Summary
Add support for MONGO_TLS_CA_CERT env var to pass CA certificate to lib-commons MongoDB TLS configuration.
Current State
Midaz uses lib-commons/mongo but does not pass TLS config. It relies on MONGO_PARAMETERS URI string with tlsInsecure=true which skips certificate validation.
Proposed Solution
Add MONGO_TLS_CA_CERT env var (base64 encoded PEM) and pass it to lib-commons:
var tlsCfg *libMongo.TLSConfig
if cfg.MongoTLSCACert != "" {
tlsCfg = &libMongo.TLSConfig{CACertBase64: cfg.MongoTLSCACert}
}
mongoConnection, err := libMongo.NewClient(ctx, libMongo.Config{
URI: mongoSource,
Database: cfg.MongoDBName,
TLS: tlsCfg,
})This follows the same pattern used for Redis: REDIS_CA_CERT → libRedis.TLSConfig{CACertBase64}
Acceptance Criteria
Summary
Add support for
MONGO_TLS_CA_CERTenv var to pass CA certificate to lib-commons MongoDB TLS configuration.Current State
Midaz uses lib-commons/mongo but does not pass TLS config. It relies on
MONGO_PARAMETERSURI string withtlsInsecure=truewhich skips certificate validation.Proposed Solution
Add
MONGO_TLS_CA_CERTenv var (base64 encoded PEM) and pass it to lib-commons:This follows the same pattern used for Redis:
REDIS_CA_CERT→libRedis.TLSConfig{CACertBase64}Acceptance Criteria
MONGO_TLS_CA_CERTenv var to config struct