From 2cb6d7aebfb0486b73aa4e8cb047897746f5fde1 Mon Sep 17 00:00:00 2001 From: Tom Owers Date: Mon, 22 Sep 2025 15:24:59 -0700 Subject: [PATCH] fix(data-warehouse): Setup SSL for mongo connections (#38368) --- posthog/temporal/data_imports/sources/mongodb/mongo.py | 5 ++++- pyproject.toml | 1 + uv.lock | 10 ++++++---- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/posthog/temporal/data_imports/sources/mongodb/mongo.py b/posthog/temporal/data_imports/sources/mongodb/mongo.py index 7ba1478972..ec421ef8e9 100644 --- a/posthog/temporal/data_imports/sources/mongodb/mongo.py +++ b/posthog/temporal/data_imports/sources/mongodb/mongo.py @@ -6,6 +6,7 @@ import collections from collections.abc import Iterator from typing import Any, Optional +import certifi from bson import ObjectId from dlt.common.normalizers.naming.snake_case import NamingConvention from pymongo import MongoClient @@ -99,7 +100,9 @@ def mongo_client(connection_string: str, connection_params: dict[str, Any]) -> I """Yield a MongoDB client with the given parameters.""" # For SRV connections, use the full connection string if connection_params["is_srv"]: - client: MongoClient = MongoClient(connection_string, serverSelectionTimeoutMS=10000) + client: MongoClient = MongoClient( + connection_string, serverSelectionTimeoutMS=10000, tls=True, tlsCAFile=certifi.where() + ) try: yield client finally: diff --git a/pyproject.toml b/pyproject.toml index 8e8637448d..47e74de481 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -14,6 +14,7 @@ dependencies = [ "brotli==1.1.0", "celery==5.3.4", "celery-redbeat==2.1.1", + "certifi==2025.8.3", "clickhouse-connect==0.8.17", "clickhouse-driver==0.2.9", "clickhouse-pool==0.5.3", diff --git a/uv.lock b/uv.lock index 65a2e5792b..2de1c9294d 100644 --- a/uv.lock +++ b/uv.lock @@ -1,5 +1,5 @@ version = 1 -revision = 3 +revision = 2 requires-python = "==3.11.*" [[package]] @@ -630,11 +630,11 @@ wheels = [ [[package]] name = "certifi" -version = "2025.4.26" +version = "2025.8.3" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/e8/9e/c05b3920a3b7d20d3d3310465f50348e5b3694f4f88c6daf736eef3024c4/certifi-2025.4.26.tar.gz", hash = "sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6", size = 160705, upload-time = "2025-04-26T02:12:29.51Z" } +sdist = { url = "https://files.pythonhosted.org/packages/dc/67/960ebe6bf230a96cda2e0abcf73af550ec4f090005363542f0765df162e0/certifi-2025.8.3.tar.gz", hash = "sha256:e564105f78ded564e3ae7c923924435e1daa7463faeab5bb932bc53ffae63407", size = 162386, upload-time = "2025-08-03T03:07:47.08Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/4a/7e/3db2bd1b1f9e95f7cddca6d6e75e2f2bd9f51b1246e546d88addca0106bd/certifi-2025.4.26-py3-none-any.whl", hash = "sha256:30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3", size = 159618, upload-time = "2025-04-26T02:12:27.662Z" }, + { url = "https://files.pythonhosted.org/packages/e5/48/1549795ba7742c948d2ad169c1c8cdbae65bc450d6cd753d124b17c8cd32/certifi-2025.8.3-py3-none-any.whl", hash = "sha256:f6c12493cfb1b06ba2ff328595af9350c65d6644968e5d3a2ffd78699af217a5", size = 161216, upload-time = "2025-08-03T03:07:45.777Z" }, ] [[package]] @@ -4064,6 +4064,7 @@ dependencies = [ { name = "brotli" }, { name = "celery" }, { name = "celery-redbeat" }, + { name = "certifi" }, { name = "chdb" }, { name = "claude-code-sdk" }, { name = "clickhouse-connect" }, @@ -4294,6 +4295,7 @@ requires-dist = [ { name = "brotli", specifier = "==1.1.0" }, { name = "celery", specifier = "==5.3.4" }, { name = "celery-redbeat", specifier = "==2.1.1" }, + { name = "certifi", specifier = "==2025.8.3" }, { name = "chdb", specifier = "==3.3.0" }, { name = "claude-code-sdk", specifier = ">=0.0.14" }, { name = "clickhouse-connect", specifier = "==0.8.17" },