Patrick A. Mol created NIFI-12475: ------------------------------------- Summary: Bypass Validation property set to True returns Authorization error. Key: NIFI-12475 URL: https://issues.apache.org/jira/browse/NIFI-12475 Project: Apache NiFi Issue Type: Bug Affects Versions: 1.16.1 Environment: based on standard container apache/nifi from docker hub no customer processors. Reporter: Patrick A. Mol
Across a few versions of NiFi and Mongo, the use of PutMongoRecord suddenly stopped working and returned an error. Using a flowfile with one valid record, and on PutMongoRecord failure, sending the flowfile to SplitRecord and feeding it to PutMongo, using the same standard mongodb controller service, the insert would work without error. Turns out that the default setting for the PutMongoRecord property Bypass Validation isĀ {_}True{_}, which requires elevated privileges in Mongo. Changing the property to False allows insert without error. The error text is {noformat} PutMongoRecord[id=018b1026-a670-1590-7941-b6978c972dc6] PutMongoRecord failed with error:: com.mongodb.MongoCommandException: Command failed with error 13 (Unauthorized): 'not authorized on MONGO_DATABASE_NAME to execute command { insert: "COLLECTION_NAME", ordered: false, bypassDocumentValidation: true, txnNumber: 1, $db: "MONGO_DATABASE_NAME", $clusterTime: { clusterTime: Timestamp(1701736623, 1), signature: { hash: BinData(0, 62B24A36869A7FAF07C7798019F072CC764E8A9D), keyId: 7264286828646105928 } }, lsid: { id: UUID("722347df-2349-4ec5-88f2-867a946d9614") } }' on server MONGODB_URI_WITH_PORTNUMBER. The full response is {"ok": 0.0, "errmsg": "not authorized on MONGO_DATABASE_NAME to execute command { insert: \"COLLECTION_NAME\", ordered: false, bypassDocumentValidation: true, txnNumber: 1, $db: \"MONGO_DATABASE_NAME\", $clusterTime: { clusterTime: Timestamp(1701736623, 1), signature: { hash: BinData(0, 62B24A36869A7FAF07C7798019F072CC764E8A9D), keyId: 7264286828646105928 } }, lsid: { id: UUID(\"722347df-2349-4ec5-88f2-867a946d9614\") } }", "code": 13, "codeName": "Unauthorized", "$clusterTime": {"clusterTime": {"$timestamp": {"t": 1701736623, "i": 1}}, "signature": {"hash": {"$binary": {"base64": "YrJKNoaaf68Hx3mAGfByzHZOip0=", "subType": "00"}}, "keyId": 7264286828646105928}}, "operationTime": {"$timestamp": {"t": 1701736623, "i": 1}}} {noformat} Apparently, PutMongo does not use the same setting for the bypass document validation flag, so there is an inconsistency. Other libraries/tools, e.g. pymongo insert_many(), also default to False. Details regarding the privilege in MongoDB are here https://www.mongodb.com/docs/manual/reference/privilege-actions/#mongodb-authaction-bypassDocumentValidation With the privilege requiring a custom role in MongoDB, it is debatable whether the default setting to True is a bug or changing it to False is an improvement. At least the error and resolution is recorded. -- This message was sent by Atlassian Jira (v8.20.10#820010)