From bfd3bc209d6919f7d355f80cfc937f19a1877649 Mon Sep 17 00:00:00 2001 From: Louis Pieterse Date: Fri, 21 Jun 2024 14:28:12 +0100 Subject: [PATCH] Switch to using `sslmode=prefer` for connections to backend DB (#146) - Fix minor schema issues - Fix testing - add CODEOWNERS - Bump dependencies - Change development environment DB to use SSL - Switch to using `sslmode=prefer` for connections to backend DB --- .github/CODEOWNERS | 1 + Makefile | 2 +- cicada/cli.py | 13 ++- cicada/commands/exec_schedule.py | 1 - cicada/commands/list_schedules.py | 2 +- cicada/commands/spread_schedules.py | 1 - cicada/commands/upsert_schedule.py | 1 - cicada/lib/postgres.py | 3 +- local-dev/cicada_db/Dockerfile | 13 +++ local-dev/cicada_db/pg_hba.conf | 107 ++++++++++++++++++++++++ local-dev/cicada_db/server.crt | 77 +++++++++++++++++ local-dev/cicada_db/server.key | 28 +++++++ local-dev/cicada_db/server.req | 62 ++++++++++++++ local-dev/docker-compose.yml | 41 ++++++++- local-dev/entrypoint.sh | 3 +- setup.py | 12 +-- setup/schema.sql | 6 +- tests/test_functional_cli_entrypoint.py | 22 ++++- tests/test_functional_main.py | 2 +- 19 files changed, 373 insertions(+), 24 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 local-dev/cicada_db/Dockerfile create mode 100644 local-dev/cicada_db/pg_hba.conf create mode 100644 local-dev/cicada_db/server.crt create mode 100644 local-dev/cicada_db/server.key create mode 100644 local-dev/cicada_db/server.req diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..5e582ed --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @transferwise/analytics-platform \ No newline at end of file diff --git a/Makefile b/Makefile index 362aa49..d6ebedf 100644 --- a/Makefile +++ b/Makefile @@ -31,4 +31,4 @@ flake8: black: cd $(mkfile_path) ;\ . venv/bin/activate ;\ - black --check --verbose cicada/ tests/ --line-length 120 + black --check --diff --verbose cicada/ tests/ --line-length 120 diff --git a/cicada/cli.py b/cicada/cli.py index f80ffa5..93b5c6b 100644 --- a/cicada/cli.py +++ b/cicada/cli.py @@ -37,7 +37,7 @@ def __init__(self): "ping_slack", "list_schedule_ids", "delete_schedule", - "version" + "version", ] parser = argparse.ArgumentParser( @@ -247,7 +247,16 @@ def ping_slack(): @staticmethod def list_schedule_ids(): - """List schedule id of all schedules""" + """List schedule ids of all schedules""" + parser = argparse.ArgumentParser( + allow_abbrev=False, + add_help=True, + prog=inspect.stack()[0][3], + description="List schedule ids of all schedules", + ) + if len(sys.argv) >= 3: + parser.print_help(sys.stdout) + sys.exit(0) list_schedules.main() @staticmethod diff --git a/cicada/commands/exec_schedule.py b/cicada/commands/exec_schedule.py index 4430307..56521c9 100644 --- a/cicada/commands/exec_schedule.py +++ b/cicada/commands/exec_schedule.py @@ -197,7 +197,6 @@ def main(schedule_id, dbname=None): db_conn = postgres.db_cicada(dbname) db_cur = db_conn.cursor() if get_abort_running(db_cur, schedule_id): - # Terminate main process returncode = -15 error_detail = "Cicada abort_running" diff --git a/cicada/commands/list_schedules.py b/cicada/commands/list_schedules.py index db891cc..31b4e40 100644 --- a/cicada/commands/list_schedules.py +++ b/cicada/commands/list_schedules.py @@ -16,4 +16,4 @@ def main(dbname=None): db_cur.close() db_conn.close() print("") - print(tabulate(obj_schedules, headers=['Server ID', 'Schedule ID', 'Description'])) + print(tabulate(obj_schedules, headers=["Server ID", "Schedule ID", "Description"])) diff --git a/cicada/commands/spread_schedules.py b/cicada/commands/spread_schedules.py index 4126eba..8c5d837 100644 --- a/cicada/commands/spread_schedules.py +++ b/cicada/commands/spread_schedules.py @@ -93,7 +93,6 @@ def main(spread_details, dbname=None): last_week_schedules_by_load = get_last_week_schedules_by_load(db_cur, from_server_ids) for schedule_id in last_week_schedules_by_load: - current_schedule_details = scheduler.get_schedule_details(db_cur, schedule_id) new_schedule_details = current_schedule_details.copy() new_schedule_details["server_id"] = valid_target_servers[next_enabled_server] diff --git a/cicada/commands/upsert_schedule.py b/cicada/commands/upsert_schedule.py index 86c8588..919644c 100644 --- a/cicada/commands/upsert_schedule.py +++ b/cicada/commands/upsert_schedule.py @@ -28,7 +28,6 @@ def main(schedule_details, dbname=None): current_schedule_details = scheduler.get_schedule_details(db_cur, schedule_details["schedule_id"]) if not current_schedule_details: - if schedule_details["interval_mask"] is None: print("ERROR: interval_mask is required for new schedule") sys.exit(1) diff --git a/cicada/lib/postgres.py b/cicada/lib/postgres.py index b5099d1..5a1c934 100644 --- a/cicada/lib/postgres.py +++ b/cicada/lib/postgres.py @@ -1,4 +1,5 @@ """Backend PostgreSQL database library""" + # 2015-07-01 Louis Pieterse import psycopg2 @@ -18,7 +19,7 @@ def db_cicada(dbname=None): user = definitions["db_cicada"]["user"] password = definitions["db_cicada"]["password"] - conn = psycopg2.connect(host=host, port=port, dbname=dbname, user=user, password=password) + conn = psycopg2.connect(host=host, port=port, dbname=dbname, user=user, password=password, sslmode="prefer") conn.autocommit = True return conn diff --git a/local-dev/cicada_db/Dockerfile b/local-dev/cicada_db/Dockerfile new file mode 100644 index 0000000..5a629fe --- /dev/null +++ b/local-dev/cicada_db/Dockerfile @@ -0,0 +1,13 @@ +FROM debezium/postgres:12-alpine + +COPY --chown=postgres:postgres server.crt /var/lib/postgresql/server.crt +COPY --chown=postgres:postgres --chmod=600 server.key /var/lib/postgresql/server.key + +RUN apk add --no-cache --virtual .debezium-build-deps gcc clang15 llvm15 git make musl-dev pkgconf \ + && git clone --depth 1 --branch wal2json_2_3 https://github.com/eulerto/wal2json.git \ + && cd /wal2json \ + && make && make install \ + && cd / \ + && rm -rf wal2json \ + && apk del .debezium-build-deps + diff --git a/local-dev/cicada_db/pg_hba.conf b/local-dev/cicada_db/pg_hba.conf new file mode 100644 index 0000000..99e48db --- /dev/null +++ b/local-dev/cicada_db/pg_hba.conf @@ -0,0 +1,107 @@ +# PostgreSQL Client Authentication Configuration File +# =================================================== +# +# Refer to the "Client Authentication" section in the PostgreSQL +# documentation for a complete description of this file. A short +# synopsis follows. +# +# This file controls: which hosts are allowed to connect, how clients +# are authenticated, which PostgreSQL user names they can use, which +# databases they can access. Records take one of these forms: +# +# local DATABASE USER METHOD [OPTIONS] +# host DATABASE USER ADDRESS METHOD [OPTIONS] +# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] +# hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] +# hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] +# +# (The uppercase items must be replaced by actual values.) +# +# The first field is the connection type: "local" is a Unix-domain +# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, +# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a +# non-SSL TCP/IP socket. Similarly, "hostgssenc" uses a +# GSSAPI-encrypted TCP/IP socket, while "hostnogssenc" uses a +# non-GSSAPI socket. +# +# DATABASE can be "all", "sameuser", "samerole", "replication", a +# database name, or a comma-separated list thereof. The "all" +# keyword does not match "replication". Access to replication +# must be enabled in a separate record (see example below). +# +# USER can be "all", a user name, a group name prefixed with "+", or a +# comma-separated list thereof. In both the DATABASE and USER fields +# you can also write a file name prefixed with "@" to include names +# from a separate file. +# +# ADDRESS specifies the set of hosts the record matches. It can be a +# host name, or it is made up of an IP address and a CIDR mask that is +# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that +# specifies the number of significant bits in the mask. A host name +# that starts with a dot (.) matches a suffix of the actual host name. +# Alternatively, you can write an IP address and netmask in separate +# columns to specify the set of hosts. Instead of a CIDR-address, you +# can write "samehost" to match any of the server's own IP addresses, +# or "samenet" to match any address in any subnet that the server is +# directly connected to. +# +# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", +# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". +# Note that "password" sends passwords in clear text; "md5" or +# "scram-sha-256" are preferred since they send encrypted passwords. +# +# OPTIONS are a set of options for the authentication in the format +# NAME=VALUE. The available options depend on the different +# authentication methods -- refer to the "Client Authentication" +# section in the documentation for a list of which options are +# available for which authentication methods. +# +# Database and user names containing spaces, commas, quotes and other +# special characters must be quoted. Quoting one of the keywords +# ---------------------------------- +# +# If you want to allow non-local connections, you need to add more +# "host" records. In that case you will also need to make PostgreSQL +# listen on a non-local interface via the listen_addresses +# configuration parameter, or via the -i or -h command line switches. + +# CAUTION: Configuring the system for local "trust" authentication +# allows any local user to connect as any PostgreSQL user, including +# the database superuser. If you do not trust all your local users, +# use another authentication method. + + +# # TYPE DATABASE USER ADDRESS METHOD + +# # "local" is for Unix domain socket connections only +# local all all trust +# # IPv4 local connections: +# host all all 127.0.0.1/32 trust +# # IPv6 local connections: +# host all all ::1/128 trust +# # Allow replication connections from localhost, by a user with the +# # replication privilege. +# local replication all trust +# host replication all 127.0.0.1/32 trust +# host replication all ::1/128 trust + +# host all all all md5 +# host replication pipelinewise 0.0.0.0/0 trust + + +# TYPE DATABASE USER ADDRESS METHOD + +# "local" is for Unix domain socket connections only +local all all trust +# IPv4 local connections: +hostssl all all 127.0.0.1/32 trust +# IPv6 local connections: +hostssl all all ::1/128 trust +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all trust +hostssl replication all 127.0.0.1/32 trust +hostssl replication all ::1/128 trust + +hostssl all all all md5 diff --git a/local-dev/cicada_db/server.crt b/local-dev/cicada_db/server.crt new file mode 100644 index 0000000..fd67542 --- /dev/null +++ b/local-dev/cicada_db/server.crt @@ -0,0 +1,77 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5c:d5:36:4d:7b:de:c9:34:78:37:6a:5d:91:b9:be:4a:ed:f4:4a:d9 + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=localhost + Validity + Not Before: Apr 30 13:18:28 2024 GMT + Not After : May 30 13:18:28 2024 GMT + Subject: CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a3:56:ee:3b:99:9d:0e:84:c9:e3:22:0d:a8:e1: + 80:5c:a3:ea:29:ce:97:51:de:db:39:4b:ec:bc:9b: + f8:83:9c:a1:21:94:e7:5b:fb:36:30:bc:55:84:ff: + 7f:11:63:68:19:4b:91:7e:ae:40:ca:7a:af:35:dc: + 4b:f6:9f:b6:d7:c9:d8:f6:2e:dd:b9:64:19:16:90: + dc:fa:c0:d8:9b:9e:71:99:2d:c7:a4:56:e9:7d:55: + a3:4a:48:8d:6e:2c:a2:31:db:9c:df:a0:d3:28:74: + d0:ce:37:a2:8a:f7:45:dd:5c:9c:63:d1:7a:22:15: + f5:64:89:2b:ba:1e:fe:0e:60:4f:8c:0e:4b:15:67: + 4d:cc:03:e4:48:3c:3d:85:c4:76:6c:ce:e9:b4:25: + b8:fc:e5:d5:05:cf:b0:60:46:3b:7e:4c:37:ed:9e: + 61:44:7e:3f:c1:91:34:ba:43:4d:39:15:bc:1f:d0: + 2c:bb:52:e9:c0:51:cb:44:d5:c8:13:ec:12:06:f9: + 01:84:a1:ed:d8:9d:dc:69:73:04:fc:ed:63:fe:3b: + 45:f7:37:b8:eb:ba:3e:ad:b3:78:ea:5d:26:c3:b2: + d9:14:35:dc:f6:90:48:a3:38:92:2c:72:1f:0e:a7: + 55:cb:bb:0a:d2:d1:85:bc:65:76:94:0e:46:73:ab: + 73:3f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 71:C2:B5:98:56:2F:8A:0F:F2:6A:97:2E:D0:17:DC:1B:28:E0:5D:72 + X509v3 Authority Key Identifier: + 71:C2:B5:98:56:2F:8A:0F:F2:6A:97:2E:D0:17:DC:1B:28:E0:5D:72 + X509v3 Basic Constraints: critical + CA:TRUE + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 95:c6:d4:7d:f0:6b:45:93:be:5a:64:e8:28:35:48:66:3b:d9: + 21:cc:21:65:ca:26:8a:4b:74:ea:29:b4:9f:7d:6a:ae:cc:14: + d3:01:99:96:4b:1a:07:6e:5a:98:9f:79:c4:d4:ad:05:5e:88: + 86:97:c2:1e:2c:f8:5f:c6:98:55:ed:d0:51:53:ee:ad:e1:7d: + cd:94:02:e7:32:17:54:1c:c7:ed:01:cb:8c:06:73:dc:63:81: + 5e:1d:86:7d:c4:6e:59:a5:0f:01:f6:ae:ea:67:a4:e5:58:8f: + 74:8e:46:e7:ff:b9:aa:d6:a1:cd:1b:44:4b:74:8c:43:c6:f7: + a4:78:f6:6c:60:c0:5d:b4:0c:cf:2e:e0:8e:27:84:81:a1:b6: + 5f:70:77:19:5f:ce:c7:7e:57:99:c1:44:a8:90:c1:ac:69:96: + 97:65:c6:6b:a3:17:17:89:2b:59:9d:65:af:42:9f:5e:09:17: + e3:c1:9c:59:f5:f2:8f:89:33:ec:c6:59:31:59:44:c9:24:3f: + c0:00:f2:b0:0f:4a:c8:23:e1:72:a1:e3:dd:81:11:12:0f:cd: + 9c:de:00:70:b0:ca:70:cd:c8:54:20:fd:49:00:d4:46:8b:ac: + 0d:e6:a9:c8:5c:26:fa:a4:66:ae:ba:c0:a0:d1:20:f9:78:b1: + ed:55:cf:6e +-----BEGIN CERTIFICATE----- +MIIDCTCCAfGgAwIBAgIUXNU2TXveyTR4N2pdkbm+Su30StkwDQYJKoZIhvcNAQEL +BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MDQzMDEzMTgyOFoXDTI0MDUz +MDEzMTgyOFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAo1buO5mdDoTJ4yINqOGAXKPqKc6XUd7bOUvsvJv4g5yh +IZTnW/s2MLxVhP9/EWNoGUuRfq5AynqvNdxL9p+218nY9i7duWQZFpDc+sDYm55x +mS3HpFbpfVWjSkiNbiyiMduc36DTKHTQzjeiivdF3VycY9F6IhX1ZIkruh7+DmBP +jA5LFWdNzAPkSDw9hcR2bM7ptCW4/OXVBc+wYEY7fkw37Z5hRH4/wZE0ukNNORW8 +H9Asu1LpwFHLRNXIE+wSBvkBhKHt2J3caXME/O1j/jtF9ze467o+rbN46l0mw7LZ +FDXc9pBIoziSLHIfDqdVy7sK0tGFvGV2lA5Gc6tzPwIDAQABo1MwUTAdBgNVHQ4E +FgQUccK1mFYvig/yapcu0BfcGyjgXXIwHwYDVR0jBBgwFoAUccK1mFYvig/yapcu +0BfcGyjgXXIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAlcbU +ffBrRZO+WmToKDVIZjvZIcwhZcomikt06im0n31qrswU0wGZlksaB25amJ95xNSt +BV6IhpfCHiz4X8aYVe3QUVPureF9zZQC5zIXVBzH7QHLjAZz3GOBXh2GfcRuWaUP +Afau6mek5ViPdI5G5/+5qtahzRtES3SMQ8b3pHj2bGDAXbQMzy7gjieEgaG2X3B3 +GV/Ox35XmcFEqJDBrGmWl2XGa6MXF4krWZ1lr0KfXgkX48GcWfXyj4kz7MZZMVlE +ySQ/wADysA9KyCPhcqHj3YEREg/NnN4AcLDKcM3IVCD9SQDURousDeapyFwm+qRm +rrrAoNEg+Xix7VXPbg== +-----END CERTIFICATE----- diff --git a/local-dev/cicada_db/server.key b/local-dev/cicada_db/server.key new file mode 100644 index 0000000..f7d02fa --- /dev/null +++ b/local-dev/cicada_db/server.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjVu47mZ0OhMnj +Ig2o4YBco+opzpdR3ts5S+y8m/iDnKEhlOdb+zYwvFWE/38RY2gZS5F+rkDKeq81 +3Ev2n7bXydj2Lt25ZBkWkNz6wNibnnGZLcekVul9VaNKSI1uLKIx25zfoNModNDO +N6KK90XdXJxj0XoiFfVkiSu6Hv4OYE+MDksVZ03MA+RIPD2FxHZszum0Jbj85dUF +z7BgRjt+TDftnmFEfj/BkTS6Q005Fbwf0Cy7UunAUctE1cgT7BIG+QGEoe3Yndxp +cwT87WP+O0X3N7jruj6ts3jqXSbDstkUNdz2kEijOJIsch8Op1XLuwrS0YW8ZXaU +DkZzq3M/AgMBAAECggEAOk3h/QlQzClvLTHvIUzZNnhWMjUpw5Iiu7mT2CFunIAw +7h1KVoV96viXKEHROEI9GuZkGY2W2A/h8f5gaTjKmg1Vck75W19VKz5reuCSkT4F ++7EhNdLGRrRmdLIgNecdwGFNhm/QX/0OucWXMjagzCruMh1IlNk0vn3OS4IbmsKJ +NiOAeAWBFJ5Ogv3CGFor4KSIbyG0TKktl0xdZ8OOZyVjbABSXL4N44TvJpz5iN7o +0h4dQrHLqxIl2Bk5bXaeOffFRJv4F1YnM7gGK4x2Glistd3QGx0ThJItrcpbrmWD +7sApIpwM1BU124hayXIwSEFuEq//3YR1T0Plp8+6UQKBgQDMp7uK8DRYbec6cENy +y94Z+IBpmMP6p4bAMXfIudqz23hNiCfgWFjzekMK8mNBwb9Qnx3DhaPWtUJNoS3D +9E77EVjZndpzwjleTTCcyC2eBAQ8C4TT9fcPe7N1IvTQ+SWBIIh8JCuIobzbc/tW +cuZ5Cg3RjGSaFfcr4YkX4HyZTwKBgQDMUaTB//tDCoudgH0mKptFlF8I5piBCsLG +18p9MAlsD/pIIbHEnzXahecFhn/CY5uKZox/4tlAQxNJ/BDV2oG6xd6VlMSoJkpV +G4pHHlM1pkWltpi8JIPrk1qrylcF9Sx8sNcwIIgR5dnp3zeREX3cKo3XKZbdgX5z +ilnWNMsrEQKBgQDDFk2Pt0Se2z1llqilILO63AlFIAwJv3KTeVRvMsPJWbgHaHhi +wrUge/a207JMd62w480Smi1BOg5XRAMFXbmAWdvxrikU2hunyjtB6QybKccDmhNn +nnuB9fBvBACNyEK5IdMZS714BH2sUJZRpTwQO8ZKb+NigvfYi6kM6sC7vwKBgF7h +oyM8HpCZexBfNL7ellCPgDp/614xgxYX676K6jU2jkGk9Aqc7MNX31qfhQDehMKW +sLRKwhyniXOYDLFi0U/Mx3qrJU/4yBgRu/seyAFn/3ve+bqVMnXZbgfM5PCtVEVr +UeLVmJrHJJUIxaMmfk4ZrNi4RYkDs5cwLlvdFGQhAoGBAKoO/3h9QUc/0+IORP6Q +BhWIU1UHiYI3XONDNUNcpomrR3YHYIDyr/nhZWTQmif96Kj/Il8+rZIhovMztF9c +JcmlqYgkz+o492E9eTeTV8a1F7dfVcjl4wyNQsFQwWE+1yT/oKocWD46GIY7navQ +eLTmVeK6BTR7ttZgdl3w6+XL +-----END PRIVATE KEY----- diff --git a/local-dev/cicada_db/server.req b/local-dev/cicada_db/server.req new file mode 100644 index 0000000..6bb7e2f --- /dev/null +++ b/local-dev/cicada_db/server.req @@ -0,0 +1,62 @@ +Certificate Request: + Data: + Version: 1 (0x0) + Subject: CN=localhost + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:a3:56:ee:3b:99:9d:0e:84:c9:e3:22:0d:a8:e1: + 80:5c:a3:ea:29:ce:97:51:de:db:39:4b:ec:bc:9b: + f8:83:9c:a1:21:94:e7:5b:fb:36:30:bc:55:84:ff: + 7f:11:63:68:19:4b:91:7e:ae:40:ca:7a:af:35:dc: + 4b:f6:9f:b6:d7:c9:d8:f6:2e:dd:b9:64:19:16:90: + dc:fa:c0:d8:9b:9e:71:99:2d:c7:a4:56:e9:7d:55: + a3:4a:48:8d:6e:2c:a2:31:db:9c:df:a0:d3:28:74: + d0:ce:37:a2:8a:f7:45:dd:5c:9c:63:d1:7a:22:15: + f5:64:89:2b:ba:1e:fe:0e:60:4f:8c:0e:4b:15:67: + 4d:cc:03:e4:48:3c:3d:85:c4:76:6c:ce:e9:b4:25: + b8:fc:e5:d5:05:cf:b0:60:46:3b:7e:4c:37:ed:9e: + 61:44:7e:3f:c1:91:34:ba:43:4d:39:15:bc:1f:d0: + 2c:bb:52:e9:c0:51:cb:44:d5:c8:13:ec:12:06:f9: + 01:84:a1:ed:d8:9d:dc:69:73:04:fc:ed:63:fe:3b: + 45:f7:37:b8:eb:ba:3e:ad:b3:78:ea:5d:26:c3:b2: + d9:14:35:dc:f6:90:48:a3:38:92:2c:72:1f:0e:a7: + 55:cb:bb:0a:d2:d1:85:bc:65:76:94:0e:46:73:ab: + 73:3f + Exponent: 65537 (0x10001) + Attributes: + (none) + Requested Extensions: + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4e:b2:dd:6a:29:3e:78:9f:7c:95:e4:82:34:cd:b1:df:91:1f: + 05:75:22:4d:9c:02:f4:69:06:33:6e:c3:c6:a3:c3:6a:ac:12: + 52:0c:aa:a7:be:62:9e:f6:28:cb:ae:0c:56:49:58:d1:16:30: + be:d7:ab:86:0a:66:13:97:90:ed:a8:a5:32:22:9d:45:48:0f: + 58:9e:fd:e8:6d:94:93:56:4d:e9:be:ab:2f:10:37:e3:b1:a3: + f4:74:53:5f:25:e4:1d:fc:e3:ad:2a:fb:5c:24:40:ec:dd:e3: + 64:fe:4d:0f:a5:17:c2:28:f9:b8:a2:0a:99:0a:21:8f:8c:96: + 16:f4:bf:67:74:fb:31:64:1e:3a:af:b6:f2:40:f5:e9:2f:4e: + e5:0a:53:48:e8:33:58:3f:45:e5:b6:c8:d1:29:6d:25:63:b6: + 77:f5:09:be:a3:9a:29:f5:8d:57:31:ec:68:96:d3:f9:9a:1e: + f8:97:1b:d8:b0:3d:e3:cf:5b:a6:21:52:fe:d3:4e:e6:b7:86: + 68:96:c5:46:9a:07:35:2c:a7:45:d9:7d:41:43:13:16:e0:4f: + 28:36:ba:da:f3:11:47:07:7a:c0:e8:10:61:0d:0f:9e:19:d9: + 53:50:f3:15:2d:c2:ba:9f:f1:1a:62:d0:0c:74:08:b1:32:a4: + 0e:c6:92:bd +-----BEGIN CERTIFICATE REQUEST----- +MIICWTCCAUECAQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAo1buO5mdDoTJ4yINqOGAXKPqKc6XUd7bOUvsvJv4 +g5yhIZTnW/s2MLxVhP9/EWNoGUuRfq5AynqvNdxL9p+218nY9i7duWQZFpDc+sDY +m55xmS3HpFbpfVWjSkiNbiyiMduc36DTKHTQzjeiivdF3VycY9F6IhX1ZIkruh7+ +DmBPjA5LFWdNzAPkSDw9hcR2bM7ptCW4/OXVBc+wYEY7fkw37Z5hRH4/wZE0ukNN +ORW8H9Asu1LpwFHLRNXIE+wSBvkBhKHt2J3caXME/O1j/jtF9ze467o+rbN46l0m +w7LZFDXc9pBIoziSLHIfDqdVy7sK0tGFvGV2lA5Gc6tzPwIDAQABoAAwDQYJKoZI +hvcNAQELBQADggEBAE6y3WopPniffJXkgjTNsd+RHwV1Ik2cAvRpBjNuw8ajw2qs +ElIMqqe+Yp72KMuuDFZJWNEWML7Xq4YKZhOXkO2opTIinUVID1ie/ehtlJNWTem+ +qy8QN+Oxo/R0U18l5B38460q+1wkQOzd42T+TQ+lF8Io+biiCpkKIY+Mlhb0v2d0 ++zFkHjqvtvJA9ekvTuUKU0joM1g/ReW2yNEpbSVjtnf1Cb6jmin1jVcx7GiW0/ma +HviXG9iwPePPW6YhUv7TTua3hmiWxUaaBzUsp0XZfUFDExbgTyg2utrzEUcHesDo +EGEND54Z2VNQ8xUtwrqf8Rpi0Ax0CLEypA7Gkr0= +-----END CERTIFICATE REQUEST----- diff --git a/local-dev/docker-compose.yml b/local-dev/docker-compose.yml index ff97d86..36ff555 100644 --- a/local-dev/docker-compose.yml +++ b/local-dev/docker-compose.yml @@ -1,4 +1,3 @@ -version: '3' services: ### Primary container with Cicada cicada_dev: @@ -7,6 +6,7 @@ services: container_name: cicada_dev working_dir: ${CICADA_HOME} entrypoint: ${CICADA_HOME}/local-dev/entrypoint.sh + # entrypoint: ${CICADA_HOME}/local-dev/entrypoint-lite.sh environment: CICADA_HOME: ${CICADA_HOME} DB_POSTGRES_HOST: cicada_db @@ -25,8 +25,20 @@ services: # PostgreSQL database container used as backend cicada_db: - image: debezium/postgres:12-alpine + build: + context: ./cicada_db + dockerfile: Dockerfile container_name: cicada_db + volumes: + - ./cicada_db/pg_hba.conf:/var/lib/postgresql/pg_hba.conf + command: > + -c "wal_level=logical" + -c "max_replication_slots=5" + -c "max_wal_senders=5" + -c "ssl=on" + -c "ssl_cert_file=/var/lib/postgresql/server.crt" + -c "ssl_key_file=/var/lib/postgresql/server.key" + -c "hba_file=/var/lib/postgresql/pg_hba.conf" ports: - ${DB_POSTGRES_PORT_ON_HOST}:${DB_POSTGRES_PORT} environment: @@ -36,6 +48,31 @@ services: networks: - cicada_network + # db_postgres_source: + # build: + # context: ./pg + # dockerfile: Dockerfile + # container_name: pipelinewise_dev_postgres_source + # volumes: + # - ./pg/pg_hba.conf:/var/lib/postgresql/pg_hba.conf + # # Making some logical decoding and ssl adjustments + # command: > + # -c "wal_level=logical" + # -c "max_replication_slots=5" + # -c "max_wal_senders=5" + # -c "ssl=on" + # -c "ssl_cert_file=/var/lib/postgresql/server.crt" + # -c "ssl_key_file=/var/lib/postgresql/server.key" + # -c "hba_file=/var/lib/postgresql/pg_hba.conf" + # ports: + # - ${TAP_POSTGRES_PORT_ON_HOST}:${TAP_POSTGRES_PORT} + # environment: + # POSTGRES_USER: ${TAP_POSTGRES_USER} + # POSTGRES_PASSWORD: ${TAP_POSTGRES_PASSWORD} + # POSTGRES_DB: ${TAP_POSTGRES_DB} + # networks: + # - pipelinewise_network + networks: cicada_network: ipam: diff --git a/local-dev/entrypoint.sh b/local-dev/entrypoint.sh index 0c125af..9a348dd 100755 --- a/local-dev/entrypoint.sh +++ b/local-dev/entrypoint.sh @@ -36,8 +36,7 @@ pwd # Build backend database export PGPASSWORD=${DB_POSTGRES_PASS} -psql -v ON_ERROR_STOP=1 -U${DB_POSTGRES_USER} -h${DB_POSTGRES_HOST} -p${DB_POSTGRES_PORT} ${DB_POSTGRES_DB} --file=setup/schema.sql --quiet - +psql -v ON_ERROR_STOP=1 "sslmode=prefer user=${DB_POSTGRES_USER} host=${DB_POSTGRES_HOST} port=${DB_POSTGRES_PORT} dbname=${DB_POSTGRES_DB}" --file=setup/schema.sql --quiet # If not exists, create definitions file for cli test -f ${CICADA_HOME}/config/definitions.yml || cat > ${CICADA_HOME}/config/definitions.yml <