Dobes Vandermeer created DRILL-6786:
---------------------------------------
Summary: Work with servers where you do not have full privileges
Key: DRILL-6786
URL: https://issues.apache.org/jira/browse/DRILL-6786
Project: Apache Drill
Issue Type: Improvement
Components: Storage - MongoDB
Affects Versions: 1.14.0
Reporter: Dobes Vandermeer
We have a mongo database hosted with mLab. When trying to connect to this
database, a couple of issues show up due to the lack of admin privileges on
that database.
Assuming I specify the full connection URL including the name of a database,
the connection fails with this in the logs:
2018-10-09 19:42:52,788 [2442fb44-f73b-1344-0359-125fcc386645:foreman] WARN
o.a.d.e.s.m.s.MongoSchemaFactory - Failure while loading databases in Mongo.
Command failed with error 13: 'not authorized on admin to execute command \{
listDatabases: 1, $db: "admin" }' on server
ds063555-a1.vvn97.fleet.mlab.com:63555. The full response is \{ "operationTime"
: { "$timestamp" : { "t" : 1539114172, "i" : 230 } }, "ok" : 0.0, "errmsg" :
"not authorized on admin to execute command \{ listDatabases: 1, $db: \"admin\"
}", "code" : 13, "codeName" : "Unauthorized", "$clusterTime" : \{ "clusterTime"
: { "$timestamp" : { "t" : 1539114172, "i" : 230 } }, "signature" : \{ "hash" :
{ "$binary" : "r3SzOhbP8Zgu9BSyWvGPBlPmrt8=", "$type" : "0" }, "keyId" : \{
"$numberLong" : "6608592120234115184" } } } }
If I don't specify the database name on the connection string, I get:
2018-10-09 19:22:26,144 [2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] INFO
o.a.drill.exec.work.foreman.Foreman - Query text for query id
2443000d-43b5-7cf3-e914-c27a7349fbf7: SHOW DATABASES 2018-10-09 19:22:56,147
[2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] WARN
o.a.d.e.s.m.s.MongoSchemaFactory - Failure while loading databases in Mongo.
Timed out after 30000 ms while waiting for a server that matches
ReadPreferenceServerSelector\{readPreference=primary}. Client view of cluster
state is \{type=REPLICA_SET,
servers=[{address=ds063555-a0.vvn97.fleet.mlab.com:63555, type=UNKNOWN,
state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception
authenticating MongoCredential{mechanism=null, userName='dobes',
source='admin', password=<hidden>, mechanismProperties={}}}, caused by
\{com.mongodb.MongoCommandException: Command failed with error 18:
'Authentication failed.' on server ds063555-a0.vvn97.fleet.mlab.com:63555. The
full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" :
18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" : {
"t" : 1539112946, "i" : 166 } }, "$clusterTime" : \{ "clusterTime" : {
"$timestamp" : { "t" : 1539112946, "i" : 166 } }, "signature" : \{ "hash" : {
"$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }, "keyId" : \{
"$numberLong" : "6608592120234115184" } } } }}},
\{address=ds063555-a1.vvn97.fleet.mlab.com:63555, type=UNKNOWN,
state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception
authenticating MongoCredential{mechanism=null, userName='dobes',
source='admin', password=<hidden>, mechanismProperties={}}}, caused by
\{com.mongodb.MongoCommandException: Command failed with error 18:
'Authentication failed.' on server ds063555-a1.vvn97.fleet.mlab.com:63555. The
full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" :
18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" : {
"t" : 1539112946, "i" : 166 } }, "$clusterTime" : \{ "clusterTime" : {
"$timestamp" : { "t" : 1539112946, "i" : 166 } }, "signature" : \{ "hash" : {
"$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }, "keyId" : \{
"$numberLong" : "6608592120234115184" } } } }}}] 2018-10-09 19:23:26,149
[2443000d-43b5-7cf3-e914-c27a7349fbf7:foreman] WARN
o.a.d.e.s.m.s.MongoSchemaFactory - Failure while getting collection names from
'formative'. Timed out after 30000 ms while waiting for a server that matches
ReadPreferenceServerSelector\{readPreference=primary}. Client view of cluster
state is \{type=REPLICA_SET,
servers=[{address=ds063555-a0.vvn97.fleet.mlab.com:63555, type=UNKNOWN,
state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception
authenticating MongoCredential{mechanism=null, userName='dobes',
source='admin', password=<hidden>, mechanismProperties={}}}, caused by
\{com.mongodb.MongoCommandException: Command failed with error 18:
'Authentication failed.' on server ds063555-a0.vvn97.fleet.mlab.com:63555. The
full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" :
18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" : {
"t" : 1539112946, "i" : 166 } }, "$clusterTime" : \{ "clusterTime" : {
"$timestamp" : { "t" : 1539112946, "i" : 166 } }, "signature" : \{ "hash" : {
"$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }, "keyId" : \{
"$numberLong" : "6608592120234115184" } } } }}},
\{address=ds063555-a1.vvn97.fleet.mlab.com:63555, type=UNKNOWN,
state=CONNECTING, exception={com.mongodb.MongoSecurityException: Exception
authenticating MongoCredential{mechanism=null, userName='dobes',
source='admin', password=<hidden>, mechanismProperties={}}}, caused by
\{com.mongodb.MongoCommandException: Command failed with error 18:
'Authentication failed.' on server ds063555-a1.vvn97.fleet.mlab.com:63555. The
full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" :
18, "codeName" : "AuthenticationFailed", "operationTime" : { "$timestamp" : {
"t" : 1539112946, "i" : 166 } }, "$clusterTime" : \{ "clusterTime" : {
"$timestamp" : { "t" : 1539112946, "i" : 166 } }, "signature" : \{ "hash" : {
"$binary" : "fSW8oqdPrR41ffVTL/Lv9/uZz6M=", "$type" : "0" }, "keyId" : \{
"$numberLong" : "6608592120234115184" } } } }}}]
mLab itself logs a message about the auth being rejected because the user
cannot access the "admin" database or somesuch.
I suggest that if the connection string specifies a database, the drill client
should forego listing off databases and expose only the database provided on
the URL.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
