Skip to content

Commit db75e4a

Browse files
daniel-perconadaniel-percona
committed
Added config option to enable or disable tls
1 parent 8ef9006 commit db75e4a

File tree

3 files changed

+25
-7
lines changed

3 files changed

+25
-7
lines changed

config.yaml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,10 +32,11 @@ logging:
3232
docdb:
3333
endpoint: "localhost"
3434
port: "7777"
35+
tls: true
3536
ca_file: "/home/daniel.almeida/global-bundle.pem"
3637
# If true, tlsAllowInvalidHostnames=true will be added to the connection string.
3738
tls_allow_invalid_hostnames: true
38-
# extra_params: "directConnection=true&replicaSet=rs&ssl=false"
39+
# extra_params: "directConnection=true&replicaSet=rsName"
3940
extra_params: ""
4041

4142
# -----------------------------------------------
@@ -44,9 +45,10 @@ docdb:
4445
mongo:
4546
endpoint: "dan-ps-lab-mongos00.tp.int.percona.com"
4647
port: "27017"
48+
tls: false
4749
ca_file: ""
4850
tls_allow_invalid_hostnames: true
49-
# extra_params: "directConnection=true&replicaSet=rs&ssl=false"
51+
# extra_params: "directConnection=true&replicaSet=rsName"
5052
extra_params: ""
5153

5254
# -----------------------------------------------

internal/config/config.go

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ type DocDBConfig struct {
3535
CaFile string `mapstructure:"ca_file"`
3636
ExtraParams string `mapstructure:"extra_params"`
3737
TlsAllowInvalidHostnames bool `mapstructure:"tls_allow_invalid_hostnames"`
38+
TLS bool `mapstructure:"tls"`
3839
}
3940

4041
// MongoConfig holds target-specific settings
@@ -44,6 +45,7 @@ type MongoConfig struct {
4445
CaFile string `mapstructure:"ca_file"`
4546
ExtraParams string `mapstructure:"extra_params"`
4647
TlsAllowInvalidHostnames bool `mapstructure:"tls_allow_invalid_hostnames"`
48+
TLS bool `mapstructure:"tls"`
4749
}
4850

4951
// MigrationConfig holds general migration settings
@@ -113,12 +115,14 @@ func LoadConfig() {
113115
viper.SetDefault("docdb.ca_file", "global-bundle.pem")
114116
viper.SetDefault("docdb.extra_params", "")
115117
viper.SetDefault("docdb.tls_allow_invalid_hostnames", false)
118+
viper.SetDefault("docdb.tls", false)
116119

117120
viper.SetDefault("mongo.endpoint", "localhost")
118121
viper.SetDefault("mongo.port", "27017")
119122
viper.SetDefault("mongo.ca_file", "")
120123
viper.SetDefault("mongo.extra_params", "")
121124
viper.SetDefault("mongo.tls_allow_invalid_hostnames", false)
125+
viper.SetDefault("mongo.tls", false)
122126

123127
viper.SetDefault("migration.network_compressors", "zlib,snappy")
124128
viper.SetDefault("migration.exclude_dbs", []string{"admin", "local", "config"})
@@ -220,8 +224,13 @@ func buildTLSParams(extraParams string, allowInvalid bool) string {
220224
func (c *Config) BuildDocDBURI(user, password string) string {
221225
useTunnel := (c.DocDB.Endpoint == "localhost" || c.DocDB.Endpoint == "127.0.0.1")
222226
params := url.Values{}
223-
addQueryParam(&params, "tls", "true")
224-
addQueryParam(&params, "tlsCAFile", c.DocDB.CaFile)
227+
if c.DocDB.TLS {
228+
addQueryParam(&params, "tls", "true")
229+
addQueryParam(&params, "tlsCAFile", c.DocDB.CaFile)
230+
} else {
231+
addQueryParam(&params, "tls", "false")
232+
// We do not add tlsCAFile if tls is false
233+
}
225234

226235
if useTunnel {
227236
addQueryParam(&params, "directConnection", "true")
@@ -250,10 +259,15 @@ func (c *Config) BuildDocDBURI(user, password string) string {
250259

251260
func (c *Config) BuildMongoURI(user, password string) string {
252261
params := url.Values{}
253-
if c.Mongo.CaFile != "" {
262+
if c.Mongo.TLS {
254263
addQueryParam(&params, "tls", "true")
255-
addQueryParam(&params, "tlsCAFile", c.Mongo.CaFile)
264+
if c.Mongo.CaFile != "" {
265+
addQueryParam(&params, "tlsCAFile", c.Mongo.CaFile)
266+
}
267+
} else {
268+
addQueryParam(&params, "tls", "false")
256269
}
270+
257271
addQueryParam(&params, "compressors", c.Migration.NetworkCompressors)
258272

259273
finalParamsStr := buildTLSParams(c.Mongo.ExtraParams, c.Mongo.TlsAllowInvalidHostnames)

readme.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -236,6 +236,7 @@ The application is configured via the [config.yaml](./config.yaml) file in the a
236236
docdb:
237237
endpoint: "localhost"
238238
port: "7777"
239+
tls: true
239240
ca_file: "/home/daniel.almeida/global-bundle.pem"
240241
# If true, tlsAllowInvalidHostnames=true will be added to the connection string.
241242
tls_allow_invalid_hostnames: true
@@ -245,6 +246,7 @@ docdb:
245246
mongo:
246247
endpoint: "dan-ps-lab-mongos00.tp.int.percona.com"
247248
port: "27017"
249+
tls: false
248250
ca_file: ""
249251
tls_allow_invalid_hostnames: true
250252
extra_params: ""
@@ -255,7 +257,7 @@ Percona docStreamer configuration options are self explanatory and documented wi
255257
In addition to the above, you may include any additional standard MongoDB connection parameters using the `extra_params` configuration.
256258

257259
```yaml
258-
extra_params: "directConnection=true&replicaSet=rs&ssl=false"
260+
extra_params: "directConnection=true&replicaSet=rsName"
259261
```
260262

261263
### Credentials

0 commit comments

Comments
 (0)