Setup formation to parse certificate.

config/test.exs

@@ -1,4 +1,6 @@
 import Config
 
+config :tesla, Formation.Client, adapter: Tesla.Mock
+
 config :exvcr,
   vcr_cassette_library_dir: "test/fixture/vcr_cassettes"

lib/formation/application.ex

@@ -3,7 +3,8 @@ defmodule Formation.Application do
 
   def start(_type, _args) do
     children = [
-      {Finch, name: AWS.Finch}
+      {Finch, name: AWS.Finch},
+      {Finch, name: Formation.Finch}
     ]
 
     opts = [strategy: :one_for_one, name: Formation.Supervisor]

lib/formation/client.ex

@@ -0,0 +1,5 @@
+defmodule Formation.Client do
+  use Tesla
+
+  adapter(Tesla.Adapter.Finch, name: Formation.Finch)
+end

lib/formation/postgresql/credential.ex

@@ -36,6 +36,7 @@ defmodule Formation.Postgresql.Credential do
     |> maybe_set_hostname()
     |> maybe_set_database()
     |> maybe_set_ssl()
+    |> maybe_parse_certificate()
     |> validate_required([:hostname, :port, :username, :database])
   end
 
@@ -56,6 +57,14 @@ defmodule Formation.Postgresql.Credential do
     |> to_string()
   end
 
+  defp maybe_parse_certificate(changeset) do
+    if certificate = get_change(changeset, :certificate) do
+      put_change(changeset, :certificate, parse_certificate(certificate))
+    else
+      changeset
+    end
+  end
+
   defp maybe_set_ssl(changeset) do
     if secure = get_change(changeset, :secure) do
       put_change(changeset, :ssl, secure)
@@ -79,4 +88,14 @@ defmodule Formation.Postgresql.Credential do
       changeset
     end
   end
+
+  defp parse_certificate(certificate) when is_binary(certificate) do
+    with {:ok, uri} <- URI.new(certificate),
+         {:ok, %{body: body}} <- Formation.Client.get(to_string(uri)) do
+      body
+    else
+      {:error, _} ->
+        certificate
+    end
+  end
 end

mix.exs

@@ -55,6 +55,7 @@ defmodule Formation.MixProject do
       {:lexdee, "~> 2.3"},
       {:aws, "~> 0.13.0"},
       {:finch, "~> 0.16.0"},
+      {:tesla, "~> 1.7.0"},
       {:postgrex, "~> 0.17.1"},
       {:ecto, "~> 3.10"},
       # {:dep_from_hexpm, "~> 0.3.0"},

test/formation/postgresql/credential_test.exs

@@ -13,7 +13,37 @@ defmodule Formation.Postgresql.CredentialTest do
   end
 
   describe "create credential with certificate" do
-    test "can create credential with certificate", %{
+    setup do
+      Tesla.Mock.mock(fn %{method: :get} ->
+        %Tesla.Env{status: 200, body: "hello"}
+      end)
+
+      :ok
+    end
+
+    test "can create credential with url certificate", %{
+      host: host,
+      port: port,
+      username: username,
+      password: password
+    } do
+      assert {:ok, credential} =
+               Credential.create(%{
+                 host: host,
+                 port: port,
+                 username: username,
+                 password: password,
+                 certificate:
+                   "https://truststore.pki.rds.amazonaws.com/us-east-1/us-east-1-bundle.pem",
+                 ssl: false
+               })
+
+      refute is_nil(credential.certificate)
+
+      assert credential.certificate == "hello"
+    end
+
+    test "can create credential with binary certificate", %{
       host: host,
       port: port,
       username: username,
@@ -25,11 +55,13 @@ defmodule Formation.Postgresql.CredentialTest do
                  port: port,
                  username: username,
                  password: password,
-                 certificate: "https://some.cert/file.pem",
+                 certificate: "hello",
                  ssl: false
                })
 
       refute is_nil(credential.certificate)
+
+      assert credential.certificate == "hello"
     end
   end
 end