feat: support for mongodb SSL+auth source/mech+replica set

This change builds upon a previously proposed PR:
#437

There was another long conversation about this topic here:
overhangio/tutor-forum#10 (comment)

We could have supported the MongoDB auth/replica set/ssl parameters as part of
the MongoDB host URI, but then this URI is not supported in the forum plugin,
which uses an old version of the mongoid client. We were hoping that the client
would have been upgraded by now, but it's not been upgraded for a long time.

The changes introduced here are 100% backward-compatible. The forum plugin will
have to be updated to take into account the new parameters.

Author: zakum1

changelog.d/20221128_100809_regis_mongodb_ssl.md

@@ -0,0 +1 @@
+- [Feature] Add support for MongoDB SSL, authentication source, mechanism and replica set via the `MONGODB_USE_SSL`, `MONGODB_AUTH_MECHANISM`, `MONGODB_AUTH_SOURCE`, `MONGODB_REPLICA_SET` settings. (by @zakum1 and @regisb)

docs/configuration.rst

@@ -242,11 +242,17 @@ MongoDB
 *******
 
 - ``RUN_MONGODB`` (default: ``true``)
-- ``MONGODB_HOST`` (default: ``"mongodb"``)
 - ``MONGODB_DATABASE`` (default: ``"openedx"``)
+- ``MONGODB_HOST`` (default: ``"mongodb"``)
+- ``MONGODB_PASSWORD`` (default: ``""``)
 - ``MONGODB_PORT`` (default: ``27017``)
 - ``MONGODB_USERNAME`` (default: ``""``)
-- ``MONGODB_PASSWORD`` (default: ``""``)
+- ``MONGODB_USE_SSL`` (default: ``false``)
+- ``MONGODB_REPLICA_SET`` (default: ``""``)
+- ``MONGODB_AUTH_MECHANISM`` (default: ``""``)
+- ``MONGODB_AUTH_SOURCE`` (default: ``"admin"``)
+
+Note that most of these settings will have to be modified to connect to a MongoDB cluster that runs separately of Tutor, such as `Atlas <https://www.mongodb.com/atlas>`__. In particular, the authentication source, mechanism and the SSL connection parameters should not be specified as part of the `host URI <https://www.mongodb.com/docs/manual/reference/connection-string/>`__ but as separate Tutor settings. Supported values for ``MONGODB_AUTH_MECHANISM`` are the same as for pymongo (see the `pymongo documentation <https://pymongo.readthedocs.io/en/stable/examples/authentication.html>`__).
 
 Redis
 *****

tutor/templates/apps/openedx/settings/partials/common_all.py

@@ -6,17 +6,16 @@
 
 # Mongodb connection parameters: simply modify `mongodb_parameters` to affect all connections to MongoDb.
 mongodb_parameters = {
+    "db": "{{ MONGODB_DATABASE }}",
     "host": "{{ MONGODB_HOST }}",
     "port": {{ MONGODB_PORT }},
-    {% if MONGODB_USERNAME and MONGODB_PASSWORD %}
-    "user": "{{ MONGODB_USERNAME }}",
-    "password": "{{ MONGODB_PASSWORD }}",
-    {% else %}
-    "user": None,
-    "password": None,
-    {% endif %}
-    "db": "{{ MONGODB_DATABASE }}",
-    "replicaSet": None,
+    "user": {% if MONGODB_USERNAME %}"{{ MONGODB_USERNAME }}"{% else %}None{% endif %},
+    "password": {% if MONGODB_PASSWORD %}"{{ MONGODB_PASSWORD }}"{% else %}None{% endif %},
+    # Connection/Authentication
+    "ssl": {{ MONGODB_USE_SSL }},
+    "authSource": "{{ MONGODB_AUTH_SOURCE }}",
+    "replicaSet": {% if MONGODB_REPLICA_SET %}"{{ MONGODB_REPLICA_SET }}"{% else %}None{% endif %},
+    {% if MONGODB_AUTH_MECHANISM %}"authMechanism": "{{ MONGODB_AUTH_MECHANISM }}",{% endif %}
 }
 DOC_STORE_CONFIG = mongodb_parameters
 CONTENTSTORE = {

tutor/templates/config/defaults.yml

@@ -34,11 +34,15 @@ K8S_NAMESPACE: "openedx"
 LANGUAGE_CODE: "en"
 LMS_HOST: "www.myopenedx.com"
 LOCAL_PROJECT_NAME: "{{ TUTOR_APP }}_local"
+MONGODB_AUTH_MECHANISM: ""
+MONGODB_AUTH_SOURCE: "admin"
 MONGODB_HOST: "mongodb"
 MONGODB_DATABASE: "openedx"
 MONGODB_PORT: 27017
 MONGODB_USERNAME: ""
 MONGODB_PASSWORD: ""
+MONGODB_REPLICA_SET: ""
+MONGODB_USE_SSL: false
 OPENEDX_AWS_ACCESS_KEY: ""
 OPENEDX_AWS_SECRET_ACCESS_KEY: ""
 OPENEDX_CACHE_REDIS_DB: 1