cube icon indicating copy to clipboard operation
cube copied to clipboard

Published 20 hours ago verified publisher icon cube-js

Clarify instructions for using custom CA bundles for MSSQL connections

Open sjauld opened this issue 9 months ago • 3 comments

Check List

  • [ ] ~Tests has been run in packages where changes made if available~
  • [ ] ~Linter has been run for changed code~
  • [ ] ~Tests for the changes have been added if not covered yet~
  • [x] Docs have been added / updated if required

Issue Reference this PR resolves

#8244

Description of Changes Made (if issue reference is not provided)

Just an update to the documentation to save others time

sjauld avatar May 08 '24 07:05 sjauld

The latest updates on your projects. Learn more about Vercel for Git ↗︎

8 Ignored Deployments
Name Status Preview Comments Updated (UTC)
examples-angular-dashboard ⬜️ Ignored (Inspect) Visit Preview May 8, 2024 7:34am
examples-react-d3 ⬜️ Ignored (Inspect) Visit Preview May 8, 2024 7:34am
examples-react-dashboard ⬜️ Ignored (Inspect) Visit Preview May 8, 2024 7:34am
examples-react-data-table ⬜️ Ignored (Inspect) Visit Preview May 8, 2024 7:34am
examples-react-highcharts ⬜️ Ignored (Inspect) Visit Preview May 8, 2024 7:34am
examples-react-material-ui ⬜️ Ignored (Inspect) Visit Preview May 8, 2024 7:34am
examples-react-pivot-table ⬜️ Ignored (Inspect) Visit Preview May 8, 2024 7:34am
examples-vue-query-builder ⬜️ Ignored (Inspect) Visit Preview May 8, 2024 7:34am

vercel[bot] avatar May 08 '24 07:05 vercel[bot]

Hi @sjauld 👋

Thanks for contributing this! I think I have a couple questions here.

Let me present my thinking first:

  • By looking at Cube's MS SQL driver code, I see that the encrypt option is passed to the underlying driver (value is taken from CUBEJS_DB_SSL env var).
  • In the underlying driver docs, I see that both encrypt and trustServerCertificate are required for self-signed certificates to work.
  • So, I assume that the docs' suggestion to use CUBEJS_DB_SSL is correct. The only caveat is that, in case of a self-signed certificate, trustServerCertificate should also be passed.

What do you think? Does my line of thought seems to be correct?

Also, if you instantiate your MS SQL driver in the following way, are you able to connect? It would be fantastic if you can test the following setup and report back if it worked for you:

In cube.js file:

module.exports = {
  driverFactory: ({ securityContext, dataSource }) => {
    return {
      type: 'mssql',
      host: '...',
      user: '...',
      password: '...',
      database: '...',
      options: {
        encrypt: true,
        trustServerCertificate: true
      }
    }
  }
};

Thank you in advance!

igorlukanin avatar May 23 '24 09:05 igorlukanin

Hi Igor,

I'm not really interested in blindly trusting the server certificate, I want to verify the chain, hence including the bundle in my container.

That said, I'm 99% sure that your suggestion will work.

Cheers, Stuart

sjauld avatar May 24 '24 05:05 sjauld