Merge pull request #100 from questdb/remove-tlscertfile-backend

insmac · web-flow · commit 50e5e1798023 · 2024-06-06T16:14:14.000+02:00
Remove file-path TLS references and usage
diff --git a/README.md b/README.md
@@ -59,7 +59,6 @@ datasources:
       port: 8812
       username: admin
       tlsMode: disable
-      # tlsCACertFile: <string>
       # timeout: <seconds>
       # queryTimeout: <seconds>
       maxOpenConnections: 100
diff --git a/pkg/plugin/driver.go b/pkg/plugin/driver.go
@@ -171,20 +171,6 @@ A24pDtdOHydwtSB5+zFqFLfmVZplQM/g5kb4so70Yw==
 				connStr += fmt.Sprintf(" sslcert='%s' sslkey='%s'", escape(tlsClientCert), escape(tlsClientKey))
 			}
 
-		} else if settings.ConfigurationMethod == "file-path" {
-			// Attach root certificate if provided
-			if settings.TlsCACertFile != "" {
-				log.DefaultLogger.Debug("Setting server root certificate", "tlsRootCertFile", settings.TlsCACertFile)
-				connStr += fmt.Sprintf(" sslrootcert='%s'", escape(settings.TlsCACertFile))
-			}
-
-			// Attach client certificate and key if both are provided
-			if settings.TlsClientCertFile != "" && settings.TlsClientKeyFile != "" {
-				log.DefaultLogger.Debug("Setting TLS/SSL client auth", "tlsCertFile", settings.TlsClientCertFile, "tlsKeyFile", settings.TlsClientKeyFile)
-				connStr += fmt.Sprintf(" sslcert='%s' sslkey='%s'", escape(settings.TlsClientCertFile), escape(settings.TlsClientKeyFile))
-			} else if settings.TlsClientCertFile != "" || settings.TlsClientKeyFile != "" {
-				return "", fmt.Errorf("TLS/SSL client certificate and key files must both be specified")
-			}
 		} else if settings.ConfigurationMethod != "" {
 			return "", errors.New(fmt.Sprintf("invalid ssl configuration method: %s", settings.ConfigurationMethod))
 		}
diff --git a/pkg/plugin/settings.go b/pkg/plugin/settings.go
@@ -32,7 +32,6 @@ type Settings struct {
 	TlsMode             string `json:"tlsMode"`
 	ConfigurationMethod string `json:"tlsConfigurationMethod"`
 
-	TlsCACertFile     string `json:"tlsCaCertFile"`
 	TlsClientCertFile string `json:"tlsClientCertFile"`
 	TlsClientKeyFile  string `json:"tlsClientKeyFile"`
 }
@@ -130,9 +129,6 @@ func LoadSettings(config backend.DataSourceInstanceSettings) (settings Settings,
 		settings.TlsMode = jsonData["tlsMode"].(string)
 	}
 
-	if jsonData["tlsCACertFile"] != nil {
-		settings.TlsCACertFile = jsonData["tlsCACertFile"].(string)
-	}
 	if jsonData["tlsClientCertFile"] != nil {
 		settings.TlsClientCertFile = jsonData["tlsClientCertFile"].(string)
 	}
diff --git a/pkg/plugin/settings_test.go b/pkg/plugin/settings_test.go
@@ -88,47 +88,6 @@ func TestLoadSettings(t *testing.T) {
 				},
 				expectedErr: nil,
 			},
-			{
-				name: "should parse json with tls and file-path mode",
-				args: args{
-					config: backend.DataSourceInstanceSettings{
-						UID: "ds-uid",
-						JSONData: []byte(`{ "server": "test", "port": 8812, "username": "john",
-											"enableSecureSocksProxy": true, "tlsMode": "verify-ca", "tlsConfigurationMethod": "file-path",
-											"tlsCACertFile": "/var/caCertFile", "tlsClientCertFile": "/var/clientCertFile", "tlsClientKeyFile": "/var/clientKeyFile",
-											"timeout": 10, "queryTimeout": 50, "maxOpenConnections": 100, "maxIdleConnections": 100, "maxConnectionLifetime": 14400 }`),
-						DecryptedSecureJSONData: map[string]string{"password": "rambo", "secureSocksProxyPassword": "test"},
-					},
-				},
-				expectedSettings: Settings{
-					Server:                "test",
-					Port:                  8812,
-					Username:              "john",
-					Password:              "rambo",
-					TlsCACertFile:         "/var/caCertFile",
-					TlsClientCertFile:     "/var/clientCertFile",
-					TlsClientKeyFile:      "/var/clientKeyFile",
-					Timeout:               10,
-					QueryTimeout:          50,
-					MaxOpenConnections:    100,
-					MaxIdleConnections:    100,
-					MaxConnectionLifetime: 14400,
-					TlsMode:               "verify-ca",
-					ConfigurationMethod:   "file-path",
-					ProxyOptions: &proxy.Options{
-						Enabled: true,
-						Auth: &proxy.AuthOptions{
-							Username: "ds-uid",
-							Password: "test",
-						},
-						Timeouts: &proxy.TimeoutOptions{
-							Timeout:   10 * time.Second,
-							KeepAlive: proxy.DefaultTimeoutOptions.KeepAlive,
-						},
-					},
-				},
-				expectedErr: nil,
-			},
 			{
 				name: "should converting string values to the correct type",
 				args: args{
diff --git a/provisioning/datasources/questdb_questdb_datasource.yaml b/provisioning/datasources/questdb_questdb_datasource.yaml
@@ -7,7 +7,6 @@ datasources:
       port: 8812
       username: admin
       tlsMode: disable
-      # tlsCACertFile: <string>
       # timeout: <seconds>
       # queryTimeout: <seconds>
       maxOpenConnections: 100
diff --git a/src/selectors.ts b/src/selectors.ts
@@ -36,11 +36,6 @@ export const Components = {
       placeholder: 'Client Key. Begins with -----BEGIN RSA PRIVATE KEY-----',
     },
 
-    TLSCACertFile: {
-      label: 'TLS/SSL Root Certificate File',
-      placeholder:
-        'If the selected TLS/SSL mode requires a server root certificate, provide the path to the file here.',
-    },
     TLSClientCertFile: {
       label: 'TLS/SSL Client Certificate File',
       placeholder:
diff --git a/src/types.ts b/src/types.ts
@@ -33,7 +33,6 @@ export interface QuestDBConfig extends DataSourceJsonData {
   tlsMode?: PostgresTLSModes;
   tlsConfigurationMethod?: PostgresTLSMethods;
 
-  tlsCACertFile?: string;
   tlsClientCertFile?: string;
   tlsClientKeyFile?: string;
 }
diff --git a/src/views/QuestDBConfigEditor.test.tsx b/src/views/QuestDBConfigEditor.test.tsx
@@ -22,6 +22,7 @@ describe('ConfigEditor', () => {
     expect(screen.getByPlaceholderText(Components.ConfigEditor.Username.placeholder)).toBeInTheDocument();
     expect(screen.getByPlaceholderText(Components.ConfigEditor.Password.placeholder)).toBeInTheDocument();
     expect(screen.getByText(Components.ConfigEditor.TlsMode.placeholder)).toBeInTheDocument();
+    expect(screen.getByText(Components.ConfigEditor.TlsMethod.label)).toBeInTheDocument();
   });
   it('with password', async () => {
     render(
@@ -53,7 +54,6 @@ describe('ConfigEditor', () => {
     );
     expect(screen.queryByText(PostgresTLSModes.disable)).toBeInTheDocument();
     expect(screen.queryByPlaceholderText(Components.ConfigEditor.TlsMethod.placeholder)).not.toBeInTheDocument();
-    expect(screen.queryByPlaceholderText(Components.ConfigEditor.TLSCACertFile.placeholder)).not.toBeInTheDocument();
     expect(
       screen.queryByPlaceholderText(Components.ConfigEditor.TLSClientCertFile.placeholder)
     ).not.toBeInTheDocument();
@@ -62,7 +62,7 @@ describe('ConfigEditor', () => {
     expect(screen.queryByPlaceholderText(Components.ConfigEditor.TLSClientCert.placeholder)).not.toBeInTheDocument();
     expect(screen.queryByPlaceholderText(Components.ConfigEditor.TLSClientKey.placeholder)).not.toBeInTheDocument();
   });
-  it('with verifyCA tlsMode and fileContent tlsMethod', async () => {
+  it('with tlsMode and filePath tlsMethod', async () => {
     render(
       <ConfigEditor
         {...mockConfigEditorProps()}
@@ -71,14 +71,14 @@ describe('ConfigEditor', () => {
           jsonData: {
             ...mockConfigEditorProps().options.jsonData,
             tlsMode: PostgresTLSModes.verifyCA,
-            tlsConfigurationMethod: PostgresTLSMethods.fileContent,
+            tlsConfigurationMethod: PostgresTLSMethods.filePath,
           },
         }}
       />
     );
     expect(screen.queryByText(PostgresTLSModes.verifyCA)).toBeInTheDocument();
-    expect(screen.queryByPlaceholderText(Components.ConfigEditor.TLSCACertFile.placeholder)).not.toBeInTheDocument();
-    expect(screen.queryByPlaceholderText(Components.ConfigEditor.TLSCACert.placeholder)).toBeInTheDocument();
+    expect(screen.queryByText(Components.ConfigEditor.TlsMethod.placeholder)).toBeInTheDocument();
+    expect(screen.queryByPlaceholderText(Components.ConfigEditor.TLSCACert.placeholder)).not.toBeInTheDocument();
   });
 
   it('with verifyFull tlsMode and fileContent tlsMethod', async () => {
@@ -96,7 +96,7 @@ describe('ConfigEditor', () => {
       />
     );
     expect(screen.queryByText(PostgresTLSModes.verifyFull)).toBeInTheDocument();
-    expect(screen.queryByPlaceholderText(Components.ConfigEditor.TLSCACertFile.placeholder)).not.toBeInTheDocument();
+    expect(screen.queryByText(Components.ConfigEditor.TlsMethod.placeholder)).toBeInTheDocument();
     expect(screen.queryByPlaceholderText(Components.ConfigEditor.TLSCACert.placeholder)).toBeInTheDocument();
   });
 

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,6 @@ type Settings struct {`
`32`	`32`	TlsMode string `json:"tlsMode"`
`33`	`33`	ConfigurationMethod string `json:"tlsConfigurationMethod"`
`34`	`34`
`35`		- TlsCACertFile string `json:"tlsCaCertFile"`
`36`	`35`	TlsClientCertFile string `json:"tlsClientCertFile"`
`37`	`36`	TlsClientKeyFile string `json:"tlsClientKeyFile"`
`38`	`37`	`}`
`@@ -130,9 +129,6 @@ func LoadSettings(config backend.DataSourceInstanceSettings) (settings Settings,`
`130`	`129`	`settings.TlsMode = jsonData["tlsMode"].(string)`
`131`	`130`	`}`
`132`	`131`
`133`		`- if jsonData["tlsCACertFile"] != nil {`
`134`		`- settings.TlsCACertFile = jsonData["tlsCACertFile"].(string)`
`135`		`- }`
`136`	`132`	`if jsonData["tlsClientCertFile"] != nil {`
`137`	`133`	`settings.TlsClientCertFile = jsonData["tlsClientCertFile"].(string)`
`138`	`134`	`}`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,6 @@ export interface QuestDBConfig extends DataSourceJsonData {`
`33`	`33`	`tlsMode?: PostgresTLSModes;`
`34`	`34`	`tlsConfigurationMethod?: PostgresTLSMethods;`
`35`	`35`
`36`		`- tlsCACertFile?: string;`
`37`	`36`	`tlsClientCertFile?: string;`
`38`	`37`	`tlsClientKeyFile?: string;`
`39`	`38`	`}`