Skip to content
This repository has been archived by the owner on Aug 21, 2023. It is now read-only.

validation(database/postgres) add SSL client authentication (PROJQUAY-2417) #214

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

validation(database/postgres) add SSL client authentication (PROJQUAY-2417) #214

wants to merge 1 commit into from

Conversation

michaelalang
Copy link

@michaelalang michaelalang commented Jul 17, 2023
edited by openshift-ci bot

Issue: https://issues.redhat.com/browse/PROJQUAY-2417
Pull-request title must start with "PROJQUAY-2417 - "

Changelog:
Added SSL client authentication by extending libpg connection parameter support as well as network parameters

Docs:

Testing:
since this change requires a Postgres Database with SSL client authentication setup, I executed the validation run manually after building the image as described in the README.md
I did not setup Redis for the test as I have verified that Quay will be able to use SSL client authentication if validation is turned off to get it started.

Details:

/go/src/config-tool # export DEBUGLOG=true
/go/src/config-tool # config-tool validate -c /conf/stack -m online 
DEBU[0000] Validating AccessSettings                    
DEBU[0000] Validating ActionLogArchiving                
DEBU[0000] Validating AppTokenAuthentication            
DEBU[0000] Validating BitbucketBuildTrigger             
DEBU[0000] Validating BuildManager                      
DEBU[0000] Validating Database                          
DEBU[0000] Scheme: postgresql                           
DEBU[0000] Host: cluster-rw.quay.svc:15432      
DEBU[0000] Db: quay                                     
DEBU[0000] Params: sslcert=%2F.postgresql%2Fpostgresql.crt&sslkey=%2F.postgresql%2Fpostgresql.key&sslmode=verify-full&sslrootcert=%2F.postgresql%2Froot.crt 
DEBU[0000] Including params sslcert=%2F.postgresql%2Fpostgresql.crt&sslkey=%2F.postgresql%2Fpostgresql.key&sslmode=verify-full&sslmode=verify-full&sslrootcert=%2F.postgresql%2Froot.crt&sslrootcert=%2F.postgresql%2Froot.crt 
DEBU[0000] Pinging database at postgresql://quay@cluster-rw.quay.svc:15432/quay?sslcert=%2F.postgresql%2Fpostgresql.crt&sslkey=%2F.postgresql%2Fpostgresql.key&sslmode=verify-full&sslmode=verify-full&sslrootcert=%2F.postgresql%2Froot.crt&sslrootcert=%2F.postgresql%2Froot.crt 
plpgsql
pg_stat_statements
pg_trgm
DEBU[0000] Validating DistributedStorage                
DEBU[0000] Validating ElasticSearch                     
DEBU[0000] Validating Email                             
DEBU[0000] Validating GitHubBuildTrigger                
DEBU[0000] Validating GitHubLogin                       
DEBU[0000] Validating GitLabBuildTrigger                
DEBU[0000] Validating GoogleLogin                       
DEBU[0000] Validating HostSettings                      
DEBU[0000] Validating JWTAuthentication                 
DEBU[0000] Validating LDAP                              
DEBU[0000] Validating OIDC                              
DEBU[0001] Validating QuayDocumentation                 
DEBU[0001] Validating Redis                             
DEBU[0001] Address: redis:6379                          
DEBU[0001] Username:                                    
DEBU[0001] Password Len: 8                              
DEBU[0001] Ssl: <nil>                                   
DEBU[0001] Address: redis:6379                          
DEBU[0001] Username:                                    
DEBU[0001] Password Len: 8                              
DEBU[0001] Ssl: <nil>                                   
DEBU[0001] Redis%!(EXTRA string=Could not connect to Redis with values provided in BUILDLOGS_REDIS. Error: dial tcp: lookup redis on 10.0.2.3:53: no such host, []string=[BUILDLOGS_REDIS]) 
DEBU[0001] Redis%!(EXTRA string=Could not connect to Redis with values provided in USER_EVENTS_REDIS. Error: dial tcp: lookup redis on 10.0.2.3:53: no such host, []string=[USER_EVENTS_REDIS]) 
DEBU[0001] Validating RepoMirror                        
DEBU[0001] Validating SecurityScanner                   
DEBU[0001] Validating TeamSyncing                       
DEBU[0001] Validating TimeMachine                       
DEBU[0001] Validating UserVisibleSettings               
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
|      Field Group       |                                                              Error                                                               | Status |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| AccessSettings         | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| ActionLogArchiving     | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| AppTokenAuthentication | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| BitbucketBuildTrigger  | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| BuildManager           | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| Database               | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| DistributedStorage     | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| ElasticSearch          | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| Email                  | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| GitHubBuildTrigger     | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| GitHubLogin            | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| GitLabBuildTrigger     | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| GoogleLogin            | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| HostSettings           | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| JWTAuthentication      | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| LDAP                   | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| OIDC                   | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| QuayDocumentation      | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| Redis                  | Could not connect to Redis with values provided in BUILDLOGS_REDIS. Error: dial tcp: lookup redis on 10.0.2.3:53: no such host   | 🔴     |
+                        +----------------------------------------------------------------------------------------------------------------------------------+--------+
|                        | Could not connect to Redis with values provided in USER_EVENTS_REDIS. Error: dial tcp: lookup redis on 10.0.2.3:53: no such host | 🔴     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| RepoMirror             | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| SecurityScanner        | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| TeamSyncing            | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| TimeMachine            | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| UserVisibleSettings    | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+

This was referenced Jul 18, 2023
Open
Closed
@michaelalang
Copy link
Author

@BillDett can someone from the Team verify and approve the PR please ?
thanks
Michi

@michaelalang michaelalang mentioned this pull request Aug 25, 2023
Merged
@dmage dmage mentioned this pull request Aug 25, 2023
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@michaelalang