Postgres driver (and maybe others) don't support SSL certs as env variables

[petrusgomes]

Describe the bug
When using environment variables to set SSL ca, cert and key, file contents are not read correctly because newlines (/n) are escaped.

I tried like suggested in the example from cube.dev docs:

CUBEJS_DB_SSL_CA="-----BEGIN CERTIFICATE-----\nMIIEBjCCAu6gAwIBAgIJAMc0ZzaSUK51MA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD\nVQQGEwJVUzEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECAwKV2FzaGluZ3RvbjEi\n-----END CERTIFICATE-----"

But the postgres driver fails with:

error connecting Error: error:0909006C:PEM routines:get_name:no start line

I was able to succesfully connect adding a "replace" to the following code (in PostgresDriver.js):

ssl = sslOptions.reduce(
        (agg, { name, value }) => ({
            ...agg,
            ...(process.env[value] ? { [name]: process.env[value].replace(/\\n/g, '\n') } : {}),
        }),
        {}
    );

To Reproduce
Steps to reproduce the behavior:

1. Setup database to expect SSL
2. Set CUBEJS_DB_SSL_CA, CUBEJS_DB_SSL_CERT and CUBEJS_DB_SSL_KEY as PEM file contents
3. Start server
4. See error

Expected behavior

Version:
0.24.2

Additional context
Reproduced locally and on cube cloud, connecting to a Google Cloud SQL postgres 11 database

[ovr]

Hello @petrusgomes,

Thank you for the issue, So, I am working on it. I will come back to you shortly with a better solution.

Thanks

[ovr]

@petrusgomes

We added support for loading SSL keys from the file system in v0.24.4.

CUBEJS_DB_SSL_CA=./server-ca.pem
CUBEJS_DB_SSL_KEY=./client-key.pem
CUBEJS_DB_SSL_CERT=./client-cert.pem

Because dotenv doesn't support multiline support (motdotla/dotenv#458), it's better solution from DX perspective to load keys from the FS.

Thanks

[petrusgomes]

Thanks, @ovr. Good work refactoring those pieces of code, BTW.
I was able to connect from Cube Cloud now using pem files.

[ovr]

@petrusgomes

Happy to hear! If you are using Cube Cloud, npx deploy --upload-env will update certs inside the Cube Cloud.