From eba701f0c8c72baff9e3fce9f17d4c6063d0fec3 Mon Sep 17 00:00:00 2001 From: Jonathan Hess Date: Tue, 17 Dec 2024 13:06:26 -0700 Subject: [PATCH] feat: Support Private CA for server certificates. test: Integration test for Customer Private CA CAS instance. --- .github/workflows/tests.yml | 4 ++++ package-lock.json | 2 -- src/socket.ts | 5 ++++- system-test/pg-connect.ts | 28 ++++++++++++++++++++++++++++ 4 files changed, 36 insertions(+), 3 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 44af4e02..aff7bbf4 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -161,6 +161,8 @@ jobs: POSTGRES_DB:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_DB POSTGRES_CAS_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CAS_CONNECTION_NAME POSTGRES_CAS_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CAS_PASS + POSTGRES_CUSTOMER_CAS_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_CONNECTION_NAME + POSTGRES_CUSTOMER_CAS_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/POSTGRES_CUSTOMER_CAS_PASS SQLSERVER_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_CONNECTION_NAME SQLSERVER_USER:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_USER SQLSERVER_PASS:${{ vars.GOOGLE_CLOUD_PROJECT }}/SQLSERVER_PASS @@ -188,6 +190,8 @@ jobs: POSTGRES_DB: "${{ steps.secrets.outputs.POSTGRES_DB }}" POSTGRES_CAS_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CAS_CONNECTION_NAME }}" POSTGRES_CAS_PASS: "${{ steps.secrets.outputs.POSTGRES_CAS_PASS }}" + POSTGRES_CUSTOMER_CAS_CONNECTION_NAME: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_CONNECTION_NAME }}" + POSTGRES_CUSTOMER_CAS_PASS: "${{ steps.secrets.outputs.POSTGRES_CUSTOMER_CAS_PASS }}" SQLSERVER_CONNECTION_NAME: "${{ steps.secrets.outputs.SQLSERVER_CONNECTION_NAME }}" SQLSERVER_USER: "${{ steps.secrets.outputs.SQLSERVER_USER }}" SQLSERVER_PASS: "${{ steps.secrets.outputs.SQLSERVER_PASS }}" diff --git a/package-lock.json b/package-lock.json index 12ea2ae6..f59a6f2e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -18,7 +18,6 @@ "@sequelize/core": "^7.0.0-alpha.29", "@types/node": "^22.0.0", "@types/pg": "^8.10.1", - "@types/semver": "^7.5.0", "@types/tap": "^18.0.0", "@types/tedious": "^4.0.9", "@typescript-eslint/eslint-plugin": "^7.0.0", @@ -29,7 +28,6 @@ "mysql2": "^3.2.0", "nock": "^13.3.0", "pg": "^8.10.0", - "semver": "^7.5.1", "tap": "^21.0.0", "tedious": "^16.1.0", "typeorm": "^0.3.19", diff --git a/src/socket.ts b/src/socket.ts index 6c757ad4..81dd1fb0 100644 --- a/src/socket.ts +++ b/src/socket.ts @@ -36,7 +36,10 @@ export function validateCertificate( dnsName: string ) { return (hostname: string, cert: tls.PeerCertificate): Error | undefined => { - if (serverCaMode === 'GOOGLE_MANAGED_CAS_CA') { + if ( + serverCaMode === 'GOOGLE_MANAGED_CAS_CA' || + serverCaMode === 'CUSTOMER_MANAGED_CAS_CA' + ) { return tls.checkServerIdentity(dnsName, cert); } if (!cert || !cert.subject) { diff --git a/system-test/pg-connect.ts b/system-test/pg-connect.ts index de10d0b2..fc7444ca 100644 --- a/system-test/pg-connect.ts +++ b/system-test/pg-connect.ts @@ -93,3 +93,31 @@ t.test( connector.close(); } ); + +t.test( + 'open connection to Customer Private CAS-based CA instance and retrieves standard pg tables', + async t => { + const connector = new Connector(); + const clientOpts = await connector.getOptions({ + instanceConnectionName: String( + process.env.POSTGRES_CUSTOMER_CAS_CONNECTION_NAME + ), + }); + const client = new Client({ + ...clientOpts, + user: String(process.env.POSTGRES_USER), + password: String(process.env.POSTGRES_CUSTOMER_CAS_PASS), + database: String(process.env.POSTGRES_DB), + }); + client.connect(); + + const { + rows: [result], + } = await client.query('SELECT NOW();'); + const returnedDate = result['now']; + t.ok(returnedDate.getTime(), 'should have valid returned date object'); + + await client.end(); + connector.close(); + } +);