Skip to content
This repository was archived by the owner on Aug 21, 2023. It is now read-only.

validation(database/postgres) add SSL client authentication (PROJQUAY-2417)#214

Open
michaelalang wants to merge 1 commit intoquay:masterfrom
michaelalang:master
Open

validation(database/postgres) add SSL client authentication (PROJQUAY-2417)#214
michaelalang wants to merge 1 commit intoquay:masterfrom
michaelalang:master

Conversation

@michaelalang
Copy link
Copy Markdown

@michaelalang michaelalang commented Jul 17, 2023
edited by openshift-ci bot
Loading

Issue: https://issues.redhat.com/browse/PROJQUAY-2417
Pull-request title must start with "PROJQUAY-2417 - "

Changelog:
Added SSL client authentication by extending libpg connection parameter support as well as network parameters

Docs:

Testing:
since this change requires a Postgres Database with SSL client authentication setup, I executed the validation run manually after building the image as described in the README.md
I did not setup Redis for the test as I have verified that Quay will be able to use SSL client authentication if validation is turned off to get it started.

Details:

/go/src/config-tool # export DEBUGLOG=true
/go/src/config-tool # config-tool validate -c /conf/stack -m online 
DEBU[0000] Validating AccessSettings                    
DEBU[0000] Validating ActionLogArchiving                
DEBU[0000] Validating AppTokenAuthentication            
DEBU[0000] Validating BitbucketBuildTrigger             
DEBU[0000] Validating BuildManager                      
DEBU[0000] Validating Database                          
DEBU[0000] Scheme: postgresql                           
DEBU[0000] Host: cluster-rw.quay.svc:15432      
DEBU[0000] Db: quay                                     
DEBU[0000] Params: sslcert=%2F.postgresql%2Fpostgresql.crt&sslkey=%2F.postgresql%2Fpostgresql.key&sslmode=verify-full&sslrootcert=%2F.postgresql%2Froot.crt 
DEBU[0000] Including params sslcert=%2F.postgresql%2Fpostgresql.crt&sslkey=%2F.postgresql%2Fpostgresql.key&sslmode=verify-full&sslmode=verify-full&sslrootcert=%2F.postgresql%2Froot.crt&sslrootcert=%2F.postgresql%2Froot.crt 
DEBU[0000] Pinging database at postgresql://quay@cluster-rw.quay.svc:15432/quay?sslcert=%2F.postgresql%2Fpostgresql.crt&sslkey=%2F.postgresql%2Fpostgresql.key&sslmode=verify-full&sslmode=verify-full&sslrootcert=%2F.postgresql%2Froot.crt&sslrootcert=%2F.postgresql%2Froot.crt 
plpgsql
pg_stat_statements
pg_trgm
DEBU[0000] Validating DistributedStorage                
DEBU[0000] Validating ElasticSearch                     
DEBU[0000] Validating Email                             
DEBU[0000] Validating GitHubBuildTrigger                
DEBU[0000] Validating GitHubLogin                       
DEBU[0000] Validating GitLabBuildTrigger                
DEBU[0000] Validating GoogleLogin                       
DEBU[0000] Validating HostSettings                      
DEBU[0000] Validating JWTAuthentication                 
DEBU[0000] Validating LDAP                              
DEBU[0000] Validating OIDC                              
DEBU[0001] Validating QuayDocumentation                 
DEBU[0001] Validating Redis                             
DEBU[0001] Address: redis:6379                          
DEBU[0001] Username:                                    
DEBU[0001] Password Len: 8                              
DEBU[0001] Ssl: <nil>                                   
DEBU[0001] Address: redis:6379                          
DEBU[0001] Username:                                    
DEBU[0001] Password Len: 8                              
DEBU[0001] Ssl: <nil>                                   
DEBU[0001] Redis%!(EXTRA string=Could not connect to Redis with values provided in BUILDLOGS_REDIS. Error: dial tcp: lookup redis on 10.0.2.3:53: no such host, []string=[BUILDLOGS_REDIS]) 
DEBU[0001] Redis%!(EXTRA string=Could not connect to Redis with values provided in USER_EVENTS_REDIS. Error: dial tcp: lookup redis on 10.0.2.3:53: no such host, []string=[USER_EVENTS_REDIS]) 
DEBU[0001] Validating RepoMirror                        
DEBU[0001] Validating SecurityScanner                   
DEBU[0001] Validating TeamSyncing                       
DEBU[0001] Validating TimeMachine                       
DEBU[0001] Validating UserVisibleSettings               
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
|      Field Group       |                                                              Error                                                               | Status |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| AccessSettings         | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| ActionLogArchiving     | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| AppTokenAuthentication | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| BitbucketBuildTrigger  | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| BuildManager           | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| Database               | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| DistributedStorage     | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| ElasticSearch          | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| Email                  | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| GitHubBuildTrigger     | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| GitHubLogin            | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| GitLabBuildTrigger     | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| GoogleLogin            | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| HostSettings           | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| JWTAuthentication      | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| LDAP                   | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| OIDC                   | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| QuayDocumentation      | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| Redis                  | Could not connect to Redis with values provided in BUILDLOGS_REDIS. Error: dial tcp: lookup redis on 10.0.2.3:53: no such host   | 🔴     |
+                        +----------------------------------------------------------------------------------------------------------------------------------+--------+
|                        | Could not connect to Redis with values provided in USER_EVENTS_REDIS. Error: dial tcp: lookup redis on 10.0.2.3:53: no such host | 🔴     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| RepoMirror             | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| SecurityScanner        | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| TeamSyncing            | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| TimeMachine            | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+
| UserVisibleSettings    | -                                                                                                                                | 🟢     |
+------------------------+----------------------------------------------------------------------------------------------------------------------------------+--------+

This was referenced Jul 18, 2023
Open
Closed
@michaelalang
Copy link
Copy Markdown
Author

michaelalang commented Jul 18, 2023

@BillDett can someone from the Team verify and approve the PR please ?
thanks
Michi

@michaelalang michaelalang mentioned this pull request Aug 25, 2023
Merged
@dmage dmage mentioned this pull request Aug 25, 2023
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@michaelalang