add additional conn params for pg

Signed-off-by: rafsaf <[email protected]>
rafsaf · Dec 15, 2024 · 437a6a2 · 437a6a2
1 parent ab912f5
commit 437a6a2
Show file tree

Hide file tree

Showing 5 changed files with 73 additions and 53 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -5,12 +5,12 @@ repos:
       - id: check-yaml
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.8.2
+    rev: v0.8.3
     hooks:
       - id: ruff-format
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.8.2
+    rev: v0.8.3
     hooks:
       - id: ruff
         args: [--fix]

diff --git a/docs/backup_targets/postgresql.md b/docs/backup_targets/postgresql.md
@@ -27,6 +27,17 @@ POSTGRESQL_SOME_STRING="host=... password=... cron_rule=..."
 | max_backups        | int                  | Soft limit how many backups can live at once for backup target. Defaults to `7`. This must makes sense with cron expression you use. For example if you want to have `7` day retention, and make backups at 5:00, `max_backups=7` is fine, but if you make `4` backups per day, you would need `max_backups=28`. Limit is soft and can be exceeded if no backup is older than value specified in min_retention_days. Min `1` and max `998`. Defaults to enviornment variable BACKUP_MAX_NUMBER, see [Configuration](./../configuration.md). | BACKUP_MAX_NUMBER         |
 | min_retention_days | int                  | Hard minimum backups lifetime in days. Ogion won't ever delete files before, regardles of other options. Min `0` and max `36600`. Defaults to enviornment variable BACKUP_MIN_RETENTION_DAYS, see [Configuration](./../configuration.md).                                                                                                                                                                                                                                                                                                   | BACKUP_MIN_RETENTION_DAYS |
 
+## Additional connection params
+
+Extra variables that starts with `conn_` will be passed AS IS to psql command underthehood as url-encoded connection params:
+
+For example you can use it for SSL setup:
+
+- `conn_sslmode=verify-ca`
+- `conn_sslrootcert=path-to-mounted-server-ca-file`
+- `conn_sslcert=path-to-mounted-client-ca-file`
+- `conn_sslkey=path-to-mounted-client-key-file`
+
 ## Examples
 
 ```bash
@@ -38,6 +49,9 @@ POSTGRESQL_SECOND_DB='host=10.0.0.1 port=5432 user=foo password=change_me! db=ba
 
 # 3. PostgreSQL in local network with backup on every 6 hours at '15 with max number of backups of 20
 POSTGRESQL_THIRD_DB='host=192.168.1.5 port=5432 user=root password=change_me_please! db=project cron_rule=15 */3 * * * max_backups=20'
+
+# 4. PostgreSQL connected using sslmode require
+POSTGRESQL_4_DB_SSL='host=localhost port=5432 password=secret cron_rule=* * * * * conn_sslmode=require'
 ```
 
 <br>

diff --git a/ogion/backup_targets/postgresql.py b/ogion/backup_targets/postgresql.py
@@ -66,7 +66,10 @@ def _get_escaped_conn_uri(self) -> str:
         params = {"passfile": pgpass_file}
         if self.target_model.model_extra is not None:
             for param, value in self.target_model.model_extra.items():
-                params[param] = value
+                if not param.startswith("conn_"):
+                    continue
+
+                params[param.removeprefix("conn_")] = value
 
         log.debug("psql connection params: %s", params)
 
@@ -110,8 +113,8 @@ def _postgres_connection(self) -> str:
             break
         if version is None:  # pragma: no cover
             msg = (
-                "postgres_connection error processing sql result, "
-                "version unknown: {result}"
+                f"postgres_connection error processing sql result, "
+                f"version unknown: {result}"
             )
             log.error(msg)
             raise ValueError(msg)

diff --git a/poetry.lock b/poetry.lock
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -48,18 +48,22 @@ def _to_target_model(
     model: type[TM],
 ) -> TM:
     DB_VERSION_BY_ENV_VAR[compose_db.name] = compose_db.version
-    return model(
-        env_name=compose_db.name,
-        cron_rule="* * * * *",
-        host=compose_db.name if DOCKER_TESTS else "localhost",
-        port=(
-            int(compose_db.ports[0].split(":")[1])
-            if DOCKER_TESTS
-            else int(compose_db.ports[0].split(":")[0])
-        ),
-        password=SecretStr(DB_PWD),
-        db=DB_NAME,
-        user=DB_USERNAME,
+    return model.model_validate(
+        {
+            "env_name": compose_db.name,
+            "cron_rule": "* * * * *",
+            "host": compose_db.name if DOCKER_TESTS else "localhost",
+            "port": (
+                int(compose_db.ports[0].split(":")[1])
+                if DOCKER_TESTS
+                else int(compose_db.ports[0].split(":")[0])
+            ),
+            "password": SecretStr(DB_PWD),
+            "db": DB_NAME,
+            "user": DB_USERNAME,
+            "conn_sslmode": "prefer",
+            "dummy_extra": "test",
+        }
     )