database: enable TLS with postgres tests

moov-io · Sep 30, 2024 · 6cfd0ff · 6cfd0ff
1 parent 7807271
commit 6cfd0ff
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 23 deletions.
diff --git a/.gitleaksignore b/.gitleaksignore
@@ -1,3 +1,4 @@
+testcerts/server.key
 testcerts/client.key:private-key:1
 testcerts/root.key:private-key:1
 testcerts/server.key:private-key:1
diff --git a/database/postgres_test.go b/database/postgres_test.go
@@ -49,8 +49,6 @@ func TestPostgres_Basic(t *testing.T) {
 }
 
 func TestPostgres_TLS(t *testing.T) {
-	t.Skip()
-
 	if testing.Short() {
 		t.Skip("-short flag enabled")
 	}

diff --git a/database/testdata/gencerts.sh b/database/testdata/gencerts.sh
@@ -18,7 +18,6 @@ openssl req -newkey rsa:2048 -nodes -keyout client.key -subj "/C=CN/ST=GD/L=SZ/O
 openssl x509 -req -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") -days 365 -in client.csr -CA root.crt -CAkey root.key -CAcreateserial -out client.crt
 
 rm -f server.csr client.csr
-chmod 600 *.key
-chmod 644 *.crt
+ls -l
 
 echo "FINIHSED Generating test certificates"
diff --git a/database/testdata/owncerts.sh b/database/testdata/owncerts.sh
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -33,7 +33,9 @@ services:
     restart: always
     ports:
       - "5432:5432"
-    # command: -c ssl=on -c ssl_cert_file=/opt/moov/certs/server.crt -c ssl_key_file=/opt/moov/certs/server.key -c ssl_ca_file=/opt/moov/certs/root.crt
+    # https://github.com/docker-library/postgres/issues/1059#issuecomment-1467077098
+    command: |
+      sh -c 'chown postgres:postgres /opt/moov/certs/*.key && chmod 0644 /opt/moov/certs/*.crt && ls -l /opt/moov/certs/ && exec docker-entrypoint.sh -c ssl=on -c ssl_cert_file=/opt/moov/certs/server.crt -c ssl_key_file=/opt/moov/certs/server.key -c ssl_ca_file=/opt/moov/certs/root.crt'
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U moov"]
       interval: 5s
@@ -45,11 +47,10 @@ services:
       - POSTGRES_PASSWORD=moov
     networks:
       - intranet
-    # volumes:
-    #   - ./testcerts/root.crt:/opt/moov/certs/root.crt
-    #   - ./testcerts/server.crt:/opt/moov/certs/server.crt
-    #   - ./testcerts/server.key:/opt/moov/certs/server.key
-    #   - ./database/testdata/owncerts.sh:/docker-entrypoint-initdb.d/owncerts.sh
+    volumes:
+      - ./testcerts/root.crt:/opt/moov/certs/root.crt
+      - ./testcerts/server.crt:/opt/moov/certs/server.crt
+      - ./testcerts/server.key:/opt/moov/certs/server.key
 
 networks:
   intranet:
diff --git a/makefile b/makefile
@@ -9,7 +9,7 @@ ifeq ($(OS),Windows_NT)
 else
 	@wget -O lint-project.sh https://raw.githubusercontent.com/moov-io/infra/master/go/lint-project.sh
 	@chmod +x ./lint-project.sh
-	GOCYCLO_LIMIT=26 COVER_THRESHOLD=50.0 GOLANGCI_LINTERS=gosec ./lint-project.sh
+	GOCYCLO_LIMIT=26 COVER_THRESHOLD=50.0 GOLANGCI_LINTERS=gosec GITLEAKS_EXCLUDE=testcerts ./lint-project.sh
 endif
 
 .PHONY: clean