github-personal/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-01-28 02:18:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use to_atom/1 for some ssl_opts keys (#806)

Browse Source
This commit is contained in:
Jamil
2022-07-15 15:53:56 -07:00
parent 4b8b0c39ce
commit e0fa00c859
2 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
config/runtime.exs
View File

@@ -108,8 +108,27 @@ if config_env() == :prod do
database_password = System.get_env("DATABASE_PASSWORD")
# XXX: Using to_atom here because this is trusted input and to_existing_atom
# won't work because we won't know the keys ahead of time.
ssl_opts = Keyword.new(database_ssl_opts, fn {k, v} -> {String.to_atom(k), v} end)
# won't work because we won't know the keys ahead of time. Hardcoding supported
# ssl_opts as well.
map_ssl_opt_val = fn k, v ->
case k do
"verify" ->
# verify expects an atom
String.to_atom(v)
"versions" ->
# versions expects a list of atoms
Enum.map(v, &String.to_atom(&1))
_ ->
# Everything else is usually a string
v
end
end
ssl_opts =
Keyword.new(database_ssl_opts, fn {k, v} -> {String.to_atom(k), map_ssl_opt_val.(k, v)} end)
parameters = Keyword.new(database_parameters, fn {k, v} -> {String.to_atom(k), v} end)
# Database configuration

12
omnibus/cookbooks/firezone/attributes/default.rb
View File

@@ -268,8 +268,20 @@ default['firezone']['database']['name'] = 'firezone'
default['firezone']['database']['host'] = node['firezone']['postgresql']['listen_address']
default['firezone']['database']['port'] = node['firezone']['postgresql']['port']
default['firezone']['database']['ssl'] = false
# SSL opts to pass to Erlang's SSL module. See a full listing at https://www.erlang.org/doc/man/ssl.html
# Firezone supports the following subset:
# {
# verify: :verify_peer, # or :verify_none
# cacerts: "...", # The DER-encoded trusted certificates. Overrides :cacertfile if specified.
# cacertfile: "/path/to/cert.pem", # Path to a file containing PEM-encoded CA certificates.
# versions: ["tlsv1.1", "tlsv1.2", "tlsv1.3"], # Array of TLS versions to enable
# }
default['firezone']['database']['ssl_opts'] = {}
# DB Connection Parameters to pass to the Postgrex driver. If you're unsure, leave this blank.
default['firezone']['database']['parameters'] = {}
default['firezone']['database']['pool'] = [10, Etc.nprocessors].max
default['firezone']['database']['extensions'] = { 'plpgsql' => true, 'pg_trgm' => true }