Add postgres sslmode option (#772)

Co-authored-by: aleksandr.drozdin <aleksandr.drozdin@karuna.group>
2021-05-19 18:03:23 +03:00 · 2021-05-19 18:03:23 +03:00 · 6693bff2f5
parent eb0bd70046
commit 6693bff2f5
4 changed files with 30 additions and 18 deletions
--- a/docs/v1.X/docs/references/crowdsec-config.md
+++ b/docs/v1.X/docs/references/crowdsec-config.md
@ -37,7 +37,7 @@ db_config:
  db_path: /var/lib/crowdsec/data/crowdsec.db
  #user:
  #password:
-  #db_name: 
+  #db_name:
  #host:
  #port:
  flush:
@ -76,10 +76,10 @@ For example, if you don't want to store your database password in the configurat
 db_config:
  type:     mysql
  user:     database_user
-  password: ${DB_PASSWORD}  
+  password: ${DB_PASSWORD}
  db_name:  db_name
-  host:     192.168.0.2   
-  port:     3306 
+  host:     192.168.0.2
+  port:     3306
 ```

 And export the environment variable such as:
@ -88,7 +88,7 @@ And export the environment variable such as:
 export DB_PASSWORD="<db_password>"
 ```

-!!! warning 
+!!! warning
    **Note**: you need to be `root` or put the environment variable in `/etc/environement`

 ## Configuration format
@ -118,12 +118,13 @@ cscli:
  hub_branch: <hub_branch>
 db_config:
  type:     <db_type>
-  db_path:  <path_to_database_file>  
+  db_path:  <path_to_database_file>
  user:     <db_user>      # for mysql/pgsql
  password: <db_password>  # for mysql/pgsql
  db_name:  <db_name>      # for mysql/pgsql
  host:     <db_host_ip>   # for mysql/pgsql
  port:     <db_host_port> # for mysql/pgsql
+  sslmode:  <required/disable> # for pgsql
  flush:
    max_items: <max_alerts_in_db>
    max_age: <max_age_of_alerts_in_db>
@ -256,7 +257,7 @@ crowdsec_service:

 Number of dedicated goroutines for parsing files.

-#### `buckets_routines` 
+#### `buckets_routines`
 > int

 Number of dedicated goroutines for managing live buckets.
@ -414,7 +415,7 @@ Path to certificate file.

 Path to certficate key file.

-### `prometheus` 
+### `prometheus`

 This section is used by local API and crowdsec.

--- a/docs/v1.X/docs/references/database.md
+++ b/docs/v1.X/docs/references/database.md
@ -60,10 +60,11 @@ db_config:
  password: crowdsecpassword
  db_name: crowdsec
  host: "127.0.0.1"
-  port: 3306
+  port: 5432
+  sslmode: disable
  flush:
    max_items: 5000
-    max_age: 7d  
+    max_age: 7d
 ```

 </details>
@ -76,14 +77,15 @@ db_config:
 ```yaml
 db_config:
  type:     <db_type>
-  
+
  db_path:  <path_to_database_file>  # for sqlite
-  
+
  user:     <db_user>      # for mysql/pgsql
  password: <db_password>  # for mysql/pgsql
  db_name:  <db_name>      # for mysql/pgsql
  host:     <db_host_ip>   # for mysql/pgsql
  port:     <db_host_port> # for mysql/pgsql
+  sslmode:  <required/disable> # for pgsql
  flush:
    max_items: <max_alerts_in_db>
 	max_age: <max_age_of_alerts_in_db>
@ -165,6 +167,14 @@ db_config:
 ```
 The port to connect to (only if the type of database is `mysql` or `postgresql`)

+```yaml
+db_config:
+  type: postgresql
+
+  sslmode: required
+```
+Required or disable ssl connection to database (only if the type of database is `postgresql`)
+
 ### `flush`

 ```yaml
@ -237,7 +247,7 @@ Alert:
 	| events    | Event    | false   |         | O2M      | false  | true     |
 	| metas     | Meta     | false   |         | O2M      | false  | true     |
 	+-----------+----------+---------+---------+----------+--------+----------+
-	
+
 Bouncer:
 	+------------+-----------+--------+----------+----------+---------+---------------+-----------+-----------------------------+------------+
 	|   Field    |   Type    | Unique | Optional | Nillable | Default | UpdateDefault | Immutable |          StructTag          | Validators |
@ -254,7 +264,7 @@ Bouncer:
 	| until      | time.Time | false  | true     | false    | true    | false         | false     | json:"until,omitempty"      |          0 |
 	| last_pull  | time.Time | false  | false    | false    | true    | false         | false     | json:"last_pull,omitempty"  |          0 |
 	+------------+-----------+--------+----------+----------+---------+---------------+-----------+-----------------------------+------------+
-	
+
 Decision:
 	+--------------+-----------+--------+----------+----------+---------+---------------+-----------+-------------------------------+------------+
 	|    Field     |   Type    | Unique | Optional | Nillable | Default | UpdateDefault | Immutable |           StructTag           | Validators |
@ -280,7 +290,7 @@ Decision:
 	+-------+-------+---------+-----------+----------+--------+----------+
 	| owner | Alert | true    | decisions | M2O      | true   | true     |
 	+-------+-------+---------+-----------+----------+--------+----------+
-	
+
 Event:
 	+------------+-----------+--------+----------+----------+---------+---------------+-----------+-----------------------------+------------+
 	|   Field    |   Type    | Unique | Optional | Nillable | Default | UpdateDefault | Immutable |          StructTag          | Validators |
@ -296,7 +306,7 @@ Event:
 	+-------+-------+---------+---------+----------+--------+----------+
 	| owner | Alert | true    | events  | M2O      | true   | true     |
 	+-------+-------+---------+---------+----------+--------+----------+
-	
+
 Machine:
 	+-------------+-----------+--------+----------+----------+---------+---------------+-----------+------------------------------+------------+
 	|    Field    |   Type    | Unique | Optional | Nillable | Default | UpdateDefault | Immutable |          StructTag           | Validators |
@ -317,7 +327,7 @@ Machine:
 	+--------+-------+---------+---------+----------+--------+----------+
 	| alerts | Alert | false   |         | O2M      | false  | true     |
 	+--------+-------+---------+---------+----------+--------+----------+
-	
+
 Meta:
 	+------------+-----------+--------+----------+----------+---------+---------------+-----------+-----------------------------+------------+
 	|   Field    |   Type    | Unique | Optional | Nillable | Default | UpdateDefault | Immutable |          StructTag          | Validators |
--- a/pkg/csconfig/database.go
+++ b/pkg/csconfig/database.go
@ -10,6 +10,7 @@ type DatabaseCfg struct {
 	User     string      `yaml:"user"`
 	Password string      `yaml:"password"`
 	DbName   string      `yaml:"db_name"`
+	Sslmode  string      `yaml:"sslmode"`
 	Host     string      `yaml:"host"`
 	Port     int         `yaml:"port"`
 	DbPath   string      `yaml:"db_path"`
--- a/pkg/database/database.go
+++ b/pkg/database/database.go
@ -56,7 +56,7 @@ func NewClient(config *csconfig.DatabaseCfg) (*Client, error) {
 			return &Client{}, fmt.Errorf("failed opening connection to mysql: %v", err)
 		}
 	case "postgres", "postgresql":
-		client, err = ent.Open("postgres", fmt.Sprintf("host=%s port=%d user=%s dbname=%s password=%s", config.Host, config.Port, config.User, config.DbName, config.Password))
+		client, err = ent.Open("postgres", fmt.Sprintf("host=%s port=%d user=%s dbname=%s password=%s sslmode=%s", config.Host, config.Port, config.User, config.DbName, config.Password, config.Sslmode))
 		if err != nil {
 			return &Client{}, fmt.Errorf("failed opening connection to postgres: %v", err)
 		}