database: enable TLS with postgres tests

database/postgres_test.go

@@ -49,8 +49,6 @@ func TestPostgres_Basic(t *testing.T) {
 }
 
 func TestPostgres_TLS(t *testing.T) {
-	t.Skip()
-
 	if testing.Short() {
 		t.Skip("-short flag enabled")
 	}

database/testdata/gencerts.sh

@@ -18,7 +18,6 @@ openssl req -newkey rsa:2048 -nodes -keyout client.key -subj "/C=CN/ST=GD/L=SZ/O
 openssl x509 -req -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") -days 365 -in client.csr -CA root.crt -CAkey root.key -CAcreateserial -out client.crt
 
 rm -f server.csr client.csr
-chmod 600 *.key
-chmod 644 *.crt
+ls -l
 
 echo "FINIHSED Generating test certificates"

docker-compose.yml

@@ -33,7 +33,9 @@ services:
     restart: always
     ports:
       - "5432:5432"
-    # command: -c ssl=on -c ssl_cert_file=/opt/moov/certs/server.crt -c ssl_key_file=/opt/moov/certs/server.key -c ssl_ca_file=/opt/moov/certs/root.crt
+    # https://github.com/docker-library/postgres/issues/1059#issuecomment-1467077098
+    command: |
+      sh -c 'chown postgres:postgres /opt/moov/certs/*.key && chmod 0644 /opt/moov/certs/*.crt && ls -l /opt/moov/certs/ && exec docker-entrypoint.sh -c ssl=on -c ssl_cert_file=/opt/moov/certs/server.crt -c ssl_key_file=/opt/moov/certs/server.key -c ssl_ca_file=/opt/moov/certs/root.crt'
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U moov"]
       interval: 5s
@@ -45,11 +47,10 @@ services:
       - POSTGRES_PASSWORD=moov
     networks:
       - intranet
-    # volumes:
-    #   - ./testcerts/root.crt:/opt/moov/certs/root.crt
-    #   - ./testcerts/server.crt:/opt/moov/certs/server.crt
-    #   - ./testcerts/server.key:/opt/moov/certs/server.key
-    #   - ./database/testdata/owncerts.sh:/docker-entrypoint-initdb.d/owncerts.sh
+    volumes:
+      - ./testcerts/root.crt:/opt/moov/certs/root.crt
+      - ./testcerts/server.crt:/opt/moov/certs/server.crt
+      - ./testcerts/server.key:/opt/moov/certs/server.key
 
 networks:
   intranet: