diff --git a/common/persistence/sql/sqlplugin/mysql/plugin.go b/common/persistence/sql/sqlplugin/mysql/plugin.go index 55d9ed0a840..b93b2fe42b4 100644 --- a/common/persistence/sql/sqlplugin/mysql/plugin.go +++ b/common/persistence/sql/sqlplugin/mysql/plugin.go @@ -25,33 +25,20 @@ package mysql import ( - "strings" - - "github.com/go-sql-driver/mysql" - "github.com/iancoleman/strcase" "github.com/jmoiron/sqlx" "go.temporal.io/server/common/config" "go.temporal.io/server/common/persistence/sql" "go.temporal.io/server/common/persistence/sql/sqlplugin" + "go.temporal.io/server/common/persistence/sql/sqlplugin/mysql/session" "go.temporal.io/server/common/resolver" ) const ( // PluginName is the name of the plugin - PluginName = "mysql" - isolationLevelAttrName = "transaction_isolation" - isolationLevelAttrNameLegacy = "tx_isolation" - defaultIsolationLevel = "'READ-COMMITTED'" - // customTLSName is the name used if a custom tls configuration is created - customTLSName = "tls-custom" + PluginName = "mysql" ) -var dsnAttrOverrides = map[string]string{ - "parseTime": "true", - "clientFoundRows": "true", -} - type plugin struct{} var _ sqlplugin.Plugin = (*plugin)(nil) @@ -92,90 +79,13 @@ func (p *plugin) CreateAdminDB( // underlying SQL database. The returned object is to tied to a single // SQL database and the object can be used to perform CRUD operations on // the tables in the database -func (p *plugin) createDBConnection(cfg *config.SQL, r resolver.ServiceResolver) (*sqlx.DB, error) { - err := registerTLSConfig(cfg) - if err != nil { - return nil, err - } - - db, err := sqlx.Connect(PluginName, buildDSN(cfg, r)) +func (p *plugin) createDBConnection( + cfg *config.SQL, + resolver resolver.ServiceResolver, +) (*sqlx.DB, error) { + mysqlSession, err := session.NewSession(cfg, resolver) if err != nil { return nil, err } - if cfg.MaxConns > 0 { - db.SetMaxOpenConns(cfg.MaxConns) - } - if cfg.MaxIdleConns > 0 { - db.SetMaxIdleConns(cfg.MaxIdleConns) - } - if cfg.MaxConnLifetime > 0 { - db.SetConnMaxLifetime(cfg.MaxConnLifetime) - } - - // Maps struct names in CamelCase to snake without need for db struct tags. - db.MapperFunc(strcase.ToSnake) - return db, nil -} - -func buildDSN(cfg *config.SQL, r resolver.ServiceResolver) string { - mysqlConfig := mysql.NewConfig() - - mysqlConfig.User = cfg.User - mysqlConfig.Passwd = cfg.Password - mysqlConfig.Addr = r.Resolve(cfg.ConnectAddr)[0] - mysqlConfig.DBName = cfg.DatabaseName - mysqlConfig.Net = cfg.ConnectProtocol - mysqlConfig.Params = buildDSNAttrs(cfg) - - // https://github.com/go-sql-driver/mysql/blob/v1.5.0/dsn.go#L104-L106 - // https://github.com/go-sql-driver/mysql/blob/v1.5.0/dsn.go#L182-L189 - if mysqlConfig.Net == "" { - mysqlConfig.Net = "tcp" - } - - // https://github.com/go-sql-driver/mysql#rejectreadonly - // https://github.com/temporalio/temporal/issues/1703 - mysqlConfig.RejectReadOnly = true - - return mysqlConfig.FormatDSN() -} - -func buildDSNAttrs(cfg *config.SQL) map[string]string { - attrs := make(map[string]string, len(dsnAttrOverrides)+len(cfg.ConnectAttributes)+1) - for k, v := range cfg.ConnectAttributes { - k1, v1 := sanitizeAttr(k, v) - attrs[k1] = v1 - } - - // only override isolation level if not specified - if !hasAttr(attrs, isolationLevelAttrName) && - !hasAttr(attrs, isolationLevelAttrNameLegacy) { - attrs[isolationLevelAttrName] = defaultIsolationLevel - } - - // these attrs are always overriden - for k, v := range dsnAttrOverrides { - attrs[k] = v - } - - return attrs -} - -func hasAttr(attrs map[string]string, key string) bool { - _, ok := attrs[key] - return ok -} - -func sanitizeAttr(inkey string, invalue string) (string, string) { - key := strings.ToLower(strings.TrimSpace(inkey)) - value := strings.ToLower(strings.TrimSpace(invalue)) - switch key { - case isolationLevelAttrName, isolationLevelAttrNameLegacy: - if value[0] != '\'' { // mysql sys variable values must be enclosed in single quotes - value = "'" + value + "'" - } - return key, value - default: - return inkey, invalue - } + return mysqlSession.DB, nil } diff --git a/common/persistence/sql/sqlplugin/mysql/session/session.go b/common/persistence/sql/sqlplugin/mysql/session/session.go new file mode 100644 index 00000000000..b9490d5043c --- /dev/null +++ b/common/persistence/sql/sqlplugin/mysql/session/session.go @@ -0,0 +1,221 @@ +// The MIT License +// +// Copyright (c) 2020 Temporal Technologies Inc. All rights reserved. +// +// Copyright (c) 2020 Uber Technologies, Inc. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files (the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions: +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +package session + +import ( + "crypto/tls" + "crypto/x509" + "fmt" + "os" + "strings" + + "github.com/go-sql-driver/mysql" + "github.com/iancoleman/strcase" + "github.com/jmoiron/sqlx" + + "go.temporal.io/server/common/auth" + "go.temporal.io/server/common/config" + "go.temporal.io/server/common/resolver" +) + +const ( + driverName = "mysql" + + isolationLevelAttrName = "transaction_isolation" + isolationLevelAttrNameLegacy = "tx_isolation" + defaultIsolationLevel = "'READ-COMMITTED'" + // customTLSName is the name used if a custom tls configuration is created + customTLSName = "tls-custom" +) + +var dsnAttrOverrides = map[string]string{ + "parseTime": "true", + "clientFoundRows": "true", +} + +type Session struct { + *sqlx.DB +} + +func NewSession( + cfg *config.SQL, + resolver resolver.ServiceResolver, +) (*Session, error) { + db, err := createConnection(cfg, resolver) + if err != nil { + return nil, err + } + return &Session{DB: db}, nil +} + +func (s *Session) Close() { + if s.DB != nil { + _ = s.DB.Close() + } +} + +func createConnection( + cfg *config.SQL, + resolver resolver.ServiceResolver, +) (*sqlx.DB, error) { + err := registerTLSConfig(cfg) + if err != nil { + return nil, err + } + + db, err := sqlx.Connect(driverName, buildDSN(cfg, resolver)) + if err != nil { + return nil, err + } + if cfg.MaxConns > 0 { + db.SetMaxOpenConns(cfg.MaxConns) + } + if cfg.MaxIdleConns > 0 { + db.SetMaxIdleConns(cfg.MaxIdleConns) + } + if cfg.MaxConnLifetime > 0 { + db.SetConnMaxLifetime(cfg.MaxConnLifetime) + } + + // Maps struct names in CamelCase to snake without need for db struct tags. + db.MapperFunc(strcase.ToSnake) + return db, nil +} + +func buildDSN(cfg *config.SQL, r resolver.ServiceResolver) string { + mysqlConfig := mysql.NewConfig() + + mysqlConfig.User = cfg.User + mysqlConfig.Passwd = cfg.Password + mysqlConfig.Addr = r.Resolve(cfg.ConnectAddr)[0] + mysqlConfig.DBName = cfg.DatabaseName + mysqlConfig.Net = cfg.ConnectProtocol + mysqlConfig.Params = buildDSNAttrs(cfg) + + // https://github.com/go-sql-driver/mysql/blob/v1.5.0/dsn.go#L104-L106 + // https://github.com/go-sql-driver/mysql/blob/v1.5.0/dsn.go#L182-L189 + if mysqlConfig.Net == "" { + mysqlConfig.Net = "tcp" + } + + // https://github.com/go-sql-driver/mysql#rejectreadonly + // https://github.com/temporalio/temporal/issues/1703 + mysqlConfig.RejectReadOnly = true + + return mysqlConfig.FormatDSN() +} + +func buildDSNAttrs(cfg *config.SQL) map[string]string { + attrs := make(map[string]string, len(dsnAttrOverrides)+len(cfg.ConnectAttributes)+1) + for k, v := range cfg.ConnectAttributes { + k1, v1 := sanitizeAttr(k, v) + attrs[k1] = v1 + } + + // only override isolation level if not specified + if !hasAttr(attrs, isolationLevelAttrName) && + !hasAttr(attrs, isolationLevelAttrNameLegacy) { + attrs[isolationLevelAttrName] = defaultIsolationLevel + } + + // these attrs are always overriden + for k, v := range dsnAttrOverrides { + attrs[k] = v + } + + return attrs +} + +func hasAttr(attrs map[string]string, key string) bool { + _, ok := attrs[key] + return ok +} + +func sanitizeAttr(inkey string, invalue string) (string, string) { + key := strings.ToLower(strings.TrimSpace(inkey)) + value := strings.ToLower(strings.TrimSpace(invalue)) + switch key { + case isolationLevelAttrName, isolationLevelAttrNameLegacy: + if value[0] != '\'' { // mysql sys variable values must be enclosed in single quotes + value = "'" + value + "'" + } + return key, value + default: + return inkey, invalue + } +} + +func registerTLSConfig(cfg *config.SQL) error { + if cfg.TLS == nil || !cfg.TLS.Enabled { + return nil + } + + // TODO: create a way to set MinVersion and CipherSuites via cfg. + tlsConfig := auth.NewTLSConfigForServer(cfg.TLS.ServerName, cfg.TLS.EnableHostVerification) + + if cfg.TLS.CaFile != "" { + rootCertPool := x509.NewCertPool() + pem, err := os.ReadFile(cfg.TLS.CaFile) + if err != nil { + return fmt.Errorf("failed to load CA files: %v", err) + } + if ok := rootCertPool.AppendCertsFromPEM(pem); !ok { + return fmt.Errorf("failed to append CA file") + } + tlsConfig.RootCAs = rootCertPool + } + + if cfg.TLS.CertFile != "" && cfg.TLS.KeyFile != "" { + clientCert := make([]tls.Certificate, 0, 1) + certs, err := tls.LoadX509KeyPair( + cfg.TLS.CertFile, + cfg.TLS.KeyFile, + ) + if err != nil { + return fmt.Errorf("failed to load tls x509 key pair: %v", err) + } + clientCert = append(clientCert, certs) + tlsConfig.Certificates = clientCert + } + + // In order to use the TLS configuration you need to register it. Once registered you use it by specifying + // `tls` in the connect attributes. + err := mysql.RegisterTLSConfig(customTLSName, tlsConfig) + if err != nil { + return fmt.Errorf("failed to register tls config: %v", err) + } + + if cfg.ConnectAttributes == nil { + cfg.ConnectAttributes = map[string]string{} + } + + // If no `tls` connect attribute is provided then we override it to our newly registered tls config automatically. + // This allows users to simply provide a tls config without needing to remember to also set the connect attribute + if cfg.ConnectAttributes["tls"] == "" { + cfg.ConnectAttributes["tls"] = customTLSName + } + + return nil +} diff --git a/common/persistence/sql/sqlplugin/mysql/dsn_test.go b/common/persistence/sql/sqlplugin/mysql/session/session_test.go similarity index 91% rename from common/persistence/sql/sqlplugin/mysql/dsn_test.go rename to common/persistence/sql/sqlplugin/mysql/session/session_test.go index 8ee4c036f47..6343daecba8 100644 --- a/common/persistence/sql/sqlplugin/mysql/dsn_test.go +++ b/common/persistence/sql/sqlplugin/mysql/session/session_test.go @@ -22,7 +22,7 @@ // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // THE SOFTWARE. -package mysql +package session import ( "net/url" @@ -36,23 +36,35 @@ import ( "go.temporal.io/server/common/resolver" ) -type StoreTestSuite struct { - suite.Suite - controller *gomock.Controller +type ( + sessionTestSuite struct { + suite.Suite + controller *gomock.Controller + } +) + +func TestSessionTestSuite(t *testing.T) { + s := new(sessionTestSuite) + suite.Run(t, s) } -func TestStoreTestSuite(t *testing.T) { - ts := &StoreTestSuite{ - controller: gomock.NewController(t), - } - suite.Run(t, ts) +func (s *sessionTestSuite) SetupSuite() { + +} + +func (s *sessionTestSuite) TearDownSuite() { + +} + +func (s *sessionTestSuite) SetupTest() { + s.controller = gomock.NewController(s.T()) } -func (s *StoreTestSuite) TearDownSuite() { +func (s *sessionTestSuite) TearDownTest() { s.controller.Finish() } -func (s *StoreTestSuite) TestBuildDSN() { +func (s *sessionTestSuite) TestBuildDSN() { testCases := []struct { in config.SQL outURLPath string diff --git a/common/persistence/sql/sqlplugin/mysql/tls.go b/common/persistence/sql/sqlplugin/mysql/tls.go deleted file mode 100644 index 8626eaf38f8..00000000000 --- a/common/persistence/sql/sqlplugin/mysql/tls.go +++ /dev/null @@ -1,90 +0,0 @@ -// The MIT License -// -// Copyright (c) 2020 Temporal Technologies Inc. All rights reserved. -// -// Copyright (c) 2020 Uber Technologies, Inc. -// -// Permission is hereby granted, free of charge, to any person obtaining a copy -// of this software and associated documentation files (the "Software"), to deal -// in the Software without restriction, including without limitation the rights -// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -// copies of the Software, and to permit persons to whom the Software is -// furnished to do so, subject to the following conditions: -// -// The above copyright notice and this permission notice shall be included in -// all copies or substantial portions of the Software. -// -// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -// THE SOFTWARE. - -package mysql - -import ( - "crypto/tls" - "crypto/x509" - "fmt" - "os" - - "github.com/go-sql-driver/mysql" - - "go.temporal.io/server/common/auth" - "go.temporal.io/server/common/config" -) - -func registerTLSConfig(cfg *config.SQL) error { - if cfg.TLS == nil || !cfg.TLS.Enabled { - return nil - } - - // TODO: create a way to set MinVersion and CipherSuites via cfg. - tlsConfig := auth.NewTLSConfigForServer(cfg.TLS.ServerName, cfg.TLS.EnableHostVerification) - - if cfg.TLS.CaFile != "" { - rootCertPool := x509.NewCertPool() - pem, err := os.ReadFile(cfg.TLS.CaFile) - if err != nil { - return fmt.Errorf("failed to load CA files: %v", err) - } - if ok := rootCertPool.AppendCertsFromPEM(pem); !ok { - return fmt.Errorf("failed to append CA file") - } - tlsConfig.RootCAs = rootCertPool - } - - if cfg.TLS.CertFile != "" && cfg.TLS.KeyFile != "" { - clientCert := make([]tls.Certificate, 0, 1) - certs, err := tls.LoadX509KeyPair( - cfg.TLS.CertFile, - cfg.TLS.KeyFile, - ) - if err != nil { - return fmt.Errorf("failed to load tls x509 key pair: %v", err) - } - clientCert = append(clientCert, certs) - tlsConfig.Certificates = clientCert - } - - // In order to use the TLS configuration you need to register it. Once registered you use it by specifying - // `tls` in the connect attributes. - err := mysql.RegisterTLSConfig(customTLSName, tlsConfig) - if err != nil { - return fmt.Errorf("failed to register tls config: %v", err) - } - - if cfg.ConnectAttributes == nil { - cfg.ConnectAttributes = map[string]string{} - } - - // If no `tls` connect attribute is provided then we override it to our newly registered tls config automatically. - // This allows users to simply provide a tls config without needing to remember to also set the connect attribute - if cfg.ConnectAttributes["tls"] == "" { - cfg.ConnectAttributes["tls"] = customTLSName - } - - return nil -} diff --git a/common/persistence/sql/sqlplugin/postgresql/plugin.go b/common/persistence/sql/sqlplugin/postgresql/plugin.go index 44b49b61b44..9547fbfb29b 100644 --- a/common/persistence/sql/sqlplugin/postgresql/plugin.go +++ b/common/persistence/sql/sqlplugin/postgresql/plugin.go @@ -26,23 +26,21 @@ package postgresql import ( "fmt" - "net/url" "strings" - "github.com/iancoleman/strcase" "github.com/jmoiron/sqlx" "go.temporal.io/api/serviceerror" "go.temporal.io/server/common/config" "go.temporal.io/server/common/persistence/sql" "go.temporal.io/server/common/persistence/sql/sqlplugin" + "go.temporal.io/server/common/persistence/sql/sqlplugin/postgresql/session" "go.temporal.io/server/common/resolver" ) const ( // PluginName is the name of the plugin PluginName = "postgres" - dsnFmt = "postgres://%v:%v@%v/%v?%v" ) var ( @@ -94,33 +92,14 @@ func (d *plugin) CreateAdminDB( // the tables in the database func (d *plugin) createDBConnection( cfg *config.SQL, - r resolver.ServiceResolver, -) (*sqlx.DB, error) { - db, err := d.tryConnect(cfg, r) - if err != nil { - return nil, err - } - if cfg.MaxConns > 0 { - db.SetMaxOpenConns(cfg.MaxConns) - } - if cfg.MaxIdleConns > 0 { - db.SetMaxIdleConns(cfg.MaxIdleConns) - } - if cfg.MaxConnLifetime > 0 { - db.SetConnMaxLifetime(cfg.MaxConnLifetime) - } - - // Maps struct names in CamelCase to snake without need for db struct tags. - db.MapperFunc(strcase.ToSnake) - return db, nil -} - -func (d *plugin) tryConnect( - cfg *config.SQL, - r resolver.ServiceResolver, + resolver resolver.ServiceResolver, ) (*sqlx.DB, error) { if cfg.DatabaseName != "" { - return sqlx.Connect(PluginName, buildDSN(cfg, r)) + postgresqlSession, err := session.NewSession(cfg, resolver) + if err != nil { + return nil, err + } + return postgresqlSession.DB, nil } // database name not provided @@ -130,8 +109,11 @@ func (d *plugin) tryConnect( var errors []error for _, databaseName := range defaultDatabaseNames { cfg.DatabaseName = databaseName - if sqlxDB, err := sqlx.Connect(PluginName, buildDSN(cfg, r)); err == nil { - return sqlxDB, nil + if postgresqlSession, err := session.NewSession( + cfg, + resolver, + ); err == nil { + return postgresqlSession.DB, nil } else { errors = append(errors, err) } @@ -140,20 +122,3 @@ func (d *plugin) tryConnect( fmt.Sprintf("unable to connect to DB, tried default DB names: %v, errors: %v", strings.Join(defaultDatabaseNames, ","), errors), ) } - -func buildDSN( - cfg *config.SQL, - r resolver.ServiceResolver, -) string { - tlsAttrs := buildDSNAttr(cfg).Encode() - resolvedAddr := r.Resolve(cfg.ConnectAddr)[0] - dsn := fmt.Sprintf( - dsnFmt, - cfg.User, - url.QueryEscape(cfg.Password), - resolvedAddr, - cfg.DatabaseName, - tlsAttrs, - ) - return dsn -} diff --git a/common/persistence/sql/sqlplugin/postgresql/tls.go b/common/persistence/sql/sqlplugin/postgresql/session/session.go similarity index 50% rename from common/persistence/sql/sqlplugin/postgresql/tls.go rename to common/persistence/sql/sqlplugin/postgresql/session/session.go index ceed7d7510a..e3713fa6887 100644 --- a/common/persistence/sql/sqlplugin/postgresql/tls.go +++ b/common/persistence/sql/sqlplugin/postgresql/session/session.go @@ -22,48 +22,118 @@ // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN // THE SOFTWARE. -package postgresql +package session import ( "fmt" "net/url" "strings" + "github.com/iancoleman/strcase" + "github.com/jmoiron/sqlx" + "go.temporal.io/server/common/config" + "go.temporal.io/server/common/resolver" +) + +const ( + dsnFmt = "postgres://%v:%v@%v/%v?%v" + driverName = "postgres" ) const ( - postgreSQLSSLMode = "sslmode" - postgreSQLSSLModeNoop = "disable" - postgreSQLSSLModeRequire = "require" - postgreSQLSSLModeFull = "verify-full" + sslMode = "sslmode" + sslModeNoop = "disable" + sslModeRequire = "require" + sslModeFull = "verify-full" - postgreSQLSSLHost = "host" + sslHost = "host" - postgreSQLCA = "sslrootcert" - postgreSQLKey = "sslkey" - postgreSQLCert = "sslcert" + sslCA = "sslrootcert" + sslKey = "sslkey" + sslCert = "sslcert" ) +type Session struct { + *sqlx.DB +} + +func NewSession( + cfg *config.SQL, + resolver resolver.ServiceResolver, +) (*Session, error) { + db, err := createConnection(cfg, resolver) + if err != nil { + return nil, err + } + return &Session{DB: db}, nil +} + +func (s *Session) Close() { + if s.DB != nil { + _ = s.DB.Close() + } +} + +func createConnection( + cfg *config.SQL, + resolver resolver.ServiceResolver, +) (*sqlx.DB, error) { + db, err := sqlx.Connect(driverName, buildDSN(cfg, resolver)) + if err != nil { + return nil, err + } + if cfg.MaxConns > 0 { + db.SetMaxOpenConns(cfg.MaxConns) + } + if cfg.MaxIdleConns > 0 { + db.SetMaxIdleConns(cfg.MaxIdleConns) + } + if cfg.MaxConnLifetime > 0 { + db.SetConnMaxLifetime(cfg.MaxConnLifetime) + } + + // Maps struct names in CamelCase to snake without need for db struct tags. + db.MapperFunc(strcase.ToSnake) + return db, nil +} + +func buildDSN( + cfg *config.SQL, + r resolver.ServiceResolver, +) string { + tlsAttrs := buildDSNAttr(cfg).Encode() + resolvedAddr := r.Resolve(cfg.ConnectAddr)[0] + dsn := fmt.Sprintf( + dsnFmt, + cfg.User, + url.QueryEscape(cfg.Password), + resolvedAddr, + cfg.DatabaseName, + tlsAttrs, + ) + return dsn +} + func buildDSNAttr(cfg *config.SQL) url.Values { parameters := url.Values{} if cfg.TLS != nil && cfg.TLS.Enabled { if !cfg.TLS.EnableHostVerification { - parameters.Set(postgreSQLSSLMode, postgreSQLSSLModeRequire) + parameters.Set(sslMode, sslModeRequire) } else { - parameters.Set(postgreSQLSSLMode, postgreSQLSSLModeFull) - parameters.Set(postgreSQLSSLHost, cfg.TLS.ServerName) + parameters.Set(sslMode, sslModeFull) + parameters.Set(sslHost, cfg.TLS.ServerName) } if cfg.TLS.CaFile != "" { - parameters.Set(postgreSQLCA, cfg.TLS.CaFile) + parameters.Set(sslCA, cfg.TLS.CaFile) } if cfg.TLS.KeyFile != "" && cfg.TLS.CertFile != "" { - parameters.Set(postgreSQLKey, cfg.TLS.KeyFile) - parameters.Set(postgreSQLCert, cfg.TLS.CertFile) + parameters.Set(sslKey, cfg.TLS.KeyFile) + parameters.Set(sslCert, cfg.TLS.CertFile) } } else { - parameters.Set(postgreSQLSSLMode, postgreSQLSSLModeNoop) + parameters.Set(sslMode, sslModeNoop) } for k, v := range cfg.ConnectAttributes {