From 376882d9b9638c1d9d56a4846ac8a270c88ab488 Mon Sep 17 00:00:00 2001 From: Le Zhang Date: Thu, 1 Aug 2024 13:49:11 -0400 Subject: [PATCH] Issue open-horizon#153 - Support auth when connect to mongodb Signed-off-by: Le Zhang --- common/config.go | 14 ++++++++++++++ core/storage/mongoStorage.go | 16 ++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/common/config.go b/common/config.go index 4e2a159..86e1e12 100644 --- a/common/config.go +++ b/common/config.go @@ -49,6 +49,13 @@ const ( // DefaultLogTraceFileSize default value for log and trace file size in KB const DefaultLogTraceFileSize = 20000 +// AuthMechanism that MongoDB supports +const ( + MongoDBAuthMechanism_SHA256 = "SCRAM-SHA-256" // MongoDB 4.0 or later + MongoDBAuthMechanism_SHA1 = "SCRAM-SHA-1" // MongoDB 3.0, 3.2, 3.4, and 3.6 + MongoDBAuthMechanism_X509 = "MONGODB-X509" // TLS with X.509 certificates +) + // Config contains the parsed contents of the configuration file type Config struct { // NodeType specifies whether this node is a CSS or ESS @@ -286,6 +293,12 @@ type Config struct { // MongoAddressCsv specifies one or more addresses of the mongo database MongoAddressCsv string `env:"MONGO_ADDRESS_CSV"` + // MongoAuthMechanism specifies the auth mechanism for mongo client to use + // MongoDB 4.0 or later: SCRAM-SHA-256 + // MongoDB 3.0, 3.2, 3.4, and 3.6: SCRAM-SHA-1 + // TLS with X.509 certificates: MONGODB-X509 + MongoAuthMechanism string `env:"MONGO_AUTH_MECHANISM"` + // MongoAuthDbName specifies the name of the database used to establish credentials and privileges MongoAuthDbName string `env:"MONGO_AUTH_DB_NAME"` @@ -745,6 +758,7 @@ func SetDefaultConfig(config *Config) { config.MaxDataChunkSize = 5120 * 1024 config.MaxInflightChunks = 1 config.MongoAddressCsv = "mongodb://localhost:27017" + config.MongoAuthMechanism = MongoDBAuthMechanism_SHA256 config.MongoDbName = "d_edge" config.MongoAuthDbName = "admin" config.MongoUsername = "" diff --git a/core/storage/mongoStorage.go b/core/storage/mongoStorage.go index 0bad184..c643979 100644 --- a/core/storage/mongoStorage.go +++ b/core/storage/mongoStorage.go @@ -142,6 +142,16 @@ func (store *MongoStorage) Init() common.SyncServiceError { } // Set up MongoDB client options clientOptions := options.Client().ApplyURI(common.Configuration.MongoAddressCsv) + if common.Configuration.MongoAuthMechanism != "" && common.Configuration.MongoAuthDbName != "" && common.Configuration.MongoUsername != "" && common.Configuration.MongoPassword != "" { + credential := options.Credential{ + AuthMechanism: common.Configuration.MongoAuthMechanism, + AuthSource: common.Configuration.MongoAuthDbName, + Username: common.Configuration.MongoUsername, + Password: common.Configuration.MongoPassword, + } + clientOptions = clientOptions.SetAuth(credential) + } + ctx, cancel := context.WithTimeout(context.Background(), time.Duration(20*time.Second)) defer cancel() @@ -201,6 +211,12 @@ func (store *MongoStorage) Init() common.SyncServiceError { } } + + if mongoClient == nil { + message := fmt.Sprintf("Failed to connect to mongo Error was: %v", err.Error()) + return &Error{message} + } + if err = mongoClient.Ping(ctx, nil); err != nil { message := fmt.Sprintf("Failed to ping mgo. Error: %s.", err) return &Error{message}