From 06c3076c993b0414824fae7be8f31c7d2c44ef02 Mon Sep 17 00:00:00 2001
From: iLLiCiTiT <jakub.trllo@gmail.com>
Date: Fri, 1 Oct 2021 18:15:06 +0200
Subject: [PATCH] ssl certificate filepath is not added to mongo connection
 string but is added as argument to MongoClient

---
 igniter/tools.py | 31 +++++++++----------------------
 start.py         |  3 +--
 2 files changed, 10 insertions(+), 24 deletions(-)

diff --git a/igniter/tools.py b/igniter/tools.py
index ae680bf1f1..cb06fdaee2 100644
--- a/igniter/tools.py
+++ b/igniter/tools.py
@@ -16,7 +16,7 @@ from pymongo.errors import (
 )
 
 
-def add_certificate_path_to_mongo_url(mongo_url):
+def should_add_certificate_path_to_mongo_url(mongo_url):
     """Check if should add ca certificate to mongo url.
 
     Since 30.9.2021 cloud mongo requires newer certificates that are not
@@ -41,25 +41,7 @@ def add_certificate_path_to_mongo_url(mongo_url):
     # Check if url does already contain certificate path
     if add_certificate and "tlscafile" in lowered_query_keys:
         add_certificate = False
-
-    # Add certificate path to mongo url
-    if add_certificate:
-        path = parsed.path
-        if not path:
-            path = "/admin"
-        query = parsed.query
-        tls_query = "tlscafile={}".format(certifi.where())
-        if not query:
-            query = tls_query
-        else:
-            query = "&".join((query, tls_query))
-        new_url = ParseResult(
-            parsed.scheme, parsed.netloc, path,
-            parsed.params, query, parsed.fragment
-        )
-        mongo_url = new_url.geturl()
-
-    return mongo_url
+    return add_certificate
 
 
 def validate_mongo_connection(cnx: str) -> (bool, str):
@@ -80,7 +62,8 @@ def validate_mongo_connection(cnx: str) -> (bool, str):
         "serverSelectionTimeoutMS": 2000
     }
     # Add certificate path if should be required
-    cnx = add_certificate_path_to_mongo_url(cnx)
+    if should_add_certificate_path_to_mongo_url(cnx):
+        kwargs["ssl_ca_certs"] = certifi.where()
 
     try:
         client = MongoClient(cnx, **kwargs)
@@ -152,9 +135,13 @@ def get_openpype_global_settings(url: str) -> dict:
     Returns:
         dict: With settings data. Empty dictionary is returned if not found.
     """
+    kwargs = {}
+    if should_add_certificate_path_to_mongo_url(url):
+        kwargs["ssl_ca_certs"] = certifi.where()
+
     try:
         # Create mongo connection
-        client = MongoClient(url)
+        client = MongoClient(url, **kwargs)
         # Access settings collection
         col = client["openpype"]["settings"]
         # Query global settings
diff --git a/start.py b/start.py
index 6861355600..ada613b4eb 100644
--- a/start.py
+++ b/start.py
@@ -191,7 +191,6 @@ from igniter import BootstrapRepos  # noqa: E402
 from igniter.tools import (
     get_openpype_global_settings,
     get_openpype_path_from_db,
-    add_certificate_path_to_mongo_url,
     validate_mongo_connection
 )  # noqa
 from igniter.bootstrap_repos import OpenPypeVersion  # noqa: E402
@@ -584,7 +583,7 @@ def _determine_mongodb() -> str:
             except ValueError:
                 raise RuntimeError("Missing MongoDB url")
 
-    return add_certificate_path_to_mongo_url(openpype_mongo)
+    return openpype_mongo
 
 
 def _initialize_environment(openpype_version: OpenPypeVersion) -> None: