change ownership of postgres tls key material

test_harness/src/docker/container/builder.rs

@@ -11,7 +11,7 @@ pub struct ContainerBuilder {
     hostname: Option<String>,
     network: Option<String>,
     port: Option<String>,
-    run_parameters: Vec<(String, String)>,
+    run_parameters: Vec<String>,
     detach: bool,
     volumes: Vec<String>,
 }
@@ -51,9 +51,9 @@ impl ContainerBuilder {
         self
     }
 
-    pub fn with_run_parameter(mut self, flag: &str, parameter: &str) -> Self {
+    pub fn with_run_parameters(mut self, parameters: &[&str]) -> Self {
         self.run_parameters
-            .push((flag.to_string(), parameter.to_string()));
+            .extend(parameters.iter().map(|p| p.to_string()));
         self
     }
 

test_harness/src/docker/container/mod.rs

@@ -13,7 +13,7 @@ pub(super) struct Container {
     hostname: Option<String>,
     network: Option<String>,
     port: Option<String>,
-    run_parameters: Vec<(String, String)>,
+    run_parameters: Vec<String>,
     detach: bool,
     volumes: Vec<String>,
 }
@@ -47,9 +47,7 @@ impl Container {
             command.args(["-d"]);
         }
         command.args([&self.image]);
-        for (flag, parameter) in &self.run_parameters {
-            command.args([flag, parameter]);
-        }
+        command.args(&self.run_parameters);
         command.spawn().unwrap()
     }
 }

test_harness/src/docker/mod.rs

@@ -171,12 +171,11 @@ fn create_and_start_server_container(
             "{}:/etc/postgres_certs:ro",
             absolute_cert_dir.to_str().unwrap()
         ))
-        .with_run_parameter("-N", "1000")
-        .with_run_parameter("-c", "ssl=on")
-        .with_run_parameter("-c", "ssl_cert_file=/etc/postgres_certs/server.crt")
-        .with_run_parameter("-c", "ssl_key_file=/etc/postgres_certs/server.key")
-        .with_run_parameter("-c", "ssl_ca_file=/etc/postgres_certs/root.crt")
-        //.with_run_parameter("-i", "")
+        .with_run_parameters(&["-N", "1000"])
+        .with_run_parameters(&["-c", "ssl=on"])
+        .with_run_parameters(&["-c", "ssl_cert_file=/etc/postgres_certs/server.crt"])
+        .with_run_parameters(&["-c", "ssl_key_file=/etc/postgres_certs/server.key"])
+        .with_run_parameters(&["-c", "ssl_ca_file=/etc/postgres_certs/root.crt"])
         .with_detach(false);
 
     if let Some(network_name) = network_name_option {
@@ -189,6 +188,24 @@ fn create_and_start_server_container(
 
     build_docker_image("server/Dockerfile", server_image_name);
 
+    // Chown the certs to the postgres user (we do this after building the
+    // server image to give the postgres container time to start)
+    docker_exec(
+        &db_container_name,
+        "root",
+        &["chown", "-R", "postgres:postgres", "/etc/postgres_certs"],
+    );
+    docker_exec(
+        &db_container_name,
+        "root",
+        &["chmod", "600", "/etc/postgres_certs/server.key"],
+    );
+    docker_exec(
+        &db_container_name,
+        "postgres",
+        &["pg_ctl reload -D /var/lib/postgresql/data"],
+    );
+
     let mut server_container = Container::builder(
         server_image_name,
         &format!("{server_domain}_server_container"),
@@ -214,8 +231,6 @@ fn create_and_start_server_container(
 
     let server = server_container.build().run();
 
-    //sleep(Duration::from_secs(6000));
-
     (server, db)
 }
 
@@ -328,7 +343,7 @@ pub async fn run_server_restart_test() {
         .with_env(&db_user_env_variable)
         .with_env(&db_password_env_variable)
         .with_env(&db_name_env_variable)
-        .with_run_parameter("-N", "1000")
+        .with_run_parameters(&["-N", "1000"])
         .with_detach(false);
 
     let _db = db_builder.build().run();
@@ -383,3 +398,13 @@ pub async fn run_server_restart_test() {
 
     tracing::info!("Done running server restart test");
 }
+
+fn docker_exec(container_name: &str, user: &str, args: &[&str]) -> String {
+    let output = Command::new("docker")
+        .args(["exec", "-u", user, container_name])
+        .args(args)
+        .output()
+        .expect("failed to execute process");
+
+    String::from_utf8(output.stdout).unwrap()
+}