准备 pq 语句返回一个无加密的错误。

huangapple
go评论118阅读模式
英文:

pq statement preparation returns a no encryption panic

问题

我正在测试一个类似于以下代码的数据库插入语句,在本地工作正常,但在连接到托管数据库主机的 Kubernetes 集群部署后不起作用:

  1. func Insert(w http.ResponseWriter, r *http.Request) {
  2. 	db := dbConn()
  3. 	//如果是 POST 请求,将每个字段的返回值分配给变量
  4. 	if r.Method == "POST" {
  5. 		email := r.FormValue("email")
  6. 		socialNetwork := r.FormValue("social_network")
  7. 		socialHandle := r.FormValue("social_handle")
  8. 		createdOn := time.Now().UTC()
  10. 		//准备插入数据的查询语句
  11. 		insForm, err := db.Prepare(`INSERT INTO public.users(email, social_network, social_handle) VALUES ($1,$2, $3)`)
  12. 		//检查并处理任何错误
  13. 		CheckError(err)
  14. 		//使用表单数据执行查询
  15. 		_, err = insForm.Exec(email, socialNetwork, socialHandle)
  16. 		CheckError(err)
  17. 		//在终端打印添加的数据
  18. 		log.Println("INSERT: email: " + email + " | social network: " + socialNetwork + " | social handle : " + socialHandle + " | created on: " + createdOn.String() + " | createdOn is type: " + reflect.TypeOf(createdOn).String())
  19. 		sendThanks(socialHandle, email)
  20. 	}
  21. 	defer db.Close()
  23. 	//重定向到首页
  24. 	http.Redirect(w, r, "/thanks", 301)
  25. }

我已经配置了以下部署,并有相应的 secrets 对象:

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   name: novvsworld
  5.   namespace: novvsworld
  6. spec:
  7.   replicas: 1
  8.   selector:
  9.     matchLabels:
  10.       app: novvsworld
  11.   template:
  12.     metadata:
  13.       labels:
  14.         app: novvsworld
  15.     spec:
  16.       containers:
  17.         - name: novvsworld
  18.           image: my.registry.com/registry/novvsworld:latest
  19.           resources:
  20.             limits:
  21.               memory: "128Mi"
  22.               cpu: "500m"
  23.           ports:
  24.             - containerPort: 3000
  25.           env:
  26.             - name: DBHOST
  27.               valueFrom:
  28.                 secretKeyRef:
  29.                   name: novvworld-secrets
  30.                   key: DBHOST
  31.             - name: DBPORT
  32.               valueFrom:
  33.                 secretKeyRef:
  34.                   name: novvworld-secrets
  35.                   key: DBPORT
  36.             - name: DBUSER
  37.               valueFrom:
  38.                 secretKeyRef:
  39.                   name: novvworld-secrets
  40.                   key: DBUSER
  41.             - name: DBPASS
  42.               valueFrom:
  43.                 secretKeyRef:
  44.                   name: novvworld-secrets
  45.                   key: DBPASS
  46.             - name: DBSSLMODE
  47.               valueFrom:
  48.                 secretKeyRef:
  49.                   name: novvworld-secrets
  50.                   key: DBSSLMODE
  51.             - name: SENDGRID_API_KEY
  52.               valueFrom:
  53.                 secretKeyRef:
  54.                   name: novvworld-secrets
  55.                   key: SENDGRID_API_KEY

在 secrets 文件中,'DBSSLMODE' 的值当前设置为 "disabled"。

当通过前端输入数据测试插入语句时,会返回以下 panic 错误:

022/08/15 18:50:58 http: panic serving 10.244.0.38:47590: pq: no pg_hba.conf entry for host "167.172.231.113", user "novvsworld", database "novvsworld", no encryption

我是否遗漏了加密的其他配置?将 sslmode 设置为 disabled 是否应该绕过此问题?

英文:

I'm testing a database insert statement similar to the following which works locally but not after deployment to a kubernetes cluster connected to a managed database host:

  1. func Insert(w http.ResponseWriter, r *http.Request) {
  2. 	db := dbConn()
  3. 	//If it's a post request, assign a variable to the value returned in each field of the New page.
  4. 	if r.Method == "POST" {
  5. 		email := r.FormValue("email")
  6. 		socialNetwork := r.FormValue("social_network")
  7. 		socialHandle := r.FormValue("social_handle")
  8. 		createdOn := time.Now().UTC()
  10. 		//prepare a query to insert the data into the database
  11. 		insForm, err := db.Prepare(`INSERT INTO public.users(email, social_network, social_handle) VALUES ($1,$2, $3)`)
  12. 		//check for  and handle any errors
  13. 		CheckError(err)
  14. 		//execute the query using the form data
  15. 		_, err = insForm.Exec(email, socialNetwork, socialHandle)
  16. 		CheckError(err)
  17. 		//print out added data in terminal
  18. 		log.Println("INSERT: email: " + email + " | social network: " + socialNetwork + " | social handle : " + socialHandle + " | created on: " + createdOn.String() + " | createdOn is type: " + reflect.TypeOf(createdOn).String())
  19. 		sendThanks(socialHandle, email)
  20. 	}
  21. 	defer db.Close()
  23. 	//redirect to the index page
  24. 	http.Redirect(w, r, "/thanks", 301)
  25. }

I've configured a deployment as follows with a corresponding secrets object:

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   name: novvsworld
  5.   namespace: novvsworld
  6. spec:
  7.   replicas: 1
  8.   selector:
  9.     matchLabels:
  10.       app: novvsworld
  11.   template:
  12.     metadata:
  13.       labels:
  14.         app: novvsworld
  15.     spec:
  16.       containers:
  17.         - name: novvsworld
  18.           image: my.registry.com/registry/novvsworld:latest
  19.           resources:
  20.             limits:
  21.               memory: "128Mi"
  22.               cpu: "500m"
  23.           ports:
  24.             - containerPort: 3000
  25.           env:
  26.             - name: DBHOST
  27.               valueFrom:
  28.                 secretKeyRef:
  29.                   name: novvworld-secrets
  30.                   key: DBHOST
  31.             - name: DBPORT
  32.               valueFrom:
  33.                 secretKeyRef:
  34.                   name: novvworld-secrets
  35.                   key: DBPORT
  36.             - name: DBUSER
  37.               valueFrom:
  38.                 secretKeyRef:
  39.                   name: novvworld-secrets
  40.                   key: DBUSER
  41.             - name: DBPASS
  42.               valueFrom:
  43.                 secretKeyRef:
  44.                   name: novvworld-secrets
  45.                   key: DBPASS
  46.             - name: DBSSLMODE
  47.               valueFrom:
  48.                 secretKeyRef:
  49.                   name: novvworld-secrets
  50.                   key: DBSSLMODE
  51.             - name: SENDGRID_API_KEY
  52.               valueFrom:
  53.                 secretKeyRef:
  54.                   name: novvworld-secrets
  55.                   key: SENDGRID_API_KEY

The value of 'DBSSLMODE' is currently set to "disabled" in the secrets file.

When testing the insert statement by inputting data through the front end, the following panic is returned:

022/08/15 18:50:58 http: panic serving 10.244.0.38:47590: pq: no pg_hba.conf entry for host "167.172.231.113", user "novvsworld", database "novvsworld", no encryption

Am I missing an additional configuration for the encryption and shouldn't setting the sslmode to disabled bypass this?

答案1

得分: 2

是的,这就是问题所在。客户端拒绝使用SSL。而服务器(配置未显示,但可以从错误中推断)拒绝在没有SSL的情况下继续进行。

只要双方都提出不兼容的要求并拒绝妥协,就无法完成任何工作。

英文:

> Am I missing an additional configuration for the encryption and shouldn't setting the sslmode to disabled bypass this?

Yes, and that is the problem. The client refuses to use SSL. While the server (configuration not shown, but can be inferred from the error) refuses to proceed without SSL.

As long as both sides make incompatible demands and refuse to compromise, nothing can get done.

huangapple
  • 本文由 发表于 2022年8月16日 03:00:40
  • 转载请务必保留本文链接:https://go.coder-hub.com/73365350.html
  • go
  • kubernetes
  • postgresql
  • pq
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定