diff --git a/README.md b/README.md index a10eec2..e4094e6 100644 --- a/README.md +++ b/README.md @@ -115,12 +115,14 @@ EJBCA Community is licensed under the LGPL license, please see **[LICENSE](LICEN | database.localDeployment.image.repository | string | `"mariadb"` | Repository to find database container | | database.localDeployment.image.pullPolicy | string | `IfNotPresent` | Image pull policy | | database.localDeployment.image.tag | string | `"10.5"` | Database proxy image pull tag || | | | | +| database.type | string | `"postgresql"` | Database technology type, can be MariaDB, PostgreSQL, etc. | | database.host | string | `"database-svc"` | Hostname of database to connect to. | -| database.port | string | `3306` | Database port | +| database.port | int | `5432` | Database port | +| database.name | string | `ejbca` | Name of the database | +| database.username | string | `ejbcauser` | Database username | +| database.password | string | `your-strong-password` | Database password | +| database.properties | string | `""` | Optional database properties to be used for connection | | database.secretName | string | `"ejbca-database-credentials"` | Secret name containing credentials to database | -| | | | | -| | | | | - ## Related projects diff --git a/charts/ejbca-ce/templates/_helpers.tpl b/charts/ejbca-ce/templates/_helpers.tpl index fe6de68..b2e261f 100644 --- a/charts/ejbca-ce/templates/_helpers.tpl +++ b/charts/ejbca-ce/templates/_helpers.tpl @@ -60,3 +60,20 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{- /* +this will take the databse values and convert to the jdbcUrl format +*/}} +{{- define "ejbca-ce.util.format.jdbcUrl" -}} +{{- $ := index . 0 }} +{{- $type := $.Values.database.type -}} +{{- $properties := $.Values.database.properties -}} +{{- $host := $.Values.database.host -}} +{{- $port := $.Values.database.port | int -}} +{{- $name := $.Values.database.name -}} +{{- if eq $type "postgresql" -}} +{{- printf "jdbc:postgresql://%s:%d/%s%s" $host $port $name $properties }} +{{- else if eq $type "mariadb" -}} +{{- printf "jdbc:mysql://%s:%d/%s%s" $host $port $name $properties }} +{{- end -}} +{{- end -}} diff --git a/charts/ejbca-ce/templates/database/databasesecret.yaml b/charts/ejbca-ce/templates/database/databasesecret.yaml index 464fa1b..8cb3bc0 100644 --- a/charts/ejbca-ce/templates/database/databasesecret.yaml +++ b/charts/ejbca-ce/templates/database/databasesecret.yaml @@ -1,4 +1,3 @@ -{{- if .Values.database.localDeployment.deployDatabase -}} apiVersion: v1 kind: Secret metadata: @@ -7,5 +6,6 @@ type: Opaque data: username: {{ .Values.database.username | b64enc }} password: {{ .Values.database.password | b64enc }} + {{- if .Values.database.localDeployment.deployDatabase -}} password-root: {{ .Values.database.passwordRoot | b64enc }} -{{- end -}} \ No newline at end of file + {{- end -}} \ No newline at end of file diff --git a/charts/ejbca-ce/templates/ejbca/deployment.yaml b/charts/ejbca-ce/templates/ejbca/deployment.yaml index b1576f9..d090c36 100644 --- a/charts/ejbca-ce/templates/ejbca/deployment.yaml +++ b/charts/ejbca-ce/templates/ejbca/deployment.yaml @@ -54,7 +54,7 @@ spec: - name: TLS_SETUP_ENABLED value: "true" - name: DATABASE_JDBC_URL - value: {{ printf "jdbc:mysql://%s:%d/ejbca?characterEncoding=utf8" .Values.database.host (.Values.database.port | int) }} + value: {{ include "ejbca-ce.util.format.jdbcUrl" (list . ) | quote }} - name: DATABASE_USER valueFrom: secretKeyRef: @@ -88,6 +88,12 @@ spec: value: {{ .Values.database.host }} - name: DATABASE_PORT value: "{{ .Values.database.port }}" + - name: DATABASE_NAME + value: {{ .Values.database.name }} + - name: DATABASE_PROPERTIES + value: {{ .Values.database.properties }} + - name: DATABASE_TYPE + value: {{ .Values.database.type }} - name: CERTIFICATE_DIRECTORY value: "/usr/certs/" volumeMounts: @@ -138,7 +144,7 @@ spec: - name: PROXY_AJP_BIND value: "127.0.0.1" - name: DATABASE_JDBC_URL - value: {{ printf "jdbc:mysql://%s:%d/ejbca?characterEncoding=utf8" .Values.database.host (.Values.database.port | int) }} + value: {{ include "ejbca-ce.util.format.jdbcUrl" (list . ) | quote }} - name: DATABASE_USER valueFrom: secretKeyRef: diff --git a/charts/ejbca-ce/values.yaml b/charts/ejbca-ce/values.yaml index a778267..be584eb 100644 --- a/charts/ejbca-ce/values.yaml +++ b/charts/ejbca-ce/values.yaml @@ -107,12 +107,20 @@ database: pullPolicy: IfNotPresent tag: "10.5" # If deployDatabase is true, endpoint is used as the name label used by a database deployment and associated service. - # In both cases, the endpoint is used by EJBCA to connect to the database at the port configured below. - host: database-svc - port: 3306 + # Database secret name is required to securely retrieve database credentials. Used regardless of localDeployment state secretName: ejbca-database-credentials + # database technology, for example mariadb, postgresql + type: "postgresql" + host: "database-svc" + port: 5432 + name: "ejbca" + username: "ejbcauser" + password: "your-strong-password" + # optional to add specific properties to database connection string + properties: "" + serviceAccount: # Specifies whether a service account should be created create: true diff --git a/go.mod b/go.mod index 3a82d95..c755c9a 100644 --- a/go.mod +++ b/go.mod @@ -4,6 +4,7 @@ go 1.18 require ( github.com/go-sql-driver/mysql v1.6.0 // indirect + github.com/lib/pq v1.10.7 // indirect golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 // indirect software.sslmate.com/src/go-pkcs12 v0.2.0 // indirect ) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..a202b96 --- /dev/null +++ b/go.sum @@ -0,0 +1,12 @@ +github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw= +github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ= diff --git a/main.go b/main.go index 5a4832f..0b86317 100644 --- a/main.go +++ b/main.go @@ -12,19 +12,34 @@ import ( "time" _ "github.com/go-sql-driver/mysql" + _ "github.com/lib/pq" ) func main() { + dbtype := os.Getenv("DATABASE_TYPE") username := os.Getenv("DATABASE_USER") password := os.Getenv("DATABASE_PASSWORD") host := os.Getenv("DATABASE_HOST") port := os.Getenv("DATABASE_PORT") - - connectionString := fmt.Sprintf("%s:%s@tcp(%s:%s)/ejbca?charset=utf8", username, password, host, port) + name := os.Getenv("DATABASE_NAME") + properties := os.Getenv("DATABASE_PROPERTIES") log.Printf("Attempting to open connection to EJBCA database at %s:%s", host, port) - db, err := sql.Open("mysql", connectionString) + var connectionString string + var db *sql.DB + var err error + + if dbtype == "postgresql" { + connectionString = fmt.Sprintf("postgres://%s:%s@%s:%s/%s%s", username, password, host, port, name, properties) + log.Printf("Connection string: %s", connectionString) + db, err = sql.Open("postgres", connectionString) + } else if dbtype == "mariadb" { + connectionString = fmt.Sprintf("%s:%s@tcp(%s:%s)/%s%s", username, password, host, port, name, properties) + log.Printf("Connection string: %s", connectionString) + db, err = sql.Open("mysql", connectionString) + } + if err != nil { log.Fatal(err) }