From 7b72a5a910a4310bbb9b428f1eb9174bcd2ae414 Mon Sep 17 00:00:00 2001
From: james <james.nicolson.za@gmail.com>
Date: Wed, 19 May 2021 17:30:28 -0700
Subject: [PATCH] feat: support for mongodb SSL+auth source/mech+replica set

This change builds upon a previously proposed PR:
https://github.com/overhangio/tutor/pull/437

There was another long conversation about this topic here:
https://github.com/overhangio/tutor-forum/pull/10#issuecomment-1314799915

We could have supported the MongoDB auth/replica set/ssl parameters as part of
the MongoDB host URI, but then this URI is not supported in the forum plugin,
which uses an old version of the mongoid client. We were hoping that the client
would have been upgraded by now, but it's not been upgraded for a long time.

The changes introduced here are 100% backward-compatible. The forum plugin will
have to be updated to take into account the new parameters.
---
 .../20221128_100809_regis_mongodb_ssl.md        |  1 +
 docs/configuration.rst                          | 10 ++++++++--
 .../openedx/settings/partials/common_all.py     | 17 ++++++++---------
 tutor/templates/config/defaults.yml             |  4 ++++
 4 files changed, 21 insertions(+), 11 deletions(-)
 create mode 100644 changelog.d/20221128_100809_regis_mongodb_ssl.md

diff --git a/changelog.d/20221128_100809_regis_mongodb_ssl.md b/changelog.d/20221128_100809_regis_mongodb_ssl.md
new file mode 100644
index 0000000..07d4ffb
--- /dev/null
+++ b/changelog.d/20221128_100809_regis_mongodb_ssl.md
@@ -0,0 +1 @@
+- [Feature] Add support for MongoDB SSL, authentication source, mechanism and replica set via the `MONGODB_USE_SSL`, `MONGODB_AUTH_MECHANISM`, `MONGODB_AUTH_SOURCE`, `MONGODB_REPLICA_SET` settings. (by @zakum1 and @regisb)
diff --git a/docs/configuration.rst b/docs/configuration.rst
index fea8142..c3384cf 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -242,11 +242,17 @@ MongoDB
 *******
 
 - ``RUN_MONGODB`` (default: ``true``)
-- ``MONGODB_HOST`` (default: ``"mongodb"``)
 - ``MONGODB_DATABASE`` (default: ``"openedx"``)
+- ``MONGODB_HOST`` (default: ``"mongodb"``)
+- ``MONGODB_PASSWORD`` (default: ``""``)
 - ``MONGODB_PORT`` (default: ``27017``)
 - ``MONGODB_USERNAME`` (default: ``""``)
-- ``MONGODB_PASSWORD`` (default: ``""``)
+- ``MONGODB_USE_SSL`` (default: ``false``)
+- ``MONGODB_REPLICA_SET`` (default: ``""``)
+- ``MONGODB_AUTH_MECHANISM`` (default: ``""``)
+- ``MONGODB_AUTH_SOURCE`` (default: ``"admin"``)
+
+Note that most of these settings will have to be modified to connect to a MongoDB cluster that runs separately of Tutor, such as `Atlas <https://www.mongodb.com/atlas>`__. In particular, the authentication source, mechanism and the SSL connection parameters should not be specified as part of the `host URI <https://www.mongodb.com/docs/manual/reference/connection-string/>`__ but as separate Tutor settings. Supported values for ``MONGODB_AUTH_MECHANISM`` are the same as for pymongo (see the `pymongo documentation <https://pymongo.readthedocs.io/en/stable/examples/authentication.html>`__).
 
 Redis
 *****
diff --git a/tutor/templates/apps/openedx/settings/partials/common_all.py b/tutor/templates/apps/openedx/settings/partials/common_all.py
index 7f4368d..b225199 100644
--- a/tutor/templates/apps/openedx/settings/partials/common_all.py
+++ b/tutor/templates/apps/openedx/settings/partials/common_all.py
@@ -6,17 +6,16 @@ from xmodule.modulestore.modulestore_settings import update_module_store_setting
 
 # Mongodb connection parameters: simply modify `mongodb_parameters` to affect all connections to MongoDb.
 mongodb_parameters = {
+    "db": "{{ MONGODB_DATABASE }}",
     "host": "{{ MONGODB_HOST }}",
     "port": {{ MONGODB_PORT }},
-    {% if MONGODB_USERNAME and MONGODB_PASSWORD %}
-    "user": "{{ MONGODB_USERNAME }}",
-    "password": "{{ MONGODB_PASSWORD }}",
-    {% else %}
-    "user": None,
-    "password": None,
-    {% endif %}
-    "db": "{{ MONGODB_DATABASE }}",
-    "replicaSet": None,
+    "user": {% if MONGODB_USERNAME %}"{{ MONGODB_USERNAME }}"{% else %}None{% endif %},
+    "password": {% if MONGODB_PASSWORD %}"{{ MONGODB_PASSWORD }}"{% else %}None{% endif %},
+    # Connection/Authentication
+    "ssl": {{ MONGODB_USE_SSL }},
+    "authSource": "{{ MONGODB_AUTH_SOURCE }}",
+    "replicaSet": {% if MONGODB_REPLICA_SET %}"{{ MONGODB_REPLICA_SET }}"{% else %}None{% endif %},
+    {% if MONGODB_AUTH_MECHANISM %}"authMechanism": "{{ MONGODB_AUTH_MECHANISM }}",{% endif %}
 }
 DOC_STORE_CONFIG = mongodb_parameters
 CONTENTSTORE = {
diff --git a/tutor/templates/config/defaults.yml b/tutor/templates/config/defaults.yml
index af9adfb..385013b 100644
--- a/tutor/templates/config/defaults.yml
+++ b/tutor/templates/config/defaults.yml
@@ -34,11 +34,15 @@ K8S_NAMESPACE: "openedx"
 LANGUAGE_CODE: "en"
 LMS_HOST: "www.myopenedx.com"
 LOCAL_PROJECT_NAME: "{{ TUTOR_APP }}_local"
+MONGODB_AUTH_MECHANISM: ""
+MONGODB_AUTH_SOURCE: "admin"
 MONGODB_HOST: "mongodb"
 MONGODB_DATABASE: "openedx"
 MONGODB_PORT: 27017
 MONGODB_USERNAME: ""
 MONGODB_PASSWORD: ""
+MONGODB_REPLICA_SET: ""
+MONGODB_USE_SSL: false
 OPENEDX_AWS_ACCESS_KEY: ""
 OPENEDX_AWS_SECRET_ACCESS_KEY: ""
 OPENEDX_CACHE_REDIS_DB: 1