Update configuration to support various database technologies

README.md

@@ -115,12 +115,14 @@ EJBCA Community is licensed under the LGPL license, please see **[LICENSE](LICEN
 | database.localDeployment.image.repository | string | `"mariadb"`                                                                                          | Repository to find database container                                                                                                                                          |
 | database.localDeployment.image.pullPolicy | string | `IfNotPresent`                                                                                       | Image pull policy                                                                                                                                                              |
 | database.localDeployment.image.tag        | string | `"10.5"`                                                                                             | Database proxy image pull tag                                                                                                                                                  ||                                           |        |                                                                                                      |                                                                                                                                                                                |
+| database.type                             | string | `"postgresql"`                                                                                       | Database technology type, can be MariaDB, PostgreSQL, etc.                                                                                                                     |
 | database.host                             | string | `"database-svc"`                                                                                     | Hostname of database to connect to.                                                                                                                                            |
-| database.port                             | string | `3306`                                                                                               | Database port                                                                                                                                                                  |
+| database.port                             | int    | `5432`                                                                                               | Database port                                                                                                                                                                  |
+| database.name                             | string | `ejbca`                                                                                              | Name of the database                                                                                                                                                           |
+| database.username                         | string | `ejbcauser`                                                                                          | Database username                                                                                                                                                              |
+| database.password                         | string | `your-strong-password`                                                                               | Database password                                                                                                                                                              |
+| database.properties                       | string | `""`                                                                                                 | Optional database properties to be used for connection                                                                                                                         |
 | database.secretName                       | string | `"ejbca-database-credentials"`                                                                       | Secret name containing credentials to database                                                                                                                                 |
-|                                           |        |                                                                                                      |                                                                                                                                                                                |
-|                                           |        |                                                                                                      |                                                                                                                                                                                |
-
 
 ## Related projects
 

charts/ejbca-ce/templates/_helpers.tpl

@@ -60,3 +60,20 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{- /*
+this will take the databse values and convert to the jdbcUrl format
+*/}}
+{{- define "ejbca-ce.util.format.jdbcUrl" -}}
+{{- $ := index . 0 }}
+{{- $type := $.Values.database.type -}}
+{{- $properties := $.Values.database.properties -}}
+{{- $host := $.Values.database.host -}}
+{{- $port := $.Values.database.port | int -}}
+{{- $name := $.Values.database.name -}}
+{{- if eq $type "postgresql" -}}
+{{- printf "jdbc:postgresql://%s:%d/%s%s" $host $port $name $properties }}
+{{- else if eq $type "mariadb" -}}
+{{- printf "jdbc:mysql://%s:%d/%s%s" $host $port $name $properties }}
+{{- end -}}
+{{- end -}}

charts/ejbca-ce/templates/database/databasesecret.yaml

@@ -1,4 +1,3 @@
-{{- if .Values.database.localDeployment.deployDatabase -}}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -7,5 +6,6 @@ type: Opaque
 data:
   username: {{ .Values.database.username | b64enc }}
   password: {{ .Values.database.password | b64enc }}
+  {{- if .Values.database.localDeployment.deployDatabase -}}
   password-root: {{ .Values.database.passwordRoot | b64enc }}
-{{- end -}}
+  {{- end -}}

charts/ejbca-ce/templates/ejbca/deployment.yaml

@@ -54,7 +54,7 @@ spec:
             - name: TLS_SETUP_ENABLED
               value: "true"
             - name: DATABASE_JDBC_URL
-              value: {{ printf "jdbc:mysql://%s:%d/ejbca?characterEncoding=utf8" .Values.database.host (.Values.database.port | int) }}
+              value: {{ include "ejbca-ce.util.format.jdbcUrl" (list . ) | quote }}
             - name: DATABASE_USER
               valueFrom:
                 secretKeyRef:
@@ -88,6 +88,12 @@ spec:
               value: {{ .Values.database.host }}
             - name: DATABASE_PORT
               value: "{{ .Values.database.port }}"
+            - name: DATABASE_NAME
+              value: {{ .Values.database.name }}
+            - name: DATABASE_PROPERTIES
+              value: {{ .Values.database.properties }}
+            - name: DATABASE_TYPE
+              value: {{ .Values.database.type }}
             - name: CERTIFICATE_DIRECTORY
               value: "/usr/certs/"
           volumeMounts:
@@ -138,7 +144,7 @@ spec:
             - name: PROXY_AJP_BIND
               value: "127.0.0.1"
             - name: DATABASE_JDBC_URL
-              value: {{ printf "jdbc:mysql://%s:%d/ejbca?characterEncoding=utf8" .Values.database.host (.Values.database.port | int) }}
+              value: {{ include "ejbca-ce.util.format.jdbcUrl" (list . ) | quote }}
             - name: DATABASE_USER
               valueFrom:
                 secretKeyRef:

charts/ejbca-ce/values.yaml

@@ -107,12 +107,20 @@ database:
       pullPolicy: IfNotPresent
       tag: "10.5"
   # If deployDatabase is true, endpoint is used as the name label used by a database deployment and associated service.
-  # In both cases, the endpoint is used by EJBCA to connect to the database at the port configured below.
-  host: database-svc
-  port: 3306
+
   # Database secret name is required to securely retrieve database credentials. Used regardless of localDeployment state
   secretName: ejbca-database-credentials
 
+  # database technology, for example mariadb, postgresql
+  type: "postgresql"
+  host: "database-svc"
+  port: 5432
+  name: "ejbca"
+  username: "ejbcauser"
+  password: "your-strong-password"
+  # optional to add specific properties to database connection string
+  properties: ""
+
 serviceAccount:
   # Specifies whether a service account should be created
   create: true

go.mod

@@ -4,6 +4,7 @@ go 1.18
 
 require (
 	github.com/go-sql-driver/mysql v1.6.0 // indirect
+	github.com/lib/pq v1.10.7 // indirect
 	golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29 // indirect
 	software.sslmate.com/src/go-pkcs12 v0.2.0 // indirect
 )

go.sum

@@ -0,0 +1,12 @@
+github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw=
+github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+software.sslmate.com/src/go-pkcs12 v0.2.0/go.mod h1:23rNcYsMabIc1otwLpTkCCPwUq6kQsTyowttG/as0kQ=

main.go

@@ -12,19 +12,34 @@ import (
 	"time"
 
 	_ "github.com/go-sql-driver/mysql"
+	_ "github.com/lib/pq"
 )
 
 func main() {
+    dbtype := os.Getenv("DATABASE_TYPE")
 	username := os.Getenv("DATABASE_USER")
 	password := os.Getenv("DATABASE_PASSWORD")
 	host := os.Getenv("DATABASE_HOST")
 	port := os.Getenv("DATABASE_PORT")
-
-	connectionString := fmt.Sprintf("%s:%s@tcp(%s:%s)/ejbca?charset=utf8", username, password, host, port)
+	name := os.Getenv("DATABASE_NAME")
+	properties := os.Getenv("DATABASE_PROPERTIES")
 
 	log.Printf("Attempting to open connection to EJBCA database at %s:%s", host, port)
 
-	db, err := sql.Open("mysql", connectionString)
+    var connectionString string
+    var db *sql.DB
+    var err error
+
+    if dbtype == "postgresql" {
+        connectionString = fmt.Sprintf("postgres://%s:%s@%s:%s/%s%s", username, password, host, port, name, properties)
+        log.Printf("Connection string: %s", connectionString)
+        db, err = sql.Open("postgres", connectionString)
+    } else if dbtype == "mariadb" {
+        connectionString = fmt.Sprintf("%s:%s@tcp(%s:%s)/%s%s", username, password, host, port, name, properties)
+        log.Printf("Connection string: %s", connectionString)
+        db, err = sql.Open("mysql", connectionString)
+    }
+
 	if err != nil {
 		log.Fatal(err)
 	}