adding configuration for TLS on top of mongoDB

Author: costero-e

beacon/connections/mongo/__init__.py

@@ -1,6 +1,5 @@
 from pymongo.mongo_client import MongoClient
 from beacon.connections.mongo import conf
-import os
 
 if conf.database_cluster:
     uri = "mongodb+srv://{}:{}@{}/?tls=true&authMechanism=SCRAM-SHA-256&retrywrites=false&maxIdleTimeMS=120000".format(
@@ -18,9 +17,7 @@
         conf.database_auth_source
     )
 
-if os.path.isfile(conf.database_certificate):
-    uri += '&tls=true&tlsCertificateKeyFile={}'.format(conf.database_certificate)
-    if os.path.isfile(conf.database_cafile):
-        uri += '&tlsCAFile={}'.format(conf.database_cafile)
+if conf.database_certificate != '' and conf.database_cafile != '':
+    uri += '&tls=true&tlsCertificateKeyFile={}&tlsCAFile={}'.format(conf.database_certificate, conf.database_cafile)
 
 client = MongoClient(uri)

docker-compose.remote.yml

@@ -57,6 +57,7 @@ services:
   db:
     image: mongo:5
     command: --wiredTigerCacheSizeGB 4
+    #command: --wiredTigerCacheSizeGB 4 --sslMode requireSSL --tlsCertificateKeyFile test-server1.pem --tlsCAFile test-ca.pem
     hostname: mongo
     container_name: mongoprod
     ports:
@@ -71,6 +72,9 @@ services:
       - ./beacon/connections/mongo/data/db:/data/db
       - ./beacon/connections/mongo/data/configdb:/data/configdb
       - ./beacon/connections/mongo/data/caseLevelData:/data/caseLevelData
+      #- ./test-server1.pem:/test-server1.pem
+      #- ./test-ca.pem:/test-ca.pem
+      #- ./test-client.pem:/test-client.pem
     #command: --verbose
 
   beacon-ri-tools:

docker-compose.yml

@@ -68,6 +68,7 @@ services:
   db:
     image: mongo:5
     command: --wiredTigerCacheSizeGB 4
+    #command: --wiredTigerCacheSizeGB 4 --sslMode requireSSL --tlsCertificateKeyFile test-server1.pem --tlsCAFile test-ca.pem
     hostname: mongo
     container_name: mongoprod
     ports:
@@ -82,6 +83,9 @@ services:
       - ./beacon/connections/mongo/data/db:/data/db
       - ./beacon/connections/mongo/data/configdb:/data/configdb
       - ./beacon/connections/mongo/data/caseLevelData:/data/caseLevelData
+      #- ./test-server1.pem:/test-server1.pem
+      #- ./test-ca.pem:/test-ca.pem
+      #- ./test-client.pem:/test-client.pem
     networks:
       - pub
     #command: --verbose

requirements.txt

@@ -8,7 +8,7 @@ aiohttp-middlewares==2.4.0
 aiohttp-jinja2==1.5
 aiohttp-session==2.9.0
 asyncpg==0.24.0
-cryptography==39.0.1
+cryptography==41.0.5
 PyJWT==2.7.0
 python-dotenv==1.0.1
 jsonschema==4.21.1
@@ -17,6 +17,7 @@ loguru==0.7.2
 pyyaml==6.0.1
 dataclasses-json==0.5.6
 pymongo[srv]==4.0.1
+pyopenssl==23.3.0
 coverage==7.6.0
 requests==2.25.1
 pydantic==2.6.2