@@ -763,7 +763,7 @@ function gitops_suite() {
763763 fi
764764
765765 # by default yaml. pass aws, in case if configuring with DocDB
766- export MONGODB_PROVIDER=${MONGODB_PROVIDER:- " yaml "
766+ export MONGODB_PROVIDER=${MONGODB_PROVIDER:- " aws "
767767
768768 # MongoDB reset and update flags
769769 export MONGO_RESET_INSTANCE_PASSWORD=${MONGO_RESET_INSTANCE_PASSWORD:- " false"
@@ -772,13 +772,27 @@ function gitops_suite() {
772772 export MONGO_SECRET_FILE=$TEMP_DIR /mongo-secret.json
773773 export MONGO_CONFIG_FILE=$TEMP_DIR /mongo-info.yaml
774774
775- sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR} mongo " username,password,info"
776- sm_get_secret_file ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR} mongo $MONGO_SECRET_FILE
777-
778- jq -r .info $MONGO_SECRET_FILE > $MONGO_CONFIG_FILE
779- MASTER_MONGO_USERNAME=$( jq -r .username $MONGO_SECRET_FILE )
780- MASTER_MONGO_PASSWORD=$( jq -r .password $MONGO_SECRET_FILE )
781- UNESCAPED_MONGO_INFO=$( jq -r .info $MONGO_SECRET_FILE )
775+ # Verify cluster-level secret exists and retrieve it
776+ # If mongodb_provider is yaml and mongo_action is install, only info field is required
777+ if [[ " ${MONGODB_PROVIDER} " == " yaml" && " ${MONGO_ACTION} " == " install" ; then
778+ echo
779+ echo_h2 " MongoDB Provider is 'yaml' - Verifying cluster-level MongoDB secret (info field only)"
780+ sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR} mongo " info"
781+ sm_get_secret_file ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR} mongo $MONGO_SECRET_FILE
782+
783+ jq -r .info $MONGO_SECRET_FILE > $MONGO_CONFIG_FILE
784+ UNESCAPED_MONGO_INFO=$( jq -r .info $MONGO_SECRET_FILE )
785+ echo " ✓ Cluster-level MongoDB secret verified (master credentials not required for yaml provider)"
786+ else
787+ # For aws provider or other actions, retrieve and process the secret with all fields
788+ sm_verify_secret_exists ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR} mongo " username,password,info"
789+ sm_get_secret_file ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR} mongo $MONGO_SECRET_FILE
790+
791+ jq -r .info $MONGO_SECRET_FILE > $MONGO_CONFIG_FILE
792+ MASTER_MONGO_USERNAME=$( jq -r .username $MONGO_SECRET_FILE )
793+ MASTER_MONGO_PASSWORD=$( jq -r .password $MONGO_SECRET_FILE )
794+ UNESCAPED_MONGO_INFO=$( jq -r .info $MONGO_SECRET_FILE )
795+ fi
782796
783797
784798 # Instance-level secrets to use
@@ -794,12 +808,13 @@ function gitops_suite() {
794808 export SECRET_KEY_MONGO_INFO=${SECRET_NAME_MONGO} # info
795809
796810
811+ # Create/update instance-level secret
797812 export MONGO_INSTANCE_SECRET_FILE=$TEMP_DIR /mongo-instance-secret.json
798813 sm_get_secret_file ${ACCOUNT_ID}${SECRETS_KEY_SEPERATOR}${CLUSTER_ID}${SECRETS_KEY_SEPERATOR}${MAS_INSTANCE_ID}${SECRETS_KEY_SEPERATOR} mongo $MONGO_INSTANCE_SECRET_FILE
799814 INSTANCE_MONGO_USERNAME=$( jq -r .username $MONGO_INSTANCE_SECRET_FILE )
800815 INSTANCE_MONGO_PASSWORD=$( jq -r .password $MONGO_INSTANCE_SECRET_FILE )
801816
802- # Setting mongo instance secret with info field copied from the cluster level secret,
817+ # Setting mongo instance secret with info field copied from the cluster level secret
803818 # Instance username and password will be created in presync hook unless it is already set in the docdb secret created in federal env, this is due to the
804819 # presync hook not running in a federal env due to the userid requirements.
805820 export DOCDB_FEDERAL_INSTANCE_SECRET_FILE=$TEMP_DIR /docdb-federal-instance-secret.json
0 commit comments