[
https://issues.apache.org/jira/browse/NIFI-12475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-12475:
------------------------------------
Labels: (was: backport-needed)
> Disable Bypass Validation by Default in PutMongoRecord
> ------------------------------------------------------
>
> Key: NIFI-12475
> URL: https://issues.apache.org/jira/browse/NIFI-12475
> Project: Apache NiFi
> Issue Type: Bug
> Affects Versions: 2.0.0-M1, 1.16.1, 1.24.0
> Environment: based on standard container apache/nifi from docker hub
> no customer processors.
> Reporter: Patrick A. Mol
> Assignee: David Handermann
> Priority: Minor
>
> Across a few versions of NiFi and Mongo,
> the use of PutMongoRecord suddenly stopped working and returned an error.
> Using a flowfile with one valid record, and on PutMongoRecord failure,
> sending the flowfile to SplitRecord and feeding it to PutMongo, using the
> same standard mongodb controller service, the insert would work without error.
> Turns out that the default setting for the PutMongoRecord property Bypass
> Validation isĀ {_}True{_}, which requires elevated privileges in Mongo.
> Changing the property to False allows insert without error.
> The error text is
> {noformat}
> PutMongoRecord[id=018b1026-a670-1590-7941-b6978c972dc6] PutMongoRecord failed
> with error:: com.mongodb.MongoCommandException: Command failed with error 13
> (Unauthorized): 'not authorized on MONGO_DATABASE_NAME to execute command {
> insert: "COLLECTION_NAME", ordered: false, bypassDocumentValidation: true,
> txnNumber: 1, $db: "MONGO_DATABASE_NAME", $clusterTime: { clusterTime:
> Timestamp(1701736623, 1), signature: { hash: BinData(0,
> 62B24A36869A7FAF07C7798019F072CC764E8A9D), keyId: 7264286828646105928 } },
> lsid: { id: UUID("722347df-2349-4ec5-88f2-867a946d9614") } }' on server
> MONGODB_URI_WITH_PORTNUMBER. The full response is {"ok": 0.0, "errmsg": "not
> authorized on MONGO_DATABASE_NAME to execute command { insert:
> \"COLLECTION_NAME\", ordered: false, bypassDocumentValidation: true,
> txnNumber: 1, $db: \"MONGO_DATABASE_NAME\", $clusterTime: { clusterTime:
> Timestamp(1701736623, 1), signature: { hash: BinData(0,
> 62B24A36869A7FAF07C7798019F072CC764E8A9D), keyId: 7264286828646105928 } },
> lsid: { id: UUID(\"722347df-2349-4ec5-88f2-867a946d9614\") } }", "code": 13,
> "codeName": "Unauthorized", "$clusterTime": {"clusterTime": {"$timestamp":
> {"t": 1701736623, "i": 1}}, "signature": {"hash": {"$binary": {"base64":
> "YrJKNoaaf68Hx3mAGfByzHZOip0=", "subType": "00"}}, "keyId":
> 7264286828646105928}}, "operationTime": {"$timestamp": {"t": 1701736623, "i":
> 1}}}
> {noformat}
> Apparently, PutMongo does not use the same setting for the bypass document
> validation flag, so there is an inconsistency.
> Other libraries/tools, e.g. pymongo insert_many(), also default to False.
> Details regarding the privilege in MongoDB are here
> https://www.mongodb.com/docs/manual/reference/privilege-actions/#mongodb-authaction-bypassDocumentValidation
> With the privilege requiring a custom role in MongoDB, it is debatable
> whether the default setting to True is a bug or changing it to False is an
> improvement.
> At least the error and resolution is recorded.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
