feat(postgres): ssl for postgres

[bearrito]

What does this PR do?

Enables SSL for postgres

The main thing to recognize when reviewing this is that the secret material must be owned by the postgres user.
The docker file copy api doesn't allowfor setting a user when copying. The only way I could think was to take wrap the entrypoint script with one that does what we want.

Why is it important?

User ran into issue trying to use SSL. It's not obviously supported (able) due to file permissions.

Related issues

Link related issues below. Insert the issue link or reference after the word "Closes" if merging this should automatically close it.

• Closes [Bug]: File permissions with custom PostgreSQL image #2404

How to test this PR

Unit tests will work when complete.

[netlify]

✅ Deploy Preview for testcontainers-go ready!

Name	Link
🔨 Latest commit	314d1cf
🔍 Latest deploy log	https://app.netlify.com/sites/testcontainers-go/deploys/677d14234d05eb00087446e6
😎 Deploy Preview	https://deploy-preview-2473--testcontainers-go.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[mdelapenya]

We are in the right track with this one, although I left some comments that need to be addressed.

Besides that, we need to include the new option in the docs. Please check the docs/modules/postgres.md file for that. Remember adding this right after the option title:

- Not available until the next release of testcontainers-go <a href="https://github.com/testcontainers/testcontainers-go"><span class="tc-version">:material-tag: main</span></a>

Thanks!

[mdelapenya]

@bearrito could you please take a look at #2478? I'm adding helper code to deal with TLS certificates in order to simplify the story for the client code. Wdyt?

[bearrito]

@mdelapenya That makes a lot of sense. Much cleaner.

Do you want me to wait until that's done then base this on top of that?

[mdelapenya]

@bearrito I went ahead and extracted the TLS cert generation to a separate go package, which makes more sense: https://github.com/mdelapenya/tlscert

Please take a look and use it as you need here!

[bearrito]

@mdelapenya Updated to use your package.

[mdelapenya]

Just one final concern regarding the entrypoint: do you think we need to pass it? Or is it something we can internally handle in the module, being transparent to the end users?

[bearrito]

@mdelapenya Update so that the entrypoint is coupled with the ssl settings. What about doing something similar for the conf file?

[bearrito]

@mdelapenya added docs.

[stevenh]

Thanks for the changes, there's some outstanding bits needed to complete the switch to parameters, think I've caught them all in this pass.

[bearrito]

Addressed latest.

[stevenh]

Thanks for the fast turnaround on the changes, looks good to me, happy holidays!

[bearrito]

@mdelapenya Is this good to go from your end?

[bearrito]

@mdelapenya Is this good?

[mdelapenya]

@mdelapenya Is this good?

@bearrito sorry, I was on XMas PTO, and finish it tomorrow 7th. I left some minor comments that need to be addressed before merging.

As a follow-up, not for this PR to make progress and see it into main asap, I'd allow different users than postgres when enabling SSL.

Other than that, once the comments are addressed, LGTM

[mdelapenya]

@bearrito I went ahead and added a few commits with my suggestions to avoid causing you more trouble 🙏

Hopefully this build will pass and we can proceed with the merge.

Sorry about it taking too long 🙇

[mdelapenya]

LGTM, thanks for your patience and the long time it took for the review. My apologies