Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use ssl to connect to databases in lambdas #2334

Merged
merged 2 commits into from
Nov 21, 2024

Conversation

jdettmannnava
Copy link
Contributor

@jdettmannnava jdettmannnava commented Nov 21, 2024

🎫 Ticket

https://jira.cms.gov/browse/DPC-4415

🛠 Changes

Conditionally force sslmode depending on environment

ℹ️ Context

In our upgrade to postgres 16, we have to use ssl. We had ssl turned off for our lambdas so they could run against our local database (for testing), which are not set up for ssl. New code runs in sslmode except when 'testing' (which includes running locally)

🧪 Validation

Tested both locally (test and run-local)
Uploaded export to test and it worked.
Uploaded import to test but unsure how to test?

@jdettmannnava jdettmannnava changed the title Jd/dpc 4415 failing lambdas Use ssl to connect to databases in lambdas Nov 21, 2024
@jdettmannnava jdettmannnava requested a review from a team November 21, 2024 21:28
Copy link
Contributor

@ashley-weaver ashley-weaver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, though I'm not sure how to test either

@ashley-weaver
Copy link
Contributor

is this needed for the api-waf-sync lambda as well? IIRC it uses the same command

@jdettmannnava jdettmannnava merged commit 52df5e8 into main Nov 21, 2024
10 checks passed
@jdettmannnava jdettmannnava deleted the jd/dpc-4415-failing-lambdas branch November 21, 2024 21:57
@jdettmannnava
Copy link
Contributor Author

is this needed for the api-waf-sync lambda as well? IIRC it uses the same command

Probably; but does that even run on prod?

@ashley-weaver
Copy link
Contributor

Probably; but does that even run on prod?

not currently, to my knowledge

@NavaCharlesHorowitz
Copy link
Contributor

I know this is out the door but I believe with regard to testing, you can either adjust the logging configuration on the postgresql server to log connections and their config and/or there are system tables/views that will show active connections, including whether they are using ssl, so you can do inspection of either of those things to confirm that lambdas are indeed using ssl.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants