[bug] unable to set up ssl connection to AWS rds

[shawnazhaoxy]

I was trying to use the docker image to set up ssl connection to rds, I hit into some issues:

1. I realised in run_goose.py there are environment variables set up for setting up ssl. However, the environment variable is not set in docker-compose file.
2. with the environment variable MF_METADATA_DB_SSL_ROOT_CERT in run_goose.py, we need to parse in the local file path of the certificate, would it be possible to set up a folder in this repo to store some common ca certificates for database so that we can parse in the certificates easier?

[saikonen]

This seems like an oversight in the docker-compose file, partly as most deployments define the setup in other ways (terraform / cloudformation etc.)

Having fixed a similar issue in a deployment recently, unless you are using custom certificates, getting the connection to a postgres RDS instance working should only require adding MF_METADATA_DB_SSL_MODE=prefer

I'm hesitant to adding any certificates as part of the repo, as these are more deployment specific. The preferred way would be to mount these for the container in question.