DBZ-6340 Add support to the Postgres connector for allow and prefer SSL modes (with prefer as the new default value)
This commit is contained in:
parent
84b2e29698
commit
5139957f91
@ -276,6 +276,22 @@ public enum SecureConnectionMode implements EnumeratedValue {
|
||||
*/
|
||||
DISABLED("disable"),
|
||||
|
||||
/**
|
||||
* Establish an unencrypted connection first.
|
||||
* Establish a secure connection next if an unencrypted connection cannot be established
|
||||
*
|
||||
* see the {@code sslmode} Postgres JDBC driver option
|
||||
*/
|
||||
ALLOW("allow"),
|
||||
|
||||
/**
|
||||
* Establish a secure connection first.
|
||||
* Establish an unencrypted connection next if a secure connection cannot be established
|
||||
*
|
||||
* see the {@code sslmode} Postgres JDBC driver option
|
||||
*/
|
||||
PREFER("prefer"),
|
||||
|
||||
/**
|
||||
* Establish a secure connection if the server supports secure connections.
|
||||
* The connection attempt fails if a secure connection cannot be established
|
||||
@ -638,11 +654,13 @@ public static AutoCreateMode parse(String value, String defaultValue) {
|
||||
public static final Field SSL_MODE = Field.create(DATABASE_CONFIG_PREFIX + "sslmode")
|
||||
.withDisplayName("SSL mode")
|
||||
.withGroup(Field.createGroupEntry(Field.Group.CONNECTION_ADVANCED_SSL, 0))
|
||||
.withEnum(SecureConnectionMode.class, SecureConnectionMode.DISABLED)
|
||||
.withEnum(SecureConnectionMode.class, SecureConnectionMode.PREFER)
|
||||
.withWidth(Width.MEDIUM)
|
||||
.withImportance(Importance.MEDIUM)
|
||||
.withDescription("Whether to use an encrypted connection to Postgres. Options include: "
|
||||
+ "'disable' (the default) to use an unencrypted connection; "
|
||||
+ "'allow' to try and use an unencrypted connection first and, failing that, a secure (encrypted) connection; "
|
||||
+ "'prefer' (the default) to try and use a secure (encrypted) connection first and, failing that, an unencrypted connection; "
|
||||
+ "'require' to use a secure (encrypted) connection, and fail if one cannot be established; "
|
||||
+ "'verify-ca' like 'required' but additionally verify the server TLS certificate against the configured Certificate Authority "
|
||||
+ "(CA) certificates, or fail if no valid matching CA certificates are found; or "
|
||||
|
@ -230,7 +230,7 @@ public void shouldValidateConfiguration() throws Exception {
|
||||
validateConfigField(validatedConfig, PostgresConnectorConfig.MAX_BATCH_SIZE, PostgresConnectorConfig.DEFAULT_MAX_BATCH_SIZE);
|
||||
validateConfigField(validatedConfig, PostgresConnectorConfig.SNAPSHOT_FETCH_SIZE, null);
|
||||
validateConfigField(validatedConfig, PostgresConnectorConfig.POLL_INTERVAL_MS, PostgresConnectorConfig.DEFAULT_POLL_INTERVAL_MILLIS);
|
||||
validateConfigField(validatedConfig, PostgresConnectorConfig.SSL_MODE, PostgresConnectorConfig.SecureConnectionMode.DISABLED);
|
||||
validateConfigField(validatedConfig, PostgresConnectorConfig.SSL_MODE, PostgresConnectorConfig.SecureConnectionMode.PREFER);
|
||||
validateConfigField(validatedConfig, PostgresConnectorConfig.SSL_CLIENT_CERT, null);
|
||||
validateConfigField(validatedConfig, PostgresConnectorConfig.SSL_CLIENT_KEY, null);
|
||||
validateConfigField(validatedConfig, PostgresConnectorConfig.SSL_CLIENT_KEY_PASSWORD, null);
|
||||
|
Loading…
Reference in New Issue
Block a user