Skip to content

Password not parsed correctly by stork-tool

Documentation states stork-tool cert-export --db-url postgresql://user:pass@localhost/dbname -f srvcert -o srv-cert.pem but it's not working with complex passwords (didn't try with the simple one so maybe it's not working at all ;) ).

# stork-tool cert-export --db-url 'postgresql://stork:R(cBBz3eokjDuZ>l8IYGF6@localhost/stork' -f cakey 
FATA[2021-11-22 23:03:22]             main.go:26    cannot parse db URL

but it works with psql native command line

# psql 'postgresql://stork:R(cBBz3eokjDuZ>l8IYGF6@localhost/stork'
psql (12.8 (Ubuntu 12.8-0ubuntu0.20.04.1))
SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)
Type "help" for help.

stork=> \q

So the parsing of the URL should be done in a better/different way

Another issue is that without a password in postgresql URI "stork-tool" should ask for password but it throws error instead.

# stork-tool cert-export --db-url 'postgresql://stork@localhost/stork' -f cakey 
INFO[2021-11-22 23:05:33]       connection.go:66    checking connection to database              
FATA[2021-11-22 23:05:33]             main.go:51    unexpected error: FATAL #28P01 password authentication failed for user "stork"
unable to connect to the database using provided credentials
isc.org/stork/server/database.NewPgDBConn
	/tmp/build/backend/server/database/connection.go:85
main.getDBConn
	/tmp/build/backend/cmd/stork-tool/main.go:49
main.runCertExport
	/tmp/build/backend/cmd/stork-tool/main.go:111
github.com/urfave/cli/v2.(*Command).Run
	/tmp/build/go/pkg/mod/github.com/urfave/cli/v2@v2.3.0/command.go:163
github.com/urfave/cli/v2.(*App).RunContext
	/tmp/build/go/pkg/mod/github.com/urfave/cli/v2@v2.3.0/app.go:313
github.com/urfave/cli/v2.(*App).Run
	/tmp/build/go/pkg/mod/github.com/urfave/cli/v2@v2.3.0/app.go:224
main.main
	/tmp/build/backend/cmd/stork-tool/main.go:331
runtime.main
	/tmp/build/tools/1.15.5/go/src/runtime/proc.go:204
runtime.goexit
	/tmp/build/tools/1.15.5/go/src/runtime/asm_amd64.s:1374

For evidence, without any postgresql URI defaults values are used (which I used too) and in that case I was correctly asked for the password

root@ip-10-10-9-165:~# stork-tool cert-export -f cakey
database password: 
INFO[2021-11-22 22:54:48]       connection.go:66    checking connection to database              
INFO[2021-11-22 22:54:48]            certs.go:234   CA key:
-----BEGIN PRIVATE KEY-----
...

 

Edited by Slawek Figiel