Merge pull request #6236 from Icinga/feature/ido-pgsql-tls

Add TLS support for DB IDO PostgreSQL feature
2018-04-24 16:02:39 +02:00 · 2018-04-24 16:02:39 +02:00 · 04094032b5
parent 8fe50ef816 fe0bf161cb
commit 04094032b5
5 changed files with 49 additions and 15 deletions
--- a/doc/09-object-types.md
+++ b/doc/09-object-types.md
@ -948,6 +948,10 @@ Configuration Attributes:
  user                      | String                | **Optional.** PostgreSQL database user with read/write permission to the icinga database. Defaults to `icinga`.
  password                  | String                | **Optional.** PostgreSQL database user's password. Defaults to `icinga`.
  database                  | String                | **Optional.** PostgreSQL database name. Defaults to `icinga`.
  ssl\_mode                 | String                | **Optional.** Enable SSL connection mode. Value must be set according to the [sslmode setting](https://www.postgresql.org/docs/9.3/static/libpq-connect.html#LIBPQ-CONNSTRING): `prefer`, `require`, `verify-ca`, `verify-full`, `allow`, `disable`.
  ssl\_key                  | String                | **Optional.** PostgreSQL SSL client key file path.
  ssl\_cert                 | String                | **Optional.** PostgreSQL SSL certificate file path.
  ssl\_ca                   | String                | **Optional.** PostgreSQL SSL certificate authority certificate file path.
  table\_prefix             | String                | **Optional.** PostgreSQL database table prefix. Defaults to `icinga_`.
  instance\_name            | String                | **Optional.** Unique identifier for the local Icinga 2 instance. Defaults to `default`.
  instance\_description     | String                | **Optional.** Description for the Icinga 2 instance.
--- a/lib/db_ido_pgsql/idopgsqlconnection.cpp
+++ b/lib/db_ido_pgsql/idopgsqlconnection.cpp
@ -208,22 +208,41 @@ void IdoPgsqlConnection::Reconnect()
 	ClearIDCache();
-	String ihost, iport, iuser, ipasswd, idb;
+	String host = GetHost();
-	const char *host, *port, *user , *passwd, *db;
+	String port = GetPort();
 	String user = GetUser();
 	String password = GetPassword();
 	String database = GetDatabase();
-	ihost = GetHost();
+	String sslMode = GetSslMode();
-	iport = GetPort();
+	String sslKey = GetSslKey();
-	iuser = GetUser();
+	String sslCert = GetSslCert();
-	ipasswd = GetPassword();
+	String sslCa = GetSslCa();
 	idb = GetDatabase();
-	host = (!ihost.IsEmpty()) ? ihost.CStr() : nullptr;
+	String conninfo;
 	port = (!iport.IsEmpty()) ? iport.CStr() : nullptr;
 	user = (!iuser.IsEmpty()) ? iuser.CStr() : nullptr;
 	passwd = (!ipasswd.IsEmpty()) ? ipasswd.CStr() : nullptr;
 	db = (!idb.IsEmpty()) ? idb.CStr() : nullptr;
-	m_Connection = m_Pgsql->setdbLogin(host, port, nullptr, nullptr, db, user, passwd);
+	if (!host.IsEmpty())
 		conninfo += " host=" + host;
 	if (!port.IsEmpty())
 		conninfo += " port=" + port;
 	if (!user.IsEmpty())
 		conninfo += " user=" + user;
 	if (!password.IsEmpty())
 		conninfo += " password=" + password;
 	if (!database.IsEmpty())
 		conninfo += " dbname=" + database;
 	if (!sslMode.IsEmpty())
 		conninfo += " sslmode=" + sslMode;
 	if (!sslKey.IsEmpty())
 		conninfo += " sslkey=" + sslKey;
 	if (!sslCert.IsEmpty())
 		conninfo += " sslcert=" + sslCert;
 	if (!sslCa.IsEmpty())
 		conninfo += " sslrootcert=" + sslCa;
 	/* connection */
 	m_Connection = m_Pgsql->connectdb(conninfo.CStr());
 	if (!m_Connection)
 		return;
@ -234,7 +253,7 @@ void IdoPgsqlConnection::Reconnect()
 		SetConnected(false);
 		Log(LogCritical, "IdoPgsqlConnection")
-			<< "Connection to database '" << db << "' with user '" << user << "' on '" << host << ":" << port
+			<< "Connection to database '" << database << "' with user '" << user << "' on '" << host << ":" << port
 			<< "' failed: \"" << message << "\"";
 		BOOST_THROW_EXCEPTION(std::runtime_error(message));
@ -346,7 +365,8 @@ void IdoPgsqlConnection::Reconnect()
 	}
 	Log(LogInformation, "IdoPgsqlConnection")
-		<< "pgSQL IDO instance id: " << static_cast<long>(m_InstanceID) << " (schema version: '" + version + "')";
+		<< "PGSQL IDO instance id: " << static_cast<long>(m_InstanceID) << " (schema version: '" + version + "')"
 		<< (!sslMode.IsEmpty() ? ", sslmode='" + sslMode + "'" : "");
 	Query("BEGIN");
--- a/lib/db_ido_pgsql/idopgsqlconnection.ti
+++ b/lib/db_ido_pgsql/idopgsqlconnection.ti
@ -45,6 +45,10 @@ class IdoPgsqlConnection : DbConnection
 		default {{{ return "default"; }}}
 	};
 	[config] String instance_description;
 	[config] String ssl_mode;
 	[config] String ssl_key;
 	[config] String ssl_cert;
 	[config] String ssl_ca;
 };
 }
--- a/lib/pgsql_shim/pgsqlinterface.cpp
+++ b/lib/pgsql_shim/pgsqlinterface.cpp
@ -108,6 +108,11 @@ struct PgsqlInterfaceImpl final : public PgsqlInterface
 		return PQsetdbLogin(pghost, pgport, pgoptions, pgtty, dbName, login, pwd);
 	}
 	PGconn *connectdb(const char *conninfo) const override
 	{
 		return PQconnectdb(conninfo);
 	}
 	ConnStatusType status(const PGconn *conn) const override
 	{
 		return PQstatus(conn);
--- a/lib/pgsql_shim/pgsqlinterface.hpp
+++ b/lib/pgsql_shim/pgsqlinterface.hpp
@ -50,6 +50,7 @@ struct PgsqlInterface
 	virtual ExecStatusType resultStatus(const PGresult *res) const = 0;
 	virtual int serverVersion(const PGconn *conn) const = 0;
 	virtual PGconn *setdbLogin(const char *pghost, const char *pgport, const char *pgoptions, const char *pgtty, const char *dbName, const char *login, const char *pwd) const = 0;
 	virtual PGconn *connectdb(const char *conninfo) const = 0;
 	virtual ConnStatusType status(const PGconn *conn) const = 0;
 protected: