-
Notifications
You must be signed in to change notification settings - Fork 3.8k
/
pg_url.go
76 lines (68 loc) · 2.58 KB
/
pg_url.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
// Copyright 2016 The Cockroach Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
// implied. See the License for the specific language governing
// permissions and limitations under the License.
//
// Author: Matt Tracy (matt@cockroachlabs.com)
package sqlutils
import (
"io/ioutil"
"net"
"net/url"
"os"
"testing"
"github.com/cockroachdb/cockroach/security"
"github.com/cockroachdb/cockroach/security/securitytest"
"github.com/cockroachdb/cockroach/server"
)
// PGUrl returns a postgres connection url which connects to this server with the given user, and a
// cleanup function which must be called after all connections created using the connection url have
// been closed.
//
// In order to connect securely using postgres, this method will create temporary on-disk copies of
// certain embedded security certificates. The certificates will be created in a new temporary
// directory. The returned cleanup function will delete this temporary directory.
func PGUrl(t testing.TB, ts *server.TestServer, user, prefix string) (url.URL, func()) {
host, port, err := net.SplitHostPort(ts.PGAddr())
if err != nil {
t.Fatal(err)
}
tempDir, err := ioutil.TempDir("", prefix)
if err != nil {
t.Fatal(err)
}
caPath := security.CACertPath(security.EmbeddedCertsDir)
certPath := security.ClientCertPath(security.EmbeddedCertsDir, user)
keyPath := security.ClientKeyPath(security.EmbeddedCertsDir, user)
// Copy these assets to disk from embedded strings, so this test can
// run from a standalone binary.
tempCAPath := securitytest.RestrictedCopy(t, caPath, tempDir, "ca")
tempCertPath := securitytest.RestrictedCopy(t, certPath, tempDir, "cert")
tempKeyPath := securitytest.RestrictedCopy(t, keyPath, tempDir, "key")
options := url.Values{}
options.Add("sslmode", "verify-full")
options.Add("sslrootcert", tempCAPath)
options.Add("sslcert", tempCertPath)
options.Add("sslkey", tempKeyPath)
return url.URL{
Scheme: "postgres",
User: url.User(user),
Host: net.JoinHostPort(host, port),
Path: prefix,
RawQuery: options.Encode(),
}, func() {
if err := os.RemoveAll(tempDir); err != nil {
// Not Fatal() because we might already be panicking.
t.Error(err)
}
}
}