-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Load CA certs if SSL is enabled and CA certs are not passed in the configurations #10377
Conversation
Codecov Report
Flags with carried forward coverage won't be shown. Click here to find out more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a small comment regarding the logic of the conditional, but otherwise LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
What does this PR do?
A recent change in pymongo(3.11.0+) is causing the mongo check to fail if SSL is enabled and no
ssl_ca_certs
is passed in the config when running the container agent. When tested against Mongodb Atlas, this has been observed to throw an ssl_validation error. This change is aimed at trying to load CA certs from certifi if SSL is enabled andssl_ca_certs
is not configured in the config.Motivation
From support ticket
Additional Notes
I'm suspecting that with the inclusion of pyopenssl in pymongo(3.11.0), the default location in which pymongo loads these CA certs are no longer the same or it's not being loaded at all.
Review checklist (to be filled by reviewers)
changelog/
andintegration/
labels attached