From c35251fe13e000c8e39d8c91a8fa2d54db1aff68 Mon Sep 17 00:00:00 2001
From: Adam Shannon <adamkshannon@gmail.com>
Date: Mon, 30 Sep 2024 13:14:12 -0500
Subject: [PATCH] database: enable TLS with postgres tests

---
 database/postgres_test.go     |  2 --
 database/testdata/gencerts.sh |  3 +--
 database/testdata/owncerts.sh | 12 ------------
 docker-compose.yml            | 13 +++++++------
 4 files changed, 8 insertions(+), 22 deletions(-)
 delete mode 100644 database/testdata/owncerts.sh

diff --git a/database/postgres_test.go b/database/postgres_test.go
index 7464cfd8..68dcb14d 100644
--- a/database/postgres_test.go
+++ b/database/postgres_test.go
@@ -49,8 +49,6 @@ func TestPostgres_Basic(t *testing.T) {
 }
 
 func TestPostgres_TLS(t *testing.T) {
-	t.Skip()
-
 	if testing.Short() {
 		t.Skip("-short flag enabled")
 	}
diff --git a/database/testdata/gencerts.sh b/database/testdata/gencerts.sh
index 1e70921e..ede019f3 100755
--- a/database/testdata/gencerts.sh
+++ b/database/testdata/gencerts.sh
@@ -18,7 +18,6 @@ openssl req -newkey rsa:2048 -nodes -keyout client.key -subj "/C=CN/ST=GD/L=SZ/O
 openssl x509 -req -extfile <(printf "subjectAltName=DNS:localhost,IP:127.0.0.1") -days 365 -in client.csr -CA root.crt -CAkey root.key -CAcreateserial -out client.crt
 
 rm -f server.csr client.csr
-chmod 600 *.key
-chmod 644 *.crt
+ls -l
 
 echo "FINIHSED Generating test certificates"
diff --git a/database/testdata/owncerts.sh b/database/testdata/owncerts.sh
deleted file mode 100644
index d5504b85..00000000
--- a/database/testdata/owncerts.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-set -e
-
-chown -R postgres:postgres /opt/moov/
-
-chmod 600 /opt/moov/certs/*.key
-chmod 644 /opt/moov/certs/*.crt
-
-chown postgres:postgres /opt/moov/certs/*.key
-chown postgres:postgres /opt/moov/certs/*.crt
-
-ls -l /var/lib/postgresql/
diff --git a/docker-compose.yml b/docker-compose.yml
index d4812c27..f7c57be8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -33,7 +33,9 @@ services:
     restart: always
     ports:
       - "5432:5432"
-    # command: -c ssl=on -c ssl_cert_file=/opt/moov/certs/server.crt -c ssl_key_file=/opt/moov/certs/server.key -c ssl_ca_file=/opt/moov/certs/root.crt
+    # https://github.com/docker-library/postgres/issues/1059#issuecomment-1467077098
+    command: |
+      sh -c 'chown postgres:postgres /opt/moov/certs/*.key && chmod 0644 /opt/moov/certs/*.crt && ls -l /opt/moov/certs/ && exec docker-entrypoint.sh -c ssl=on -c ssl_cert_file=/opt/moov/certs/server.crt -c ssl_key_file=/opt/moov/certs/server.key -c ssl_ca_file=/opt/moov/certs/root.crt'
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U moov"]
       interval: 5s
@@ -45,11 +47,10 @@ services:
       - POSTGRES_PASSWORD=moov
     networks:
       - intranet
-    # volumes:
-    #   - ./testcerts/root.crt:/opt/moov/certs/root.crt
-    #   - ./testcerts/server.crt:/opt/moov/certs/server.crt
-    #   - ./testcerts/server.key:/opt/moov/certs/server.key
-    #   - ./database/testdata/owncerts.sh:/docker-entrypoint-initdb.d/owncerts.sh
+    volumes:
+      - ./testcerts/root.crt:/opt/moov/certs/root.crt
+      - ./testcerts/server.crt:/opt/moov/certs/server.crt
+      - ./testcerts/server.key:/opt/moov/certs/server.key
 
 networks:
   intranet: