IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6670 from tomkozlowski/feature/postgres-certs

Browse Source 
generalized database connection cert support and added to postgres
This commit is contained in:
Carl Bergquist
2016-11-29 21:40:27 +01:00
committed by GitHub
parent 9f4d06e8e2 c21ffcc6c9
commit b47410af6a
2 changed files with 16 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
pkg/services/sqlstore/sqlstore.go
View File

@@ -23,12 +23,13 @@ import (
_ "github.com/mattn/go-sqlite3" _ "github.com/mattn/go-sqlite3"
) )
type MySQLConfig struct {
SslMode string type DatabaseConfig struct {
CaCertPath string Type, Host, Name, User, Pwd, Path, SslMode string
ClientKeyPath string CaCertPath string
ClientCertPath string ClientKeyPath string
ServerCertName string ClientCertPath string
ServerCertName string
} }
var ( var (
@@ -37,11 +38,8 @@ var (
HasEngine bool HasEngine bool
DbCfg struct { DbCfg DatabaseConfig
Type, Host, Name, User, Pwd, Path, SslMode string
}
mysqlConfig MySQLConfig
UseSQLite3 bool UseSQLite3 bool
sqlog log.Logger = log.New("sqlstore") sqlog log.Logger = log.New("sqlstore")
) )
@@ -118,8 +116,8 @@ func getEngine() (*xorm.Engine, error) {
cnnstr = fmt.Sprintf("%s:%s@%s(%s)/%s?charset=utf8", cnnstr = fmt.Sprintf("%s:%s@%s(%s)/%s?charset=utf8",
DbCfg.User, DbCfg.Pwd, protocol, DbCfg.Host, DbCfg.Name) DbCfg.User, DbCfg.Pwd, protocol, DbCfg.Host, DbCfg.Name)
if mysqlConfig.SslMode == "true" || mysqlConfig.SslMode == "skip-verify" { if DbCfg.SslMode == "true" || DbCfg.SslMode == "skip-verify" {
tlsCert, err := makeCert("custom", mysqlConfig) tlsCert, err := makeCert("custom", DbCfg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@@ -141,7 +139,7 @@ func getEngine() (*xorm.Engine, error) {
if DbCfg.User == "" { if DbCfg.User == "" {
DbCfg.User = "''" DbCfg.User = "''"
} }
cnnstr = fmt.Sprintf("user=%s password=%s host=%s port=%s dbname=%s sslmode=%s", DbCfg.User, DbCfg.Pwd, host, port, DbCfg.Name, DbCfg.SslMode) cnnstr = fmt.Sprintf("user=%s password=%s host=%s port=%s dbname=%s sslmode=%s sslcert=%s sslkey=%s sslrootcert=%s", DbCfg.User, DbCfg.Pwd, host, port, DbCfg.Name, DbCfg.SslMode, DbCfg.ClientCertPath, DbCfg.ClientKeyPath, DbCfg.CaCertPath)
case "sqlite3": case "sqlite3":
if !filepath.IsAbs(DbCfg.Path) { if !filepath.IsAbs(DbCfg.Path) {
DbCfg.Path = filepath.Join(setting.DataPath, DbCfg.Path) DbCfg.Path = filepath.Join(setting.DataPath, DbCfg.Path)
@@ -189,13 +187,9 @@ func LoadConfig() {
UseSQLite3 = true UseSQLite3 = true
} }
DbCfg.SslMode = sec.Key("ssl_mode").String() DbCfg.SslMode = sec.Key("ssl_mode").String()
DbCfg.CaCertPath = sec.Key("ca_cert_path").String()
DbCfg.ClientKeyPath = sec.Key("client_key_path").String()
DbCfg.ClientCertPath = sec.Key("client_cert_path").String()
DbCfg.ServerCertName = sec.Key("server_cert_name").String()
DbCfg.Path = sec.Key("path").MustString("data/grafana.db") DbCfg.Path = sec.Key("path").MustString("data/grafana.db")
if DbCfg.Type == "mysql" {
mysqlConfig.SslMode = DbCfg.SslMode
mysqlConfig.CaCertPath = sec.Key("ca_cert_path").String()
mysqlConfig.ClientKeyPath = sec.Key("client_key_path").String()
mysqlConfig.ClientCertPath = sec.Key("client_cert_path").String()
mysqlConfig.ServerCertName = sec.Key("server_cert_name").String()
}
} }

2
pkg/services/sqlstore/tls_mysql.go
View File

@@ -7,7 +7,7 @@ import (
"io/ioutil" "io/ioutil"
) )
func makeCert(tlsPoolName string, config MySQLConfig) (*tls.Config, error) { func makeCert(tlsPoolName string, config DatabaseConfig) (*tls.Config, error) {
rootCertPool := x509.NewCertPool() rootCertPool := x509.NewCertPool()
pem, err := ioutil.ReadFile(config.CaCertPath) pem, err := ioutil.ReadFile(config.CaCertPath)
if err != nil { if err != nil {