From 814021e0890a3a992ab13996336b8b2378158521 Mon Sep 17 00:00:00 2001
From: Abu Sayed <82162518+sayedppqq@users.noreply.github.com>
Date: Fri, 12 Jan 2024 14:31:26 +0600
Subject: [PATCH] Fix for Shard TLS for verison 6+ (#29)

Signed-off-by: Sayed <sayed@appscode.com>
Co-authored-by: Arnob kumar saha <arnob@appscode.com>
---
 Dockerfile    |  5 +++++
 install.sh    |  1 +
 mongos.sh     | 20 ++++++++++----------
 replicaset.sh | 10 +++++-----
 sharding.sh   | 10 +++++-----
 5 files changed, 26 insertions(+), 20 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 5e3f697..145248e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -29,6 +29,9 @@ FROM alpine:latest
 
 RUN apk add --no-cache openssl gettext
 
+RUN delgroup ping
+RUN adduser -u 999 -g 999 -D mongo
+
 COPY install.sh /scripts/install.sh
 COPY replicaset.sh /scripts/replicaset.sh
 COPY arbiter.sh /scripts/arbiter.sh
@@ -39,6 +42,8 @@ COPY mongos.sh /scripts/mongos.sh
 COPY common.sh /scripts/common.sh
 COPY --from=builder peer-finder /scripts/peer-finder
 
+RUN chown -R mongo /scripts
+
 RUN chmod -c 755 /scripts/peer-finder \
  /scripts/install.sh \
  /scripts/arbiter.sh \
diff --git a/install.sh b/install.sh
index c8e0472..fa9b1c0 100644
--- a/install.sh
+++ b/install.sh
@@ -49,6 +49,7 @@ if [[ "$SSL_MODE" != "disabled" ]] && [[ -f "$client_pem" ]]; then
     envsubst '${INJECT_USER}' <${INIT_DIR}/replicaset.sh >${DEST_DIR}/replicaset.sh
     envsubst '${INJECT_USER}' <${INIT_DIR}/sharding.sh >${DEST_DIR}/sharding.sh
     envsubst '${INJECT_USER}' <${INIT_DIR}/mongos.sh >${DEST_DIR}/mongos.sh
+    rm ${INIT_DIR}/replicaset.sh ${INIT_DIR}/mongos.sh ${INIT_DIR}/sharding.sh
     chmod -c 755 ${DEST_DIR}/replicaset.sh ${DEST_DIR}/sharding.sh ${DEST_DIR}/mongos.sh
 fi
 
diff --git a/mongos.sh b/mongos.sh
index 5def2d9..4356a7e 100644
--- a/mongos.sh
+++ b/mongos.sh
@@ -127,15 +127,15 @@ if [[ $(mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@
     log "Done."
 fi
 
-if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
-    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
-    log "Creating root user ${INJECT_USER} for SSL..."
-    out=$(mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({usersInfo: \"${INJECT_USER}\"})")
-    if echo "$out" | grep '${INJECT_USER}'; then
-        log "root user ${INJECT_USER} Already exists..."
-    else
-        mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
-    fi
-fi
+#if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
+#    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
+#    log "Creating root user ${INJECT_USER} for SSL..."
+#    out=$(mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({usersInfo: \"${INJECT_USER}\"})")
+#    if echo "$out" | grep '${INJECT_USER}'; then
+#        log "root user ${INJECT_USER} Already exists..."
+#    else
+#        mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
+#    fi
+#fi
 
 log "Good bye."
diff --git a/replicaset.sh b/replicaset.sh
index 866dc8e..12a53ff 100644
--- a/replicaset.sh
+++ b/replicaset.sh
@@ -158,10 +158,10 @@ if mongosh admin "$ipv6" --host localhost "${ssl_args[@]}" --quiet --eval "JSON.
     log "Done."
 fi
 
-if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
-    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
-    log "Creating root user ${INJECT_USER} for SSL..."
-    mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
-fi
+#if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
+#    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
+#    log "Creating root user ${INJECT_USER} for SSL..."
+#    mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
+#fi
 
 log "Good bye."
diff --git a/sharding.sh b/sharding.sh
index 00feeb5..7f34060 100644
--- a/sharding.sh
+++ b/sharding.sh
@@ -132,10 +132,10 @@ if mongosh admin "$ipv6" --host localhost "${ssl_args[@]}" --quiet --eval "JSON.
     log "Done."
 fi
 
-if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
-    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
-    log "Creating root user ${INJECT_USER} for SSL..."
-    mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
-fi
+#if [[ ${SSL_MODE} != "disabled" ]] && [[ -f "$client_pem" ]]; then
+#    #xref: https://docs.mongodb.com/manual/tutorial/configure-x509-client-authentication/#procedures
+#    log "Creating root user ${INJECT_USER} for SSL..."
+#    mongosh admin "$ipv6" --host localhost "${admin_creds[@]}" "${ssl_args[@]}" --eval "db.getSiblingDB(\"\$external\").runCommand({createUser: \"${INJECT_USER}\",roles:[{role: 'root', db: 'admin'}],})"
+#fi
 
 log "Good bye."