Set the default PostgreSQL sslMode to verify-full
#86
Conversation
| @@ -33,7 +33,8 @@ type ProviderConfigSpec struct { | |||
| // Defines the SSL mode used to set up a connection to the provided | |||
| // PostgreSQL instance | |||
| // +kubebuilder:validation:Enum=disable;require;verify-ca;verify-full | |||
| // +optional | |||
| // +kubebuilder:default=verify-full | |||
| // +kubebuilder:validation:Required | |||
| SSLMode string `json:"sslMode"` | |||
There was a problem hiding this comment.
I believe we should set it as optional (with omit-empty) since we have a default, e.g.
There was a problem hiding this comment.
Thanks @turkenh, converted it to an optional field.
|
I'd argue to follow the upstream default as it is more predictable, is there a change request upstream to change the default perhaps? |
Hi @Duologic, Please also see the note in that document reproduced here for convenience: As mentioned in the description of the PR, while I agree aligning with the downstream default would be less controversial but I preferred the secure by default approach and chose the strictest policy. Also with many modern TLS client libraries, what's described for |
.gitignore
Outdated
| @@ -2,6 +2,7 @@ | |||
| /vendor | |||
| /.vendor-new | |||
| .vscode | |||
| /.idea | |||
There was a problem hiding this comment.
Do you mind adding this in your personal $HOME/.gitignore?
Makefile
Outdated
| # adjust this behavior in the build submodule because it is also causing Linux | ||
| # users to duplicate their build cache, but for now we just make it easier to | ||
| # identify its location in CI so that we cache between builds. | ||
| go.cachedir: |
There was a problem hiding this comment.
I've incorporated this Make target in #88, do you mind rebasing?
|
Your arguments for changing the default seem valid to me. |
Signed-off-by: Alper Rifat Ulucinar <[email protected]>
Signed-off-by: Alper Rifat Ulucinar <[email protected]>
ulucinar
force-pushed
the
fix-85
branch
3 times, most recently
from
804d674 to
67dbf91
Compare
Signed-off-by: Alper Rifat Ulucinar <[email protected]>
|
Hi @Duologic, |
|
Sorry for the delay, I didn't want to merge it while on my phone in case I missed something. |
|
Hi, I have |
Description of your changes
Fixes #85
This PR proposes to set the default PostgreSQL sslMode to
verify-full. We can also consider havingspec.sslModeofProviderConfig.postgresqlas really optional and leave the defaults to the driver. For instance, libpq defaults toprefer, which is not recommended for security reasons. However, for improved security, this PR proposesverify-fullas the default.I have:
make reviewable testto ensure this PR is ready for review.How has this code been tested