Revert "Fixes #10234 - Postgres SSL Certificate fix" (#10736)

argoproj · Mar 23, 2023 · 53ea5da · 53ea5da
1 parent 7da30bd
commit 53ea5da
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 52 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -91,8 +91,6 @@ FROM gcr.io/distroless/static as workflow-controller
 
 USER 8737
 
-WORKDIR /home/argo
-
 COPY hack/ssh_known_hosts /etc/ssh/
 COPY hack/nsswitch.conf /etc/
 COPY --chown=8737 --from=workflow-controller-build /go/src/github.com/argoproj/argo-workflows/dist/workflow-controller /bin/

diff --git a/config/config.go b/config/config.go
@@ -235,19 +235,8 @@ func (c DatabaseConfig) GetHostname() string {
 
 type PostgreSQLConfig struct {
 	DatabaseConfig
-	SSL              bool                    `json:"ssl,omitempty"`
-	SSLMode          string                  `json:"sslMode,omitempty"`
-	CaCertSecret     apiv1.SecretKeySelector `json:"caCertSecret,omitempty"`
-	ClientCertSecret apiv1.SecretKeySelector `json:"clientCertSecret,omitempty"`
-	ClientKeySecret  apiv1.SecretKeySelector `json:"clientKeySecret,omitempty"`
-	CertPath         string                  `json:"certPath"`
-}
-
-func (c PostgreSQLConfig) GetPGCertPath() string {
-	if c.CertPath != "" {
-		return c.CertPath
-	}
-	return "/home/argo/pgcerts"
+	SSL     bool   `json:"ssl,omitempty"`
+	SSLMode string `json:"sslMode,omitempty"`
 }
 
 type MySQLConfig struct {

diff --git a/persist/sqldb/sqldb.go b/persist/sqldb/sqldb.go
@@ -3,7 +3,6 @@ package sqldb
 import (
 	"context"
 	"fmt"
-	"os"
 	"time"
 
 	"k8s.io/client-go/kubernetes"
@@ -54,43 +53,9 @@ func CreatePostGresDBSession(kubectlConfig kubernetes.Interface, namespace strin
 	}
 
 	if cfg.SSL {
-		if cfg.SSLMode != "" && cfg.SSLMode != "disable" {
-			err := os.MkdirAll(cfg.GetPGCertPath(), 0700)
-			if err != nil {
-				return nil, "", err
-			}
-			rootCertByte, err := util.GetSecrets(ctx, kubectlConfig, namespace, cfg.CaCertSecret.Name, cfg.CaCertSecret.Key)
-			if err != nil {
-				return nil, "", err
-			}
-			err = os.WriteFile(cfg.GetPGCertPath()+"/ca.crt", rootCertByte, 0600)
-			if err != nil {
-				return nil, "", err
-			}
-
-			serverCertByte, err := util.GetSecrets(ctx, kubectlConfig, namespace, cfg.ClientCertSecret.Name, cfg.ClientCertSecret.Key)
-			if err != nil {
-				return nil, "", err
-			}
-			err = os.WriteFile(cfg.GetPGCertPath()+"/tls.crt", serverCertByte, 0600)
-			if err != nil {
-				return nil, "", err
-			}
-
-			serverKeyByte, err := util.GetSecrets(ctx, kubectlConfig, namespace, cfg.ClientKeySecret.Name, cfg.ClientKeySecret.Key)
-			if err != nil {
-				return nil, "", err
-			}
-			err = os.WriteFile(cfg.GetPGCertPath()+"/tls.key", serverKeyByte, 0400)
-			if err != nil {
-				return nil, "", err
-			}
-
+		if cfg.SSLMode != "" {
 			options := map[string]string{
-				"sslmode":     cfg.SSLMode,
-				"sslrootcert": cfg.GetPGCertPath() + "/ca.crt",
-				"sslkey":      cfg.GetPGCertPath() + "/tls.key",
-				"sslcert":     cfg.GetPGCertPath() + "/tls.crt",
+				"sslmode": cfg.SSLMode,
 			}
 			settings.Options = options
 		}