Skip to content

Support generic PostgreSQL DB args to allow for ssl-mode settings #215

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
darthhexx wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Support generic PostgreSQL DB args to allow for ssl-mode settings #215

darthhexx wants to merge 1 commit into from

Conversation

@darthhexx
Copy link

@darthhexx darthhexx commented Oct 20, 2025
edited
Loading

Adds support for generic connection string arguments for PostgreSQL so that SSL mode and TLS certificates can be configured.

For example:

POSTGRES_DATABASE_ARGS="sslmode=verify-ca&sslrootcert=/app/certs/server-ca.pem&sslcert=/app/certs/client-cert.pem&sslkey=/app/certs/client-key.pem"

@darthhexx darthhexx changed the title Support generic PostgreSQL DB args for ssl-mode settings Support generic PostgreSQL DB args to allow for ssl-mode settings Oct 20, 2025
@danny-avila danny-avila requested a review from Copilot December 16, 2025 21:47
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for configuring generic PostgreSQL connection string arguments via the POSTGRES_DATABASE_ARGS environment variable, enabling SSL mode and TLS certificate configuration for PostgreSQL connections.

Key Changes:

  • Introduces POSTGRES_DATABASE_ARGS environment variable to accept custom connection parameters
  • Appends these arguments as query parameters to the PostgreSQL connection string for TCP connections

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

app/config.py
else:
connection_suffix = f"{urllib.parse.quote_plus(POSTGRES_USER)}:{urllib.parse.quote_plus(POSTGRES_PASSWORD)}@{DB_HOST}:{DB_PORT}/{urllib.parse.quote_plus(POSTGRES_DB)}"
if POSTGRES_DATABASE_ARGS:
connection_suffix = f"{connection_suffix}?{POSTGRES_DATABASE_ARGS}"
Copy link

Copilot AI Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The POSTGRES_DATABASE_ARGS are not being URL-encoded before appending to the connection string, while other parts of the connection string (username, password, database name, host) are properly encoded using urllib.parse.quote_plus(). This inconsistency could lead to connection string parsing issues if the args contain special characters. The args should be properly encoded or validated to ensure they're already in the correct format for URL query parameters.

Suggested change
connection_suffix = f"{connection_suffix}?{POSTGRES_DATABASE_ARGS}"
# Properly encode the query parameters
args_pairs = urllib.parse.parse_qsl(POSTGRES_DATABASE_ARGS, keep_blank_values=True)
encoded_args = urllib.parse.urlencode(args_pairs, quote_via=urllib.parse.quote_plus)
connection_suffix = f"{connection_suffix}?{encoded_args}"

Copilot uses AI. Check for mistakes.
app/config.py
Comment on lines 79 to 83
else:
connection_suffix = f"{urllib.parse.quote_plus(POSTGRES_USER)}:{urllib.parse.quote_plus(POSTGRES_PASSWORD)}@{DB_HOST}:{DB_PORT}/{urllib.parse.quote_plus(POSTGRES_DB)}"
if POSTGRES_DATABASE_ARGS:
connection_suffix = f"{connection_suffix}?{POSTGRES_DATABASE_ARGS}"

Copy link

Copilot AI Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The POSTGRES_DATABASE_ARGS are only appended when POSTGRES_USE_UNIX_SOCKET is False (TCP connections), but not when it's True (Unix socket connections). The Unix socket connection string on line 78 already includes query parameters (the host parameter), so additional database args should be supported there as well using an ampersand (&) to append them. This creates an inconsistency where SSL settings and other connection arguments cannot be used with Unix socket connections.

Suggested change
else:
connection_suffix = f"{urllib.parse.quote_plus(POSTGRES_USER)}:{urllib.parse.quote_plus(POSTGRES_PASSWORD)}@{DB_HOST}:{DB_PORT}/{urllib.parse.quote_plus(POSTGRES_DB)}"
if POSTGRES_DATABASE_ARGS:
connection_suffix = f"{connection_suffix}?{POSTGRES_DATABASE_ARGS}"
if POSTGRES_DATABASE_ARGS:
connection_suffix = f"{connection_suffix}&{POSTGRES_DATABASE_ARGS}"
else:
connection_suffix = f"{urllib.parse.quote_plus(POSTGRES_USER)}:{urllib.parse.quote_plus(POSTGRES_PASSWORD)}@{DB_HOST}:{DB_PORT}/{urllib.parse.quote_plus(POSTGRES_DB)}"
if POSTGRES_DATABASE_ARGS:
connection_suffix = f"{connection_suffix}?{POSTGRES_DATABASE_ARGS}"

Copilot uses AI. Check for mistakes.
app/config.py
Comment on lines +81 to +82
if POSTGRES_DATABASE_ARGS:
connection_suffix = f"{connection_suffix}?{POSTGRES_DATABASE_ARGS}"
Copy link

Copilot AI Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new POSTGRES_DATABASE_ARGS functionality lacks test coverage. Since tests/test_config.py already validates other configuration values, consider adding tests that verify the connection string is constructed correctly when POSTGRES_DATABASE_ARGS is set, including scenarios with special characters, multiple parameters, and both TCP and Unix socket configurations.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@darthhexx