Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Provider cleanup #723

Merged
merged 3 commits into from
Apr 4, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 0 additions & 56 deletions REFERENCE.md
Original file line number Diff line number Diff line change
Expand Up @@ -865,12 +865,6 @@ The following parameters are available in the `mongodb::server` class:
* [`config_content`](#-mongodb--server--config_content)
* [`config_template`](#-mongodb--server--config_template)
* [`config_data`](#-mongodb--server--config_data)
* [`ssl`](#-mongodb--server--ssl)
* [`ssl_key`](#-mongodb--server--ssl_key)
* [`ssl_ca`](#-mongodb--server--ssl_ca)
* [`ssl_weak_cert`](#-mongodb--server--ssl_weak_cert)
* [`ssl_invalid_hostnames`](#-mongodb--server--ssl_invalid_hostnames)
* [`ssl_mode`](#-mongodb--server--ssl_mode)
* [`tls`](#-mongodb--server--tls)
* [`tls_key`](#-mongodb--server--tls_key)
* [`tls_ca`](#-mongodb--server--tls_ca)
Expand Down Expand Up @@ -1445,56 +1439,6 @@ A hash to allow for additional configuration options to be set in user-provided

Default value: `undef`

##### <a name="-mongodb--server--ssl"></a>`ssl`

Data type: `Optional[Boolean]`

Use SSL validation.
Important: You need to have ssl_key set as well, and the file needs to pre-exist on node. If you wish to
use certificate validation, ssl_ca must also be set.

Default value: `undef`

##### <a name="-mongodb--server--ssl_key"></a>`ssl_key`

Data type: `Optional[Stdlib::Absolutepath]`

Defines the path of the file that contains the TLS/SSL certificate and key.

Default value: `undef`

##### <a name="-mongodb--server--ssl_ca"></a>`ssl_ca`

Data type: `Optional[Stdlib::Absolutepath]`

Defines the path of the file that contains the certificate chain for verifying client certificates.

Default value: `undef`

##### <a name="-mongodb--server--ssl_weak_cert"></a>`ssl_weak_cert`

Data type: `Boolean`

Set to true to disable mandatory SSL client authentication.

Default value: `false`

##### <a name="-mongodb--server--ssl_invalid_hostnames"></a>`ssl_invalid_hostnames`

Data type: `Boolean`

Set to true to disable fqdn SSL cert check.

Default value: `false`

##### <a name="-mongodb--server--ssl_mode"></a>`ssl_mode`

Data type: `Enum['requireSSL', 'preferSSL', 'allowSSL']`

Ssl authorization mode.

Default value: `'requireSSL'`

##### <a name="-mongodb--server--tls"></a>`tls`

Data type: `Boolean`
Expand Down
7 changes: 0 additions & 7 deletions lib/facter/is_master.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,6 @@ def get_options_from_hash_config(config)
result = []

result << "--port #{config['net.port']}" unless config['net.port'].nil?
# use --ssl and --host if:
# - sslMode is "requireSSL"
# - Parameter --sslPEMKeyFile is set
# - Parameter --sslCAFile is set
result << "--ssl --host #{Facter.value(:fqdn)}" if config['net.ssl.mode'] == 'requireSSL' || !config['net.ssl.PEMKeyFile'].nil? || !config['net.ssl.CAFile'].nil?
result << "--sslPEMKeyFile #{config['net.ssl.PEMKeyFile']}" unless config['net.ssl.PEMKeyFile'].nil?
result << "--sslCAFile #{config['net.ssl.CAFile']}" unless config['net.ssl.CAFile'].nil?
# use --tls and --host if:
# - tlsMode is "requireTLS"
# - Parameter --tlsCertificateKeyFile is set
Expand Down
43 changes: 9 additions & 34 deletions lib/puppet/provider/mongodb.rb
Original file line number Diff line number Diff line change
Expand Up @@ -26,19 +26,15 @@ def self.mongod_conf_file
def self.mongo_conf
config = YAML.load_file(mongod_conf_file) || {}
{
'bindip' => config['net.bindIp'],
'port' => config['net.port'],
'ipv6' => config['net.ipv6'],
'sslallowInvalidHostnames' => config['net.ssl.allowInvalidHostnames'],
'ssl' => config['net.ssl.mode'],
'sslcert' => config['net.ssl.PEMKeyFile'],
'sslca' => config['net.ssl.CAFile'],
'tlsallowInvalidHostnames' => config['net.tls.allowInvalidHostnames'],
'tls' => config['net.tls.mode'],
'tlscert' => config['net.tls.certificateKeyFile'],
'tlsca' => config['net.tls.CAFile'],
'auth' => config['security.authorization'],
'clusterRole' => config['sharding.clusterRole'],
'bindip' => config['net.bindIp'] || config.fetch('net', {}).fetch('bindIp', nil),
'port' => config['net.port'] || config.fetch('net', {}).fetch('port', nil),
'ipv6' => config['net.ipv6'] || config.fetch('net', {}).fetch('ipv6', nil),
'tlsallowInvalidHostnames' => config['net.tls.allowInvalidHostnames'] || config.fetch('net', {}).fetch('tls', {}).fetch('allowInvalidHostnames', nil),
'tls' => config['net.tls.mode'] || config.fetch('net', {}).fetch('tls', {}).fetch('mode', nil),
'tlscert' => config['net.tls.certificateKeyFile'] || config.fetch('net', {}).fetch('tls', {}).fetch('certificateKeyFile', nil),
'tlsca' => config['net.tls.CAFile'] || config.fetch('net', {}).fetch('tls', {}).fetch('CAFile', nil),
'auth' => config['security.authorization'] || config.fetch('security', {}).fetch('authorization', nil),
'clusterRole' => config['sharding.clusterRole'] || config.fetch('sharding', {}).fetch('clusterRole', nil),
}
end

Expand All @@ -47,23 +43,12 @@ def self.ipv6_is_enabled(config = nil)
config['ipv6']
end

def self.ssl_is_enabled(config = nil)
config ||= mongo_conf
ssl_mode = config.fetch('ssl')
!ssl_mode.nil? && ssl_mode != 'disabled'
end

def self.tls_is_enabled(config = nil)
config ||= mongo_conf
tls_mode = config.fetch('tls')
!tls_mode.nil? && tls_mode != 'disabled'
end

def self.ssl_invalid_hostnames(config = nil)
config ||= mongo_conf
config['sslallowInvalidHostnames']
end

def self.tls_invalid_hostnames(config = nil)
config ||= mongo_conf
config['tlsallowInvalidHostnames']
Expand All @@ -77,16 +62,6 @@ def self.mongosh_cmd(db, host, cmd)
args = [db, '--quiet', '--host', host]
args.push('--ipv6') if ipv6_is_enabled(config)

if ssl_is_enabled(config)
args.push('--ssl')
args += ['--sslPEMKeyFile', config['sslcert']]

ssl_ca = config['sslca']
args += ['--sslCAFile', ssl_ca] unless ssl_ca.nil?

args.push('--sslAllowInvalidHostnames') if ssl_invalid_hostnames(config)
end

if tls_is_enabled(config)
args.push('--tls')
args += ['--tlsCertificateKeyFile', config['tlscert']]
Expand Down
Loading
Loading