Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-22373

MongoDB doesn't allow to have User/Password Auth if encryption is mandatory from the MongoDB side

XMLWordPrintable

    • Sprint 98 (Mar 2023), Sprint 99 (Apr 2023)
    • 1

      Steps to reproduce:

      1. setup MongoDB with the following configuration:
        net:
          tls:
            mode: requireTLS
        
      2. try to set session definition:
      Plugins.MongoDB.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb
      Plugins.MongoDB.Sessions.local.Uri=tcp://<host>:27017
      Plugins.MongoDB.Sessions.local.TLSConnect=verify_ca
      Plugins.MongoDB.Sessions.local.TLSCertFile=/path/to/cert.pem
      Plugins.MongoDB.Sessions.local.TLSCAFile=/path/to/trusted_ca.pem
      Plugins.MongoDB.Sessions.local.TLSKeyFile=/path/to/cert.pem
      

      or

      Plugins.MongoDB.System.Path=/usr/sbin/zabbix-agent2-plugin/zabbix-agent2-plugin-mongodb
      Plugins.MongoDB.Sessions.local.TLSConnect=required
      

      Use, for example:

      mongodb.ping["{$MONGODB.CONNSTRING}","{$MONGODB.USER}","{$MONGODB.PASSWORD}"]
      

      Result:

      Invalid parameters: second parameter "User" cannot be passed along with session.
      

      Expected:
      1. Allow to set User and Password from secret macro(or vault) (saving in clear text is not an option if all mongodb instances are using tls without unencrypted options) with TLS
      2. Allow to have some encryption defaults - automatically support TLSConnect=required or all to define global settings like:

      Plugins.MongoDB.Sessions.*.TLSConnect=verify_ca
      Plugins.MongoDB.Sessions.*.TLSCertFile=/path/to/cert.pem
      Plugins.MongoDB.Sessions.*.TLSCAFile=/path/to/trusted_ca.pem
      Plugins.MongoDB.Sessions.*.TLSKeyFile=/path/to/cert.pem
      

            esneiders Eriks Sneiders
            edgar.akhmetshin Edgar Akhmetshin
            Team INT
            Votes:
            3 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: