Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed MongoDB insecureSkipVerify, Added MongoDB TLS certificate, ca, key #309

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fixed MongoDB insecureSkipVerify, Added MongoDB TLS certificate, ca, key #309

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e2c3930
Fixed MongoDB insecureSkipVerify, Added MongoDB tls certificate, ca, key
saharatss Jan 19, 2024
17c5f1e
fixed log format for MongoDB, and tls config
saharatss Jan 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
fixed log format for MongoDB, and tls config
  • Loading branch information
@saharatss
saharatss committed Jan 25, 2024
commit 17c5f1e37231773cbba31c7ac6be3ed0d0c7ccdd
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1276,7 +1276,7 @@ Options for `mongo` are the following:
| auth_opt_mongo_acls | acls | N | ACL collection |
| auth_opt_mongo_disable_superuser | true | N | Disable query to check for superuser |
| auth_opt_mongo_insecure_skip_verify | false | N | Verify server's certificate chain |
| auth_opt_mongo_tls | false | N | Connect with TLS |
| auth_opt_mongo_with_tls | false | N | Connect with TLS |
| auth_opt_mongo_tlsca | "" | N | TLS Certificate Authority (CA) |
| auth_opt_mongo_tlscert | "" | N | TLS Client Certificate |
| auth_opt_mongo_tlskey | "" | N | TLS Client Certificate Private Key |
Expand Down
11 changes: 8 additions & 3 deletions backends/mongo.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ func NewMongo(authOpts map[string]string, logLevel log.Level, hasher hashing.Has

useTlsClientCertificate := false

if authOpts["mongo_tls"] == "true" {
if authOpts["mongo_with_tls"] == "true" {
m.withTLS = true
}

Expand Down Expand Up @@ -143,23 +143,28 @@ func NewMongo(authOpts map[string]string, logLevel log.Level, hasher hashing.Has
}

if m.withTLS {
log.Infof("mongo backend: tls enabled")
log.Info("mongo backend: tls enabled")
opts.TLSConfig = &tls.Config{
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add new empty lines here and between following if checks to aid readability?

InsecureSkipVerify: m.insecureSkipVerify,
}

if useTlsClientCertificate {
caCert, err := os.ReadFile(m.TLSCa)

if err != nil {
log.Errorf("mongo backend: tls error: %s", err)
}

caCertPool := x509.NewCertPool()
if ok := caCertPool.AppendCertsFromPEM(caCert); !ok {
log.Errorf("mongo backend: tls error: CA file must be in PEM format")
log.Error("mongo backend: tls error: CA file must be in PEM format")
}

cert, err := tls.LoadX509KeyPair(m.TLSCert, m.TLSKey)
if err != nil {
log.Errorf("mongo backend: tls error: %s", err)
}

opts.TLSConfig = &tls.Config{
RootCAs: caCertPool,
Certificates: []tls.Certificate{cert},
Expand Down