-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Postgres SSLMode not supported via crystal-pg #931
Comments
Right now, Avram builds a connection string that looks like |
The postgresql connection string docs show a query param called sslmode. It takes a bunch of possibilities, too much to enumerate here. |
oh, so it's just a query param like Avram::Credentials.new(
database: "db",
hostname: "localhost",
port: 5432,
username: "postgres",
password: "postgres",
query: "sslmode=required"
) |
I think @steve-bitdotio is indicating those connection parameters are stripped and not passed down to crystal-pg but instead only used for connection pooling? |
Thanks for the suggestion @jwoertink ! Unfortunately, as @jmo-qap highlights, hard-coding the Thanks again for your help! |
I don't think so... When you create a new Credentials object, it builds the URL on initialize here avram/src/avram/credentials.cr Line 12 in 81add34
That builds the connection string avram/src/avram/credentials.cr Line 96 in 81add34
When the database needs to connect it grabs that url here Lines 144 to 146 in 81add34
which is passed to the connect here Lines 166 to 168 in 81add34
and then that it passed on to Crystal-DB Line 17 in 81add34
You can verify this if you open up that connection.cr file in your lib/avram/src/avram/connection.cr and just add some Now, if you're able to confirm the query is being set in the Credentials, but not getting there, then we will need to call sherlock holmes and possible a shaman since that'll be some strange stuff going on 😂 |
Thanks for the code walkthrough @jwoertink ! I took your advice and added some print debugging. I can confirm that my I guess I'll go take a closer look at crystal-pg now? |
Yeah, it sounds like Crystal PG may have the code for the SSL, but it's not actually using it? |
There must be something wrong with how SSL is implemented in crystal-pg, since upon further reading it looks like "prefer" is the default SSL mode in crystal-pg (and that is not working with my postgres database for some reason) 🤔 I will continue discussion in will/crystal-pg#240. In any case I think we can close this issue. Thanks for the help! @jwoertink as an off topic aside, I noticed that no connection parameters are passed to the setup |
Ok, cool. Thanks for the followup. Hopefully something can be figured out on that end. As for the avram/src/avram/migrator/runner.cr Line 66 in 81add34
Looks like we just pass |
After reading https://github.com/will/crystal-pg/blob/cafe0f715019059f127b95156bd3c8dc1015913e/src/pq/connection.cr#L39-L58 it is clear that crystal-pg supports using postgres over SSL.
This is presumably an issue since connection string connection parameters are used for connection pooling instead.
At minimum, if all postgres connections parameters are not supported by avram, then avram should expose field(s) for explicitly enabling SSL.
The text was updated successfully, but these errors were encountered: