feat: Oracle - add support for secure communication TCPS

mh182 · KieranKaelin · commit fdf2f1127ec3 · 2022-09-27T21:15:25.000+02:00
Added bind mount for the necessary configuration files to enable TCPS.
- `volumes/core/config/oracle/network/admin`: `sqlnet.ora`, `tsnnames.ora`
  Templates for those files may be fond in the `templates` sub-directory.
- `volumes/core/config/oracle/wallet`: directory for the Oracle wallet
  store (client)
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,9 @@
 .env
 .meta-inf
-images/
 .version
+images/
+volumes/core/config/oracle/network/admin/*.ora
+volumes/core/config/oracle/network/admin/tnsnames.ora
+volumes/core/config/oracle/wallet/*.lck
+volumes/core/config/oracle/wallet/*.p12
+volumes/core/config/oracle/wallet/*.sso
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -25,11 +25,14 @@ services:
       - CORE_DB_HOST=core_db
       - CORE_DB_PASSWORD=${CORE_DB_PASSWORD}
       - CORE_DB_DATABASE=migrator
+      - TNS_ADMIN=/app/config/oracle/network/admin
     depends_on:
       core_db:
         condition: service_healthy
     networks:
       - common
+    volumes:
+      - ./volumes/core/config:/app/config
 
   # Internal Migrator database
   core_db:
diff --git a/volumes/core/config/oracle/network/admin/README b/volumes/core/config/oracle/network/admin/README
@@ -0,0 +1,8 @@
+============================================================================
+This is the default directory for Oracle Network and Oracle Client
+configuration files. You can place files such as tnsnames.ora, sqlnet.ora
+in this directory.
+NOTE:
+The content of this directory has to be provided to the Migrator 'core' with
+the help of the environment variable TNS_ADMIN.
+============================================================================
diff --git a/volumes/core/config/oracle/network/admin/templates/sqlnet.ora b/volumes/core/config/oracle/network/admin/templates/sqlnet.ora
@@ -0,0 +1,12 @@
+NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
+
+# Don't forget to adjust the 'volumes' configuration in the docker-compose.yml in
+# case you change the location of the wallet.
+
+WALLET_LOCATION =
+  (SOURCE =
+    (METHOD = FILE)
+    (METHOD_DATA =
+      (DIRECTORY = /app/config/oracle/wallet)
+    )
+  )
diff --git a/volumes/core/config/oracle/network/admin/templates/tnsnames.ora b/volumes/core/config/oracle/network/admin/templates/tnsnames.ora
@@ -0,0 +1,13 @@
+# Template file to define TNS names using TCPS (secure data transfer using TLS)
+# Check sqlnet.ora for the location of the wallet file.
+
+# Identifiers enclosed with ## have to adjusted to your needs.
+
+# ##net_service_name## =
+#   (DESCRIPTION =
+#     (ADDRESS = (PROTOCOL = TCPS)(HOST = ##host_name_or_ip_address##)(PORT = 2484))
+#     (CONNECT_DATA =
+#       (SERVER = DEDICATED)
+#       (SERVICE_NAME = ##service_name##)
+#     )
+#   )
diff --git a/volumes/core/config/oracle/wallet/README b/volumes/core/config/oracle/wallet/README
@@ -0,0 +1,5 @@
+Copy the files for the Oracle wallet store (client) into this directory.
+
+Since the Migrator core acts as client to the database servers the wallet store
+contains the certificates to connect to the database servers via TLS (TCPS
+protocol).
