[GEN-2109] feat(mongo): added ssl support (#18731)

* feat(mongo): added ssl support

Added SSL support for MongoDB using the SSL manager.

Attached a video demo.

- [Example repository for setting up mongodb with SSL](https://github.com/sushi30/mongodb-docker-ssl-example)
- [MongoDB TLS documentation](https://www.mongodb.com/docs/manual/tutorial/configure-ssl/)

* fixed test_doris.py

ingestion/src/metadata/examples/workflows/mongodb.yaml

@@ -9,6 +9,10 @@ source:
       username: username
       password: password
       hostPort:  localhost:27017
+#      # SSL Configuration  
+#      sslMode": verify-ca
+#      sslConfig:
+#       caCertificate": "CA certificate content"
   sourceConfig:
     config:
       type: DatabaseMetadata

ingestion/src/metadata/ingestion/source/database/common_nosql_source.py

@@ -52,6 +52,7 @@ from metadata.utils.constants import DEFAULT_DATABASE
 from metadata.utils.datalake.datalake_utils import DataFrameColumnParser
 from metadata.utils.filters import filter_by_schema, filter_by_table
 from metadata.utils.logger import ingestion_logger
+from metadata.utils.ssl_manager import check_ssl_and_init
 
 logger = ingestion_logger()
 
@@ -73,7 +74,13 @@ class CommonNoSQLSource(DatabaseServiceSource, ABC):
         )
         self.metadata = metadata
         self.service_connection = self.config.serviceConnection.root.config
+        self.ssl_manager = check_ssl_and_init(self.service_connection)
+        if self.ssl_manager:
+            self.service_connection = self.ssl_manager.setup_ssl(
+                self.service_connection
+            )
         self.connection_obj = get_connection(self.service_connection)
+
         self.test_connection()
 
     def prepare(self):

ingestion/src/metadata/utils/ssl_manager.py

@@ -21,6 +21,9 @@ from typing import Optional, Union, cast
 
 from pydantic import SecretStr
 
+from metadata.generated.schema.entity.services.connections.connectionBasicType import (
+    ConnectionOptions,
+)
 from metadata.generated.schema.entity.services.connections.dashboard.qlikSenseConnection import (
     QlikSenseConnection,
 )
@@ -30,6 +33,9 @@ from metadata.generated.schema.entity.services.connections.database.dorisConnect
 from metadata.generated.schema.entity.services.connections.database.greenplumConnection import (
     GreenplumConnection,
 )
+from metadata.generated.schema.entity.services.connections.database.mongoDBConnection import (
+    MongoDBConnection,
+)
 from metadata.generated.schema.entity.services.connections.database.mysqlConnection import (
     MysqlConnection,
 )
@@ -176,6 +182,20 @@ class SSLManager:
             "check_hostname": connection.validateHostName,
         }
 
+    @setup_ssl.register(MongoDBConnection)
+    def _(self, connection: MongoDBConnection):
+        connection.connectionOptions = (
+            connection.connectionOptions or ConnectionOptions(root={})
+        )
+        connection.connectionOptions.root.update(
+            {
+                "tls": "true",
+                "tlsCertificateKeyFile": self.key_file_path,
+                "tlsCAFile": self.ca_file_path,
+            }
+        )
+        return connection
+
     @setup_ssl.register(KafkaConnection)
     def _(self, connection):
         connection = cast(KafkaConnection, connection)
@@ -188,7 +208,7 @@ class SSLManager:
 
 
 @singledispatch
-def check_ssl_and_init(_) -> None:
+def check_ssl_and_init(_) -> Optional[SSLManager]:
     return None
 
 
@@ -236,6 +256,24 @@ def _(connection):
     return None
 
 
+@check_ssl_and_init.register(MongoDBConnection)
+def _(connection):
+    service_connection = cast(Union[MysqlConnection, DorisConnection], connection)
+    ssl: Optional[verifySSLConfig.SslConfig] = service_connection.sslConfig
+    if ssl and ssl.root.sslCertificate:
+        raise ValueError(
+            "MongoDB connection does not support SSL certificate. Only CA certificate is supported.\n"
+            "More information about configuring MongoDB connection can be found at:\n"
+            "https://www.mongodb.com/docs/manual/tutorial/configure-ssl-clients/#mongodb-shell"
+        )
+    if ssl and (ssl.root.caCertificate or ssl.root.sslKey):
+        return SSLManager(
+            ca=ssl.root.caCertificate,
+            key=ssl.root.sslKey,
+        )
+    return None
+
+
 @check_ssl_and_init.register(PostgresConnection)
 @check_ssl_and_init.register(RedshiftConnection)
 @check_ssl_and_init.register(GreenplumConnection)

ingestion/tests/unit/topology/database/test_doris.py

@@ -27,6 +27,7 @@ mock_doris_config = {
         "serviceName": "local_doris1",
         "serviceConnection": {
             "config": {
+                "type": "Doris",
                 "username": "root",
                 "hostPort": "localhost:3308",
                 "password": "test",

openmetadata-spec/src/main/resources/json/schema/entity/services/connections/database/mongoDBConnection.json

@@ -70,6 +70,12 @@
         "supportsProfiler": {
             "title": "Supports Profiler",
             "$ref": "../connectionBasicType.json#/definitions/supportsProfiler"
+        },
+        "sslMode": {
+            "$ref": "../../../../security/ssl/verifySSLConfig.json#/definitions/sslMode"
+        },
+        "sslConfig": {
+            "$ref": "../../../../security/ssl/verifySSLConfig.json#/definitions/sslConfig"
         }
     },
     "required": ["hostPort"],