CA_PATH and HD_PG_SSL_CA_PATH seems a bit unnecessary to me. For changing that the code doesn't need greater changes, it's more a thing of renaming the variables and updating the documentation.

[ErikMichelson]

Why isn't this just a boolean (Joi.boolean().default(false))?

[ErikMichelson]

As this method is rather crucial to database security options, it should be unit-tested. The getSecret method could be mocked for that.

[ErikMichelson]

Suggested change

	if (!needsSSL) return;
	if (!needsSSL) {
	return;
	}

Although it may seem unnecessary, please use explicit closures for if statements. By being explicit in all places, we should be avoiding things like apple's gotofail bug.

[codecov]

Codecov Report

Attention: Patch coverage is 75.00000% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 87.65%. Comparing base (e7f33c9) to head (448bddd).
Report is 17 commits behind head on develop.

Files	Patch %	Lines
backend/src/config/database.config.ts	75.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##           develop    #5530       +/-   ##
============================================
+ Coverage    57.66%   87.65%   +29.99%     
============================================
  Files          418      173      -245     
  Lines        12058     4561     -7497     
  Branches      1007      492      -515     
============================================
- Hits          6953     3998     -2955     
+ Misses        5048      538     -4510     
+ Partials        57       25       -32     

Flag	Coverage Δ
backend	87.65% <75.00%> (+0.03%)	⬆️
backend-e2e-tests	74.17% <75.00%> (-0.18%)	⬇️
backend-unit-tests	85.79% <75.00%> (+0.06%)	⬆️
e2e-tests	74.17% <75.00%> (-0.18%)	⬇️
frontend	?
frontend-unit-tests	?
unit-tests	85.79% <75.00%> (+33.99%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.