FABC-848 Fix TLS issue with PostgreSQL

CreateTables was failing with TLS enabled on the PostgreSQL server but Connect() handles TLS properly. Modified the code to set the Postgres.datasource property when setting TLS parameters rather than using using a function-scoped variable. Change-Id: I936ba48aeed3f1d62a623f9e08d3ec3f6e5f61bc Signed-off-by: Gari Singh <gari.r.singh@gmail.com>
hyperledger · Jul 11, 2019 · 396c093 · 396c093
1 parent 477f5a2
commit 396c093
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 8 deletions.
diff --git a/lib/server/db/postgres/internal_test.go b/lib/server/db/postgres/internal_test.go
@@ -0,0 +1,11 @@
+/*
+Copyright IBM Corp. All Rights Reserved.
+
+SPDX-License-Identifier: Apache-2.0
+*/
+
+package postgres
+
+func (p *Postgres) Datasource() string {
+	return p.datasource
+}
diff --git a/lib/server/db/postgres/postgres.go b/lib/server/db/postgres/postgres.go
@@ -50,10 +50,9 @@ func NewDB(
 
 // Connect connects to a PostgreSQL server
 func (p *Postgres) Connect() error {
-	datasource := p.datasource
 	clientTLSConfig := p.TLS
 
-	p.dbName = util.GetDBName(datasource)
+	p.dbName = util.GetDBName(p.datasource)
 	dbName := p.dbName
 	log.Debugf("Database Name: %s", dbName)
 
@@ -67,19 +66,19 @@ func (p *Postgres) Connect() error {
 		}
 
 		root := clientTLSConfig.CertFiles[0]
-		datasource = fmt.Sprintf("%s sslrootcert=%s", datasource, root)
+		p.datasource = fmt.Sprintf("%s sslrootcert=%s", p.datasource, root)
 
 		cert := clientTLSConfig.Client.CertFile
 		key := clientTLSConfig.Client.KeyFile
-		datasource = fmt.Sprintf("%s sslcert=%s sslkey=%s", datasource, cert, key)
+		p.datasource = fmt.Sprintf("%s sslcert=%s sslkey=%s", p.datasource, cert, key)
 	}
 
 	dbNames := []string{dbName, "postgres", "template1"}
 	var sqlxdb *sqlx.DB
 	var err error
 
 	for _, dbName := range dbNames {
-		connStr := getConnStr(datasource, dbName)
+		connStr := getConnStr(p.datasource, dbName)
 		log.Debugf("Connecting to PostgreSQL server, using connection string: %s", util.MaskDBCred(connStr))
 
 		sqlxdb, err = sqlx.Connect("postgres", connStr)
@@ -122,14 +121,13 @@ func (p *Postgres) Create() (*db.DB, error) {
 // CreateDatabase creates database
 func (p *Postgres) CreateDatabase() (*db.DB, error) {
 	dbName := p.dbName
-	datasource := p.datasource
 	err := p.createDatabase()
 	if err != nil {
 		return nil, errors.Wrap(err, "Failed to create Postgres database")
 	}
 
-	log.Debugf("Connecting to database '%s', using connection string: '%s'", dbName, util.MaskDBCred(datasource))
-	sqlxdb, err := sqlx.Open("postgres", datasource)
+	log.Debugf("Connecting to database '%s', using connection string: '%s'", dbName, util.MaskDBCred(p.datasource))
+	sqlxdb, err := sqlx.Open("postgres", p.datasource)
 	if err != nil {
 		return nil, errors.Wrapf(err, "Failed to open database '%s' in Postgres server", dbName)
 	}

diff --git a/lib/server/db/postgres/postgres_test.go b/lib/server/db/postgres/postgres_test.go
@@ -73,6 +73,29 @@ var _ = Describe("Postgres", func() {
 			Expect(db.SqlxDB).To(BeNil())
 		})
 
+		It("has datasource with TLS connection parameters when TLS is enabled", func() {
+			db.TLS = &tls.ClientTLSConfig{
+				Enabled:   true,
+				CertFiles: []string{"root.pem"},
+				Client: tls.KeyCertFiles{
+					KeyFile:  "key.pem",
+					CertFile: "cert.pem",
+				},
+			}
+			db.Connect()
+			Expect(db.Datasource()).To(
+				ContainSubstring("sslrootcert=root.pem sslcert=cert.pem sslkey=key.pem"),
+			)
+		})
+
+		It("does not have has datasource with TLS connection parameters when TLS is enabled", func() {
+			db.TLS = &tls.ClientTLSConfig{
+				Enabled: false,
+			}
+			db.Connect()
+			Expect(db.Datasource()).ToNot(ContainSubstring("sslrootcert"))
+		})
+
 		It("fail to open database connection if unable to ping database", func() {
 			err := db.Connect()
 			Expect(err).To(HaveOccurred())