From e75f216d5eb34e835a257ab64dae8f2c7ab26b19 Mon Sep 17 00:00:00 2001 From: Joel Andrews Date: Mon, 23 Jan 2023 15:52:12 -0800 Subject: [PATCH] Force SSL for run command Ensures that SSL/TLS is always used for DB connections with the `borealis-pg:run` command. --- CHANGELOG.md | 1 + src/commands/borealis-pg/run.test.ts | 2 ++ src/commands/borealis-pg/run.ts | 1 + 3 files changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6b38f29..e808d11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). All notable c ## [Unreleased](https://github.com/OldSneerJaw/borealis-pg-cli/compare/v1.1.0...HEAD) - Support the new secure tunnel connection info config var (`DATABASE_TUNNEL_BPG_CONN_INFO`) +- Require SSL/TLS for DB connections when using the `borealis-pg:run` command ## [1.1.0](https://github.com/OldSneerJaw/borealis-pg-cli/compare/v1.0.1...v1.1.0) - Adds an add-on status field to the `borealis-pg:info` (alias: `borealis-pg`) command diff --git a/src/commands/borealis-pg/run.test.ts b/src/commands/borealis-pg/run.test.ts index 779c679..f0690c3 100644 --- a/src/commands/borealis-pg/run.test.ts +++ b/src/commands/borealis-pg/run.test.ts @@ -413,6 +413,7 @@ describe('noninteractive run command', () => { database: fakePgDbName, user: fakePgReadonlyAppUsername, password: fakePgReadonlyAppPassword, + ssl: {rejectUnauthorized: false}, }))).once() // Check the PG client event listeners @@ -614,6 +615,7 @@ describe('noninteractive run command', () => { database: fakePgDbName, user: fakePgReadonlyAppUsername, password: fakePgReadonlyAppPassword, + ssl: {rejectUnauthorized: false}, }))).once() verify(mockPgClientType.connect()).once() diff --git a/src/commands/borealis-pg/run.ts b/src/commands/borealis-pg/run.ts index 58171bc..15d4200 100644 --- a/src/commands/borealis-pg/run.ts +++ b/src/commands/borealis-pg/run.ts @@ -273,6 +273,7 @@ like pgAdmin).` database: connInfo.db.dbName, user: connInfo.db.dbUsername, password: connInfo.db.dbPassword, + ssl: {rejectUnauthorized: false}, }).on('end', () => { sshClient.end() tunnelServices.nodeProcess.exit()