From 696dbe7844df014e0d308da613534b4290cd7e20 Mon Sep 17 00:00:00 2001 From: Thomas Conte Date: Tue, 14 Mar 2017 14:23:30 +0100 Subject: [PATCH] SSL connection support --- bigchaindb/backend/connection.py | 6 ++++-- bigchaindb/backend/mongodb/connection.py | 14 +++++++++----- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/bigchaindb/backend/connection.py b/bigchaindb/backend/connection.py index c1f0a629..cf6bece7 100644 --- a/bigchaindb/backend/connection.py +++ b/bigchaindb/backend/connection.py @@ -16,7 +16,7 @@ logger = logging.getLogger(__name__) def connect(backend=None, host=None, port=None, name=None, max_tries=None, - connection_timeout=None, replicaset=None): + connection_timeout=None, replicaset=None, ssl=False): """Create a new connection to the database backend. All arguments default to the current configuration's values if not @@ -50,6 +50,8 @@ def connect(backend=None, host=None, port=None, name=None, max_tries=None, # to handle these these additional args. In case of RethinkDBConnection # it just does not do anything with it. replicaset = replicaset or bigchaindb.config['database'].get('replicaset') + ssl = bigchaindb.config['database'].get('ssl') if bigchaindb.config['database'].get('ssl') is not None \ + else ssl try: module_name, _, class_name = BACKENDS[backend].rpartition('.') @@ -63,7 +65,7 @@ def connect(backend=None, host=None, port=None, name=None, max_tries=None, logger.debug('Connection: {}'.format(Class)) return Class(host=host, port=port, dbname=dbname, max_tries=max_tries, connection_timeout=connection_timeout, - replicaset=replicaset) + replicaset=replicaset, ssl=ssl) class Connection: diff --git a/bigchaindb/backend/mongodb/connection.py b/bigchaindb/backend/mongodb/connection.py index 8688e243..274d64c1 100644 --- a/bigchaindb/backend/mongodb/connection.py +++ b/bigchaindb/backend/mongodb/connection.py @@ -16,7 +16,7 @@ logger = logging.getLogger(__name__) class MongoDBConnection(Connection): - def __init__(self, replicaset=None, **kwargs): + def __init__(self, replicaset=None, ssl=False, **kwargs): """Create a new Connection instance. Args: @@ -28,6 +28,8 @@ class MongoDBConnection(Connection): super().__init__(**kwargs) self.replicaset = replicaset or bigchaindb.config['database']['replicaset'] + self.ssl = bigchaindb.config['database'].get('ssl') if bigchaindb.config['database'].get('ssl') is not None \ + else ssl @property def db(self): @@ -71,14 +73,15 @@ class MongoDBConnection(Connection): # we should only return a connection if the replica set is # initialized. initialize_replica_set will check if the # replica set is initialized else it will initialize it. - initialize_replica_set(self.host, self.port, self.connection_timeout) + initialize_replica_set(self.host, self.port, self.connection_timeout, self.ssl) # FYI: this might raise a `ServerSelectionTimeoutError`, # that is a subclass of `ConnectionFailure`. return pymongo.MongoClient(self.host, self.port, replicaset=self.replicaset, - serverselectiontimeoutms=self.connection_timeout) + serverselectiontimeoutms=self.connection_timeout, + ssl=self.ssl) # `initialize_replica_set` might raise `ConnectionFailure` or `OperationFailure`. except (pymongo.errors.ConnectionFailure, @@ -86,7 +89,7 @@ class MongoDBConnection(Connection): raise ConnectionError() from exc -def initialize_replica_set(host, port, connection_timeout): +def initialize_replica_set(host, port, connection_timeout, ssl): """Initialize a replica set. If already initialized skip.""" # Setup a MongoDB connection @@ -95,7 +98,8 @@ def initialize_replica_set(host, port, connection_timeout): # you try to connect to a replica set that is not yet initialized conn = pymongo.MongoClient(host=host, port=port, - serverselectiontimeoutms=connection_timeout) + serverselectiontimeoutms=connection_timeout, + ssl=ssl) _check_replica_set(conn) host = '{}:{}'.format(bigchaindb.config['database']['host'], bigchaindb.config['database']['port'])