From 6f89e7ea705e77ab809e5148a01c0e8f5221acb9 Mon Sep 17 00:00:00 2001
From: andreaangiolillo <andrea.angiolillo@mongodb.com>
Date: Wed, 20 Oct 2021 14:42:16 +0100
Subject: [PATCH] HELP-28512: mongocli cannot handle net.tls.FIPSMode properly

---
 go.mod                                      |  2 +-
 go.sum                                      |  2 ++
 internal/convert/automation_config_test.go  |  3 ++-
 internal/convert/cluster_config_test.go     |  9 +++++----
 internal/convert/process_config.go          |  2 +-
 internal/convert/process_config_test.go     | 11 +++++++++--
 internal/test/fixture/automation_configs.go |  3 ++-
 7 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/go.mod b/go.mod
index e3993b3bf3..a296040202 100644
--- a/go.mod
+++ b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/stretchr/testify v1.7.0
 	github.com/tangzero/inflector v1.0.0
 	go.mongodb.org/atlas v0.13.0
-	go.mongodb.org/ops-manager v0.30.0
+	go.mongodb.org/ops-manager v0.30.1
 	gopkg.in/yaml.v2 v2.4.0
 )
 
diff --git a/go.sum b/go.sum
index aa9daf74c0..ba51561417 100644
--- a/go.sum
+++ b/go.sum
@@ -339,6 +339,8 @@ go.mongodb.org/atlas v0.13.0 h1:JkJOWsKm9k2mcFaivaaMNDpKDsxJJj1O0eUsDtnNvuE=
 go.mongodb.org/atlas v0.13.0/go.mod h1:wVCnHcm/7/IfTjEB6K8K35PLG70yGz8BdkRwX0oK9/M=
 go.mongodb.org/ops-manager v0.30.0 h1:8nKyxdUo83cRny4kVOcDeZzf09WseVF5RtHUtGxHpZ0=
 go.mongodb.org/ops-manager v0.30.0/go.mod h1:x3CljG6FzfD/DwPCkt/7fKpGccKpHk91VlLOgK0eMTE=
+go.mongodb.org/ops-manager v0.30.1 h1:AI15ZQxQaSfbCY96A60ZLDlT3gA0WsPWncxdHDrc5xE=
+go.mongodb.org/ops-manager v0.30.1/go.mod h1:5S1wIr61QVUDhPyRiB35iEPocLd4WpJALejUMe9fHuI=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
diff --git a/internal/convert/automation_config_test.go b/internal/convert/automation_config_test.go
index 374127021d..5fbe6e6965 100644
--- a/internal/convert/automation_config_test.go
+++ b/internal/convert/automation_config_test.go
@@ -27,6 +27,7 @@ import (
 
 func TestFromAutomationConfig(t *testing.T) {
 	name := "cluster_1"
+	fipsMode := true
 	t.Run("replica set", func(t *testing.T) {
 		t.Parallel()
 		config := fixture.AutomationConfigWithOneReplicaSet(name, false)
@@ -66,7 +67,7 @@ func TestFromAutomationConfig(t *testing.T) {
 								ClusterPassword:            "ClusterPassword",
 								CRLFile:                    "CRLFile",
 								DisabledProtocols:          "DisabledProtocols",
-								FIPSMode:                   "FIPSMode",
+								FIPSMode:                   &fipsMode,
 								Mode:                       "Mode",
 								PEMKeyFile:                 "PEMKeyFile",
 							},
diff --git a/internal/convert/cluster_config_test.go b/internal/convert/cluster_config_test.go
index f4c4d413d1..b6f3822b2c 100644
--- a/internal/convert/cluster_config_test.go
+++ b/internal/convert/cluster_config_test.go
@@ -27,6 +27,7 @@ import (
 )
 
 func TestClusterConfig_PatchAutomationConfig(t *testing.T) {
+	fipsMode := true
 	testCases := map[string]struct {
 		current  *opsmngr.AutomationConfig
 		expected *opsmngr.AutomationConfig
@@ -133,7 +134,7 @@ func TestClusterConfig_PatchAutomationConfig(t *testing.T) {
 								ClusterPassword:            "ClusterPassword",
 								CRLFile:                    "CRLFile",
 								DisabledProtocols:          "DisabledProtocols",
-								FIPSMode:                   "FIPSMode",
+								FIPSMode:                   &fipsMode,
 								Mode:                       "Mode",
 								PEMKeyFile:                 "PEMKeyFile",
 							},
@@ -163,7 +164,7 @@ func TestClusterConfig_PatchAutomationConfig(t *testing.T) {
 									ClusterPassword:            "ClusterPassword",
 									CRLFile:                    "CRLFile",
 									DisabledProtocols:          "DisabledProtocols",
-									FIPSMode:                   "FIPSMode",
+									FIPSMode:                   &fipsMode,
 									Mode:                       "Mode",
 									PEMKeyFile:                 "PEMKeyFile",
 								},
@@ -215,7 +216,7 @@ func TestClusterConfig_PatchAutomationConfig(t *testing.T) {
 									ClusterPassword:            "ClusterPassword",
 									CRLFile:                    "CRLFile",
 									DisabledProtocols:          "DisabledProtocols",
-									FIPSMode:                   "FIPSMode",
+									FIPSMode:                   &fipsMode,
 									Mode:                       "Mode",
 									PEMKeyFile:                 "PEMKeyFile",
 								},
@@ -450,7 +451,7 @@ func TestClusterConfig_PatchAutomationConfig(t *testing.T) {
 									ClusterPassword:            "ClusterPassword",
 									CRLFile:                    "CRLFile",
 									DisabledProtocols:          "DisabledProtocols",
-									FIPSMode:                   "FIPSMode",
+									FIPSMode:                   &fipsMode,
 									Mode:                       "Mode",
 									PEMKeyFile:                 "PEMKeyFile",
 								},
diff --git a/internal/convert/process_config.go b/internal/convert/process_config.go
index 3ad61be44a..c7afab6698 100644
--- a/internal/convert/process_config.go
+++ b/internal/convert/process_config.go
@@ -88,7 +88,7 @@ type TLS struct {
 	ClusterPassword            string `yaml:"clusterPassword,omitempty" json:"clusterPassword,omitempty"`
 	CRLFile                    string `yaml:"CRLFile,omitempty" json:"CRLFile,omitempty"`
 	DisabledProtocols          string `yaml:"disabledProtocols,omitempty" json:"disabledProtocols,omitempty"`
-	FIPSMode                   string `yaml:"FIPSMode,omitempty" json:"FIPSMode,omitempty"`
+	FIPSMode                   *bool  `yaml:"FIPSMode,omitempty" json:"FIPSMode,omitempty"`
 	Mode                       string `yaml:"mode,omitempty" json:"mode,omitempty"`
 	PEMKeyFile                 string `yaml:"PEMKeyFile,omitempty" json:"PEMKeyFile,omitempty"`
 }
diff --git a/internal/convert/process_config_test.go b/internal/convert/process_config_test.go
index 3405b99781..458f5a926b 100644
--- a/internal/convert/process_config_test.go
+++ b/internal/convert/process_config_test.go
@@ -27,6 +27,7 @@ import (
 
 func Test_newReplicaSetProcessConfig(t *testing.T) {
 	var slaveDelay float64
+	fipsMode := true
 	omp := &opsmngr.Process{
 		Args26: opsmngr.Args26{
 			AuditLog: &opsmngr.AuditLog{
@@ -37,7 +38,10 @@ func Test_newReplicaSetProcessConfig(t *testing.T) {
 			},
 			NET: opsmngr.Net{
 				Port: 27017,
-				TLS:  &opsmngr.TLS{Mode: "disabled"},
+				TLS: &opsmngr.TLS{
+					Mode:     "disabled",
+					FIPSMode: &fipsMode,
+				},
 			},
 			Replication: &opsmngr.Replication{
 				ReplSetName: "myReplicaSet",
@@ -111,7 +115,10 @@ func Test_newReplicaSetProcessConfig(t *testing.T) {
 		ArbiterOnly:                 pointy.Bool(false),
 		Disabled:                    false,
 		Hidden:                      pointy.Bool(false),
-		TLS:                         &TLS{Mode: "disabled"},
+		TLS: &TLS{
+			Mode:     "disabled",
+			FIPSMode: &fipsMode,
+		},
 		SetParameter: &map[string]interface{}{
 			"param": "param",
 		},
diff --git a/internal/test/fixture/automation_configs.go b/internal/test/fixture/automation_configs.go
index 819a54b46a..4115c1d02e 100644
--- a/internal/test/fixture/automation_configs.go
+++ b/internal/test/fixture/automation_configs.go
@@ -190,6 +190,7 @@ func AutomationConfigWithMonitoring() *opsmngr.AutomationConfig {
 }
 
 func AutomationConfigWithOneReplicaSet(name string, disabled bool) *opsmngr.AutomationConfig {
+	fipsMode := true
 	return &opsmngr.AutomationConfig{
 		Processes: []*opsmngr.Process{
 			{
@@ -206,7 +207,7 @@ func AutomationConfigWithOneReplicaSet(name string, disabled bool) *opsmngr.Auto
 							ClusterPassword:            "ClusterPassword",
 							CRLFile:                    "CRLFile",
 							DisabledProtocols:          "DisabledProtocols",
-							FIPSMode:                   "FIPSMode",
+							FIPSMode:                   &fipsMode,
 							Mode:                       "Mode",
 							PEMKeyFile:                 "PEMKeyFile",
 						},