[ https://issues.apache.org/jira/browse/NIFI-12475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann updated NIFI-12475: ------------------------------------ Labels: (was: backport-needed) > Disable Bypass Validation by Default in PutMongoRecord > ------------------------------------------------------ > > Key: NIFI-12475 > URL: https://issues.apache.org/jira/browse/NIFI-12475 > Project: Apache NiFi > Issue Type: Bug > Affects Versions: 2.0.0-M1, 1.16.1, 1.24.0 > Environment: based on standard container apache/nifi from docker hub > no customer processors. > Reporter: Patrick A. Mol > Assignee: David Handermann > Priority: Minor > > Across a few versions of NiFi and Mongo, > the use of PutMongoRecord suddenly stopped working and returned an error. > Using a flowfile with one valid record, and on PutMongoRecord failure, > sending the flowfile to SplitRecord and feeding it to PutMongo, using the > same standard mongodb controller service, the insert would work without error. > Turns out that the default setting for the PutMongoRecord property Bypass > Validation isĀ {_}True{_}, which requires elevated privileges in Mongo. > Changing the property to False allows insert without error. > The error text is > {noformat} > PutMongoRecord[id=018b1026-a670-1590-7941-b6978c972dc6] PutMongoRecord failed > with error:: com.mongodb.MongoCommandException: Command failed with error 13 > (Unauthorized): 'not authorized on MONGO_DATABASE_NAME to execute command { > insert: "COLLECTION_NAME", ordered: false, bypassDocumentValidation: true, > txnNumber: 1, $db: "MONGO_DATABASE_NAME", $clusterTime: { clusterTime: > Timestamp(1701736623, 1), signature: { hash: BinData(0, > 62B24A36869A7FAF07C7798019F072CC764E8A9D), keyId: 7264286828646105928 } }, > lsid: { id: UUID("722347df-2349-4ec5-88f2-867a946d9614") } }' on server > MONGODB_URI_WITH_PORTNUMBER. The full response is {"ok": 0.0, "errmsg": "not > authorized on MONGO_DATABASE_NAME to execute command { insert: > \"COLLECTION_NAME\", ordered: false, bypassDocumentValidation: true, > txnNumber: 1, $db: \"MONGO_DATABASE_NAME\", $clusterTime: { clusterTime: > Timestamp(1701736623, 1), signature: { hash: BinData(0, > 62B24A36869A7FAF07C7798019F072CC764E8A9D), keyId: 7264286828646105928 } }, > lsid: { id: UUID(\"722347df-2349-4ec5-88f2-867a946d9614\") } }", "code": 13, > "codeName": "Unauthorized", "$clusterTime": {"clusterTime": {"$timestamp": > {"t": 1701736623, "i": 1}}, "signature": {"hash": {"$binary": {"base64": > "YrJKNoaaf68Hx3mAGfByzHZOip0=", "subType": "00"}}, "keyId": > 7264286828646105928}}, "operationTime": {"$timestamp": {"t": 1701736623, "i": > 1}}} > {noformat} > Apparently, PutMongo does not use the same setting for the bypass document > validation flag, so there is an inconsistency. > Other libraries/tools, e.g. pymongo insert_many(), also default to False. > Details regarding the privilege in MongoDB are here > https://www.mongodb.com/docs/manual/reference/privilege-actions/#mongodb-authaction-bypassDocumentValidation > With the privilege requiring a custom role in MongoDB, it is debatable > whether the default setting to True is a bug or changing it to False is an > improvement. > At least the error and resolution is recorded. -- This message was sent by Atlassian Jira (v8.20.10#820010)