Update based on PR feedback:

Andrew Theis · Andrew Theis · commit f7841695c572 · 2018-05-10T16:05:01.000-05:00
- Add PostgreSQLTransportConfig struct to wrap the possible transport methods
- Use return worker.eventLoop.newSucceededFuture(result: connection) instead of Future.map
diff --git a/Sources/PostgreSQL/Connection/PostgreSQLConnection+TCP.swift b/Sources/PostgreSQL/Connection/PostgreSQLConnection+TCP.swift
@@ -7,7 +7,7 @@ extension PostgreSQLConnection {
     public static func connect(
         hostname: String = "localhost",
         port: Int = 5432,
-        tlsConfiguration: TLSConfiguration? = nil,
+        transportConfig: PostgreSQLTransportConfig = .cleartext,
         on worker: Worker,
         onError: @escaping (Error) -> ()
     ) throws -> Future<PostgreSQLConnection> {
@@ -23,10 +23,10 @@ extension PostgreSQLConnection {
 
         return bootstrap.connect(host: hostname, port: port).flatMap(to: PostgreSQLConnection.self) { channel in
             let connection = PostgreSQLConnection(queue: handler, channel: channel)
-            if let tlsConfiguration = tlsConfiguration {
+            if case .tls(let tlsConfiguration) = transportConfig.method {
                 return connection.addSSLClientHandler(using: tlsConfiguration).transform(to: connection)
             }
-            return Future.map(on: worker) { connection }
+            return worker.eventLoop.newSucceededFuture(result: connection)
         }
     }
 }
diff --git a/Sources/PostgreSQL/Database/PostgreSQLDatabase.swift b/Sources/PostgreSQL/Database/PostgreSQLDatabase.swift
@@ -19,7 +19,7 @@ public final class PostgreSQLDatabase: Database, LogSupporting {
     public func newConnection(on worker: Worker) -> Future<PostgreSQLConnection> {
         let config = self.config
         return Future.flatMap(on: worker) {
-            return try PostgreSQLConnection.connect(hostname: config.hostname, port: config.port, tlsConfiguration: config.tlsConfiguration, on: worker) { error in
+            return try PostgreSQLConnection.connect(hostname: config.hostname, port: config.port, transportConfig: config.transportConfig, on: worker) { error in
                 print("[PostgreSQL] \(error)")
             }.flatMap(to: PostgreSQLConnection.self) { client in
                 return client.authenticate(
diff --git a/Sources/PostgreSQL/Database/PostgreSQLDatabaseConfig.swift b/Sources/PostgreSQL/Database/PostgreSQLDatabaseConfig.swift
@@ -24,22 +24,22 @@ public struct PostgreSQLDatabaseConfig {
     /// Optional password to use for authentication.
     public let password: String?
     
-    /// Optional TLSConfiguration. Set this if your PostgreSQL server requires an SSL connection
-    /// For paid Heroku Postgres plans, set this to `.forClient(certificateVerification: .none)`
-    public let tlsConfiguration: TLSConfiguration?
+    /// Configures how data is transported to the server. Use this to enable SSL.
+    /// See `PostgreSQLTransportConfig` for more info
+    public let transportConfig: PostgreSQLTransportConfig
     
     /// Creates a new `PostgreSQLDatabaseConfig`.
-    public init(hostname: String, port: Int = 5432, username: String, database: String? = nil, password: String? = nil, tlsConfiguration: TLSConfiguration? = nil) {
+    public init(hostname: String, port: Int = 5432, username: String, database: String? = nil, password: String? = nil, transportConfig: PostgreSQLTransportConfig = .cleartext) {
         self.hostname = hostname
         self.port = port
         self.username = username
         self.database = database
         self.password = password
-        self.tlsConfiguration = tlsConfiguration
+        self.transportConfig = transportConfig
     }
 
     /// Creates a `PostgreSQLDatabaseConfig` frome a connection string.
-    public init(url urlString: String, tlsConfiguration: TLSConfiguration? = nil) throws {
+    public init(url urlString: String, transportConfig: PostgreSQLTransportConfig = .cleartext) throws {
         guard let url = URL(string: urlString),
             let hostname = url.host,
             let port = url.port,
@@ -64,6 +64,6 @@ public struct PostgreSQLDatabaseConfig {
             self.database = database
         }
         self.password = url.password
-        self.tlsConfiguration = tlsConfiguration
+        self.transportConfig = transportConfig
     }
 }
diff --git a/Sources/PostgreSQL/Database/PostgreSQLTransportConfig.swift b/Sources/PostgreSQL/Database/PostgreSQLTransportConfig.swift
@@ -0,0 +1,49 @@
+import Foundation
+import NIOOpenSSL
+
+
+public struct PostgreSQLTransportConfig {
+    /// Does not attempt to enable TLS (this is the default)
+    public static var cleartext: PostgreSQLTransportConfig {
+        return .init(method: .cleartext)
+    }
+    
+    /// Enables TLS requiring a minimum version of TLS v1.1 on the server, but disables certificate verification
+    /// This is what you would commonly use for paid Heroku PostgreSQL plans
+    public static var unverifiedTLS: PostgreSQLTransportConfig {
+        return .init(method: .tls(.forClient(certificateVerification: .none)))
+    }
+    
+    /// Enables TLS requiring a minimum version of TLS v1.1 on the server
+    public static var standardTLS: PostgreSQLTransportConfig {
+        return .init(method: .tls(.forClient()))
+    }
+    
+    /// Enables TLS requiring a minimum version of TLS v1.2 on the server
+    public static var modernTLS: PostgreSQLTransportConfig {
+        return .init(method: .tls(.forClient(minimumTLSVersion: .tlsv12)))
+    }
+    
+    /// Enables TLS requiring a minimum version of TLS v1.3 on the server
+    /// TLS v1.3 specification is still a draft and unlikely to be supported by most servers
+    /// See https://tools.ietf.org/html/draft-ietf-tls-tls13-28 for more info
+    public static var edgeTLS: PostgreSQLTransportConfig {
+        return .init(method: .tls(.forClient(minimumTLSVersion: .tlsv13)))
+    }
+    
+    /// Enables TLS and allows you to use a set `TLSConfiguration`
+    public static func customTLS(_ tlsConfiguration: TLSConfiguration)-> PostgreSQLTransportConfig {
+        return .init(method: .tls(tlsConfiguration))
+    }
+    
+    internal enum Method {
+        case cleartext
+        case tls(TLSConfiguration)
+    }
+    
+    internal let method: Method
+    
+    internal init(method: Method) {
+        self.method = method
+    }
+}
diff --git a/Tests/PostgreSQLTests/PostgreSQLConnectionTests.swift b/Tests/PostgreSQLTests/PostgreSQLConnectionTests.swift
@@ -13,8 +13,8 @@ class PostgreSQLConnectionTests: XCTestCase {
         try XCTAssert(results[0].firstValue(forColumn: "version")?.decode(String.self).contains("10.") == true)
     }
     
-    func testSSLConnection() throws {
-        let client = try PostgreSQLConnection.makeTest(tlsConfiguration: .forClient(certificateVerification: .none))
+    func testUnverifiedSSLConnection() throws {
+        let client = try PostgreSQLConnection.makeTest(transportConfig: .unverifiedTLS)
         let results = try client.simpleQuery("SELECT version();").wait()
         try XCTAssert(results[0].firstValue(forColumn: "version")?.decode(String.self).contains("10.") == true)
     }
@@ -441,7 +441,7 @@ class PostgreSQLConnectionTests: XCTestCase {
     }
 
     static var allTests = [
-        ("testSSLConnection", testSSLConnection),
+        ("testUnverifiedSSLConnection", testUnverifiedSSLConnection),
         ("testVersion", testVersion),
         ("testSelectTypes", testSelectTypes),
         ("testParse", testParse),
@@ -459,7 +459,7 @@ class PostgreSQLConnectionTests: XCTestCase {
 
 extension PostgreSQLConnection {
     /// Creates a test event loop and psql client.
-    static func makeTest(tlsConfiguration: TLSConfiguration? = nil) throws -> PostgreSQLConnection {
+    static func makeTest(transportConfig: PostgreSQLTransportConfig? = nil) throws -> PostgreSQLConnection {
         let hostname: String
         #if Xcode
         hostname = (try? Process.execute("docker-machine", "ip")) ?? "192.168.99.100"
@@ -469,8 +469,8 @@ extension PostgreSQLConnection {
         let group = MultiThreadedEventLoopGroup(numThreads: 1)
         var client: PostgreSQLConnection
         
-        if let tlsConfiguration = tlsConfiguration {
-            client = try PostgreSQLConnection.connect(hostname: hostname, port: 5433, tlsConfiguration: tlsConfiguration, on: group) { error in
+        if let transportConfig = transportConfig {
+            client = try PostgreSQLConnection.connect(hostname: hostname, port: 5433, transportConfig: transportConfig, on: group) { error in
                 XCTFail("\(error)")
             }.wait()
         } else {

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@ extension PostgreSQLConnection {`
`7`	`7`	`public static func connect(`
`8`	`8`	`hostname: String = "localhost",`
`9`	`9`	`port: Int = 5432,`
`10`		`- tlsConfiguration: TLSConfiguration? = nil,`
	`10`	`+ transportConfig: PostgreSQLTransportConfig = .cleartext,`
`11`	`11`	`on worker: Worker,`
`12`	`12`	`onError: @escaping (Error) -> ()`
`13`	`13`	`) throws -> Future<PostgreSQLConnection> {`
`@@ -23,10 +23,10 @@ extension PostgreSQLConnection {`
`23`	`23`
`24`	`24`	`return bootstrap.connect(host: hostname, port: port).flatMap(to: PostgreSQLConnection.self) { channel in`
`25`	`25`	`let connection = PostgreSQLConnection(queue: handler, channel: channel)`
`26`		`- if let tlsConfiguration = tlsConfiguration {`
	`26`	`+ if case .tls(let tlsConfiguration) = transportConfig.method {`
`27`	`27`	`return connection.addSSLClientHandler(using: tlsConfiguration).transform(to: connection)`
`28`	`28`	`}`
`29`		`- return Future.map(on: worker) { connection }`
	`29`	`+ return worker.eventLoop.newSucceededFuture(result: connection)`
`30`	`30`	`}`
`31`	`31`	`}`
`32`	`32`	`}`