Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(mongodb): add extended config options for MongoDB #831

Draft
wants to merge 18 commits into
base: main
Choose a base branch
from
Draft

feat(mongodb): add extended config options for MongoDB #831

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
a2711cb
feat: expose custom options for Mongodb connection
lewisdaly Mar 26, 2021
7e4bed2
feat: validate tls connection settings for mongodb with integration t…
lewisdaly Mar 31, 2021
4f79cb2
fix: connectMongoose invalid return value
lewisdaly Mar 31, 2021
6a6591f
feat(test): add unit tests for mongodb connect
lewisdaly Mar 31, 2021
a29db8c
fix: setup tests
lewisdaly Mar 31, 2021
395e626
fix: test coverage
lewisdaly Mar 31, 2021
8c66fca
security: run audit:resolve, and ignore low for 1 month
lewisdaly Mar 31, 2021
127cb45
fix(integration): working on better integration test runner
lewisdaly Mar 31, 2021
e2dee08
fix(integration): working on better integration test runner
lewisdaly Apr 14, 2021
5efef18
fix(integration): disable handlers tests for now to test updated inte…
lewisdaly Apr 14, 2021
c3f95c8
fix(integration): copy results file
lewisdaly Apr 14, 2021
d7dcc5e
fix(integration): fix kafka config for integration runner
lewisdaly Apr 14, 2021
f1c76af
fix(integration): clean up runner
lewisdaly Apr 14, 2021
e975d1d
fix(integration): clean up runner
lewisdaly Apr 14, 2021
94c1f53
fix(integration): clean up runner
lewisdaly Apr 14, 2021
ddbde29
fix(integration): clean up runner
lewisdaly Apr 14, 2021
20d1d13
fix(integration): clean up logs from tests
lewisdaly Apr 14, 2021
eb5aa73
fix(integration): clean up logs from tests
lewisdaly Apr 14, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ Tests include code coverage via istanbul. See the test/ folder for testing scrip
If you want to run integration tests in a repetitive manner, you can startup the test containers using `docker-compose`, login to running `central-ledger` container like so:

```bash
docker-compose -f docker-compose.yml -f docker-compose.integration.yml up kafka mysql central-ledger
docker-compose -f docker-compose.yml -f docker-compose.integration.yml up kafka mysql objstore central-ledger

#in a new shell
docker exec -it cl_central-ledger sh
Expand Down
30 changes: 25 additions & 5 deletions audit-resolve.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,8 +97,8 @@
},
"1500|@mojaloop/central-services-shared>widdershins>yargs>yargs-parser": {
"decision": "ignore",
"madeAt": 1613868373740,
"expiresAt": 1616460368344
"madeAt": 1617153555520,
"expiresAt": 1619745500071
},
"1594|@mojaloop/central-services-health>@mojaloop/central-services-shared>axios": {
"decision": "ignore",
Expand All @@ -112,8 +112,8 @@
},
"1500|@mojaloop/central-services-health>@mojaloop/central-services-shared>widdershins>yargs>yargs-parser": {
"decision": "ignore",
"madeAt": 1613868373740,
"expiresAt": 1616460368344
"madeAt": 1617153555520,
"expiresAt": 1619745500071
},
"1640|@mojaloop/central-services-health>@mojaloop/central-services-shared>widdershins>urijs": {
"decision": "ignore",
Expand All @@ -129,8 +129,28 @@
"decision": "ignore",
"madeAt": 1615756857121,
"expiresAt": 1618348850367
},
"1654|@mojaloop/central-services-health>@mojaloop/central-services-shared>@mojaloop/event-sdk>grpc>protobufjs>yargs>y18n": {
"decision": "fix",
"madeAt": 1617153524610
},
"1654|@mojaloop/central-services-shared>@mojaloop/event-sdk>grpc>protobufjs>yargs>y18n": {
"decision": "fix",
"madeAt": 1617153524610
},
"1654|@mojaloop/event-sdk>grpc>protobufjs>yargs>y18n": {
"decision": "fix",
"madeAt": 1617153524610
},
"1654|@mojaloop/central-services-health>@mojaloop/central-services-shared>widdershins>yargs>y18n": {
"decision": "fix",
"madeAt": 1617153540236
},
"1654|@mojaloop/central-services-shared>widdershins>yargs>y18n": {
"decision": "fix",
"madeAt": 1617153540236
}
},
"rules": {},
"version": 1
}
}
6 changes: 5 additions & 1 deletion config/default.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,11 @@
},
"MONGODB": {
"DISABLED": true,
"URI": "mongodb://localhost:27017/mlos"
"URI": "mongodb://localhost:27017/mlos",
"OPTIONS": {
"ssl": false,
"sslValidate": false
}
},
"ERROR_HANDLING": {
"includeCauseExtension": true,
Expand Down
6 changes: 5 additions & 1 deletion docker-compose.integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,17 @@ services:
ports:
- "3001:3001"
volumes:
- ./docker/central-ledger/default.json:/opt/central-ledger/config/default.json
- ./test/integration-config.json:/opt/central-ledger/config/default.json
- ./test:/opt/central-ledger/test
- ./src:/opt/central-ledger/src
# Only mount in node_modules if you want to update dependencies on the fly
# This comes with it's own issues... so beware
# - ./node_modules:/opt/central-ledger/node_modules
environment:
- CLEDG_SIDECAR__DISABLED=true
- CLEDG_MONGODB__DISABLED=true
- CSL_LOG_TRANSPORT=console
- LOG_LEVEL=info
command:
- tail
- -f
Expand Down
10 changes: 7 additions & 3 deletions docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,6 +122,7 @@ services:
ports:
- "2181:2181"
- "9092:9092"
- "29092:29092"
environment:
- ZOO_LOG4J_PROP=WARN
networks:
Expand All @@ -136,9 +137,12 @@ services:
objstore:
image: mongo:latest
container_name: cl_objstore
# Disable logging as it is far too verbose for debugging locally
logging:
driver: none
# Allows TLS without requiring client to provide certs
# lets us test both with TLS and non-TLS connections
command: --tlsMode allowTLS --tlsCertificateKeyFile /etc/ssl/test-server1.pem --tlsCAFile /etc/ssl/test-ca.pem --tlsAllowConnectionsWithoutCertificates
volumes:
- ./docker/objstore/test-server1.pem:/etc/ssl/test-server1.pem
- ./docker/objstore/test-ca.pem:/etc/ssl/test-ca.pem
ports:
- "27017:27017"
networks:
Expand Down
11 changes: 11 additions & 0 deletions docker/objstore/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# objstore docker-compose config


We generate the files `test-ca.pem` and `test-server1.pem` for us to test out MongoDB's TLS settings.

These keys should NOT be used in production. They are for integration test purposes only.

References:
1. https://docs.mongodb.com/manual/appendix/security/appendixA-openssl-ca/
2. https://docs.mongodb.com/manual/appendix/security/appendixB-openssl-server/

67 changes: 67 additions & 0 deletions docker/objstore/openssl-test-ca.cnf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
# NOT FOR PRODUCTION USE. OpenSSL configuration file for testing.

# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
default_bits = 4096
default_keyfile = myTestCertificateKey.pem ## The default private key file name.
default_md = sha256 ## Use SHA-256 for Signatures
distinguished_name = req_dn
req_extensions = v3_req
x509_extensions = v3_ca # The extentions to add to the self signed cert

[ v3_req ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment
nsComment = "OpenSSL Generated Certificate for TESTING only. NOT FOR PRODUCTION USE."
extendedKeyUsage = serverAuth, clientAuth

[ req_dn ]
countryName = Country Name (2 letter code)

countryName_default = AU

countryName_min = 2
countryName_max = 2

stateOrProvinceName = State or Province Name (full name)

stateOrProvinceName_default = TestCertificateStateName

stateOrProvinceName_max = 64

localityName = Locality Name (eg, city)

localityName_default = TestCertificateLocalityName

localityName_max = 64

organizationName = Organization Name (eg, company)

organizationName_default = TestCertificateOrgName

organizationName_max = 64

organizationalUnitName = Organizational Unit Name (eg, section)

organizationalUnitName_default = TestCertificateOrgUnitName

organizationalUnitName_max = 64

commonName = Common Name (eg, YOUR name)
commonName_max = 64

[ v3_ca ]
# Extensions for a typical CA

subjectKeyIdentifier=hash
basicConstraints = critical,CA:true
authorityKeyIdentifier=keyid:always,issuer:always
63 changes: 63 additions & 0 deletions docker/objstore/openssl-test-server.cnf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# NOT FOR PRODUCTION USE. OpenSSL configuration file for testing.


[ req ]
default_bits = 4096
default_keyfile = myTestServerCertificateKey.pem ## The default private key file name.
default_md = sha256
distinguished_name = req_dn
req_extensions = v3_req

[ v3_req ]
subjectKeyIdentifier = hash
basicConstraints = CA:FALSE
keyUsage = critical, digitalSignature, keyEncipherment
nsComment = "OpenSSL Generated Certificate for TESTING only. NOT FOR PRODUCTION USE."
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names

[ alt_names ]

DNS.1 = objstore ##TODO: Enter the DNS names. The DNS names should match the server names.

DNS.2 = localhost ##TODO: Enter the DNS names. The DNS names should match the server names.

# IP.1 = ##TODO: Enter the IP address. SAN matching by IP address is available starting in MongoDB 4.2

# IP.2 = ##TODO: Enter the IP address. SAN matching by IP address is available starting in MongoDB 4.2


[ req_dn ]
countryName = Country Name (2 letter code)

countryName_default = AU

countryName_min = 2
countryName_max = 2

stateOrProvinceName = State or Province Name (full name)

stateOrProvinceName_default = TestServerCertificateState

stateOrProvinceName_max = 64

localityName = Locality Name (eg, city)

localityName_default = TestServerCertificateLocality

localityName_max = 64

organizationName = Organization Name (eg, company)

organizationName_default = TestServerCertificateOrg

organizationName_max = 64

organizationalUnitName = Organizational Unit Name (eg, section)

organizationalUnitName_default = TestServerCertificateOrgUnit

organizationalUnitName_max = 64

commonName = Common Name (eg, YOUR name)
commonName_max = 64
78 changes: 78 additions & 0 deletions docker/objstore/test-ca.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
-----BEGIN CERTIFICATE-----
MIIG3TCCBMWgAwIBAgIUKu9Q+6m8XKmNf4BO4Hd7/rR14TYwDQYJKoZIhvcNAQEL
BQAwgZwxCzAJBgNVBAYTAkFVMSEwHwYDVQQIDBhUZXN0Q2VydGlmaWNhdGVTdGF0
ZU5hbWUxJDAiBgNVBAcMG1Rlc3RDZXJ0aWZpY2F0ZUxvY2FsaXR5TmFtZTEfMB0G
A1UECgwWVGVzdENlcnRpZmljYXRlT3JnTmFtZTEjMCEGA1UECwwaVGVzdENlcnRp
ZmljYXRlT3JnVW5pdE5hbWUwHhcNMjEwMzMwMDcyMzMzWhcNMjYwMzMwMDcyMzMz
WjCBnDELMAkGA1UEBhMCQVUxITAfBgNVBAgMGFRlc3RDZXJ0aWZpY2F0ZVN0YXRl
TmFtZTEkMCIGA1UEBwwbVGVzdENlcnRpZmljYXRlTG9jYWxpdHlOYW1lMR8wHQYD
VQQKDBZUZXN0Q2VydGlmaWNhdGVPcmdOYW1lMSMwIQYDVQQLDBpUZXN0Q2VydGlm
aWNhdGVPcmdVbml0TmFtZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
AM8NMKdBZZbSabqFMFBTD3vo/rieyZYk/exOJb2WTwsrQdljTyWVNmwg6TcfKlh+
fzr+9CIdomCgdl+WAeLZcJ/DO/AA45Jc3/frbFmHNo+BmVbp+reT9zRgd7f0O5bE
vwL3J3ElcB7d3SZeEGDj815MO0EQShx24YgtI2VBcRsaaRZTu5VNW+Iq1wDsinoq
1CVn+Y7Hz8jOfDfZqcmGGEnF54j9++hBb7GoSjd7q5tYvFN4c/veBpQbUmGoPgin
JEv90bdHrc44vY+2H7aJYwP+NCC2RESmvEYQT/2eV7ApKvoQuWq/2QcDWJKIzHvT
n5vv74QecYh9hvb5Dfpk0p7vSZEO26Bl9Gs8ASYRwqeWEiFEOzyQrPIFOBZuRxRe
F/5syaSp87O7iEUYMEO9epBp8/zOiVlOht69ao5MwXckvzfvkCkGYEpqo2VCfnlK
M+bli+eDQihhtoWXc7uBRIaUfxREV24d/S4UENb6gcQW6BghvSrFyfl+4Cx0S9kr
fefvXiwlF1nTl3hKSc7GhjMHxOUriV5p49CnmjvGi52kuVYAAvmd7jacUEcwoDWU
kXL4QzCRl6CL+GZ74PaevZWisHKC3dTWgPkg+vYmEiFD0/K7HHo4ee3szY756HpW
Ucck5ngZdrCj7TsWf5M+4cAPuna5N5Hf6MZuzMV1XdgzAgMBAAGjggETMIIBDzAd
BgNVHQ4EFgQUWWDzA1pP4JmsbHys6ijDe7ITmxIwDwYDVR0TAQH/BAUwAwEB/zCB
3AYDVR0jBIHUMIHRgBRZYPMDWk/gmaxsfKzqKMN7shObEqGBoqSBnzCBnDELMAkG
A1UEBhMCQVUxITAfBgNVBAgMGFRlc3RDZXJ0aWZpY2F0ZVN0YXRlTmFtZTEkMCIG
A1UEBwwbVGVzdENlcnRpZmljYXRlTG9jYWxpdHlOYW1lMR8wHQYDVQQKDBZUZXN0
Q2VydGlmaWNhdGVPcmdOYW1lMSMwIQYDVQQLDBpUZXN0Q2VydGlmaWNhdGVPcmdV
bml0TmFtZYIUKu9Q+6m8XKmNf4BO4Hd7/rR14TYwDQYJKoZIhvcNAQELBQADggIB
AJm/IhJE7EdIFQOOsHOeR79be0XcAAdLbTJpTNY05FInDrchDshaAvpykvZCGqaH
661dLXKq5uM1ZaACOGyLChEHUYTuuqIV8u6N1++6NcCY/4yij0V6jZTq2XLoMnQ6
WXpDZm8arT3tG1U8NdD9K+i2pzdbF0cIHblPFar9m9XcYht0Ah7tO9VdoXyf1843
Ln5wxACe0oJoiEB3rGAqvAxQS1K9YhfPFU7UwNLL1Qp/WOeQ02aQsxDItnYwx0+g
zMPpQ1vyi5bTllc83SxtU/MS7hEUhFo8Wofl3+mWUudzBIqdYLOunNDsfrUqMHjR
GB9n0zWbZ39xPtpB/M9UuEZXUDIkOB9qs3JH7h4QhYk5yU9oDrm9dWCxc5Mi/zYu
3tw7mrEeDKW8hdFRLG6kuRzFTcQUaBmihBUP2vK+fjNnjWCPdASpEwssxDS3BJDK
HU/l6Gm035QLaQx4rncvYLcJx6G4wgSeJL0WV51TqiNoTSqNIjI7uDJSivaCjFC+
R3Pe81lFTc50xsEJNYac+24B1pqoGcJBmbwWk8bVCOpWmHRlvQlf+ZcYvJ0mbmB1
T3QpiupnhRYjYpYaYsjzF5OpwU00QfSVSY5Fs+6r0CqHNLBshpdd+kUym/qsarED
2X7LjKdfA4fXOb5288tLyaKvswmzaiZsEl2mmTtY1qrJ
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGyjCCBLKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDELMAkGA1UEBhMCQVUx
ITAfBgNVBAgMGFRlc3RDZXJ0aWZpY2F0ZVN0YXRlTmFtZTEkMCIGA1UEBwwbVGVz
dENlcnRpZmljYXRlTG9jYWxpdHlOYW1lMR8wHQYDVQQKDBZUZXN0Q2VydGlmaWNh
dGVPcmdOYW1lMSMwIQYDVQQLDBpUZXN0Q2VydGlmaWNhdGVPcmdVbml0TmFtZTAe
Fw0yMTAzMzAwNzI0MzBaFw0yMzAzMzAwNzI0MzBaMIGcMQswCQYDVQQGEwJBVTEh
MB8GA1UECAwYVGVzdENlcnRpZmljYXRlU3RhdGVOYW1lMSQwIgYDVQQHDBtUZXN0
Q2VydGlmaWNhdGVMb2NhbGl0eU5hbWUxHzAdBgNVBAoMFlRlc3RDZXJ0aWZpY2F0
ZU9yZ05hbWUxIzAhBgNVBAsMGlRlc3RDZXJ0aWZpY2F0ZU9yZ1VuaXROYW1lMIIC
IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuuNJPqfjebhYmW6QCvUzbCy/
Ybye/BXTSbEMk04k1RNK6dWx3i28aAs367RNP9wmaK1aF7JQOyjqCj1lUWpCy/Ze
5cBH2u3Muwbceu0ofQyiYdlrjfXlX1PtqIxpJHb6yD9IMfbeNqzazSbzTsPDCtRz
IosbeJ9Co8ZL1kRwop8cBYhetAzU3YN/JOhAl/RudKoP1km5lr1FtPUDW3L2TVrq
NzByOf59hSCMDhPpPKFRX/Qw3wDuOzYrBdXy3TNPlFKSp0de+xgaM4TgdvWVqaOW
6VKlnTe92rMId8rQZxgH7ENpinE8k9GBbGVFsa4wIjIO2B+sihopmHmjP4zaJMue
OU6FTA8vGXMF3WmdTW14AIuv/QqZ2vfF+IIjUzjFwOLd0ayPo6RN6mVh5Xp04xKh
/7A16GISb4ObgLzDaRLvGjId4FuK16UuX70FsNN7sp2Hj66lf/xSurWvyI8eohca
sXw54ELH+BKIwBE4wmOOd6J6I9fQybtEPX4BfVgAVygBuuQu5TJLSCwYtaSLNadl
i/6uCG8w9ZjOBMq12brDKTwbaGZgrBcLzNDKy87T9OBcdkWgQgRdDWh0MUoQhkek
yY9G/6ofEz5yeKvrSRpJHxT7mR5qu+VRbjcuJPCUnz8/cE4jd9VHYqJug/cWK2cE
OTrPo//btfZ8pXJYqwkCAwEAAaOCARMwggEPMB0GA1UdDgQWBBTz9B5Ye6XCIagq
/ChUXUsyIK9kwzAPBgNVHRMBAf8EBTADAQH/MIHcBgNVHSMEgdQwgdGAFFlg8wNa
T+CZrGx8rOoow3uyE5sSoYGipIGfMIGcMQswCQYDVQQGEwJBVTEhMB8GA1UECAwY
VGVzdENlcnRpZmljYXRlU3RhdGVOYW1lMSQwIgYDVQQHDBtUZXN0Q2VydGlmaWNh
dGVMb2NhbGl0eU5hbWUxHzAdBgNVBAoMFlRlc3RDZXJ0aWZpY2F0ZU9yZ05hbWUx
IzAhBgNVBAsMGlRlc3RDZXJ0aWZpY2F0ZU9yZ1VuaXROYW1lghQq71D7qbxcqY1/
gE7gd3v+tHXhNjANBgkqhkiG9w0BAQsFAAOCAgEAOdRykkikB6VFfL+NZSKs7zt2
SPXqDTX0Ap5ZVL+I/OXiXEEMnl5xnDytu4GTN3u1+HGkGV0f81ZHYGxCKcA+NN2W
hbmlpVMpfQ/kjpwtoUi8at/Gj6OA8NuGigktO+5kZ/2qMi9hKLUTYVUgbchWlnet
1FfdQM+YpBmePl/MT7lRQ3orMAZoNzfxnad+A3O+L8ROiS2wZA3a94GgJYIxsAyj
zp54OCrdrxfEzfSM9RZ0LYPl28BYZqMhq/M/r8SACauCA4D4elBO99vcocHyAMrK
vxy2C41CdZNV3pLA6Q37eqnJmr+aIt2NPO2xHb0j64Z+crWLH3aJuOVd+mMceij3
C8TMEJgvslpCDw3fxCwk2UEeTm/ZibAivYo9ON1JGXQSeg4maLQ+BWc4QaznQWs9
waDb4YS7n9u9UlBdKmLzmcLU/UV2DHeUlwbxazJEf5MwLtaHdNb9r/sUqbUOzJU9
zXFo0jOu0EnE/WL+wqTxXsj7o18PQVZyvuTxjRzPc+0Zpy73a8egf/1bt+zKKVLC
XlLvCe1IdEA2wkOokm2bTdh7K0Pw9KR7T8KoW6ezkkLhHr/eF2Gc+ayvs4RxlKMJ
l0lwduFEGewQ5lSfevHHfd3FVjm+8HMJumxG7Z8VeaXxibTLGXdxg4usJXTYOdV2
gnxqX+h1dg5fsfsXMU0=
-----END CERTIFICATE-----
Loading