JASPER-581: Configure JASPER to use AWS MongoDb

api/Infrastructure/ServiceCollectionExtensions.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Net.Http;
 using System.Reflection;
+using GdPicture14;
 using Hangfire;
 using Hangfire.Mongo;
 using Hangfire.Mongo.Migration.Strategies;
@@ -15,7 +16,11 @@
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using MongoDB.Bson;
 using MongoDB.Driver;
+using Scv.Api.Documents;
+using Scv.Api.Documents.Strategies;
 using Scv.Api.Helpers;
 using Scv.Api.Helpers.Extensions;
 using Scv.Api.Infrastructure.Authorization;
@@ -29,7 +34,6 @@
 using Scv.Db.Contexts;
 using Scv.Db.Repositories;
 using Scv.Db.Seeders;
-using GdPicture14;
 using BasicAuthenticationHeaderValue = JCCommon.Framework.BasicAuthenticationHeaderValue;
 using PCSSConfigServices = PCSSCommon.Clients.ConfigurationServices;
 using PCSSCourtCalendarServices = PCSSCommon.Clients.CourtCalendarServices;
@@ -40,8 +44,6 @@
 using PCSSPersonServices = PCSSCommon.Clients.PersonServices;
 using PCSSReportServices = PCSSCommon.Clients.ReportServices;
 using PCSSSearchDateServices = PCSSCommon.Clients.SearchDateServices;
-using Scv.Api.Documents;
-using Scv.Api.Documents.Strategies;
 
 namespace Scv.Api.Infrastructure
 {
@@ -81,15 +83,35 @@ public static IServiceCollection AddMapster(this IServiceCollection services, Ac
 
         public static IServiceCollection AddJasperDb(this IServiceCollection services, IConfiguration configuration)
         {
-            // Remove checking when the "real" mongo db has been configured
             var connectionString = configuration.GetValue<string>("MONGODB_CONNECTION_STRING");
             var dbName = configuration.GetValue<string>("MONGODB_NAME");
-            if (string.IsNullOrEmpty(connectionString) || string.IsNullOrEmpty(dbName))
+
+            if (string.IsNullOrWhiteSpace(connectionString) || string.IsNullOrWhiteSpace(dbName))
             {
                 return services;
             }
 
-            services.AddSingleton<IMongoClient>(m => new MongoClient(connectionString));
+            services.AddSingleton<IMongoClient>(m =>
+            {
+                var logger = m.GetRequiredService<ILogger<MongoClient>>();
+                var settings = MongoClientSettings.FromConnectionString(connectionString);
+                var client = new MongoClient(settings);
+
+                try
+                {
+                    var database = client.GetDatabase(dbName);
+                    database.RunCommand<BsonDocument>(new BsonDocument("ping", 1));
+                    logger.LogInformation("MongoDB connection established successfully.");
+                }
+                catch (Exception ex)
+                {
+                    logger.LogError(ex, "Failed to connect to MongoDB.");
+                    throw new InvalidOperationException("Failed to establish MongoDB connection.", ex);
+                }
+
+                return client;
+
+            });
             services.AddSingleton(sp => sp.GetRequiredService<IMongoClient>().GetDatabase(dbName));
 
             services.AddScoped<PermissionSeeder>();

api/Startup.cs

@@ -79,7 +79,7 @@ public void ConfigureServices(IServiceCollection services)
             services.AddMapster();
             services.AddNutrient();
             services.AddJasperDb(Configuration);
-            services.AddHangfire(Configuration);
+            //services.AddHangfire(Configuration);
 
             #region Cors
 
@@ -207,31 +207,28 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
             app.UseAuthentication();
             app.UseAuthorization();
 
-            // Remove checking when the "real" mongo db has been configured
-            var connectionString = Configuration.GetValue<string>("MONGODB_CONNECTION_STRING");
-            var dbName = Configuration.GetValue<string>("MONGODB_NAME");
-            if (!string.IsNullOrEmpty(connectionString) && !string.IsNullOrEmpty(dbName))
-            {
-                app.UseHangfireDashboard("/hangfire", new DashboardOptions
-                {
-                    Authorization = [new HangFireDashboardAuthorizationFilter()]
-                });
-
-                #region Setup Jobs
-                using (var scope = app.ApplicationServices.CreateScope())
-                {
-                    var provider = scope.ServiceProvider;
-                    var allJobs = provider.GetServices<IRecurringJob>();
-
-                    Console.WriteLine("JOBS");
-
-                    foreach (var job in allJobs)
-                    {
-                        RecurringJobHelper.AddOrUpdate(job);
-                    }
-                }
-                #endregion Setup Jobs
-            }
+            // var connectionString = Configuration.GetValue<string>("MONGODB_CONNECTION_STRING");
+            // var dbName = Configuration.GetValue<string>("MONGODB_NAME");
+            // if (!string.IsNullOrWhiteSpace(connectionString) && !string.IsNullOrWhiteSpace(dbName))
+            // {
+            //     app.UseHangfireDashboard("/hangfire", new DashboardOptions
+            //     {
+            //         Authorization = [new HangFireDashboardAuthorizationFilter()]
+            //     });
+
+            //     #region Setup Jobs
+            //     using (var scope = app.ApplicationServices.CreateScope())
+            //     {
+            //         var provider = scope.ServiceProvider;
+            //         var allJobs = provider.GetServices<IRecurringJob>();
+
+            //         foreach (var job in allJobs)
+            //         {
+            //             RecurringJobHelper.AddOrUpdate(job);
+            //         }
+            //     }
+            //     #endregion Setup Jobs
+            // }
 
             app.UseEndpoints(endpoints =>
             {

docker/api/Dockerfile.release

@@ -29,6 +29,12 @@ RUN dotnet publish "api/api.csproj" -c Release -o /app/publish --runtime linux-m
 
 FROM base AS final
 
+# Download and install the AWS CA bundle
+RUN apt-get update && apt-get --no-install-recommends install -y curl ca-certificates \
+    && curl https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -o /usr/local/share/ca-certificates/aws-rds.crt \
+    && update-ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
 # copy app
 WORKDIR /app
 COPY --from=publish /app/publish .

infrastructure/cloud/environments/dev/webapp.tf

@@ -64,16 +64,16 @@ module "rds" {
 }
 
 module "mongodb" {
-  source              = "../../modules/MongoDocDB"
-  environment         = var.environment
-  data_subnets_ids    = module.subnets.data_subnets_ids
-  kms_key_id          = module.initial.kms_key_arn
-  app_sg_id           = data.aws_security_group.app_sg.id
+  source                    = "../../modules/MongoDocDB"
+  environment               = var.environment
+  data_subnets_ids          = module.subnets.data_subnets_ids
+  kms_key_id                = module.initial.kms_key_arn
+  app_sg_id                 = data.aws_security_group.app_sg.id
   delete_protection_enabled = var.delete_protection_enabled
-  mongo_node_count    = var.mongo_node_count
-  mongo_instance_type = var.mongo_instance_type
-  mongousername       = var.mongousername
-  app_name            = var.app_name
+  mongo_node_count          = var.mongo_node_count
+  mongo_instance_type       = var.mongo_instance_type
+  mongousername             = var.mongousername
+  app_name                  = var.app_name
 }
 
 # Create IAM Roles/Policies
@@ -242,6 +242,10 @@ module "ecs_api_td" {
     {
       name  = "AWS_API_GATEWAY_URL"
       value = "${module.apigw.apigw_invoke_url}"
+    },
+    {
+      name  = "DEFAULT_USERS"
+      value = "${module.secrets_manager.default_users}"
     }
   ]
   secret_env_variables = module.secrets_manager.api_secrets

infrastructure/cloud/environments/prod/main.tf

@@ -65,16 +65,16 @@ module "rds" {
 
 
 module "mongodb" {
-  source              = "../../modules/MongoDocDB"
-  environment         = var.environment
-  data_subnets_ids    = module.subnets.data_subnets_ids
-  kms_key_id          = module.initial.kms_key_arn
-  app_sg_id           = data.aws_security_group.app_sg.id
+  source                    = "../../modules/MongoDocDB"
+  environment               = var.environment
+  data_subnets_ids          = module.subnets.data_subnets_ids
+  kms_key_id                = module.initial.kms_key_arn
+  app_sg_id                 = data.aws_security_group.app_sg.id
   delete_protection_enabled = var.delete_protection_enabled
-  mongo_node_count    = var.mongo_node_count
-  mongo_instance_type = var.mongo_instance_type
-  mongousername       = var.mongousername
-  app_name            = var.app_name
+  mongo_node_count          = var.mongo_node_count
+  mongo_instance_type       = var.mongo_instance_type
+  mongousername             = var.mongousername
+  app_name                  = var.app_name
 }
 
 # Create IAM Roles/Policies
@@ -243,6 +243,10 @@ module "ecs_api_td" {
     {
       name  = "AWS_API_GATEWAY_URL"
       value = "${module.apigw.apigw_invoke_url}"
+    },
+    {
+      name  = "DEFAULT_USERS"
+      value = "${module.secrets_manager.default_users}"
     }
   ]
   secret_env_variables = module.secrets_manager.api_secrets

infrastructure/cloud/environments/test/main.tf

@@ -64,16 +64,16 @@ module "rds" {
 }
 
 module "mongodb" {
-  source              = "../../modules/MongoDocDB"
-  environment         = var.environment
-  data_subnets_ids    = module.subnets.data_subnets_ids
-  kms_key_id          = module.initial.kms_key_arn
-  app_sg_id           = data.aws_security_group.app_sg.id
+  source                    = "../../modules/MongoDocDB"
+  environment               = var.environment
+  data_subnets_ids          = module.subnets.data_subnets_ids
+  kms_key_id                = module.initial.kms_key_arn
+  app_sg_id                 = data.aws_security_group.app_sg.id
   delete_protection_enabled = var.delete_protection_enabled
-  mongo_node_count    = var.mongo_node_count
-  mongo_instance_type = var.mongo_instance_type
-  mongousername       = var.mongousername
-  app_name            = var.app_name
+  mongo_node_count          = var.mongo_node_count
+  mongo_instance_type       = var.mongo_instance_type
+  mongousername             = var.mongousername
+  app_name                  = var.app_name
 }
 
 # Create IAM Roles/Policies
@@ -242,6 +242,10 @@ module "ecs_api_td" {
     {
       name  = "AWS_API_GATEWAY_URL"
       value = "${module.apigw.apigw_invoke_url}"
+    },
+    {
+      name  = "DEFAULT_USERS"
+      value = "${module.secrets_manager.default_users}"
     }
   ]
   secret_env_variables = module.secrets_manager.api_secrets

infrastructure/cloud/modules/SecretsManager/output.tf

@@ -32,7 +32,6 @@ output "api_secrets" {
     ["DARS__Url", "${aws_secretsmanager_secret.dars_secret.arn}:baseUrl::"],
     ["DatabaseConnectionString", "${aws_secretsmanager_secret.database_secret.arn}:dbConnectionString::"],
     ["DataProtectionKeyEncryptionKey", "${aws_secretsmanager_secret.misc_secret.arn}:dataProtectionKeyEncryptionKey::"],
-    ["DEFAULT_USERS", "${aws_secretsmanager_secret.database_secret.arn}:defaultUsers::"],
     ["FileServicesClient__Username", "${aws_secretsmanager_secret.file_services_client_secret.arn}:username::"],
     ["FileServicesClient__Password", "${aws_secretsmanager_secret.file_services_client_secret.arn}:password::"],
     ["FileServicesClient__Url", "${aws_secretsmanager_secret.file_services_client_secret.arn}:baseUrl::"],
@@ -95,6 +94,10 @@ output "allowed_ip_ranges" {
   sensitive = true
 }
 
+output "default_users" {
+  value = jsonencode(jsondecode(data.aws_secretsmanager_secret_version.current_db_secret_value.secret_string)["defaultUsers"])
+}
+
 output "lambda_secrets" {
   value = {
     mtls                 = aws_secretsmanager_secret.mtls_cert_secret.name