Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
1.14.0
-
None
-
None
Description
We have a mongo database hosted with mLab. When trying to connect to this database, a couple of issues show up due to the lack of admin privileges on that database.
Assuming I specify the full connection URL including the name of a database, the connection fails with this in the logs:
2018-10-09 19:42:52,788 [2442fb44-f73b-1344-0359-125fcc386645:foreman] WARN o.a.d.e.s.m.s.MongoSchemaFactory - Failure while loading databases in Mongo. Command failed with error 13: 'not authorized on admin to execute command { listDatabases: 1, $db: "admin" }' on server ds063555-a1.vvn97.fleet.mlab.com:63555. The full response is { "operationTime" : { "$timestamp" : { "t" : 1539114172, "i" : 230 } }, "ok" : 0.0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1, $db: \"admin\" }", "code" : 13, "codeName" : "Unauthorized", "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1539114172, "i" : 230 } }, "signature" : { "hash" : { "$binary" : "r3SzOhbP8Zgu9BSyWvGPBlPmrt8=", "$type" : "0" } , "keyId" : { "$numberLong" : "6608592120234115184" } } } }
If I don't specify the database name on the connection string, I get:
2018-10-09 19:22:26,144 [2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] INFO o.a.drill.exec.work.foreman.Foreman - Query text for query id 2443000d-43b5-7cf3-e914-c27a7349fbf7: SHOW DATABASES 2018-10-09 19:22:56,147 [2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] WARN o.a.d.e.s.m.s.MongoSchemaFactory - Failure while loading databases in Mongo. Timed out after 30000 ms while waiting for a server that matches ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster state is {type=REPLICA_SET, servers=[{address=ds063555-a0.vvn97.fleet.mlab.com:63555, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='dobes', source='admin', password=<hidden>, mechanismProperties={}}}, caused by {com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server ds063555-a0.vvn97.fleet.mlab.com:63555. The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" : { "t" : 1539112946, "i" : 166 } }, "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1539112946, "i" : 166 } }, "signature" : { "hash" : { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" } , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}, {address=ds063555-a1.vvn97.fleet.mlab.com:63555, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='dobes', source='admin', password=<hidden>, mechanismProperties={}}}, caused by {com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server ds063555-a1.vvn97.fleet.mlab.com:63555. The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" : { "t" : 1539112946, "i" : 166 } }, "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1539112946, "i" : 166 } }, "signature" : { "hash" : { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" } , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}] 2018-10-09 19:23:26,149 [2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] WARN o.a.d.e.s.m.s.MongoSchemaFactory - Failure while getting collection names from 'formative'. Timed out after 30000 ms while waiting for a server that matches ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster state is {type=REPLICA_SET, servers=[{address=ds063555-a0.vvn97.fleet.mlab.com:63555, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='dobes', source='admin', password=<hidden>, mechanismProperties={}}}, caused by {com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server ds063555-a0.vvn97.fleet.mlab.com:63555. The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" : { "t" : 1539112946, "i" : 166 } }, "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1539112946, "i" : 166 } }, "signature" : { "hash" : { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" } , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}, {address=ds063555-a1.vvn97.fleet.mlab.com:63555, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='dobes', source='admin', password=<hidden>, mechanismProperties={}}}, caused by {com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server ds063555-a1.vvn97.fleet.mlab.com:63555. The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" : { "t" : 1539112946, "i" : 166 } }, "$clusterTime" : { "clusterTime" : { "$timestamp" : { "t" : 1539112946, "i" : 166 } }, "signature" : { "hash" : { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" } , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}]
mLab itself logs a message about the auth being rejected because the user cannot access the "admin" database or somesuch.
I suggest that if the connection string specifies a database, the drill client should forego listing off databases and expose only the database provided on the URL.
Since mLab has a free plan, it shouldn't be too hard to sign up and try this out yourself for testing purposes.