🚨 Add ability to enforce SSL in MongoDB source connector

[akashkulk]

What

Currently, the cloud version of MongoDB enforces SSL for Atlas + Replica Set. However, for standalone deployments we can potentially get into a state where SSL could be disabled.

Closes #16278

How

In the check() method of the source-mongodb-strict-encrypt, we enforce tls/ssl param to be true.

Recommended reading order

1. MongodbSourceStrictEncrypt.java
2. MongodbSourceStrictEncryptTest.java
3. Refactoring and pulling out constants and common methods into MongodbSourceUtils.java
4. Everything else

🚨 User Impact 🚨

This can potentially break cloud users that somehow got to a stage where "use SSL" was disabled. This is quite hard as the UI stands today, as that is disabled in cloud. However, this could be a problem going forward if the UI were to change or a CLI was exposed which allows the user to do so.

Pre-merge Checklist

Expand the relevant checklist and delete the others.

New Connector

Community member or Airbyter

• Community member? Grant edit access to maintainers (instructions)
• Secrets in the connector's spec are annotated with airbyte_secret
• Unit & integration tests added and passing. Community members, please provide proof of success locally e.g: screenshot or copy-paste unit, integration, and acceptance test output. To run acceptance tests for a Python connector, follow instructions in the README. For java connectors run ./gradlew :airbyte-integrations:connectors:<name>:integrationTest.
• Code reviews completed
• Documentation updated
  • Connector's README.md
  • Connector's bootstrap.md. See description and examples
  • docs/integrations/<source or destination>/<name>.md including changelog. See changelog example
  • docs/integrations/README.md
  • airbyte-integrations/builds.md
• PR name follows PR naming conventions

Airbyter

If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.

• Create a non-forked branch based on this PR and test the below items on it
• Build is successful
• If new credentials are required for use in CI, add them to GSM. Instructions.
• /test connector=connectors/<name> command is passing
• New Connector version released on Dockerhub by running the /publish command described here
• After the connector is published, connector added to connector index as described here
• Seed specs have been re-generated by building the platform and committing the changes to the seed spec files, as described here

Updating a connector

Community member or Airbyter

• Grant edit access to maintainers (instructions)
• Secrets in the connector's spec are annotated with airbyte_secret
• Unit & integration tests added and passing. Community members, please provide proof of success locally e.g: screenshot or copy-paste unit, integration, and acceptance test output. To run acceptance tests for a Python connector, follow instructions in the README. For java connectors run ./gradlew :airbyte-integrations:connectors:<name>:integrationTest.
• Code reviews completed
• Documentation updated
  • Connector's README.md
  • Connector's bootstrap.md. See description and examples
  • Changelog updated in docs/integrations/<source or destination>/<name>.md including changelog. See changelog example
• PR name follows PR naming conventions

Airbyter

If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.

• Create a non-forked branch based on this PR and test the below items on it
• Build is successful
• If new credentials are required for use in CI, add them to GSM. Instructions.
• /test connector=connectors/<name> command is passing
• New Connector version released on Dockerhub and connector version bumped by running the /publish command described here

Connector Generator

• Issue acceptance criteria met
• PR name follows PR naming conventions
• If adding a new generator, add it to the list of scaffold modules being tested
• The generator test modules (all connectors with -scaffold in their name) have been updated with the latest scaffold by running ./gradlew :airbyte-integrations:connector-templates:generator:testScaffoldTemplates then checking in your changes
• Documentation which references the generator is updated as needed

Tests

Unit

Put your unit tests output here.

Integration

Put your integration tests output here.

Acceptance

Put your acceptance tests output here.

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-v2
• source-mongodb-strict-encrypt

[akashkulk]

/test connector=connectors/source-mongodb-v2

🕑 connectors/source-mongodb-v2 https://github.com/airbytehq/airbyte/actions/runs/3186542135
❌ connectors/source-mongodb-v2 https://github.com/airbytehq/airbyte/actions/runs/3186542135
🐛 https://gradle.com/s/obbi23gmct7p6

Build Failed

Test summary info:

Could not find result summary

[akashkulk]

/test connector=connectors/source-mongodb-strict-encrypt

🕑 connectors/source-mongodb-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/3186545215
❌ connectors/source-mongodb-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/3186545215
🐛 https://gradle.com/s/k3rdeykjnnpik

Build Failed

Test summary info:

Could not find result summary

[akashkulk]

/test connector=connectors/source-mongodb-v2

🕑 connectors/source-mongodb-v2 https://github.com/airbytehq/airbyte/actions/runs/3191399590
❌ connectors/source-mongodb-v2 https://github.com/airbytehq/airbyte/actions/runs/3191399590
🐛 https://gradle.com/s/hl3ktaweznm3q

Build Failed

Test summary info:

Could not find result summary

[akashkulk]

/test connector=connectors/source-mongodb-strict-encrypt

🕑 connectors/source-mongodb-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/3191402047
❌ connectors/source-mongodb-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/3191402047
🐛 https://gradle.com/s/4mb7af6irwt2k

Build Failed

Test summary info:

Could not find result summary

[akashkulk]

/test connector=connectors/source-mongodb-v2

🕑 connectors/source-mongodb-v2 https://github.com/airbytehq/airbyte/actions/runs/3191519877
✅ connectors/source-mongodb-v2 https://github.com/airbytehq/airbyte/actions/runs/3191519877
No Python unittests run

Build Passed

Test summary info:

All Passed

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-v2
• source-mongodb-strict-encrypt

[akashkulk]

/test connector=connectors/source-mongodb-strict-encrypt

🕑 connectors/source-mongodb-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/3191917536
✅ connectors/source-mongodb-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/3191917536
No Python unittests run

Build Passed

Test summary info:

All Passed

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-v2
• source-mongodb-strict-encrypt

[ryankfu]

Should both the javadoc comment and the method name be more generalized? It seems you're passing in an instanceConfig so it appears this can be extended in the future to handle other instance types yet this method is specifically for Standalone instances, right?

[akashkulk]

It is actually specifically for Standalone instances actually. For Atlas and replica set deployments, we are overrwriting the arguments to always have tls/ssl=true in the parames (see MONGODB_SERVER_URL and MONGODB_CLUSTER_URL above. I was essentially duplicating the logic in the source-mongodb-strict-encrypt's check() method, so pulled it out here. The naming is specifically a warning to not rely on this method for non-standalone instances

[ryankfu]

Some minor nits, overall looks good. One thing that would be useful is the bullet point that Liren mentioned which is just updating docs to reflect that users are encouraged not to turn off TLS and that can be in the docs since it applies generally to both OSS and Cloud users

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-strict-encrypt
• source-mongodb-v2

[akashkulk]

Some minor nits, overall looks good. One thing that would be useful is the bullet point that Liren mentioned which is just updating docs to reflect that users are encouraged not to turn off TLS and that can be in the docs since it applies generally to both OSS and Cloud users

Thanks Ryan - it seems that the existing documentation mentions this, so will leave this unchanged for now. This is more of a defensive change for the Cloud side of things
https://www.loom.com/i/835efa1e3b9d4490843fdd14bf9cabac

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-v2
• source-mongodb-strict-encrypt

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-v2
• source-mongodb-strict-encrypt

[akashkulk]

/test connector=connectors/source-mongodb-v2

🕑 connectors/source-mongodb-v2 https://github.com/airbytehq/airbyte/actions/runs/3193427958
❌ connectors/source-mongodb-v2 https://github.com/airbytehq/airbyte/actions/runs/3193427958
🐛 https://gradle.com/s/wiy7wrpbedkty

Build Failed

Test summary info:

Could not find result summary

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-v2
• source-mongodb-strict-encrypt

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-strict-encrypt
• source-mongodb-v2

[akashkulk]

/test connector=connectors/source-mongodb-strict-encrypt

🕑 connectors/source-mongodb-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/3199344202
✅ connectors/source-mongodb-strict-encrypt https://github.com/airbytehq/airbyte/actions/runs/3199344202
No Python unittests run

Build Passed

Test summary info:

All Passed

[akashkulk]

/test connector=connectors/source-mongodb-v2

🕑 connectors/source-mongodb-v2 https://github.com/airbytehq/airbyte/actions/runs/3199436520
✅ connectors/source-mongodb-v2 https://github.com/airbytehq/airbyte/actions/runs/3199436520
No Python unittests run

Build Passed

Test summary info:

All Passed

[akashkulk]

/publish connector=connectors/source-mongodb-v2 run-tests=false

🕑 Publishing the following connectors:
connectors/source-mongodb-v2
https://github.com/airbytehq/airbyte/actions/runs/3199603069

Connector	Did it publish?	Were definitions generated?
connectors/source-mongodb-v2	✅	✅

if you have connectors that successfully published but failed definition generation, follow step 4 here ▶️

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-v2
• source-mongodb-strict-encrypt

[akashkulk]

/publish connector=connectors/source-mongodb-strict-encrypt run-tests=false

🕑 Publishing the following connectors:
connectors/source-mongodb-strict-encrypt
https://github.com/airbytehq/airbyte/actions/runs/3199604821

Connector	Did it publish?	Were definitions generated?
connectors/source-mongodb-strict-encrypt	✅	❌

if you have connectors that successfully published but failed definition generation, follow step 4 here ▶️

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-v2
• source-mongodb-strict-encrypt

[github-actions]

NOTE ⚠️ Changes in this PR affect the following connectors. Make sure to run corresponding integration tests:

• source-mongodb-v2
• source-mongodb-strict-encrypt