From fd8c34ad43d5590d6af7f93ca668959b734d5e36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= <lukas@trkan.cz>
Date: Wed, 24 Sep 2025 00:16:24 +0200
Subject: [PATCH] feat(infrastructure): allow ssl connection to database

---
 backend/app/db.py                   | 5 ++++-
 deployment/app-demo-deployment.yaml | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/backend/app/db.py b/backend/app/db.py
index 5636ca8..c25d356 100644
--- a/backend/app/db.py
+++ b/backend/app/db.py
@@ -14,9 +14,12 @@ if not DATABASE_URL:
     mariadb_db = os.getenv("MARIADB_DB", "group_project")
     mariadb_user = os.getenv("MARIADB_USER", "root")
     mariadb_password = os.getenv("MARIADB_PASSWORD", "strongpassword")
+    #always use SSL except for localhost - i dont want to include certs
+    ssl_param = "?ssl=true" if mariadb_host != "localhost" else ""
+
     if mariadb_host and mariadb_db and mariadb_user and mariadb_password:
         # Use MariaDB/MySQL over async driver
-        DATABASE_URL = f"mysql+asyncmy://{mariadb_user}:{mariadb_password}@{mariadb_host}:{mariadb_port}/{mariadb_db}"
+        DATABASE_URL = f"mysql+asyncmy://{mariadb_user}:{mariadb_password}@{mariadb_host}:{mariadb_port}/{mariadb_db}{ssl_param}"
     else:
         raise Exception("Only MariaDB is supported. Please set the DATABASE_URL environment variable.")
 
diff --git a/deployment/app-demo-deployment.yaml b/deployment/app-demo-deployment.yaml
index 2b9991c..39bd74c 100644
--- a/deployment/app-demo-deployment.yaml
+++ b/deployment/app-demo-deployment.yaml
@@ -20,7 +20,7 @@ spec:
             - containerPort: 8000
           env:
             - name: MARIADB_HOST
-              value: mariadb-repl-maxscale
+              value: mariadb-repl-maxscale.mariadb-operator.svc.cluster.local
             - name: MARIADB_PORT
               value: "3306"
             - name: MARIADB_DATABASE