Merge pull request #140 from rafiss/pw

Test connecting tenants via password over TLS through proxy

Author: rafiss

go.mod

@@ -3,7 +3,7 @@ module github.com/cockroachdb/examples-orms
 go 1.13
 
 require (
-	github.com/cockroachdb/cockroach-go/v2 v2.2.1
+	github.com/cockroachdb/cockroach-go/v2 v2.2.3
 	github.com/go-pg/pg/v10 v10.9.0
 	github.com/julienschmidt/httprouter v1.1.0
 	github.com/lib/pq v1.10.0

go.sum

@@ -4,8 +4,8 @@ github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
-github.com/cockroachdb/cockroach-go/v2 v2.2.1 h1:nZte1DDdL9iu8IV0YPmX8l9Lg2+HRJ3CMvkT3iG52rc=
-github.com/cockroachdb/cockroach-go/v2 v2.2.1/go.mod h1:u3MiKYGupPPjkn3ozknpMUpxPaNLTFWAya419/zv6eI=
+github.com/cockroachdb/cockroach-go/v2 v2.2.3 h1:2881elKwTMrAWuSP2N/4PtU6XyqoyI55Fv3TSTD+Efo=
+github.com/cockroachdb/cockroach-go/v2 v2.2.3/go.mod h1:u3MiKYGupPPjkn3ozknpMUpxPaNLTFWAya419/zv6eI=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=

java/hibernate/build.gradle

@@ -12,16 +12,16 @@ repositories {
 
 dependencies {
     // Necessary for Hibernate.
-    compile 'org.hibernate:hibernate-core:5.4.30.Final'
-    compile 'org.postgresql:postgresql:42.2.19'
+    implementation 'org.hibernate:hibernate-core:5.5.8.Final'
+    implementation 'org.postgresql:postgresql:42.2.19'
 
     // Necessary for web application.
-    compile 'org.glassfish.jersey.core:jersey-server:2.25'
-    compile 'org.glassfish.jersey.containers:jersey-container-netty-http:2.25'
-    compile 'com.fasterxml.jackson.core:jackson-databind:2.8.5'
-    compile 'com.beust:jcommander:1.7'
+    implementation 'org.glassfish.jersey.core:jersey-server:2.25'
+    implementation 'org.glassfish.jersey.containers:jersey-container-netty-http:2.25'
+    implementation 'com.fasterxml.jackson.core:jackson-databind:2.8.5'
+    implementation 'com.beust:jcommander:1.7'
 
-    testCompile group: 'junit', name: 'junit', version: '4.11'
+    testImplementation group: 'junit', name: 'junit', version: '4.11'
 }
 
 run {

java/hibernate/gradle/wrapper/gradle-wrapper.jar

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.1.1-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-4.4.1-bin.zip

java/hibernate/gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,21 @@
 #!/usr/bin/env sh
 
+#
+# Copyright 2015 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
 ##############################################################################
 ##
 ##  Gradle start up script for UN*X
@@ -28,7 +44,7 @@ APP_NAME="Gradle"
 APP_BASE_NAME=`basename "$0"`
 
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS=""
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD="maximum"
@@ -56,7 +72,7 @@ case "`uname`" in
   Darwin* )
     darwin=true
     ;;
-  MINGW* )
+  MSYS* | MINGW* )
     msys=true
     ;;
   NONSTOP* )
@@ -66,6 +82,7 @@ esac
 
 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 
+
 # Determine the Java command to use to start the JVM.
 if [ -n "$JAVA_HOME" ] ; then
     if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
@@ -109,10 +126,11 @@ if $darwin; then
     GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
 fi
 
-# For Cygwin, switch paths to Windows format before running java
-if $cygwin ; then
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
     APP_HOME=`cygpath --path --mixed "$APP_HOME"`
     CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+
     JAVACMD=`cygpath --unix "$JAVACMD"`
 
     # We build the pattern for arguments to be converted via cygpath
@@ -138,19 +156,19 @@ if $cygwin ; then
         else
             eval `echo args$i`="\"$arg\""
         fi
-        i=$((i+1))
+        i=`expr $i + 1`
     done
     case $i in
-        (0) set -- ;;
-        (1) set -- "$args0" ;;
-        (2) set -- "$args0" "$args1" ;;
-        (3) set -- "$args0" "$args1" "$args2" ;;
-        (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
-        (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
-        (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
-        (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
-        (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
-        (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+        0) set -- ;;
+        1) set -- "$args0" ;;
+        2) set -- "$args0" "$args1" ;;
+        3) set -- "$args0" "$args1" "$args2" ;;
+        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
     esac
 fi
 
@@ -159,14 +177,9 @@ save () {
     for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
     echo " "
 }
-APP_ARGS=$(save "$@")
+APP_ARGS=`save "$@"`
 
 # Collect all arguments for the java command, following the shell quoting and substitution rules
 eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
 
-# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
-if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
-  cd "$(dirname "$0")"
-fi
-
 exec "$JAVACMD" "$@"

java/hibernate/gradlew

@@ -1,3 +1,19 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
 @if "%DEBUG%" == "" @echo off
 @rem ##########################################################################
 @rem
@@ -13,15 +29,18 @@ if "%DIRNAME%" == "" set DIRNAME=.
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
 @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-set DEFAULT_JVM_OPTS=
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
 
 @rem Find java.exe
 if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto init
+if "%ERRORLEVEL%" == "0" goto execute
 
 echo.
 echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -35,7 +54,7 @@ goto fail
 set JAVA_HOME=%JAVA_HOME:"=%
 set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
-if exist "%JAVA_EXE%" goto init
+if exist "%JAVA_EXE%" goto execute
 
 echo.
 echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
@@ -45,28 +64,14 @@ echo location of your Java installation.
 
 goto fail
 
-:init
-@rem Get command-line arguments, handling Windows variants
-
-if not "%OS%" == "Windows_NT" goto win9xME_args
-
-:win9xME_args
-@rem Slurp the command line arguments.
-set CMD_LINE_ARGS=
-set _SKIP=2
-
-:win9xME_args_slurp
-if "x%~1" == "x" goto execute
-
-set CMD_LINE_ARGS=%*
-
 :execute
 @rem Setup the command line
 
 set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
+
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
 
 :end
 @rem End local scope for the variables with windows NT shell

java/hibernate/gradlew.bat

@@ -36,22 +36,26 @@ private SessionUtil(String dbAddr) {
         if (dbAddr != null) {
             // Most drivers expect the user in a connection to be specified like:
             //   postgresql://<user>@host:port/db
-            // but the PGJDBC expects the user as a parameter like:
-            //   postgresql://host:port/db?user=<user>
-            Pattern p = Pattern.compile("postgresql://((\\w+)@).*");
+            // but the PGJDBC driver expects the user as a parameter like:
+            //   postgresql://host:port/db
+            // with the username and password passed as separate properties.
+            Pattern p = Pattern.compile("postgresql://((\\w+)(:(\\w+))?@).*");
             Matcher m = p.matcher(dbAddr);
             if (m.matches()) {
                 String userPart = m.group(1);
                 String user = m.group(2);
+                String password = m.group(4);
 
-
-                String sep = "?";
-                if (dbAddr.contains("?")) {
-                    sep = "&";
+                dbAddr = dbAddr.replace(userPart, "");
+                configuration.setProperty("hibernate.connection.user", user);
+                if (password != null && !password.equals("")) {
+                    configuration.setProperty("hibernate.connection.password", password);
                 }
-                dbAddr = String.format("%s%suser=%s", dbAddr.replace(userPart, ""), sep, user);
             }
 
+            // The client cert must be in PKCS8 format for Java.
+            dbAddr = dbAddr.replace("client.root.key", "client.root.key.pk8");
+
             // Add the "jdbc:" prefix to the address and replace in configuration.
             dbAddr = "jdbc:" + dbAddr;
             configuration.setProperty("hibernate.connection.url", dbAddr);

java/hibernate/src/main/java/com/cockroachlabs/util/SessionUtil.java

@@ -16,7 +16,7 @@
         <property name="connection.pool_size">16</property>
 
         <!-- SQL dialect -->
-        <property name="dialect">org.hibernate.dialect.PostgreSQL94Dialect</property>
+        <property name="dialect">org.hibernate.dialect.CockroachDB201Dialect</property>
 
         <!-- Echo all executed SQL to stdout -->
         <property name="show_sql">true</property>

java/hibernate/src/main/resources/hibernate.cfg.xml

@@ -2,19 +2,53 @@
 
 var fs        = require('fs');
 var Sequelize = require('sequelize-cockroachdb');
-var sequelize = new Sequelize(process.env.ADDR, {
-  dialectOptions: {cockroachdbTelemetryDisabled : true}
-});
+
+if (process.env.ADDR === undefined) {
+  throw new Error("ADDR (database URL) must be specified.");
+}
+
+var url = new URL(process.env.ADDR);
+var opts = {
+  dialect: "postgres",
+  username: url.username,
+  host: url.hostname,
+  port: url.port,
+  database: url.pathname.substring(1), // ignore leading '/'
+  dialectOptions: {
+    cockroachdbTelemetryDisabled: true,
+    ssl: {},
+  },
+  logging: false,
+};
+
+if (url.password) {
+  opts.password = url.password
+}
+if (url.searchParams.has("options")) {
+  var pgOpts = url.searchParams.get("options")
+  var cluster = pgOpts.match(/cluster=([^\s]+)/)[1]
+  opts.database = `${cluster}.${opts.database}`
+}
+if (url.searchParams.get("sslmode") === "disable") {
+  delete opts.dialectOptions.ssl
+} else {
+  if (url.searchParams.has("sslrootcert")) {
+    opts.dialectOptions.ssl.ca = fs.readFileSync(url.searchParams.get("sslrootcert").toString())
+  }
+  if (url.searchParams.has("sslcert")) {
+    opts.dialectOptions.ssl.cert = fs.readFileSync(url.searchParams.get("sslcert").toString())
+  }
+  if (url.searchParams.has("sslkey")) {
+    opts.dialectOptions.ssl.key = fs.readFileSync(url.searchParams.get("sslkey").toString())
+  }
+}
+var sequelize = new Sequelize(opts);
 var DataTypes = Sequelize.DataTypes;
 
 if (!Sequelize.supportsCockroachDB) {
   throw new Error("CockroachDB dialect for Sequelize not installed");
 }
 
-if (process.env.ADDR === undefined) {
-  throw new Error("ADDR (database URL) must be specified.");
-}
-
 module.exports.Customer = sequelize.define('customer', {
   name: DataTypes.STRING
 }, {