Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLS connection to MongoDB #410

Closed
wconrad opened this issue Jul 30, 2021 · 1 comment
Closed

Support TLS connection to MongoDB #410

wconrad opened this issue Jul 30, 2021 · 1 comment
Assignees
@agoldis
Labels
feature In-app feature good first issue Good for newcomers

Comments

@wconrad
Copy link

wconrad commented Jul 30, 2021
edited

Please add the ability to connect to MongoDB via TLS when running as a docker service

Why is it needed? What is the value? For whom do we build it?

The ability to connect to MongoDB using TLS is is needed for someone who wants to run sorry-cypress as a docker service in a VM at Azure, using Azure's CosmosDB as the MongoDB server.

Azure's CosmosDB has a mongo front-end that I believe would work fine for sorry-cypress. However, CosmosDB requires that you connect to it with TLS. Note the --tls switch here in this successful connection using the mongosh CLI:

wayne@vm-qa-wayne:~$ mongosh --tls --host redacted.mongo.cosmos.azure.com --port 10255 --username redacted --password "redacted"
Current Mongosh Log ID: 61041cc2b0911cf9f4ebdf6e
Connecting to:          mongodb://redacted.mongo.cosmos.azure.com:10255/?directConnection=true
Using MongoDB:          4.0.0
Using Mongosh:          1.0.3

For mongosh info see: https://docs.mongodb.com/mongodb-shell/

Warning: Found ~/.mongorc.js, but not ~/.mongoshrc.js. ~/.mongorc.js will not be loaded.
  You may want to copy or rename ~/.mongorc.js to ~/.mongoshrc.js.
globaldb [direct: primary] test>

When the --tls switch is omitted, the connection fails after 30 seconds:

wayne@vm-qa-wayne:~$ mongosh --host redacted.mongo.cosmos.azure.com --port 10255 --username redacted --password "redacted"
Current Mongosh Log ID: 61041d6a87e5f02a1d20e3ba
Connecting to:          mongodb://redacted.mongo.cosmos.azure.com:10255/?directConnection=true
MongoServerSelectionError: connection <monitor> to NNN.NNN.NNN.NNN:10255 closed

The docker-compose file allows four of the five MongoDB options that are needed:

      MONGODB_URI: 'redacted.mongo.cosmos.azure.com:10255'
      MONGODB_DATABASE: 'redacted'
      MONGODB_USER: 'redacted'
      MONGODB_PASSWORD: 'redacted'

but without the ability to connect via TLS, trying to bring sorry-cypress up results in a timeout error being logged 30 seconds after the service is started:

wayne@treebeard:~/lab/sorry-cypress$ docker-compose -f docker-compose.minio.yml up
...
api_1            | MongoServerSelectionError: connection <monitor> to NNN.NNN.NNN.NNN:10255 timed out
api_1            |     at Timeout._onTimeout (/app/node_modules/mongodb/lib/core/sdam/topology.js:438:30)
api_1            |     at listOnTimeout (internal/timers.js:557:17)
api_1            |     at processTimers (internal/timers.js:500:7) {
api_1            |   reason: TopologyDescription {
api_1            |     type: 'Single',
api_1            |     setName: null,
api_1            |     maxSetVersion: null,
api_1            |     maxElectionId: null,
api_1            |     servers: Map(1) {
api_1            |       'redacted.mongo.cosmos.azure.com:10255' => [ServerDescription]
api_1            |     },
api_1            |     stale: false,
api_1            |     compatible: true,
api_1            |     compatibilityError: null,
api_1            |     logicalSessionTimeoutMinutes: null,
api_1            |     heartbeatFrequencyMS: 10000,
api_1            |     localThresholdMS: 15,
api_1            |     commonWireVersion: null
api_1            |   }
api_1            | }
sorry-cypress_api_1 exited with code 1
director_1       | (node:1) UnhandledPromiseRejectionWarning: MongoServerSelectionError: connection <monitor> to 40.65.106.154:10255 timed out
director_1       |     at Timeout._onTimeout (/app/node_modules/mongodb/lib/core/sdam/topology.js:438:30)
director_1       |     at listOnTimeout (internal/timers.js:557:17)
director_1       |     at processTimers (internal/timers.js:500:7)
director_1       | (Use `node --trace-warnings ...` to show where the warning was created)
director_1       | (node:1) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
director_1       | (node:1) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

High-level feature overview

Perhaps the docker-compose file could have an environment variable such as:

      MONGODB_TLS: 'true'
@agoldis agoldis self-assigned this Jul 30, 2021
@agoldis agoldis added feature In-app feature good first issue Good for newcomers labels Aug 4, 2021
@agoldis agoldis closed this as completed in 98849c0 Sep 8, 2021
agoldis added a commit to Roemer/sorry-cypress that referenced this issue Sep 8, 2021
@agoldis
Merge branch 'master' into pr/Roemer/433
a2f4b95 
* master: (36 commits)
  v2.0.0-beta.9
  fix: spec status + results with no tests
  v2.0.0-beta.8
  fix: wait for mongo to start
  v2.0.0-beta.7
  fix: fix import statements for mongo pckg
  v2.0.0-beta.6
  fix: allow hooks creation
  feat: add mongodb TLS setting. Closes sorry-cypress#410
  fix: Wait for indexes creation. Resolves sorry-cypress#371
  v2.0.0-beta.5
  chore: fix PAGE_ITEMS_LIMIT parsing
  chore: avoid running test for tags
  v2.0.0-beta.4
  chore: use -s flag for release script
  chore: update GH action name
  v2.0.0-beta.3
  v2.0.0-beta.2
  chore: use parallel gh actions
  chore: fix build process
  ...
@wconrad
Copy link
Author

wconrad commented Sep 8, 2021

I really appreciate you adding this feature. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@agoldis agoldis

Labels
feature In-app feature good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@agoldis @wconrad