Add support for the sslnegotiation DSN option

Signed-off-by: Mathias Bogaert <[email protected]>
concourse · Oct 12, 2024 · ae45e49 · ae45e49
1 parent 8bee2ab
commit ae45e49
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 5 deletions.
diff --git a/postgres_config.go b/postgres_config.go
@@ -18,10 +18,11 @@ type PostgresConfig struct {
 	User     string `long:"user"     description:"The user to sign in as."`
 	Password string `long:"password" description:"The user's password."`
 
-	SSLMode    string `long:"sslmode"     description:"Whether or not to use SSL." default:"disable" choice:"disable" choice:"require" choice:"verify-ca" choice:"verify-full"`
-	CACert     File   `long:"ca-cert"     description:"CA cert file location, to verify when connecting with SSL."`
-	ClientCert File   `long:"client-cert" description:"Client cert file location."`
-	ClientKey  File   `long:"client-key"  description:"Client key file location."`
+	SSLMode        string `long:"sslmode"        description:"Whether or not to use SSL." default:"disable" choice:"disable" choice:"require" choice:"verify-ca" choice:"verify-full"`
+	CACert         File   `long:"ca-cert"        description:"CA cert file location, to verify when connecting with SSL."`
+	ClientCert     File   `long:"client-cert"    description:"Client cert file location."`
+	ClientKey      File   `long:"client-key"     description:"Client key file location."`
+	SSLNegotiation string `long:"sslnegotiation" description:"Controls how SSL encryption is negotiated with the server, if SSL is used. The direct SSL option was introduced in PostgreSQL version 17." default:"postgres" choice:"postgres" choice:"direct"`
 
 	BinaryParameters bool `long:"binary-parameters" description:"Whether or not to use binary parameters for prepared statements."`
 
@@ -63,6 +64,10 @@ func (config PostgresConfig) ConnectionString() string {
 		properties["sslkey"] = config.ClientKey.Path()
 	}
 
+	if config.SSLNegotiation != "" {
+		properties["sslnegotiation"] = config.SSLNegotiation
+	}
+
 	if config.ConnectTimeout != 0 {
 		properties["connect_timeout"] = strconv.Itoa(int(config.ConnectTimeout.Seconds()))
 	}

diff --git a/postgres_config_test.go b/postgres_config_test.go
@@ -2,7 +2,6 @@ package flag_test
 
 import (
 	"github.com/concourse/flag/v2"
-
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
@@ -42,3 +41,21 @@ var _ = Describe("PostgresConfig", func() {
 		})
 	})
 })
+
+var _ = Describe("PostgresConfig", func() {
+	Describe("ConnectionString", func() {
+		It("adds sslnegotiation correctly", func() {
+			Expect(flag.PostgresConfig{
+				Host: "1.2.3.4",
+				Port: 5432,
+
+				User:     "some user",
+				Password: "not-so-important",
+
+				SSLNegotiation: "direct",
+
+				Database: "atc",
+			}.ConnectionString()).To(Equal("dbname='atc' host='1.2.3.4' password='not-so-important' port=5432 sslmode='' sslnegotiation='direct' user='some user'"))
+		})
+	})
+})