[jira] [Updated] (DRILL-6786) Work with mongodb servers where you do not have full privileges

Fri, 07 Feb 2020 17:13:00 -0800 


     [ 
https://issues.apache.org/jira/browse/DRILL-6786?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Dobes Vandermeer updated DRILL-6786:
------------------------------------
    Summary: Work with mongodb servers where you do not have full privileges  
(was: Work with servers where you do not have full privileges)

> Work with mongodb servers where you do not have full privileges
> ---------------------------------------------------------------
>
>                 Key: DRILL-6786
>                 URL: https://issues.apache.org/jira/browse/DRILL-6786
>             Project: Apache Drill
>          Issue Type: Improvement
>          Components: Storage - MongoDB
>    Affects Versions: 1.14.0
>            Reporter: Dobes Vandermeer
>            Priority: Major
>
> We have a mongo database hosted with mLab.  When trying to connect to this 
> database, a couple of issues show up due to the lack of admin privileges on 
> that database.
> Assuming I specify the full connection URL including the name of a database, 
> the connection fails with this in the logs:
>  
> {code:java}
> 2018-10-09 19:42:52,788 [2442fb44-f73b-1344-0359-125fcc386645:foreman] WARN 
> o.a.d.e.s.m.s.MongoSchemaFactory - Failure while loading databases in Mongo. 
> Command failed with error 13: 'not authorized on admin to execute command { 
> listDatabases: 1, $db: "admin" }' on server 
> ds063555-a1.vvn97.fleet.mlab.com:63555. The full response is { 
> "operationTime" : { "$timestamp" :
> { "t" : 1539114172, "i" : 230 }
> }, "ok" : 0.0, "errmsg" : "not authorized on admin to execute command { 
> listDatabases: 1, $db: \"admin\" }", "code" : 13, "codeName" : 
> "Unauthorized", "$clusterTime" : { "clusterTime" : { "$timestamp" :
> { "t" : 1539114172, "i" : 230 }
> }, "signature" : { "hash" :
> { "$binary" : "r3SzOhbP8Zgu9BSyWvGPBlPmrt8=", "$type" : "0" }
> , "keyId" : { "$numberLong" : "6608592120234115184" } } } }
>  
> {code}
>  
> If I don't specify the database name on the connection string, I get:
>  
> {code:java}
> 2018-10-09 19:22:26,144 [2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] INFO 
> o.a.drill.exec.work.foreman.Foreman - Query text for query id 
> 2443000d-43b5-7cf3-e914-c27a7349fbf7: SHOW DATABASES 2018-10-09 19:22:56,147 
> [2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] WARN 
> o.a.d.e.s.m.s.MongoSchemaFactory - Failure while loading databases in Mongo. 
> Timed out after 30000 ms while waiting for a server that matches 
> ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster 
> state is {type=REPLICA_SET, 
> servers=[{address=ds063555-a0.vvn97.fleet.mlab.com:63555, type=UNKNOWN, 
> state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception 
> authenticating MongoCredential{mechanism=null, userName='dobes', 
> source='admin', password=<hidden>, mechanismProperties={}}}, caused by 
> {com.mongodb.MongoCommandException: Command failed with error 18: 
> 'Authentication failed.' on server ds063555-a0.vvn97.fleet.mlab.com:63555. 
> The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", 
> "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { 
> "$timestamp" :
> { "t" : 1539112946, "i" : 166 }
> }, "$clusterTime" : { "clusterTime" : { "$timestamp" :
> { "t" : 1539112946, "i" : 166 }
> }, "signature" : { "hash" :
> { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }
> , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}, 
> {address=ds063555-a1.vvn97.fleet.mlab.com:63555, type=UNKNOWN, 
> state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception 
> authenticating MongoCredential{mechanism=null, userName='dobes', 
> source='admin', password=<hidden>, mechanismProperties={}}}, caused by 
> {com.mongodb.MongoCommandException: Command failed with error 18: 
> 'Authentication failed.' on server ds063555-a1.vvn97.fleet.mlab.com:63555. 
> The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", 
> "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { 
> "$timestamp" :
> { "t" : 1539112946, "i" : 166 }
> }, "$clusterTime" : { "clusterTime" : { "$timestamp" :
> { "t" : 1539112946, "i" : 166 }
> }, "signature" : { "hash" :
> { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }
> , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}] 2018-10-09 
> 19:23:26,149 [2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] WARN 
> o.a.d.e.s.m.s.MongoSchemaFactory - Failure while getting collection names 
> from 'formative'. Timed out after 30000 ms while waiting for a server that 
> matches ReadPreferenceServerSelector{readPreference=primary}. Client view of 
> cluster state is {type=REPLICA_SET, 
> servers=[{address=ds063555-a0.vvn97.fleet.mlab.com:63555, type=UNKNOWN, 
> state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception 
> authenticating MongoCredential{mechanism=null, userName='dobes', 
> source='admin', password=<hidden>, mechanismProperties={}}}, caused by 
> {com.mongodb.MongoCommandException: Command failed with error 18: 
> 'Authentication failed.' on server ds063555-a0.vvn97.fleet.mlab.com:63555. 
> The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", 
> "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { 
> "$timestamp" :
> { "t" : 1539112946, "i" : 166 }
> }, "$clusterTime" : { "clusterTime" : { "$timestamp" :
> { "t" : 1539112946, "i" : 166 }
> }, "signature" : { "hash" :
> { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }
> , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}, 
> {address=ds063555-a1.vvn97.fleet.mlab.com:63555, type=UNKNOWN, 
> state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception 
> authenticating MongoCredential{mechanism=null, userName='dobes', 
> source='admin', password=<hidden>, mechanismProperties={}}}, caused by 
> {com.mongodb.MongoCommandException: Command failed with error 18: 
> 'Authentication failed.' on server ds063555-a1.vvn97.fleet.mlab.com:63555. 
> The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", 
> "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { 
> "$timestamp" :
> { "t" : 1539112946, "i" : 166 }
> }, "$clusterTime" : { "clusterTime" : { "$timestamp" :
> { "t" : 1539112946, "i" : 166 }
> }, "signature" : { "hash" :
> { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }
> , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}]
> {code}
>  
> mLab itself logs a message about the auth being rejected because the user 
> cannot access the "admin" database or somesuch.
> I suggest that if the connection string specifies a database, the drill 
> client should forego listing off databases and expose only the database 
> provided on the URL.
>  Since mLab has a free plan, it shouldn't be too hard to sign up and try this 
> out yourself for testing purposes.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to