Issue open-horizon#153 - Support auth when connect to mongodb

Signed-off-by: Le Zhang <zhangl@us.ibm.com>
LiilyZhang · Aug 1, 2024 · bc832bd · bc832bd
1 parent dabec2b
commit bc832bd
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/common/config.go b/common/config.go
@@ -49,6 +49,13 @@ const (
 // DefaultLogTraceFileSize default value for log and trace file size in KB
 const DefaultLogTraceFileSize = 20000
 
+// AuthMechanism that MongoDB supports
+const (
+	MongoDBAuthMechanism_SHA256 = "SCRAM-SHA-256" // MongoDB 4.0 or later
+	MongoDBAuthMechanism_SHA1   = "SCRAM-SHA-1"   // MongoDB 3.0, 3.2, 3.4, and 3.6
+	MongoDBAuthMechanism_X509   = "MONGODB-X509"  // TLS with X.509 certificates
+)
+
 // Config contains the parsed contents of the configuration file
 type Config struct {
 	// NodeType specifies whether this node is a CSS or ESS
@@ -286,6 +293,12 @@ type Config struct {
 	// MongoAddressCsv specifies one or more addresses of the mongo database
 	MongoAddressCsv string `env:"MONGO_ADDRESS_CSV"`
 
+	// MongoAuthMechanism specifies the auth mechanism for mongo client to use
+	// MongoDB 4.0 or later: SCRAM-SHA-256
+	// MongoDB 3.0, 3.2, 3.4, and 3.6: SCRAM-SHA-1
+	// TLS with X.509 certificates: MONGODB-X509
+	MongoAuthMechanism string `env:"MONGO_AUTH_MECHANISM"`
+
 	// MongoAuthDbName specifies the name of the database used to establish credentials and privileges
 	MongoAuthDbName string `env:"MONGO_AUTH_DB_NAME"`
 
@@ -745,6 +758,7 @@ func SetDefaultConfig(config *Config) {
 	config.MaxDataChunkSize = 5120 * 1024
 	config.MaxInflightChunks = 1
 	config.MongoAddressCsv = "mongodb://localhost:27017"
+	config.MongoAuthMechanism = MongoDBAuthMechanism_SHA256
 	config.MongoDbName = "d_edge"
 	config.MongoAuthDbName = "admin"
 	config.MongoUsername = ""

diff --git a/core/storage/mongoStorage.go b/core/storage/mongoStorage.go
@@ -142,6 +142,16 @@ func (store *MongoStorage) Init() common.SyncServiceError {
 	}
 	// Set up MongoDB client options
 	clientOptions := options.Client().ApplyURI(common.Configuration.MongoAddressCsv)
+	if common.Configuration.MongoAuthMechanism != "" && common.Configuration.MongoAuthDbName != "" && common.Configuration.MongoUsername != "" && common.Configuration.MongoPassword != "" {
+		credential := options.Credential{
+			AuthMechanism: common.Configuration.MongoAuthMechanism,
+			AuthSource:    common.Configuration.MongoAuthDbName,
+			Username:      common.Configuration.MongoUsername,
+			Password:      common.Configuration.MongoPassword,
+		}
+		clientOptions = clientOptions.SetAuth(credential)
+	}
+
 	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(20*time.Second))
 	defer cancel()