Merge pull request open-horizon#152 from LiilyZhang/zhangl/mongoAuth

Add auth support to connect mongodb
LiilyZhang · Aug 2, 2024 · 1dbcb25 · 1dbcb25
2 parents dabec2b + 376882d
commit 1dbcb25
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/common/config.go b/common/config.go
@@ -49,6 +49,13 @@ const (
 // DefaultLogTraceFileSize default value for log and trace file size in KB
 const DefaultLogTraceFileSize = 20000
 
+// AuthMechanism that MongoDB supports
+const (
+	MongoDBAuthMechanism_SHA256 = "SCRAM-SHA-256" // MongoDB 4.0 or later
+	MongoDBAuthMechanism_SHA1   = "SCRAM-SHA-1"   // MongoDB 3.0, 3.2, 3.4, and 3.6
+	MongoDBAuthMechanism_X509   = "MONGODB-X509"  // TLS with X.509 certificates
+)
+
 // Config contains the parsed contents of the configuration file
 type Config struct {
 	// NodeType specifies whether this node is a CSS or ESS
@@ -286,6 +293,12 @@ type Config struct {
 	// MongoAddressCsv specifies one or more addresses of the mongo database
 	MongoAddressCsv string `env:"MONGO_ADDRESS_CSV"`
 
+	// MongoAuthMechanism specifies the auth mechanism for mongo client to use
+	// MongoDB 4.0 or later: SCRAM-SHA-256
+	// MongoDB 3.0, 3.2, 3.4, and 3.6: SCRAM-SHA-1
+	// TLS with X.509 certificates: MONGODB-X509
+	MongoAuthMechanism string `env:"MONGO_AUTH_MECHANISM"`
+
 	// MongoAuthDbName specifies the name of the database used to establish credentials and privileges
 	MongoAuthDbName string `env:"MONGO_AUTH_DB_NAME"`
 
@@ -745,6 +758,7 @@ func SetDefaultConfig(config *Config) {
 	config.MaxDataChunkSize = 5120 * 1024
 	config.MaxInflightChunks = 1
 	config.MongoAddressCsv = "mongodb://localhost:27017"
+	config.MongoAuthMechanism = MongoDBAuthMechanism_SHA256
 	config.MongoDbName = "d_edge"
 	config.MongoAuthDbName = "admin"
 	config.MongoUsername = ""

diff --git a/core/storage/mongoStorage.go b/core/storage/mongoStorage.go
@@ -142,6 +142,16 @@ func (store *MongoStorage) Init() common.SyncServiceError {
 	}
 	// Set up MongoDB client options
 	clientOptions := options.Client().ApplyURI(common.Configuration.MongoAddressCsv)
+	if common.Configuration.MongoAuthMechanism != "" && common.Configuration.MongoAuthDbName != "" && common.Configuration.MongoUsername != "" && common.Configuration.MongoPassword != "" {
+		credential := options.Credential{
+			AuthMechanism: common.Configuration.MongoAuthMechanism,
+			AuthSource:    common.Configuration.MongoAuthDbName,
+			Username:      common.Configuration.MongoUsername,
+			Password:      common.Configuration.MongoPassword,
+		}
+		clientOptions = clientOptions.SetAuth(credential)
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(20*time.Second))
 	defer cancel()
 
@@ -201,6 +211,12 @@ func (store *MongoStorage) Init() common.SyncServiceError {
 		}
 
 	}
+
+	if mongoClient == nil {
+		message := fmt.Sprintf("Failed to connect to mongo Error was: %v", err.Error())
+		return &Error{message}
+	}
+
 	if err = mongoClient.Ping(ctx, nil); err != nil {
 		message := fmt.Sprintf("Failed to ping mgo. Error: %s.", err)
 		return &Error{message}