HELP-28512: mongocli cannot handle net.tls.FIPSMode properly (#893)

andreaangiolillo · web-flow · commit 7ac9be8980ba · 2021-10-20T14:58:09.000+01:00
diff --git a/go.mod b/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/stretchr/testify v1.7.0
 	github.com/tangzero/inflector v1.0.0
 	go.mongodb.org/atlas v0.13.0
-	go.mongodb.org/ops-manager v0.30.0
+	go.mongodb.org/ops-manager v0.30.1
 	gopkg.in/yaml.v2 v2.4.0
 )
 
diff --git a/go.sum b/go.sum
@@ -339,6 +339,8 @@ go.mongodb.org/atlas v0.13.0 h1:JkJOWsKm9k2mcFaivaaMNDpKDsxJJj1O0eUsDtnNvuE=
 go.mongodb.org/atlas v0.13.0/go.mod h1:wVCnHcm/7/IfTjEB6K8K35PLG70yGz8BdkRwX0oK9/M=
 go.mongodb.org/ops-manager v0.30.0 h1:8nKyxdUo83cRny4kVOcDeZzf09WseVF5RtHUtGxHpZ0=
 go.mongodb.org/ops-manager v0.30.0/go.mod h1:x3CljG6FzfD/DwPCkt/7fKpGccKpHk91VlLOgK0eMTE=
+go.mongodb.org/ops-manager v0.30.1 h1:AI15ZQxQaSfbCY96A60ZLDlT3gA0WsPWncxdHDrc5xE=
+go.mongodb.org/ops-manager v0.30.1/go.mod h1:5S1wIr61QVUDhPyRiB35iEPocLd4WpJALejUMe9fHuI=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
diff --git a/internal/convert/automation_config_test.go b/internal/convert/automation_config_test.go
@@ -27,6 +27,7 @@ import (
 
 func TestFromAutomationConfig(t *testing.T) {
 	name := "cluster_1"
+	fipsMode := true
 	t.Run("replica set", func(t *testing.T) {
 		t.Parallel()
 		config := fixture.AutomationConfigWithOneReplicaSet(name, false)
@@ -66,7 +67,7 @@ func TestFromAutomationConfig(t *testing.T) {
 								ClusterPassword:            "ClusterPassword",
 								CRLFile:                    "CRLFile",
 								DisabledProtocols:          "DisabledProtocols",
-								FIPSMode:                   "FIPSMode",
+								FIPSMode:                   &fipsMode,
 								Mode:                       "Mode",
 								PEMKeyFile:                 "PEMKeyFile",
 							},
diff --git a/internal/convert/cluster_config_test.go b/internal/convert/cluster_config_test.go
@@ -27,6 +27,7 @@ import (
 )
 
 func TestClusterConfig_PatchAutomationConfig(t *testing.T) {
+	fipsMode := true
 	testCases := map[string]struct {
 		current  *opsmngr.AutomationConfig
 		expected *opsmngr.AutomationConfig
@@ -133,7 +134,7 @@ func TestClusterConfig_PatchAutomationConfig(t *testing.T) {
 								ClusterPassword:            "ClusterPassword",
 								CRLFile:                    "CRLFile",
 								DisabledProtocols:          "DisabledProtocols",
-								FIPSMode:                   "FIPSMode",
+								FIPSMode:                   &fipsMode,
 								Mode:                       "Mode",
 								PEMKeyFile:                 "PEMKeyFile",
 							},
@@ -163,7 +164,7 @@ func TestClusterConfig_PatchAutomationConfig(t *testing.T) {
 									ClusterPassword:            "ClusterPassword",
 									CRLFile:                    "CRLFile",
 									DisabledProtocols:          "DisabledProtocols",
-									FIPSMode:                   "FIPSMode",
+									FIPSMode:                   &fipsMode,
 									Mode:                       "Mode",
 									PEMKeyFile:                 "PEMKeyFile",
 								},
@@ -215,7 +216,7 @@ func TestClusterConfig_PatchAutomationConfig(t *testing.T) {
 									ClusterPassword:            "ClusterPassword",
 									CRLFile:                    "CRLFile",
 									DisabledProtocols:          "DisabledProtocols",
-									FIPSMode:                   "FIPSMode",
+									FIPSMode:                   &fipsMode,
 									Mode:                       "Mode",
 									PEMKeyFile:                 "PEMKeyFile",
 								},
@@ -450,7 +451,7 @@ func TestClusterConfig_PatchAutomationConfig(t *testing.T) {
 									ClusterPassword:            "ClusterPassword",
 									CRLFile:                    "CRLFile",
 									DisabledProtocols:          "DisabledProtocols",
-									FIPSMode:                   "FIPSMode",
+									FIPSMode:                   &fipsMode,
 									Mode:                       "Mode",
 									PEMKeyFile:                 "PEMKeyFile",
 								},
diff --git a/internal/convert/process_config.go b/internal/convert/process_config.go
@@ -88,7 +88,7 @@ type TLS struct {
 	ClusterPassword            string `yaml:"clusterPassword,omitempty" json:"clusterPassword,omitempty"`
 	CRLFile                    string `yaml:"CRLFile,omitempty" json:"CRLFile,omitempty"`
 	DisabledProtocols          string `yaml:"disabledProtocols,omitempty" json:"disabledProtocols,omitempty"`
-	FIPSMode                   string `yaml:"FIPSMode,omitempty" json:"FIPSMode,omitempty"`
+	FIPSMode                   *bool  `yaml:"FIPSMode,omitempty" json:"FIPSMode,omitempty"`
 	Mode                       string `yaml:"mode,omitempty" json:"mode,omitempty"`
 	PEMKeyFile                 string `yaml:"PEMKeyFile,omitempty" json:"PEMKeyFile,omitempty"`
 }
diff --git a/internal/convert/process_config_test.go b/internal/convert/process_config_test.go
@@ -27,6 +27,7 @@ import (
 
 func Test_newReplicaSetProcessConfig(t *testing.T) {
 	var slaveDelay float64
+	fipsMode := true
 	omp := &opsmngr.Process{
 		Args26: opsmngr.Args26{
 			AuditLog: &opsmngr.AuditLog{
@@ -37,7 +38,10 @@ func Test_newReplicaSetProcessConfig(t *testing.T) {
 			},
 			NET: opsmngr.Net{
 				Port: 27017,
-				TLS:  &opsmngr.TLS{Mode: "disabled"},
+				TLS: &opsmngr.TLS{
+					Mode:     "disabled",
+					FIPSMode: &fipsMode,
+				},
 			},
 			Replication: &opsmngr.Replication{
 				ReplSetName: "myReplicaSet",
@@ -111,7 +115,10 @@ func Test_newReplicaSetProcessConfig(t *testing.T) {
 		ArbiterOnly:                 pointy.Bool(false),
 		Disabled:                    false,
 		Hidden:                      pointy.Bool(false),
-		TLS:                         &TLS{Mode: "disabled"},
+		TLS: &TLS{
+			Mode:     "disabled",
+			FIPSMode: &fipsMode,
+		},
 		SetParameter: &map[string]interface{}{
 			"param": "param",
 		},
diff --git a/internal/test/fixture/automation_configs.go b/internal/test/fixture/automation_configs.go
@@ -190,6 +190,7 @@ func AutomationConfigWithMonitoring() *opsmngr.AutomationConfig {
 }
 
 func AutomationConfigWithOneReplicaSet(name string, disabled bool) *opsmngr.AutomationConfig {
+	fipsMode := true
 	return &opsmngr.AutomationConfig{
 		Processes: []*opsmngr.Process{
 			{
@@ -206,7 +207,7 @@ func AutomationConfigWithOneReplicaSet(name string, disabled bool) *opsmngr.Auto
 							ClusterPassword:            "ClusterPassword",
 							CRLFile:                    "CRLFile",
 							DisabledProtocols:          "DisabledProtocols",
-							FIPSMode:                   "FIPSMode",
+							FIPSMode:                   &fipsMode,
 							Mode:                       "Mode",
 							PEMKeyFile:                 "PEMKeyFile",
 						},

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ require (`
`22`	`22`	`github.com/stretchr/testify v1.7.0`
`23`	`23`	`github.com/tangzero/inflector v1.0.0`
`24`	`24`	`go.mongodb.org/atlas v0.13.0`
`25`		`- go.mongodb.org/ops-manager v0.30.0`
	`25`	`+ go.mongodb.org/ops-manager v0.30.1`
`26`	`26`	`gopkg.in/yaml.v2 v2.4.0`
`27`	`27`	`)`
`28`	`28`
Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ type TLS struct {`
`88`	`88`	ClusterPassword string `yaml:"clusterPassword,omitempty" json:"clusterPassword,omitempty"`
`89`	`89`	CRLFile string `yaml:"CRLFile,omitempty" json:"CRLFile,omitempty"`
`90`	`90`	DisabledProtocols string `yaml:"disabledProtocols,omitempty" json:"disabledProtocols,omitempty"`
`91`		- FIPSMode string `yaml:"FIPSMode,omitempty" json:"FIPSMode,omitempty"`
	`91`	+ FIPSMode *bool `yaml:"FIPSMode,omitempty" json:"FIPSMode,omitempty"`
`92`	`92`	Mode string `yaml:"mode,omitempty" json:"mode,omitempty"`
`93`	`93`	PEMKeyFile string `yaml:"PEMKeyFile,omitempty" json:"PEMKeyFile,omitempty"`
`94`	`94`	`}`