Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TLS client certificate and CA support to mongodb modules #52200

Open
wants to merge 3 commits into
base: devel
from

Conversation

Projects
None yet
3 participants
@dbanttari
Copy link
Contributor

dbanttari commented Feb 13, 2019

SUMMARY

Add TLS client certificate and CA list support to mongodb modules

Also copied the ssl_cert_reqs option (and option parsing style) to mongodb_parameter.py from the other mongo modules

ISSUE TYPE
  • Feature Pull Request
COMPONENT NAME

Add TLS client cert and CA support to MongoDB modules

ADDITIONAL INFORMATION

Specifying a CA file is required when using Amazon DocumentDB. We're using the CA option like this:

mongodb_user:
    ssl_ca_certs: "{{role_path}}/files/rds-combined-ca-bundle.pem"

(I misunderstood the internal need and first added mutually-authenticated "client certificate" TLS support, when what we really needed was CA support. I left the client cert support in the PR because... why not? Someone will use it.)

Add TLS client certificate and CA list support to mongodb_user module
Also import ssl_cert_reqs option from other mongo modules
@ansibot

This comment has been minimized.

Copy link
Contributor

ansibot commented Feb 13, 2019

dbanttari added some commits Feb 13, 2019

@nightowlengineer

This comment has been minimized.

Copy link

nightowlengineer commented Feb 19, 2019

I hit this problem myself on the 15th (lack of CA support) and came back to work on this, to discover this PR raised just two days before 🙌 so thank you 😁 This is a necessary feature for many teams!

@ansibot ansibot added the database label Feb 19, 2019

@ansibot ansibot added the stale_ci label Feb 27, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.