Updated pgquery to allow for SSL connections to database

Trihydro · Sep 17, 2024 · 971c252 · 971c252
1 parent 536a309
commit 971c252
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 18 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -76,8 +76,7 @@ services:
       LOGGING_LEVEL: ${API_LOGGING_LEVEL}
     volumes:
       - ${GOOGLE_APPLICATION_CREDENTIALS}:/google/gcp_credentials.json
-      - <nginx-proxy-resources>/ssl/server.crt:/etc/ssl/certs/server.crt
-      - <nginx-proxy-resources>/ssl/server.key:/etc/ssl/private/server.key
+      - <certname>.crt:/etc/ssl/ca/ca.crt
     logging:
       options:
         max-size: '10m'
@@ -108,20 +107,20 @@ services:
       options:
         max-size: '10m'
 
-  cvmanager_postgres:
-    image: postgis/postgis:15-master
-    restart: always
-    ports:
-      - '5432:5432'
-    environment:
-      POSTGRES_USER: ${PG_DB_USER}
-      POSTGRES_PASSWORD: ${PG_DB_PASS}
-    volumes:
-      - pgdb:/var/lib/postgresql/data
-      - ./resources/sql_scripts:/docker-entrypoint-initdb.d
-    logging:
-      options:
-        max-size: '10m'
+  # cvmanager_postgres:
+  #   image: postgis/postgis:15-master
+  #   restart: always
+  #   ports:
+  #     - '5432:5432'
+  #   environment:
+  #     POSTGRES_USER: ${PG_DB_USER}
+  #     POSTGRES_PASSWORD: ${PG_DB_PASS}
+  #   volumes:
+  #     - pgdb:/var/lib/postgresql/data
+  #     - ./resources/sql_scripts:/docker-entrypoint-initdb.d
+  #   logging:
+  #     options:
+  #       max-size: '10m'
 
   cvmanager_keycloak:
     build:
@@ -131,8 +130,8 @@ services:
         KEYCLOAK_LOGIN_THEME_NAME: ${KEYCLOAK_LOGIN_THEME_NAME}.jar
     image: jpo_cvmanager_keycloak:latest
     restart: always
-    depends_on:
-      - cvmanager_postgres
+    # depends_on:
+    #   - cvmanager_postgres
     extra_hosts:
       ${WEBAPP_DOMAIN}: ${WEBAPP_HOST_IP}
       ${KEYCLOAK_DOMAIN}: ${KC_HOST_IP}

diff --git a/services/common/pgquery.py b/services/common/pgquery.py
@@ -1,4 +1,5 @@
 import os
+import ssl
 import sqlalchemy
 import logging
 
@@ -23,6 +24,8 @@
 def init_tcp_connection_engine(db_user, db_pass, db_name, db_hostname, db_port):
     logging.info(f"Creating DB pool")
     logging.info(f"{db_user},{db_pass},{db_name},{db_hostname},{db_port}")
+    ssl_context = ssl.create_default_context()
+    ssl_context.load_verify_locations("/etc/ssl/ca/ca.crt")
     pool = sqlalchemy.create_engine(
         # Equivalent URL:
         # postgresql+pg8000://<db_user>:<db_pass>@<db_host>:<db_port>/<db_name>
@@ -34,6 +37,7 @@ def init_tcp_connection_engine(db_user, db_pass, db_name, db_hostname, db_port):
             port=db_port,  # e.g. 5432
             database=db_name,  # e.g. "my-database-name"
         ),
+        connect_args={"ssl_context": ssl_context},
         **db_config,
     )
     # pool.dialect.description_encoding = None