From 2573f2bebf49522f9f4c0fe62496e6c56c90e1f9 Mon Sep 17 00:00:00 2001
From: emahdij <emahdij@gmail.com>
Date: Tue, 5 Dec 2023 11:29:38 +0330
Subject: [PATCH] [bitnami/mongodb] fix: metric and reolicaset script issues
 with tls and mtls (#21383)

---
 bitnami/mongodb/Chart.yaml                         |  2 +-
 bitnami/mongodb/templates/_helpers.tpl             | 14 ++++++++++----
 .../templates/replicaset/scripts-configmap.yaml    |  2 +-
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/bitnami/mongodb/Chart.yaml b/bitnami/mongodb/Chart.yaml
index 602b2defa4..ef6a73a762 100644
--- a/bitnami/mongodb/Chart.yaml
+++ b/bitnami/mongodb/Chart.yaml
@@ -39,4 +39,4 @@ maintainers:
 name: mongodb
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/mongodb
-version: 14.4.0
+version: 14.4.1
diff --git a/bitnami/mongodb/templates/_helpers.tpl b/bitnami/mongodb/templates/_helpers.tpl
index cfea062072..b6bbb1f781 100644
--- a/bitnami/mongodb/templates/_helpers.tpl
+++ b/bitnami/mongodb/templates/_helpers.tpl
@@ -425,13 +425,19 @@ mongodb: tls.hidden.existingSecrets
 Validate values of MongoDB&reg; exporter URI string - auth.enabled and/or tls.enabled must be enabled or it defaults
 */}}
 {{- define "mongodb.mongodb_exporter.uri" -}}
-    {{- $uriTlsArgs := ternary "tls=true{{if .Values.tls.mTLS.enabled }}&tlsCertificateKeyFile=/certs/mongodb.pem{{ end }}&tlsCAFile=/certs/mongodb-ca-cert" "" .Values.tls.enabled -}}
-    {{- if .Values.metrics.username }}
+    {{- $tlsEnabled := .Values.tls.enabled -}}
+    {{- $mTlsEnabled := and $tlsEnabled .Values.tls.mTLS.enabled -}}
+    {{- $tlsArgs := "" -}}
+    {{- if $tlsEnabled -}}
+        {{- $tlsCertKeyFile := ternary "&tlsCertificateKeyFile=/certs/mongodb.pem" "" $mTlsEnabled -}}
+        {{- $tlsArgs = printf "tls=true%s&tlsCAFile=/certs/mongodb-ca-cert" $tlsCertKeyFile -}}
+    {{- end -}}
+    {{- if .Values.metrics.username -}}
         {{- $uriAuth := ternary "$(echo $MONGODB_METRICS_USERNAME | sed -r \"s/@/%40/g;s/:/%3A/g\"):$(echo $MONGODB_METRICS_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}}
-        {{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $uriTlsArgs -}}
+        {{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}}
     {{- else -}}
         {{- $uriAuth := ternary "$MONGODB_ROOT_USER:$(echo $MONGODB_ROOT_PASSWORD | sed -r \"s/@/%40/g;s/:/%3A/g\")@" "" .Values.auth.enabled -}}
-        {{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $uriTlsArgs -}}
+        {{- printf "mongodb://%slocalhost:%d/admin?%s" $uriAuth (int .Values.containerPorts.mongodb) $tlsArgs -}}
     {{- end -}}
 {{- end -}}
 
diff --git a/bitnami/mongodb/templates/replicaset/scripts-configmap.yaml b/bitnami/mongodb/templates/replicaset/scripts-configmap.yaml
index 234710f838..00b2502092 100644
--- a/bitnami/mongodb/templates/replicaset/scripts-configmap.yaml
+++ b/bitnami/mongodb/templates/replicaset/scripts-configmap.yaml
@@ -225,7 +225,7 @@ data:
     SLEEP_PERIOD=10
 
     {{- if and .Values.auth.enabled .Values.auth.rootPassword }}
-    usernameAndPassword="-u ${MONGODB_ROOT_USER} -p ${MONGODB_ROOT_PASSWORD}"
+    usernameAndPassword="{{- if .Values.tls.enabled}} --tls {{ if .Values.tls.mTLS.enabled }}--tlsCertificateKeyFile=/certs/mongodb.pem {{ end }}--tlsCAFile=/certs/mongodb-ca-cert{{- end }} -u ${MONGODB_ROOT_USER} -p ${MONGODB_ROOT_PASSWORD}"
     {{- else }}
     usernameAndPassword=""
     {{- end }}