feat: implem config for new tls on core (#199)

aneoconsulting · Jan 17, 2025 · 68d734b · 68d734b
2 parents 25f2fd7 + 2336f99
commit 68d734b
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 2 deletions.
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
@@ -11,6 +11,11 @@ jobs:
     name: Pre-commit checks
     runs-on: ubuntu-latest
     steps:
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
+        with:
+          terraform_version: latest
+
       - name: Configure Terraform cache dir
         run: |
           mkdir -p "$HOME/.terraform.d/plugin-cache"

diff --git a/storage/onpremise/mongodb-sharded/certificates.tf b/storage/onpremise/mongodb-sharded/certificates.tf
@@ -36,7 +36,7 @@ resource "tls_cert_request" "mongodb_cert_request" {
   private_key_pem = tls_private_key.mongodb_private_key.private_key_pem
   subject {
     country     = "France"
-    common_name = "127.0.0.1"
+    common_name = local.mongodb_dns
     # organization = "127.0.0.1"
   }
 }
@@ -67,6 +67,7 @@ resource "kubernetes_secret" "mongodb_certificate" {
   data = {
     "mongodb.pem" = format("%s\n%s", tls_locally_signed_cert.mongodb_certificate.cert_pem, tls_private_key.mongodb_private_key.private_key_pem)
     "chain.pem"   = format("%s\n%s", tls_locally_signed_cert.mongodb_certificate.cert_pem, tls_self_signed_cert.root_mongodb.cert_pem)
+    "ca.pem"      = tls_self_signed_cert.root_mongodb.cert_pem
   }
 }
 

diff --git a/storage/onpremise/mongodb-sharded/outputs.tf b/storage/onpremise/mongodb-sharded/outputs.tf
@@ -50,7 +50,7 @@ output "env" {
     "MongoDB__ReplicaSet"       = "rs0"
     "MongoDB__DatabaseName"     = "database"
     "MongoDB__DirectConnection" = "true"
-    "MongoDB__CAFile"           = "/mongodb/certs/chain.pem"
+    "MongoDB__CAFile"           = "/mongodb/certs/ca.pem"
     "MongoDB__Sharding"         = "true"
     "MongoDB__AuthSource"       = "admin"
   })

diff --git a/storage/onpremise/mongodb-sharded/secrets.tf b/storage/onpremise/mongodb-sharded/secrets.tf
@@ -35,6 +35,8 @@ resource "kubernetes_secret" "mongodb" {
     namespace = helm_release.mongodb.namespace
   }
   data = {
+    "ca.pem"           = tls_self_signed_cert.root_mongodb.cert_pem
+    "mongodb.pem"      = format("%s\n%s", tls_locally_signed_cert.mongodb_certificate.cert_pem, tls_private_key.mongodb_private_key.private_key_pem)
     "chain.pem"        = format("%s\n%s", tls_locally_signed_cert.mongodb_certificate.cert_pem, tls_self_signed_cert.root_mongodb.cert_pem)
     username           = random_string.mongodb_application_user.result
     password           = random_password.mongodb_application_password.result