From bd37475608adf7e06e32c0427f16b7ad6f15cb9b Mon Sep 17 00:00:00 2001
From: jay-dee7 <me@jsdp.dev>
Date: Sat, 8 Jul 2023 20:53:13 +0530
Subject: [PATCH] add: Postgres SSL mode defaults

---
 .github/workflows/oci-dist-spec-storj-s3-push.yml |  2 +-
 config/config.go                                  | 10 +++++++---
 config/yaml.go                                    |  4 ++++
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/oci-dist-spec-storj-s3-push.yml b/.github/workflows/oci-dist-spec-storj-s3-push.yml
index 4bf3e856..2989a620 100644
--- a/.github/workflows/oci-dist-spec-storj-s3-push.yml
+++ b/.github/workflows/oci-dist-spec-storj-s3-push.yml
@@ -55,8 +55,8 @@ jobs:
           yq e -i '.environment = "ci"' config.yaml
           yq e -i '.dfs.storj.type = "s3"' config.yaml
           yq e -i '.dfs.storj.enabled = "true"' config.yaml
-          STORJ_CI_ACCESS_KEY=${{ secrets.STORJ_CI_ACCESS_KEY }} yq e -i '.dfs.storj.access_key = env(STORJ_CI_ACCESS_KEY)' config.yaml
           STORJ_CI_SECRET_KEY=${{ secrets.STORJ_CI_SECRET_KEY }} yq e -i '.dfs.storj.secret_key = env(STORJ_CI_SECRET_KEY)' config.yaml
+          STORJ_CI_ACCESS_KEY=${{ secrets.STORJ_CI_ACCESS_KEY }} yq e -i '.dfs.storj.access_key = env(STORJ_CI_ACCESS_KEY)' config.yaml
           STORJ_CI_BUCKET_NAME=${{ secrets.STORJ_CI_BUCKET_NAME }} yq e -i '.dfs.storj.bucket_name = env(STORJ_CI_BUCKET_NAME)' config.yaml
           STORJ_CI_ACCESS_GRANT_TOKEN=${{ secrets.STORJ_CI_ACCESS_GRANT_TOKEN }} yq e -i '.dfs.storj.access_grant_token = env(STORJ_CI_ACCESS_GRANT_TOKEN)' config.yaml
           STORJ_CI_ENDPOINT=${{ secrets.STORJ_CI_ENDPOINT }} yq e -i '.dfs.storj.endpoint = env(STORJ_CI_ENDPOINT)' config.yaml
diff --git a/config/config.go b/config/config.go
index 02ea6a2e..8617694a 100644
--- a/config/config.go
+++ b/config/config.go
@@ -111,6 +111,7 @@ type (
 		Host     string `yaml:"host" mapstructure:"host" validate:"required"`
 		Password string `yaml:"password" mapstructure:"password" validate:"required"`
 		Database string `yaml:"name" mapstructure:"name" validate:"required"`
+		SSLMode  string `yaml:"ssl_mode" mapstructure:"ssl_mode" validate:"-"`
 		Port     int    `yaml:"port" mapstructure:"port" validate:"required"`
 	}
 
@@ -177,6 +178,7 @@ func NewStoreConfig() (*Store, error) {
 		Database: viper.GetString("DB_NAME"),
 		Host:     viper.GetString("DB_HOST"),
 		Port:     viper.GetInt("DB_PORT"),
+		SSLMode:  viper.GetString("DB_SSL_MODE"),
 	}
 
 	return storeConfig, nil
@@ -227,10 +229,12 @@ func translateError(err error, trans ut.Translator) error {
 }
 
 func (sc *Store) Endpoint() string {
-	return fmt.Sprintf(
-		"postgres://%s:%s@%s:%d/%s?pool_max_conns=1000&sslmode=disable",
-		sc.User, sc.Password, sc.Host, sc.Port, sc.Database,
+	pgurl := fmt.Sprintf(
+		"postgres://%s:%s@%s:%d/%s?pool_max_conns=1000&sslmode=%s",
+		sc.User, sc.Password, sc.Host, sc.Port, sc.Database, sc.SSLMode,
 	)
+
+	return pgurl
 }
 
 func (oc *OpenRegistryConfig) Endpoint() string {
diff --git a/config/yaml.go b/config/yaml.go
index 43b14cd1..e109b9ca 100644
--- a/config/yaml.go
+++ b/config/yaml.go
@@ -133,4 +133,8 @@ func setDefaultsForStorageBackend(cfg *OpenRegistryConfig) {
 			cfg.DFS.Storj.MinChunkSize = fiveMBInBytes
 		}
 	}
+
+	if cfg.StoreConfig.SSLMode == "" {
+		cfg.StoreConfig.SSLMode = "disable"
+	}
 }