Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc6a1ee8

Browse files
committed
initial commit of adding support for specifying postgres connection string by reading a file from disk
1 parent897286f commitc6a1ee8

File tree

8 files changed

+206
-14
lines changed

8 files changed

+206
-14
lines changed

‎cli/resetpassword.go‎

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,8 +21,9 @@ import (
2121

2222
func (*RootCmd)resetPassword()*serpent.Command {
2323
var (
24-
postgresURLstring
25-
postgresAuthstring
24+
postgresURLstring
25+
postgresURLFilestring
26+
postgresAuthstring
2627
)
2728

2829
root:=&serpent.Command{
@@ -37,6 +38,18 @@ func (*RootCmd) resetPassword() *serpent.Command {
3738
logger=logger.Leveled(slog.LevelDebug)
3839
}
3940

41+
// Read the postgres URL from a file, if specified.
42+
ifpostgresURLFile!="" {
43+
ifpostgresURL!="" {
44+
returnxerrors.Errorf("cannot specify both --postgres-url and --postgres-url-file")
45+
}
46+
varerrerror
47+
postgresURL,err=ReadPostgresURLFromFile(postgresURLFile)
48+
iferr!=nil {
49+
returnerr
50+
}
51+
}
52+
4053
sqlDriver:="postgres"
4154
ifcodersdk.PostgresAuth(postgresAuth)==codersdk.PostgresAuthAWSIAMRDS {
4255
varerrerror
@@ -106,6 +119,12 @@ func (*RootCmd) resetPassword() *serpent.Command {
106119
Env:"CODER_PG_CONNECTION_URL",
107120
Value:serpent.StringOf(&postgresURL),
108121
},
122+
{
123+
Flag:"postgres-url-file",
124+
Description:"Path to a file containing the URL of a PostgreSQL database. The file contents will be read and used as the connection URL. This is an alternative to --postgres-url for cases where the URL is stored in a file, such as a Docker or Kubernetes secret.",
125+
Env:"CODER_PG_CONNECTION_URL_FILE",
126+
Value:serpent.StringOf(&postgresURLFile),
127+
},
109128
serpent.Option{
110129
Name:"Postgres Connection Auth",
111130
Description:"Type of auth to use when connecting to postgres.",

‎cli/server.go‎

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -433,6 +433,20 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd.
433433
}
434434
config:=r.createConfig()
435435

436+
// If a postgres URL file is specified, read the URL from the file.
437+
ifvals.PostgresURLFile!="" {
438+
ifvals.PostgresURL!="" {
439+
returnxerrors.Errorf("cannot specify both --postgres-url and --postgres-url-file")
440+
}
441+
postgresURL,err:=ReadPostgresURLFromFile(vals.PostgresURLFile.String())
442+
iferr!=nil {
443+
returnerr
444+
}
445+
iferr:=vals.PostgresURL.Set(postgresURL);err!=nil {
446+
returnxerrors.Errorf("set postgres URL from file: %w",err)
447+
}
448+
}
449+
436450
builtinPostgres:=false
437451
// Only use built-in if PostgreSQL URL isn't specified!
438452
ifvals.PostgresURL=="" {
@@ -2813,6 +2827,17 @@ func signalNotifyContext(ctx context.Context, inv *serpent.Invocation, sig ...os
28132827
returninv.SignalNotifyContext(ctx,sig...)
28142828
}
28152829

2830+
// ReadPostgresURLFromFile reads a PostgreSQL connection URL from a file. The
2831+
// file contents are trimmed of whitespace. This is useful for reading secrets
2832+
// from files, such as Docker or Kubernetes secrets.
2833+
funcReadPostgresURLFromFile(filePathstring) (string,error) {
2834+
content,err:=os.ReadFile(filePath)
2835+
iferr!=nil {
2836+
return"",xerrors.Errorf("read postgres URL file %q: %w",filePath,err)
2837+
}
2838+
returnstrings.TrimSpace(string(content)),nil
2839+
}
2840+
28162841
funcgetAndMigratePostgresDB(ctx context.Context,logger slog.Logger,postgresURLstring,auth codersdk.PostgresAuth,sqlDriverstring) (*sql.DB,string,error) {
28172842
dbURL,err:=escapePostgresURLUserInfo(postgresURL)
28182843
iferr!=nil {

‎cli/server_createadminuser.go‎

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ import (
2626
func (r*RootCmd)newCreateAdminUserCommand()*serpent.Command {
2727
var (
2828
newUserDBURLstring
29+
newUserDBURLFilestring
2930
newUserPgAuthstring
3031
newUserSSHKeygenAlgorithmstring
3132
newUserUsernamestring
@@ -52,6 +53,18 @@ func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command {
5253
ctx,cancel:=inv.SignalNotifyContext(ctx,StopSignals...)
5354
defercancel()
5455

56+
// Read the postgres URL from a file, if specified.
57+
ifnewUserDBURLFile!="" {
58+
ifnewUserDBURL!="" {
59+
returnxerrors.Errorf("cannot specify both --postgres-url and --postgres-url-file")
60+
}
61+
varerrerror
62+
newUserDBURL,err=ReadPostgresURLFromFile(newUserDBURLFile)
63+
iferr!=nil {
64+
returnerr
65+
}
66+
}
67+
5568
ifnewUserDBURL=="" {
5669
cliui.Infof(inv.Stdout,"Using built-in PostgreSQL (%s)",cfg.PostgresPath())
5770
url,closePg,err:=startBuiltinPostgres(ctx,cfg,logger,"")
@@ -257,6 +270,12 @@ func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command {
257270
Description:"URL of a PostgreSQL database. If empty, the built-in PostgreSQL deployment will be used (Coder must not be already running in this case).",
258271
Value:serpent.StringOf(&newUserDBURL),
259272
},
273+
serpent.Option{
274+
Env:"CODER_PG_CONNECTION_URL_FILE",
275+
Flag:"postgres-url-file",
276+
Description:"Path to a file containing the URL of a PostgreSQL database. The file contents will be read and used as the connection URL. This is an alternative to --postgres-url for cases where the URL is stored in a file, such as a Docker or Kubernetes secret.",
277+
Value:serpent.StringOf(&newUserDBURLFile),
278+
},
260279
serpent.Option{
261280
Name:"Postgres Connection Auth",
262281
Description:"Type of auth to use when connecting to postgres.",

‎cli/server_internal_test.go‎

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,8 @@ import (
44
"bytes"
55
"context"
66
"crypto/tls"
7+
"os"
8+
"path/filepath"
79
"testing"
810

911
"github.com/spf13/pflag"
@@ -372,3 +374,41 @@ func TestEscapePostgresURLUserInfo(t *testing.T) {
372374
})
373375
}
374376
}
377+
378+
funcTestReadPostgresURLFromFile(t*testing.T) {
379+
t.Parallel()
380+
381+
t.Run("ReadsFile",func(t*testing.T) {
382+
t.Parallel()
383+
tmpDir:=t.TempDir()
384+
filePath:=filepath.Join(tmpDir,"pg_url")
385+
expectedURL:="postgres://user:pass@localhost:5432/db"
386+
err:=os.WriteFile(filePath, []byte(expectedURL),0o600)
387+
require.NoError(t,err)
388+
389+
url,err:=ReadPostgresURLFromFile(filePath)
390+
require.NoError(t,err)
391+
require.Equal(t,expectedURL,url)
392+
})
393+
394+
t.Run("TrimsWhitespace",func(t*testing.T) {
395+
t.Parallel()
396+
tmpDir:=t.TempDir()
397+
filePath:=filepath.Join(tmpDir,"pg_url")
398+
expectedURL:="postgres://user:pass@localhost:5432/db"
399+
// Write with leading/trailing whitespace and newlines
400+
err:=os.WriteFile(filePath, []byte("\n"+expectedURL+"\n\n"),0o600)
401+
require.NoError(t,err)
402+
403+
url,err:=ReadPostgresURLFromFile(filePath)
404+
require.NoError(t,err)
405+
require.Equal(t,expectedURL,url)
406+
})
407+
408+
t.Run("FileNotFound",func(t*testing.T) {
409+
t.Parallel()
410+
_,err:=ReadPostgresURLFromFile("/nonexistent/path/to/file")
411+
require.Error(t,err)
412+
require.Contains(t,err.Error(),"read postgres URL file")
413+
})
414+
}

‎cli/server_regenerate_vapid_keypair.go‎

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,8 +20,9 @@ import (
2020

2121
func (r*RootCmd)newRegenerateVapidKeypairCommand()*serpent.Command {
2222
var (
23-
regenVapidKeypairDBURLstring
24-
regenVapidKeypairPgAuthstring
23+
regenVapidKeypairDBURLstring
24+
regenVapidKeypairDBURLFilestring
25+
regenVapidKeypairPgAuthstring
2526
)
2627
regenerateVapidKeypairCommand:=&serpent.Command{
2728
Use:"regenerate-vapid-keypair",
@@ -39,6 +40,18 @@ func (r *RootCmd) newRegenerateVapidKeypairCommand() *serpent.Command {
3940

4041
defercancel()
4142

43+
// Read the postgres URL from a file, if specified.
44+
ifregenVapidKeypairDBURLFile!="" {
45+
ifregenVapidKeypairDBURL!="" {
46+
returnxerrors.Errorf("cannot specify both --postgres-url and --postgres-url-file")
47+
}
48+
varerrerror
49+
regenVapidKeypairDBURL,err=ReadPostgresURLFromFile(regenVapidKeypairDBURLFile)
50+
iferr!=nil {
51+
returnerr
52+
}
53+
}
54+
4255
ifregenVapidKeypairDBURL=="" {
4356
cliui.Infof(inv.Stdout,"Using built-in PostgreSQL (%s)",cfg.PostgresPath())
4457
url,closePg,err:=startBuiltinPostgres(ctx,cfg,logger,"")
@@ -98,6 +111,12 @@ func (r *RootCmd) newRegenerateVapidKeypairCommand() *serpent.Command {
98111
Description:"URL of a PostgreSQL database. If empty, the built-in PostgreSQL deployment will be used (Coder must not be already running in this case).",
99112
Value:serpent.StringOf(&regenVapidKeypairDBURL),
100113
},
114+
serpent.Option{
115+
Env:"CODER_PG_CONNECTION_URL_FILE",
116+
Flag:"postgres-url-file",
117+
Description:"Path to a file containing the URL of a PostgreSQL database. The file contents will be read and used as the connection URL. This is an alternative to --postgres-url for cases where the URL is stored in a file, such as a Docker or Kubernetes secret.",
118+
Value:serpent.StringOf(&regenVapidKeypairDBURLFile),
119+
},
101120
serpent.Option{
102121
Name:"Postgres Connection Auth",
103122
Description:"Type of auth to use when connecting to postgres.",

‎coderd/database/dbtestutil/db.go‎

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,14 @@ func NewDB(t testing.TB, opts ...Option) (database.Store, pubsub.Pubsub) {
100100
varps pubsub.Pubsub
101101

102102
connectionURL:=os.Getenv("CODER_PG_CONNECTION_URL")
103+
ifconnectionURL=="" {
104+
// Check if a file path is provided instead.
105+
iffilePath:=os.Getenv("CODER_PG_CONNECTION_URL_FILE");filePath!="" {
106+
content,err:=os.ReadFile(filePath)
107+
require.NoError(t,err,"read postgres URL file")
108+
connectionURL=strings.TrimSpace(string(content))
109+
}
110+
}
103111
ifconnectionURL==""&&o.url!="" {
104112
connectionURL=o.url
105113
}

‎codersdk/deployment.go‎

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -460,6 +460,7 @@ type DeploymentValues struct {
460460
CacheDir serpent.String`json:"cache_directory,omitempty" typescript:",notnull"`
461461
EphemeralDeployment serpent.Bool`json:"ephemeral_deployment,omitempty" typescript:",notnull"`
462462
PostgresURL serpent.String`json:"pg_connection_url,omitempty" typescript:",notnull"`
463+
PostgresURLFile serpent.String`json:"pg_connection_url_file,omitempty" typescript:",notnull"`
463464
PostgresAuthstring`json:"pg_auth,omitempty" typescript:",notnull"`
464465
OAuth2OAuth2Config`json:"oauth2,omitempty" typescript:",notnull"`
465466
OIDCOIDCConfig`json:"oidc,omitempty" typescript:",notnull"`
@@ -2549,6 +2550,13 @@ func (c *DeploymentValues) Options() serpent.OptionSet {
25492550
Annotations: serpent.Annotations{}.Mark(annotationSecretKey,"true"),
25502551
Value:&c.PostgresURL,
25512552
},
2553+
{
2554+
Name:"Postgres Connection URL File",
2555+
Description:"Path to a file containing the URL of a PostgreSQL database. The file contents will be read and used as the connection URL. This is an alternative to --postgres-url for cases where the URL is stored in a file, such as a Docker or Kubernetes secret.",
2556+
Flag:"postgres-url-file",
2557+
Env:"CODER_PG_CONNECTION_URL_FILE",
2558+
Value:&c.PostgresURLFile,
2559+
},
25522560
{
25532561
Name:"Postgres Auth",
25542562
Description:"Type of auth to use when connecting to postgres. For AWS RDS, using IAM authentication (awsiamrds) is recommended.",

‎enterprise/cli/server_dbcrypt.go‎

Lines changed: 64 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -239,10 +239,11 @@ Are you sure you want to continue?`
239239
}
240240

241241
typerotateFlagsstruct {
242-
PostgresURLstring
243-
PostgresAuthstring
244-
Newstring
245-
Old []string
242+
PostgresURLstring
243+
PostgresURLFilestring
244+
PostgresAuthstring
245+
Newstring
246+
Old []string
246247
}
247248

248249
func (f*rotateFlags)attach(opts*serpent.OptionSet) {
@@ -254,6 +255,12 @@ func (f *rotateFlags) attach(opts *serpent.OptionSet) {
254255
Description:"The connection URL for the Postgres database.",
255256
Value:serpent.StringOf(&f.PostgresURL),
256257
},
258+
serpent.Option{
259+
Flag:"postgres-url-file",
260+
Env:"CODER_PG_CONNECTION_URL_FILE",
261+
Description:"Path to a file containing the connection URL for the Postgres database.",
262+
Value:serpent.StringOf(&f.PostgresURLFile),
263+
},
257264
serpent.Option{
258265
Name:"Postgres Connection Auth",
259266
Description:"Type of auth to use when connecting to postgres.",
@@ -279,6 +286,17 @@ func (f *rotateFlags) attach(opts *serpent.OptionSet) {
279286
}
280287

281288
func (f*rotateFlags)valid()error {
289+
iff.PostgresURLFile!="" {
290+
iff.PostgresURL!="" {
291+
returnxerrors.Errorf("cannot specify both --postgres-url and --postgres-url-file")
292+
}
293+
varerrerror
294+
f.PostgresURL,err=cli.ReadPostgresURLFromFile(f.PostgresURLFile)
295+
iferr!=nil {
296+
returnerr
297+
}
298+
}
299+
282300
iff.PostgresURL=="" {
283301
returnxerrors.Errorf("no database configured")
284302
}
@@ -310,9 +328,10 @@ func (f *rotateFlags) valid() error {
310328
}
311329

312330
typedecryptFlagsstruct {
313-
PostgresURLstring
314-
PostgresAuthstring
315-
Keys []string
331+
PostgresURLstring
332+
PostgresURLFilestring
333+
PostgresAuthstring
334+
Keys []string
316335
}
317336

318337
func (f*decryptFlags)attach(opts*serpent.OptionSet) {
@@ -324,6 +343,12 @@ func (f *decryptFlags) attach(opts *serpent.OptionSet) {
324343
Description:"The connection URL for the Postgres database.",
325344
Value:serpent.StringOf(&f.PostgresURL),
326345
},
346+
serpent.Option{
347+
Flag:"postgres-url-file",
348+
Env:"CODER_PG_CONNECTION_URL_FILE",
349+
Description:"Path to a file containing the connection URL for the Postgres database.",
350+
Value:serpent.StringOf(&f.PostgresURLFile),
351+
},
327352
serpent.Option{
328353
Name:"Postgres Connection Auth",
329354
Description:"Type of auth to use when connecting to postgres.",
@@ -343,6 +368,17 @@ func (f *decryptFlags) attach(opts *serpent.OptionSet) {
343368
}
344369

345370
func (f*decryptFlags)valid()error {
371+
iff.PostgresURLFile!="" {
372+
iff.PostgresURL!="" {
373+
returnxerrors.Errorf("cannot specify both --postgres-url and --postgres-url-file")
374+
}
375+
varerrerror
376+
f.PostgresURL,err=cli.ReadPostgresURLFromFile(f.PostgresURLFile)
377+
iferr!=nil {
378+
returnerr
379+
}
380+
}
381+
346382
iff.PostgresURL=="" {
347383
returnxerrors.Errorf("no database configured")
348384
}
@@ -363,9 +399,10 @@ func (f *decryptFlags) valid() error {
363399
}
364400

365401
typedeleteFlagsstruct {
366-
PostgresURLstring
367-
PostgresAuthstring
368-
Confirmbool
402+
PostgresURLstring
403+
PostgresURLFilestring
404+
PostgresAuthstring
405+
Confirmbool
369406
}
370407

371408
func (f*deleteFlags)attach(opts*serpent.OptionSet) {
@@ -377,6 +414,12 @@ func (f *deleteFlags) attach(opts *serpent.OptionSet) {
377414
Description:"The connection URL for the Postgres database.",
378415
Value:serpent.StringOf(&f.PostgresURL),
379416
},
417+
serpent.Option{
418+
Flag:"postgres-url-file",
419+
Env:"CODER_EXTERNAL_TOKEN_ENCRYPTION_POSTGRES_URL_FILE",
420+
Description:"Path to a file containing the connection URL for the Postgres database.",
421+
Value:serpent.StringOf(&f.PostgresURLFile),
422+
},
380423
serpent.Option{
381424
Name:"Postgres Connection Auth",
382425
Description:"Type of auth to use when connecting to postgres.",
@@ -390,6 +433,17 @@ func (f *deleteFlags) attach(opts *serpent.OptionSet) {
390433
}
391434

392435
func (f*deleteFlags)valid()error {
436+
iff.PostgresURLFile!="" {
437+
iff.PostgresURL!="" {
438+
returnxerrors.Errorf("cannot specify both --postgres-url and --postgres-url-file")
439+
}
440+
varerrerror
441+
f.PostgresURL,err=cli.ReadPostgresURLFromFile(f.PostgresURLFile)
442+
iferr!=nil {
443+
returnerr
444+
}
445+
}
446+
393447
iff.PostgresURL=="" {
394448
returnxerrors.Errorf("no database configured")
395449
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp