Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add filer configuration options for username/password and tls #5601

Merged
merged 2 commits into from
May 18, 2024
Merged

add filer configuration options for username/password and tls #5601

merged 2 commits into from
May 18, 2024

Conversation

baursn
Copy link
Contributor

@baursn baursn commented May 18, 2024

What problem are we solving?

a secure mongodb setup with security comes with tls/ssl encryption and user authentication. The filer mongodb backend did only support connecting without encryption and authentication. This PR adds support for that.

How are we solving the problem?

Configuration in filer.toml can now be extended with additional configuration parameters as in this example:

[mongodb]
enabled = true
uri = "mongodb://localhost:27017/tls=true"
username = "seaweedfs"
password = "seaweedfs"
database = "seaweedfs"
ssl = true
ssl_ca_file = "./mongodb/ssl/ca.crt"
ssl_cert_file = "./mongodb/ssl/client.pem"
ssl_key_file = "./mongodb/ssl/client.pem"

How is the PR tested?

Tested with my mongodb setup.

Checks

  • I have added unit tests if possible.
  • I will add related wiki document changes and link to this PR after merging.
    i think there is no dedicated wiki page for monodb yet, but if needed i can update wiki

@baursn baursn mentioned this pull request May 18, 2024
Closed
@chrislusf chrislusf merged commit 3fae876 into seaweedfs:master May 18, 2024
5 checks passed
github-advanced-security[bot]
github-advanced-security bot found potential problems May 18, 2024
View reviewed changes
weed/filer/mongodb/mongodb_store.go
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
InsecureSkipVerify: true,

Check failure

Code scanning / CodeQL

Disabled TLS certificate check High

InsecureSkipVerify should not be used in production code.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please add an option insecure_skip_verify similar to https://github.com/seaweedfs/seaweedfs/blob/master/weed/filer/arangodb/arangodb_store.go#L64

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@baursn ^^

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch, added in #5602

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrislusf chrislusf chrislusf left review comments

@Sepidemirsoltani Sepidemirsoltani Sepidemirsoltani approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@baursn @chrislusf @Sepidemirsoltani