Force SSL for run command

Ensures that SSL/TLS is always used for DB connections with the `borealis-pg:run` command.
OldSneerJaw · Jan 23, 2023 · e75f216 · e75f216
1 parent 5d351dd
commit e75f216
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). All notable c
 
 ## [Unreleased](https://github.com/OldSneerJaw/borealis-pg-cli/compare/v1.1.0...HEAD)
 - Support the new secure tunnel connection info config var (`DATABASE_TUNNEL_BPG_CONN_INFO`)
+- Require SSL/TLS for DB connections when using the `borealis-pg:run` command
 
 ## [1.1.0](https://github.com/OldSneerJaw/borealis-pg-cli/compare/v1.0.1...v1.1.0)
 - Adds an add-on status field to the `borealis-pg:info` (alias: `borealis-pg`) command

diff --git a/src/commands/borealis-pg/run.test.ts b/src/commands/borealis-pg/run.test.ts
@@ -413,6 +413,7 @@ describe('noninteractive run command', () => {
         database: fakePgDbName,
         user: fakePgReadonlyAppUsername,
         password: fakePgReadonlyAppPassword,
+        ssl: {rejectUnauthorized: false},
       }))).once()
 
       // Check the PG client event listeners
@@ -614,6 +615,7 @@ describe('noninteractive run command', () => {
         database: fakePgDbName,
         user: fakePgReadonlyAppUsername,
         password: fakePgReadonlyAppPassword,
+        ssl: {rejectUnauthorized: false},
       }))).once()
 
       verify(mockPgClientType.connect()).once()

diff --git a/src/commands/borealis-pg/run.ts b/src/commands/borealis-pg/run.ts
@@ -273,6 +273,7 @@ like pgAdmin).`
           database: connInfo.db.dbName,
           user: connInfo.db.dbUsername,
           password: connInfo.db.dbPassword,
+          ssl: {rejectUnauthorized: false},
         }).on('end', () => {
           sshClient.end()
           tunnelServices.nodeProcess.exit()