Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: add tls for mongo in deployment #754

Merged
merged 14 commits into from
Jan 14, 2025
Merged

build: add tls for mongo in deployment #754

merged 14 commits into from
Jan 14, 2025

Conversation

aneojgurhem
Copy link
Contributor

@aneojgurhem aneojgurhem commented Sep 13, 2024
edited
Loading

Motivation

  • Remove the use of the LocalTrustStore to manage CA certificates for TLS in connections to MongoDB.
  • Test TLS connection to MongoDB directly from Core.
  • Support TLS connection to MongoDB from Windows based compute plane.

Description

  • Generate custom certificates and use them to enable TLS for MongDB.
  • Rewrite validation callback passed to MongoDB driver to support TLS without using the LocalTrustStore on Linux and Windows.

Testing

  • CI pipelines of this repository are working properly with the new certificates and validation callback.
  • This branch was also tested within the infrastructure with Windows based compute plane instances.

Impact

  • Enable TLS for our current Windows deployment.

Additional Information

None

Checklist

  • My code adheres to the coding and style guidelines of the project.
  • I have performed a self-review of my code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have made corresponding changes to the documentation.
  • I have thoroughly tested my modifications and added tests when necessary.
  • Tests pass locally and in the CI.
  • I have assessed the performance impact of my modifications.

@aneojgurhem aneojgurhem self-assigned this Sep 13, 2024
@aneojgurhem aneojgurhem marked this pull request as draft September 16, 2024 09:50
@CLAassistant
Copy link

CLAassistant commented Nov 28, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@Nico-dl05 Nico-dl05 force-pushed the jg/tls branch 4 times, most recently from 55fe2d3 to fdabc79 Compare December 19, 2024 11:09
@Nico-dl05 Nico-dl05 force-pushed the jg/tls branch 4 times, most recently from 75b9bee to d06d5e4 Compare December 31, 2024 14:23
lemaitre-aneo
lemaitre-aneo reviewed Jan 6, 2025
View reviewed changes
Adaptors/MongoDB/src/ServiceCollectionExt.cs Outdated Show resolved Hide resolved
Adaptors/MongoDB/src/ServiceCollectionExt.cs Outdated Show resolved Hide resolved
Utils/src/ServerCertificateValidator.cs Outdated Show resolved Hide resolved
aneojgurhem
aneojgurhem commented Jan 13, 2025
View reviewed changes
Utils/src/ServerCertificateValidator.cs Outdated Show resolved Hide resolved
Utils/src/ServerCertificateValidator.cs Outdated Show resolved Hide resolved
Adaptors/MongoDB/src/ServiceCollectionExt.cs Outdated Show resolved Hide resolved
@aneojgurhem aneojgurhem marked this pull request as ready for review January 13, 2025 16:43
@Nico-dl05 Nico-dl05 merged commit 67ad6cf into main Jan 14, 2025
111 checks passed
@Nico-dl05 Nico-dl05 deleted the jg/tls branch January 14, 2025 09:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lemaitre-aneo lemaitre-aneo lemaitre-aneo left review comments

@ngruelaneo ngruelaneo ngruelaneo approved these changes

@qdelamea-aneo qdelamea-aneo Awaiting requested review from qdelamea-aneo

Assignees

@aneojgurhem aneojgurhem

Labels
None yet
Projects
ArmoniK
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@aneojgurhem @CLAassistant @lemaitre-aneo @ngruelaneo @Nico-dl05