evidence icon indicating copy to clipboard operation
evidence copied to clipboard
verified publisher icon evidence-dev

Postgres SSL option in database config does not work as a Netlify environment variable

Open hughess opened this issue 3 years ago • 2 comments

Bug Description In database.config.json, an ssl option can be supplied for Postgres, which can be true, false, or an object. If you include an object, it works when set locally, but does not work when the options from the local database config are inputted as environment variables in Netlify.

Expected Behavior We should be able to successfully use the same database config options locally as in Netlify.

Error Messages and Screenshots Netlify build fails when ssl environment variable supplied

Workarounds Use a connectionString instead of separate credentials (username, password, etc.) and append ?sslmode=no-verify to the end.

Connection string takes this form: postgres://[user]:[password]@[host]:[port]/[database]?sslmode=no-verify

And is included in database.config.json in place of all other credentials, so the database config will look as follows:

{
     "connectionString": "postgres://[user]:[password]@[host]:[port]/[database]?sslmode=no-verify"
}

Workaround Example (using mock credentials):

Credentials: host: ec2-34-948-34-100.compute-1.amazonaws.com database: ijefij426jnk32k port: 5555 user: fehuwifheiu password: 1ab2cd3

Connection String: postgres://fehuwifheiu:[email protected]:5555/ijefij426jnk32k?sslmode=no-verify

Database Config File:

{
     "connectionString": "postgres://fehuwifheiu:[email protected]:5555/ijefij426jnk32k?sslmode=no-verify"
}

Netlify Environment Variable: Variable Name: connectionString Variable Value: postgres://fehuwifheiu:[email protected]:5555/ijefij426jnk32k?sslmode=no-verify

Database:

  • [x] Postgres
  • [ ] BigQuery
  • [ ] Snowflake
  • [ ] Redshift
  • [ ] MySQL
  • [ ] Other (please specify)

hughess avatar Feb 24 '22 15:02 hughess

It might be this line in the postgres package causing the issue: ssl: database ? database.ssl : process.env["ssl"] ?? false,

Locally, we can receive an object as the ssl option, but it appears that Netlify cannot accept the same input.

We've tried using double underscore notation to indicate a value stored within an object (e.g., ssl__rejectUnauthorized), but it is unclear if that works. If Netlify is able to process that, the line in the postgres package shown above may default to false since it is not receiving a specific ssl option.

hughess avatar Feb 24 '22 15:02 hughess

Using the below should work: ssl: no-verify

hughess avatar Mar 01 '22 20:03 hughess

Closing since ssl: no-verify works for this case

hughess avatar Aug 30 '22 21:08 hughess