[PP-1832] Ensure library registry will work with Postgres 16 and requ…

…ired SSL connections. (#684)

Dockerfile

@@ -13,7 +13,7 @@
 
 ##############################################################################
 # Build target: libreg_local_db
-FROM postgis/postgis:12-3.1 AS libreg_local_db
+FROM postgis/postgis:16-3.5 AS libreg_local_db
 
 ENV POSTGRES_PASSWORD="password"
 ENV POSTGRES_USER="postgres"
@@ -52,6 +52,10 @@ ENV SUPERVISOR_VERSION=4.2.2
 ENV POETRY_VERSION=1.5.1
 ENV POETRY_URL="https://install.python-poetry.org"
 ENV POETRY_HOME="/etc/poetry"
+# required for postgres ssl: the crt file doesn't exist
+# but the path must point to a visible directory otherwise we
+# get a permissions error
+ENV PGSSLCERT=/tmp/postgresql.crt
 
 RUN set -x \
     && addgroup -g 101 -S nginx \

README.md

@@ -130,7 +130,7 @@ will be served from the linked package, rather than the CDN.
 
 To install the registry locally, you'll need the following:
 
-- PostgreSQL 12+
+- PostgreSQL 16+
 - PostGIS 3
 - Python 3.8+ (3.9 is the build target for the Docker install)
 - Appropriate system dependencies to build the Python dependencies, which may include:
@@ -159,6 +159,12 @@ CREATE EXTENSION postgis;
 \c simplified_registry_test
 CREATE EXTENSION fuzzystrmatch;
 CREATE EXTENSION postgis;
+
+\c simplified_registry_dev postgres
+GRANT ALL ON SCHEMA public TO simplified;
+
+\c simplified_registry_test postgres
+GRANT ALL ON SCHEMA public TO simplified;
 ```
 
 The database configuration is exposed to the application via environment variables.

docker-compose.yml

@@ -1,5 +1,3 @@
-version: "3.9"
-
 services:
   libreg_local_db:
     container_name: libreg_local_db
@@ -12,6 +10,10 @@ services:
       - "5433:5433"
     environment:
       - PGPORT=5433
+    command: >
+            -c ssl=on
+            -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
+            -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 
   libreg_webapp:
     container_name: libreg_webapp
@@ -27,7 +29,9 @@ services:
       - "80:80"
     environment:
       - SIMPLIFIED_TEST_DATABASE=postgresql://simplified_test:simplified_test@libreg_local_db:5433/simplified_registry_test
-      - SIMPLIFIED_PRODUCTION_DATABASE=postgresql://simplified:simplified@libreg_local_db:5433/simplified_registry_dev
+      # AWS RDS Postgres 16+ enables SSL by default so we require ssl here in order to mirror the production environment
+      # as closely as possible for our dev instance.
+      - SIMPLIFIED_PRODUCTION_DATABASE=postgresql://simplified:simplified@libreg_local_db:5433/simplified_registry_dev?sslmode=require
       - FLASK_ENV=development
       - AWS_ACCESS_KEY_ID=TEST
       - AWS_SECRET_ACCESS_KEY=testpassword

docker/postgis_init.sh

@@ -18,4 +18,11 @@ psql -v ON_ERROR_STOP=1 --username="$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-E
     \c simplified_registry_test
     CREATE EXTENSION fuzzystrmatch;
     CREATE EXTENSION postgis;
+
+    \c simplified_registry_dev postgres
+    GRANT ALL ON SCHEMA public TO simplified;
+
+    \c simplified_registry_test postgres
+    GRANT ALL ON SCHEMA public TO simplified;
+
 EOSQL

pyproject.toml

@@ -36,7 +36,7 @@ Pillow = "*"
 pycryptodome = "*"
 PyJWT = "*"
 python = ">=3.8,<4"
-requests = "*"
+requests = "2.31.0"
 SQLAlchemy = "^1.4"
 uszipcode = "==1.0.1"
 

tox.ini

@@ -22,7 +22,7 @@ docker =
 allowlist_externals = poetry
 
 [docker:db-registry]
-image = postgis/postgis:12-3.1
+image = postgis/postgis:16-3.5
 environment =
     POSTGRES_USER=simplified_test
     POSTGRES_PASSWORD=test