@@ -19,7 +19,7 @@ if [[ "$originalArgOne" == mongo* ]] && [ "$(id -u)" = '0' ]; then
1919 chown --dereference mongodb " /proc/$$ /fd/1" " /proc/$$ /fd/2" || :
2020 # ignore errors thanks to https://github.com/docker-library/mongo/issues/149
2121
22- exec gosu mongodb " $BASH_SOURCE " " $@ "
22+ exec gosu mongodb:1001 " $BASH_SOURCE " " $@ "
2323fi
2424
2525# you should use numactl to start your mongod instances, including the config servers, mongos instances, and any clients.
@@ -136,6 +136,41 @@ _mongod_hack_ensure_arg_val() {
136136 mongodHackedArgs+=( " $ensureArg " " $ensureVal "
137137}
138138
139+ # _mongod_hack_rename_arg_save_val '--arg-to-rename' '--arg-to-rename-to' "$@"
140+ # set -- "${mongodHackedArgs[@]}"
141+ _mongod_hack_rename_arg_save_val () {
142+ local oldArg=" $1 " ; shift
143+ local newArg=" $1 " ; shift
144+ if ! _mongod_hack_have_arg " $oldArg " " $@ " ; then
145+ return 0
146+ fi
147+ local val=" "
148+ mongodHackedArgs=()
149+ while [ " $# " -gt 0 ]; do
150+ local arg=" $1 " ; shift
151+ if [ " $arg " = " $oldArg " ; then
152+ val=" $1 " ; shift
153+ continue
154+ elif [[ " $arg " =~ " $oldArg " = (.* ) ]]; then
155+ val=${BASH_REMATCH[1]}
156+ continue
157+ fi
158+ mongodHackedArgs+=(" $arg "
159+ done
160+ mongodHackedArgs+=(" $newArg " " $val "
161+ }
162+
163+ # _mongod_hack_rename_arg'--arg-to-rename' '--arg-to-rename-to' "$@"
164+ # set -- "${mongodHackedArgs[@]}"
165+ _mongod_hack_rename_arg () {
166+ local oldArg=" $1 " ; shift
167+ local newArg=" $1 " ; shift
168+ if _mongod_hack_have_arg " $oldArg " " $@ " ; then
169+ _mongod_hack_ensure_no_arg " $oldArg " " $@ "
170+ _mongod_hack_ensure_arg " $newArg " " ${mongodHackedArgs[@]} "
171+ fi
172+ }
173+
139174# _js_escape 'some "string" value'
140175_js_escape () {
141176 jq --null-input --arg ' str' " $1 " ' $str'
@@ -241,8 +276,19 @@ if [ "$originalArgOne" = 'mongod' ]; then
241276 _mongod_hack_ensure_no_arg_val --replSet " ${mongodHackedArgs[@]} "
242277 fi
243278
244- sslMode=" $( _mongod_hack_have_arg ' --sslPEMKeyFile' " $@ " && echo ' preferSSL' || echo ' disabled' ) " # "BadValue: need sslPEMKeyFile when SSL is enabled" vs "BadValue: need to enable SSL via the sslMode flag when using SSL configuration parameters"
245- _mongod_hack_ensure_arg_val --sslMode " $sslMode " " ${mongodHackedArgs[@]} "
279+ # "BadValue: need sslPEMKeyFile when SSL is enabled" vs "BadValue: need to enable SSL via the sslMode flag when using SSL configuration parameters"
280+ tlsMode=' disabled'
281+ if _mongod_hack_have_arg ' --tlsCertificateKeyFile' " ${mongodHackedArgs[@]} " ; then
282+ tlsMode=' preferTLS'
283+ elif _mongod_hack_have_arg ' --sslPEMKeyFile' " ${mongodHackedArgs[@]} " ; then
284+ tlsMode=' preferSSL'
285+ fi
286+ # 4.2 switched all configuration/flag names from "SSL" to "TLS"
287+ if [ " $tlsMode " = ' preferTLS' || mongod --help 2>&1 | grep -q -- ' --tlsMode ' ; then
288+ _mongod_hack_ensure_arg_val --tlsMode " $tlsMode " " ${mongodHackedArgs[@]} "
289+ else
290+ _mongod_hack_ensure_arg_val --sslMode " $tlsMode " " ${mongodHackedArgs[@]} "
291+ fi
246292
247293 if stat " /proc/$$ /fd/1" > /dev/null && [ -w " /proc/$$ /fd/1" ; then
248294 # https://github.com/mongodb/mongo/blob/38c0eb538d0fd390c6cb9ce9ae9894153f6e8ef5/src/mongo/db/initialize_server_global_state.cpp#L237-L251
@@ -320,32 +366,73 @@ if [ "$originalArgOne" = 'mongod' ]; then
320366 echo
321367 fi
322368
369+ mongodHackedArgs=(" $@ "
323370 MONGO_SSL_DIR=${MONGO_SSL_DIR:-/ etc/ mongodb-ssl}
324371 CA=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
325372 if [ -f /var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt ]; then
326373 CA=/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt
327374 fi
328- if [ -f ${MONGO_SSL_DIR} /ca.crt ]; then
329- CA=${MONGO_SSL_DIR} /ca.crt
375+ if [ -f " ${MONGO_SSL_DIR} /ca.crt" ; then
376+ CA=" ${MONGO_SSL_DIR} /ca.crt"
330377 fi
331- if [ -f ${MONGO_SSL_DIR} /tls.key -a -f ${MONGO_SSL_DIR} /tls.crt ]; then
332- cat ${MONGO_SSL_DIR} /tls.key ${MONGO_SSL_DIR} /tls.crt > /tmp/tls.pem
333- _mongod_hack_ensure_arg_val --sslPEMKeyFile /tmp/tls.pem " $@ "
378+ if [ -f " ${MONGO_SSL_DIR} /tls.key" ] && [ -f " ${MONGO_SSL_DIR} /tls.crt" ; then
379+ cat " ${MONGO_SSL_DIR} /tls.key" " ${MONGO_SSL_DIR} /tls.crt" > /tmp/tls.pem
380+ _mongod_hack_ensure_arg_val --sslPEMKeyFile /tmp/tls.pem " ${mongodHackedArgs[@]} "
334381 if [ -f " ${CA} " ; then
335382 _mongod_hack_ensure_arg_val --sslCAFile " ${CA} " " ${mongodHackedArgs[@]} "
336383 fi
337- set -- " ${mongodHackedArgs[@]} "
338384 fi
339385 MONGO_SSL_INTERNAL_DIR=${MONGO_SSL_INTERNAL_DIR:-/ etc/ mongodb-ssl-internal}
340- if [ -f ${MONGO_SSL_INTERNAL_DIR} /tls.key -a -f ${MONGO_SSL_INTERNAL_DIR} /tls.crt ]; then
341- cat ${MONGO_SSL_INTERNAL_DIR} /tls.key ${MONGO_SSL_INTERNAL_DIR} /tls.crt > /tmp/tls-internal.pem
342- _mongod_hack_ensure_arg_val --sslClusterFile /tmp/tls-internal.pem " $@ "
386+ if [ -f " ${MONGO_SSL_INTERNAL_DIR} /tls.key" ] && [ -f " ${MONGO_SSL_INTERNAL_DIR} /tls.crt" ; then
387+ cat " ${MONGO_SSL_INTERNAL_DIR} /tls.key" " ${MONGO_SSL_INTERNAL_DIR} /tls.crt" > /tmp/tls-internal.pem
388+ _mongod_hack_ensure_arg_val --sslClusterFile /tmp/tls-internal.pem " ${mongodHackedArgs[@]} "
343389 if [ -f " ${MONGO_SSL_INTERNAL_DIR} /ca.crt" ; then
344390 _mongod_hack_ensure_arg_val --sslClusterCAFile " ${MONGO_SSL_INTERNAL_DIR} /ca.crt" " ${mongodHackedArgs[@]} "
345391 fi
346- set -- " ${mongodHackedArgs[@]} "
347392 fi
348393
394+ _mongod_hack_rename_arg_save_val --sslMode --tlsMode " ${mongodHackedArgs[@]} "
395+
396+ if _mongod_hack_have_arg ' --tlsMode' " ${mongodHackedArgs[@]} " ; then
397+ tlsMode=" none"
398+ if _mongod_hack_have_arg ' allowSSL' " ${mongodHackedArgs[@]} " ; then
399+ tlsMode=' allowTLS'
400+ elif _mongod_hack_have_arg ' preferSSL' " ${mongodHackedArgs[@]} " ; then
401+ tlsMode=' preferTLS'
402+ elif _mongod_hack_have_arg ' requireSSL' " ${mongodHackedArgs[@]} " ; then
403+ tlsMode=' requireTLS'
404+ fi
405+
406+ if [ " $tlsMode " != " none" ; then
407+ _mongod_hack_ensure_no_arg_val --tlsMode " ${mongodHackedArgs[@]} "
408+ _mongod_hack_ensure_arg_val --tlsMode " $tlsMode " " ${mongodHackedArgs[@]} "
409+ fi
410+ fi
411+
412+ _mongod_hack_rename_arg_save_val --sslPEMKeyFile --tlsCertificateKeyFile " ${mongodHackedArgs[@]} "
413+ if ! _mongod_hack_have_arg ' --tlsMode' " ${mongodHackedArgs[@]} " ; then
414+ if _mongod_hack_have_arg ' --tlsCertificateKeyFile' " ${mongodHackedArgs[@]} " ; then
415+ _mongod_hack_ensure_arg_val --tlsMode " preferTLS" " ${mongodHackedArgs[@]} "
416+ fi
417+ fi
418+ _mongod_hack_rename_arg ' --sslAllowInvalidCertificates' ' --tlsAllowInvalidCertificates' " ${mongodHackedArgs[@]} "
419+ _mongod_hack_rename_arg ' --sslAllowInvalidHostnames' ' --tlsAllowInvalidHostnames' " ${mongodHackedArgs[@]} "
420+ _mongod_hack_rename_arg ' --sslAllowConnectionsWithoutCertificates' ' --tlsAllowConnectionsWithoutCertificates' " ${mongodHackedArgs[@]} "
421+ _mongod_hack_rename_arg ' --sslFIPSMode' ' --tlsFIPSMode' " ${mongodHackedArgs[@]} "
422+
423+
424+ _mongod_hack_rename_arg_save_val --sslPEMKeyPassword --tlsCertificateKeyFilePassword " ${mongodHackedArgs[@]} "
425+ _mongod_hack_rename_arg_save_val --sslClusterFile --tlsClusterFile " ${mongodHackedArgs[@]} "
426+ _mongod_hack_rename_arg_save_val --sslCertificateSelector --tlsCertificateSelector " ${mongodHackedArgs[@]} "
427+ _mongod_hack_rename_arg_save_val --sslClusterCertificateSelector --tlsClusterCertificateSelector " ${mongodHackedArgs[@]} "
428+ _mongod_hack_rename_arg_save_val --sslClusterPassword --tlsClusterPassword " ${mongodHackedArgs[@]} "
429+ _mongod_hack_rename_arg_save_val --sslCAFile --tlsCAFile " ${mongodHackedArgs[@]} "
430+ _mongod_hack_rename_arg_save_val --sslClusterCAFile --tlsClusterCAFile " ${mongodHackedArgs[@]} "
431+ _mongod_hack_rename_arg_save_val --sslCRLFile --tlsCRLFile " ${mongodHackedArgs[@]} "
432+ _mongod_hack_rename_arg_save_val --sslDisabledProtocols --tlsDisabledProtocols " ${mongodHackedArgs[@]} "
433+
434+ set -- " ${mongodHackedArgs[@]} "
435+
349436 # MongoDB 3.6+ defaults to localhost-only binding
350437 haveBindIp=
351438 if _mongod_hack_have_arg --bind_ip " $@ " || _mongod_hack_have_arg --bind_ip_all " $@ " ; then
0 commit comments