Skip to content

Commit

Permalink
make Mykola's requested changes
Browse files Browse the repository at this point in the history
  • Loading branch information
MiaAltieri committed Mar 11, 2024
1 parent dd8a4c5 commit 50f2976
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 14 deletions.
20 changes: 10 additions & 10 deletions lib/charms/mongodb/v1/helpers.py
Original file line number Diff line number Diff line change
Expand Up @@ -124,15 +124,6 @@ def get_mongos_args(
]

# TODO : generalise these into functions to be re-used
if not config.tls_internal:
# keyFile cannot be used without auth and cannot be used in tandem with internal TLS
cmd.extend(
[
"--clusterAuthMode=keyFile",
f"--keyFile={full_conf_dir}/{KEY_FILE}",
]
)

if config.tls_external:
cmd.extend(
[
Expand All @@ -144,7 +135,7 @@ def get_mongos_args(
]
)

# internal TLS can be enabled only in external is enabled
# internal TLS can be enabled only if external is enabled
if config.tls_internal and config.tls_external:
cmd.extend(
[
Expand All @@ -154,6 +145,15 @@ def get_mongos_args(
f"--tlsClusterFile={full_conf_dir}/{TLS_INT_PEM_FILE}",
]
)
else:
# keyFile used for authentication replica set peers if no internal tls configured.
cmd.extend(
[
"--clusterAuthMode=keyFile",
f"--keyFile={KEY_FILE}",
]
)

cmd.append("\n")
return " ".join(cmd)

Expand Down
6 changes: 2 additions & 4 deletions lib/charms/mongodb/v1/shards_interface.py
Original file line number Diff line number Diff line change
Expand Up @@ -582,7 +582,7 @@ def update_member_auth(
# sharded MongoDB clusters it is necessary that the subject and organisation name are the
# same in their CSRs. Re-requesting a cert after integrated with the config-server
# regenerates the cert with the appropriate configurations needed for sharding.
if cluster_auth_tls and tls_integrated and not self._should_request_new_certs():
if cluster_auth_tls and tls_integrated and self._should_request_new_certs():
logger.info("Cluster implements internal membership auth via certificates")
self.charm.tls.request_certificate(param=None, internal=True)
self.charm.tls.request_certificate(param=None, internal=False)
Expand Down Expand Up @@ -640,7 +640,7 @@ def _on_relation_changed(self, event):

# relation-changed events can be used for other purposes (not only adding the shard), i.e.
# password rotation, secret rotation, mongos hosts rotation
if not self._is_mongos_reachable() or not self._is_added_to_cluster():
if self._is_mongos_reachable() and not self._is_added_to_cluster():
self.charm.unit.status = MaintenanceStatus("Adding shard to config-server")

# shards rely on the config server for shared cluster secrets
Expand Down Expand Up @@ -681,8 +681,6 @@ def _on_relation_changed(self, event):
self.charm._connect_pbm_agent()
self.charm.app_peer_data["mongos_hosts"] = json.dumps(self.get_mongos_hosts())

self.charm.unit.status = ActiveStatus("")

def pass_hook_checks(self, event):
"""Runs the pre-hooks checks for ConfigServerRequirer, returns True if all pass."""
if not self.charm.db_initialised:
Expand Down

0 comments on commit 50f2976

Please sign in to comment.