search

reactioncommerce / reaction

Mailchimp Open Commerce is an API-first, headless commerce platform built using Node.js, React, GraphQL. Deployed via Docker and Kubernetes.
https://mailchimp.com/developer/open-commerce/
GNU General Public License v3.0
12.26k stars 2.16k forks source link

Cannot pass mongo options to use cacert #6483

Open heri16 opened 3 years ago

heri16 commented 3 years ago

https://github.com/reactioncommerce/api-core/blob/de2e924ae68247c08f690fbbd3fc9f678f4f45ec/src/util/mongoConnectWithRetry.js#L25

https://scalegrid.io/blog/mongodb-ssl-with-self-signed-certificates-in-node-js/

There is no way now to do the below on reaction.

var certFileBuf = fs.readFileSync(<path to CA cert file>);
var mongoUrl = 'mongodb://admin:blahblah@test0.servers.example.com:27017/admin?ssl=true';

var options = {
  replSet: {
    sslCA: certFileBuf
  }
};
var MongoClient = require('mongodb').MongoClient
  , assert = require('assert');

MongoClient.connect(mongoUrl, options, function(err, db) {
   assert.equal(null, err);
   console.log("Connected correctly to server");
   db.close();
 });
novayadi85 commented 3 years ago

https://docs.aws.amazon.com/documentdb/latest/developerguide/connect_programmatically.html

This does not work too.

focusaurus commented 3 years ago

I agree this type of burying of key mongo connection options is not ideal. We need a way for the outermost application to provide mongo connection options. Complex types like a certFileBuf might require a real object to be passed through unless we want to model all the options as environment variables and support file paths, etc.