reeves
reeves
PostsComments
WWindmill
Created by rubenf on 8/26/2024 in #changelog
We added a vim mode to the code editors
Very happy to see this. I was considering asking for the feature but thought it was too obscure.
3 replies
WWindmill
Created by reeves on 1/9/2024 in #help
Postgres TLS Connection is invalid
1) Create an RDS instance on AWS linked to an EC2 instance running windmill with docker 2) Keep the RDS config as it's preset except for changing the Certificate Authority to rds-ca-rsa4096-g1 3) On the RDS instance, create a new postgres user for the windmill workspace "testypops" 4) On the RDS instance, create a new database for the the windmill workspace "testypops" 5) Create a new postgres resource in the windmill workspace. 6) Set the sslmode to require 7) Find the correct certificate bundle for your AWS region (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.RegionCertificates) and copy the contents of the pem file to the root_certificate_pem field. 8) create a postgres script using the new postgres resource and get the following error: 
ExecutionErr: error during execution of the script:
error performing TLS handshake: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1889: (self-signed certificate in certificate chain)
ExecutionErr: error during execution of the script:
error performing TLS handshake: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1889: (self-signed certificate in certificate chain)
24 replies
WWindmill
Created by reeves on 1/9/2024 in #help
Postgres TLS Connection is invalid
Easy. Is here fine?
24 replies
WWindmill
Created by reeves on 1/9/2024 in #help
Postgres TLS Connection is invalid
The only non "standard" setup on the RDS is that i'm using a rds-ca-rsa4096-g1 cert as it gives 100 year expiry. RDS defaults to the rds-ca-2019 short dated one.
24 replies
WWindmill
Created by reeves on 1/9/2024 in #help
Postgres TLS Connection is invalid
What's the easiest way to share reproduction with you with my RDS not public?
24 replies
WWindmill
Created by reeves on 1/9/2024 in #help
Postgres TLS Connection is invalid
Should the Postgres resource work with a PostgreSQL script with AWS RDS? I'm getting the following error: 
ExecutionErr: error during execution of the script:
error performing TLS handshake: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1889: (self-signed certificate in certificate chain)
ExecutionErr: error during execution of the script:
error performing TLS handshake: error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:../ssl/statem/statem_clnt.c:1889: (self-signed certificate in certificate chain)
Hence why I wrote a TS script to basically do the same thing - I'm assuming the PostgrSQL script will be faster though.
24 replies
WWindmill
Created by reeves on 1/9/2024 in #help
Postgres TLS Connection is invalid
Yeah agreed. I didn't think of the wider impact. Still getting my head around concepts in windmill. Enjoying it though.
24 replies
WWindmill
Created by reeves on 1/9/2024 in #help
Postgres TLS Connection is invalid
@rubenf yes, true there's probably lots of other Postgres clients that resource needs to support and it can't be changed. I was suggesting changing the resource from: 
type Postgresql = {
  host: string,
  port: number,
  user: string,
  dbname: string,
  sslmode: string,
  password: string,
  root_certificate_pem: string
}
type Postgresql = {
  host: string,
  port: number,
  user: string,
  dbname: string,
  sslmode: string,
  password: string,
  root_certificate_pem: string
}
to 
type Postgresql = {
  hostname: string, // update
  port: number,
  user: string,
  database: string, // update
  sslmode: string,
  password: string,
  root_certificate_pem: string
}
type Postgresql = {
  hostname: string, // update
  port: number,
  user: string,
  database: string, // update
  sslmode: string,
  password: string,
  root_certificate_pem: string
}
24 replies
WWindmill
Created by reeves on 1/9/2024 in #help
Postgres TLS Connection is invalid
I've fixed my issue with: 
import { Client } from "https://deno.land/x/postgres@v0.17.0/mod.ts";

type Postgresql = {
  host: string,
  port: number,
  user: string,
  dbname: string,
  sslmode: string,
  password: string,
  root_certificate_pem: string
}

export async function main(
  dbConfig: Postgresql,
  sql: string,
) {
  const clientOptions = {
    hostname: dbConfig.host,
    port: dbConfig.port,
    user: dbConfig.user,
    database: dbConfig.dbname,
    password: dbConfig.password,
    host_type: "tcp",
    tls: {
      enabled: true,
      enforce: true,
      caCertificates: [dbConfig.root_certificate_pem],
    },

  }

  const client = new Client(clientOptions);
  await client.connect();

  const res = await client.queryObject(sql);

  await client.end();

  return res.rows;
}
import { Client } from "https://deno.land/x/postgres@v0.17.0/mod.ts";

type Postgresql = {
  host: string,
  port: number,
  user: string,
  dbname: string,
  sslmode: string,
  password: string,
  root_certificate_pem: string
}

export async function main(
  dbConfig: Postgresql,
  sql: string,
) {
  const clientOptions = {
    hostname: dbConfig.host,
    port: dbConfig.port,
    user: dbConfig.user,
    database: dbConfig.dbname,
    password: dbConfig.password,
    host_type: "tcp",
    tls: {
      enabled: true,
      enforce: true,
      caCertificates: [dbConfig.root_certificate_pem],
    },

  }

  const client = new Client(clientOptions);
  await client.connect();

  const res = await client.queryObject(sql);

  await client.end();

  return res.rows;
}
@rubenf the Postgres resource template could do with a change to variables to make this a bit tidier to reflect the variable name changes in deno postgres.
24 replies