Merge pull request #29 from EGA-archive/urgent-fix

Adding configuration for having TLS on top of mongoDB
EGA-archive · Jan 9, 2025 · e127806 · e127806
2 parents 6bb8796 + 9794069
commit e127806
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 7 deletions.
diff --git a/beacon/conf/api_version.yml b/beacon/conf/api_version.yml
@@ -1 +1 @@
-api_version: v2.0-eeabc63
+api_version: v2.0-6bb8796
diff --git a/beacon/connections/mongo/__init__.py b/beacon/connections/mongo/__init__.py
@@ -1,6 +1,5 @@
 from pymongo.mongo_client import MongoClient
 from beacon.connections.mongo import conf
-import os
 
 if conf.database_cluster:
     uri = "mongodb+srv://{}:{}@{}/?tls=true&authMechanism=SCRAM-SHA-256&retrywrites=false&maxIdleTimeMS=120000".format(
@@ -18,9 +17,7 @@
         conf.database_auth_source
     )
 
-if os.path.isfile(conf.database_certificate):
-    uri += '&tls=true&tlsCertificateKeyFile={}'.format(conf.database_certificate)
-    if os.path.isfile(conf.database_cafile):
-        uri += '&tlsCAFile={}'.format(conf.database_cafile)
+if conf.database_certificate != '' and conf.database_cafile != '':
+    uri += '&tls=true&tlsCertificateKeyFile={}&tlsCAFile={}'.format(conf.database_certificate, conf.database_cafile)
 
 client = MongoClient(uri)
diff --git a/docker-compose.remote.yml b/docker-compose.remote.yml
@@ -57,6 +57,7 @@ services:
   db:
     image: mongo:5
     command: --wiredTigerCacheSizeGB 4
+    #command: --wiredTigerCacheSizeGB 4 --sslMode requireSSL --tlsCertificateKeyFile test-server1.pem --tlsCAFile test-ca.pem
     hostname: mongo
     container_name: mongoprod
     ports:
@@ -71,6 +72,9 @@ services:
       - ./beacon/connections/mongo/data/db:/data/db
       - ./beacon/connections/mongo/data/configdb:/data/configdb
       - ./beacon/connections/mongo/data/caseLevelData:/data/caseLevelData
+      #- ./test-server1.pem:/test-server1.pem
+      #- ./test-ca.pem:/test-ca.pem
+      #- ./test-client.pem:/test-client.pem
     #command: --verbose
 
   beacon-ri-tools:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -68,6 +68,7 @@ services:
   db:
     image: mongo:5
     command: --wiredTigerCacheSizeGB 4
+    #command: --wiredTigerCacheSizeGB 4 --sslMode requireSSL --tlsCertificateKeyFile test-server1.pem --tlsCAFile test-ca.pem
     hostname: mongo
     container_name: mongoprod
     ports:
@@ -82,6 +83,9 @@ services:
       - ./beacon/connections/mongo/data/db:/data/db
       - ./beacon/connections/mongo/data/configdb:/data/configdb
       - ./beacon/connections/mongo/data/caseLevelData:/data/caseLevelData
+      #- ./test-server1.pem:/test-server1.pem
+      #- ./test-ca.pem:/test-ca.pem
+      #- ./test-client.pem:/test-client.pem
     networks:
       - pub
     #command: --verbose

diff --git a/requirements.txt b/requirements.txt
@@ -8,7 +8,7 @@ aiohttp-middlewares==2.4.0
 aiohttp-jinja2==1.5
 aiohttp-session==2.9.0
 asyncpg==0.24.0
-cryptography==39.0.1
+cryptography==41.0.5
 PyJWT==2.7.0
 python-dotenv==1.0.1
 jsonschema==4.21.1
@@ -17,6 +17,7 @@ loguru==0.7.2
 pyyaml==6.0.1
 dataclasses-json==0.5.6
 pymongo[srv]==4.0.1
+pyopenssl==23.3.0
 coverage==7.6.0
 requests==2.25.1
 pydantic==2.6.2
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		api_version: v2.0-eeabc63
		api_version: v2.0-6bb8796