{
  "id": "django__django-11239",
  "question": "Add support for postgresql client certificates and key to dbshell.\nDescription\n\t\nThis bug is very similar to the #28322\nA common security procedure for DB access is to require mutual TLS for the DB connection.\nThis involves specifying a server certificate, client certificate, and client key when connecting.\nDjango already supports this configuration, it looks like this:\nDATABASES = {\n\t'default': {\n\t\t'ENGINE': 'django.db.backends.postgresql',\n\t\t'NAME': os.environ.get('POSTGRES_DB_NAME'),\n\t\t'USER': os.environ.get('POSTGRES_DB_USER'),\n\t\t'HOST': 'postgres',\n\t\t'PORT': '5432',\n\t\t'SCHEMA': os.environ.get('POSTGRES_DB_SCHEMA'),\n\t\t'OPTIONS': {\n\t\t\t 'sslmode': 'verify-ca',\n\t\t\t 'sslrootcert': os.environ.get('POSTGRES_CLI_SSL_CA', 'ca.crt'),\n\t\t\t 'sslcert': os.environ.get('POSTGRES_CLI_SSL_CRT', 'client_cert_chain.crt'),\n\t\t\t 'sslkey': os.environ.get('POSTGRES_CLI_SSL_KEY', 'client_key.key')\n\t\t}\n\t}\n}\nHowever the dbshell command does not support the client cert params.\nShould be a trivial fix to add in support for the other 'ssl' parameters required here.\n",
  "answer": "{\"task_id\": \"3f6899ab-4762-482b-9a2b-7e3768b32945\", \"workflow_run_id\": \"6c0e2d03-ddfe-4585-b4ad-2270b32ebf01\", \"data\": {\"id\": \"6c0e2d03-ddfe-4585-b4ad-2270b32ebf01\", \"workflow_id\": \"9a0a6efa-4d15-4876-b13f-4fb6a999caa2\", \"status\": \"succeeded\", \"outputs\": {\"final_patch\": [\"--- a/django/db/backends/postgresql/client.py\\n+++ b/django/db/backends/postgresql/client.py\\n@@ -45,6 +45,10 @@ class DatabaseClient(BaseDatabaseClient):\\n             env['PGSSLMODE'] = options['sslmode']\\n         if 'sslrootcert' in options:\\n             env['PGSSLROOTCERT'] = options['sslrootcert']\\n+        if 'sslcert' in options:\\n+            env['PGSSLCERT'] = options['sslcert']\\n+        if 'sslkey' in options:\\n+            env['PGSSLKEY'] = options['sslkey']\\n \\n         subprocess.run(args, env=env, check=True)\", \"--- a/django/db/backends/postgresql/client.py\\n+++ b/django/db/backends/postgresql/client.py\\n@@ -1,4 +1,5 @@\\n import subprocess\\n+import os\\n \\n from django.db.backends.base.client import BaseDatabaseClient\\n \\n@@ -45,6 +47,14 @@ class DatabaseClient(BaseDatabaseClient):\\n             env['PGSSLMODE'] = options['sslmode']\\n         if 'sslrootcert' in options:\\n             env['PGSSLROOTCERT'] = options['sslrootcert']\\n+        if 'sslcert' in options:\\n+            if os.path.exists(options['sslcert']):\\n+                env['PGSSLCERT'] = options['sslcert']\\n+            else:\\n+                raise FileNotFoundError(f\\\"SSL certificate file not found: {options['sslcert']}\\\")\\n+        if 'sslkey' in options:\\n+            if os.path.exists(options['sslkey']):\\n+                env['PGSSLKEY'] = options['sslkey']\\n+            else:\\n+                raise FileNotFoundError(f\\\"SSL key file not found: {options['sslkey']}\\\")\\n \\n         subprocess.run(args, env=env, check=True)\", \"--- a/django/db/backends/postgresql/client.py\\n+++ b/django/db/backends/postgresql/client.py\\n@@ -46,6 +46,10 @@ class DatabaseClient(BaseDatabaseClient):\\n         if 'sslrootcert' in options:\\n             env['PGSSLROOTCERT'] = options['sslrootcert']\\n \\n+        if 'sslcert' in options:\\n+            env['PGSSLCERT'] = options['sslcert']\\n+        if 'sslkey' in options:\\n+            env['PGSSLKEY'] = options['sslkey']\\n+\\n         subprocess.run(args, env=env, check=True)\", \"--- a/django/db/backends/postgresql/client.py\\n+++ b/django/db/backends/postgresql/client.py\\n@@ -43,9 +43,12 @@ class DatabaseClient(BaseDatabaseClient):\\n         options = settings_dict.get('OPTIONS', {})\\n         if 'sslmode' in options:\\n             env['PGSSLMODE'] = options['sslmode']\\n-        if 'sslrootcert' in options:\\n-            env['PGSSLROOTCERT'] = options['sslrootcert']\\n \\n+        # Handle SSL certificate options\\n+        ssl_options = {'sslrootcert': 'PGSSLROOTCERT', 'sslcert': 'PGSSLCERT', 'sslkey': 'PGSSLKEY'}\\n+        for option_key, env_key in ssl_options.items():\\n+            if option_key in options:\\n+                env[env_key] = options[option_key]\\n+\\n         subprocess.run(args, env=env, check=True)\", \"--- a/django/db/backends/postgresql/client.py\\n+++ b/django/db/backends/postgresql/client.py\\n@@ -45,6 +45,8 @@ class DatabaseClient(BaseDatabaseClient):\\n             env['PGSSLMODE'] = options['sslmode']\\n         if 'sslrootcert' in options:\\n             env['PGSSLROOTCERT'] = options['sslrootcert']\\n+        if 'sslcert' in options:\\n+            env['PGSSLCERT'] = options['sslcert']\\n+        if 'sslkey' in options:\\n+            env['PGSSLKEY'] = options['sslkey']\\n \\n         subprocess.run(args, env=env, check=True)\", \"diff\\n--- a/django/db/backends/postgresql/client.py\\n+++ b/django/db/backends/postgresql/client.py\\n@@ -43,9 +43,12 @@ class DatabaseClient(BaseDatabaseClient):\\n         options = settings_dict.get('OPTIONS', {})\\n         if 'sslmode' in options:\\n             env['PGSSLMODE'] = options['sslmode']\\n-        if 'sslrootcert' in options:\\n-            env['PGSSLROOTCERT'] = options['sslrootcert']\\n \\n+        # Handle SSL certificate options\\n+        ssl_options = {'sslrootcert': 'PGSSLROOTCERT', 'sslcert': 'PGSSLCERT', 'sslkey': 'PGSSLKEY'}\\n+        for option_key, env_key in ssl_options.items():\\n+            if option_key in options:\\n+                env[env_key] = options[option_key]\\n+\\n         subprocess.run(args, env=env, check=True)\\n\", \"diff\\n--- a/django/db/backends/postgresql/client.py\\n+++ b/django/db/backends/postgresql/client.py\\n@@ -43,9 +43,12 @@ class DatabaseClient(BaseDatabaseClient):\\n         options = settings_dict.get('OPTIONS', {})\\n         if 'sslmode' in options:\\n             env['PGSSLMODE'] = options['sslmode']\\n-        if 'sslrootcert' in options:\\n-            env['PGSSLROOTCERT'] = options['sslrootcert']\\n \\n+        # Handle SSL certificate options\\n+        ssl_options = {'sslrootcert': 'PGSSLROOTCERT', 'sslcert': 'PGSSLCERT', 'sslkey': 'PGSSLKEY'}\\n+        for option_key, env_key in ssl_options.items():\\n+            if option_key in options:\\n+                env[env_key] = options[option_key]\\n+\\n         subprocess.run(args, env=env, check=True)\\n\", \"diff\\n--- a/django/db/backends/postgresql/client.py\\n+++ b/django/db/backends/postgresql/client.py\\n@@ -43,9 +43,12 @@ class DatabaseClient(BaseDatabaseClient):\\n         options = settings_dict.get('OPTIONS', {})\\n         if 'sslmode' in options:\\n             env['PGSSLMODE'] = options['sslmode']\\n-        if 'sslrootcert' in options:\\n-            env['PGSSLROOTCERT'] = options['sslrootcert']\\n \\n+        # Handle SSL certificate options\\n+        ssl_options = {'sslrootcert': 'PGSSLROOTCERT', 'sslcert': 'PGSSLCERT', 'sslkey': 'PGSSLKEY'}\\n+        for option_key, env_key in ssl_options.items():\\n+            if option_key in options:\\n+                env[env_key] = options[option_key]\\n+\\n         subprocess.run(args, env=env, check=True)\\n\"]}, \"error\": \"\", \"elapsed_time\": 78.01118, \"total_tokens\": 36205, \"total_steps\": 30, \"created_at\": 1754648498, \"finished_at\": 1754648576}}"
}