core: extend postgres configuration (#5138)

Add postgres configuration options to control
TLS verification and client certificates.
This commit is contained in:
Ongy 2023-04-02 17:39:36 +02:00 committed by GitHub
parent 6192d01b7e
commit adcd11b1f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 16 additions and 0 deletions

View File

@ -276,6 +276,10 @@ DATABASES = {
"USER": CONFIG.y("postgresql.user"), "USER": CONFIG.y("postgresql.user"),
"PASSWORD": CONFIG.y("postgresql.password"), "PASSWORD": CONFIG.y("postgresql.password"),
"PORT": int(CONFIG.y("postgresql.port")), "PORT": int(CONFIG.y("postgresql.port")),
"SSLMODE": CONFIG.y("postgresql.sslmode"),
"SSLROOTCERT": CONFIG.y("postgresql.sslrootcert"),
"SSLCERT": CONFIG.y("postgresql.sslcert"),
"SSLKEY": CONFIG.y("postgresql.sslkey"),
} }
} }

View File

@ -57,6 +57,10 @@ if __name__ == "__main__":
password=CONFIG.y("postgresql.password"), password=CONFIG.y("postgresql.password"),
host=CONFIG.y("postgresql.host"), host=CONFIG.y("postgresql.host"),
port=int(CONFIG.y("postgresql.port")), port=int(CONFIG.y("postgresql.port")),
sslmode=CONFIG.y("postgresql.sslmode"),
sslrootcert=CONFIG.y("postgresql.sslrootcert"),
sslcert=CONFIG.y("postgresql.sslcert"),
sslkey=CONFIG.y("postgresql.sslkey"),
) )
curr = conn.cursor() curr = conn.cursor()
try: try:

View File

@ -29,6 +29,10 @@ while True:
password=CONFIG.y("postgresql.password"), password=CONFIG.y("postgresql.password"),
host=CONFIG.y("postgresql.host"), host=CONFIG.y("postgresql.host"),
port=int(CONFIG.y("postgresql.port")), port=int(CONFIG.y("postgresql.port")),
sslmode=CONFIG.y("postgresql.sslmode"),
sslrootcert=CONFIG.y("postgresql.sslrootcert"),
sslcert=CONFIG.y("postgresql.sslcert"),
sslkey=CONFIG.y("postgresql.sslkey"),
) )
conn.cursor() conn.cursor()
break break

View File

@ -33,6 +33,10 @@ kubectl exec -it deployment/authentik-worker -c authentik -- ak dump_config
- `AUTHENTIK_POSTGRESQL__PORT`: Database port, defaults to 5432 - `AUTHENTIK_POSTGRESQL__PORT`: Database port, defaults to 5432
- `AUTHENTIK_POSTGRESQL__PASSWORD`: Database password, defaults to the environment variable `POSTGRES_PASSWORD` - `AUTHENTIK_POSTGRESQL__PASSWORD`: Database password, defaults to the environment variable `POSTGRES_PASSWORD`
- `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjust configuration to support connection to PgBouncer - `AUTHENTIK_POSTGRESQL__USE_PGBOUNCER`: Adjust configuration to support connection to PgBouncer
- `AUTHENTIK_POSTGRESQL__SSLMODE`: Strictness of ssl verification. Defaults to `verify-ca`
- `AUTHENTIK_POSTGRESQL__SSLROOTCERT`: CA root for server ssl verification
- `AUTHENTIK_POSTGRESQL__SSLCERT`: Path to x509 client certificate to authenticate to server
- `AUTHENTIK_POSTGRESQL__SSLKEY`: Path to private key of `SSLCERT` certificate
## Redis Settings ## Redis Settings