Uploaded image for project: 'Apache Drill'
  1. Apache Drill
  2. DRILL-6786

Work with servers where you do not have full privileges

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.14.0
    • Fix Version/s: None
    • Component/s: Storage - MongoDB
    • Labels:
      None

      Description

      We have a mongo database hosted with mLab.  When trying to connect to this database, a couple of issues show up due to the lack of admin privileges on that database.

      Assuming I specify the full connection URL including the name of a database, the connection fails with this in the logs:

       

      2018-10-09 19:42:52,788 [2442fb44-f73b-1344-0359-125fcc386645:foreman] WARN o.a.d.e.s.m.s.MongoSchemaFactory - Failure while loading databases in Mongo. Command failed with error 13: 'not authorized on admin to execute command { listDatabases: 1, $db: "admin" }' on server ds063555-a1.vvn97.fleet.mlab.com:63555. The full response is { "operationTime" : { "$timestamp" :
      { "t" : 1539114172, "i" : 230 }
      }, "ok" : 0.0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1, $db: \"admin\" }", "code" : 13, "codeName" : "Unauthorized", "$clusterTime" : { "clusterTime" : { "$timestamp" :
      { "t" : 1539114172, "i" : 230 }
      }, "signature" : { "hash" :
      { "$binary" : "r3SzOhbP8Zgu9BSyWvGPBlPmrt8=", "$type" : "0" }
      , "keyId" : { "$numberLong" : "6608592120234115184" } } } }
       
      

       

      If I don't specify the database name on the connection string, I get:

       

      2018-10-09 19:22:26,144 [2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] INFO o.a.drill.exec.work.foreman.Foreman - Query text for query id 2443000d-43b5-7cf3-e914-c27a7349fbf7: SHOW DATABASES 2018-10-09 19:22:56,147 [2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] WARN o.a.d.e.s.m.s.MongoSchemaFactory - Failure while loading databases in Mongo. Timed out after 30000 ms while waiting for a server that matches ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster state is {type=REPLICA_SET, servers=[{address=ds063555-a0.vvn97.fleet.mlab.com:63555, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='dobes', source='admin', password=<hidden>, mechanismProperties={}}}, caused by {com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server ds063555-a0.vvn97.fleet.mlab.com:63555. The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" :
      { "t" : 1539112946, "i" : 166 }
      }, "$clusterTime" : { "clusterTime" : { "$timestamp" :
      { "t" : 1539112946, "i" : 166 }
      }, "signature" : { "hash" :
      { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }
      , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}, {address=ds063555-a1.vvn97.fleet.mlab.com:63555, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='dobes', source='admin', password=<hidden>, mechanismProperties={}}}, caused by {com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server ds063555-a1.vvn97.fleet.mlab.com:63555. The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" :
      { "t" : 1539112946, "i" : 166 }
      }, "$clusterTime" : { "clusterTime" : { "$timestamp" :
      { "t" : 1539112946, "i" : 166 }
      }, "signature" : { "hash" :
      { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }
      , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}] 2018-10-09 19:23:26,149 [2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] WARN o.a.d.e.s.m.s.MongoSchemaFactory - Failure while getting collection names from 'formative'. Timed out after 30000 ms while waiting for a server that matches ReadPreferenceServerSelector{readPreference=primary}. Client view of cluster state is {type=REPLICA_SET, servers=[{address=ds063555-a0.vvn97.fleet.mlab.com:63555, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='dobes', source='admin', password=<hidden>, mechanismProperties={}}}, caused by {com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server ds063555-a0.vvn97.fleet.mlab.com:63555. The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" :
      { "t" : 1539112946, "i" : 166 }
      }, "$clusterTime" : { "clusterTime" : { "$timestamp" :
      { "t" : 1539112946, "i" : 166 }
      }, "signature" : { "hash" :
      { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }
      , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}, {address=ds063555-a1.vvn97.fleet.mlab.com:63555, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='dobes', source='admin', password=<hidden>, mechanismProperties={}}}, caused by {com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server ds063555-a1.vvn97.fleet.mlab.com:63555. The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" :
      { "t" : 1539112946, "i" : 166 }
      }, "$clusterTime" : { "clusterTime" : { "$timestamp" :
      { "t" : 1539112946, "i" : 166 }
      }, "signature" : { "hash" :
      { "$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }
      , "keyId" : { "$numberLong" : "6608592120234115184" } } } }}}]
      

       

      mLab itself logs a message about the auth being rejected because the user cannot access the "admin" database or somesuch.

      I suggest that if the connection string specifies a database, the drill client should forego listing off databases and expose only the database provided on the URL.

       Since mLab has a free plan, it shouldn't be too hard to sign up and try this out yourself for testing purposes.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              dobesv Dobes Vandermeer
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: