tianxiaoliang commented on a change in pull request #856:
URL:
https://github.com/apache/servicecomb-service-center/pull/856#discussion_r573525159
##########
File path: datasource/mongo/mongo.go
##########
@@ -87,7 +87,10 @@ func (ds *DataSource) initPlugins() error {
func (ds *DataSource) initClient() error {
uri := config.GetString("registry.mongo.cluster.uri",
"mongodb://localhost:27017", config.WithStandby("manager_cluster"))
- cfg := storage.NewConfig(uri)
+ sslEnable := config.GetBool("registry.mongo.cluster.sslEnable", false)
+ rootCA := config.GetString("registry.mongo.cluster.rootCA",
"/opt/kie/ca.crt")
+ verifyPeer := config.GetBool("registry.mongo.cluster.verifyPeer", true)
Review comment:
默认false
##########
File path: datasource/mongo/client/mongo.go
##########
@@ -125,8 +128,28 @@ func (mc *MongoClient) HealthCheck(ctx context.Context) {
}
func (mc *MongoClient) newClient(ctx context.Context) (err error) {
- clientOptions := options.Client().ApplyURI(mc.dbconfig.URI)
- mc.client, err = mongo.Connect(ctx, clientOptions)
+ clientOptions :=
[]*options.ClientOptions{options.Client().ApplyURI(mc.dbconfig.URI)}
+ if mc.dbconfig.SSLEnabled {
+ if mc.dbconfig.RootCA == "" {
+ err = ErrRootCAMissing
+ return
+ }
+ pool := x509.NewCertPool()
+ caCert, err := ioutil.ReadFile(mc.dbconfig.RootCA)
+ if err != nil {
+ err = fmt.Errorf("read ca cert file %s failed",
mc.dbconfig.RootCA)
+ log.Error("ca cert :", err)
+ return err
+ }
+ pool.AppendCertsFromPEM(caCert)
+ tc := &tls.Config{
+ RootCAs: pool,
+ InsecureSkipVerify: mc.dbconfig.VerifyPeer,
Review comment:
这个条件错了,应该加非,你得测下,否则这段代码不确定是不是work,这个写法明显不work
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
