globalsign / mgo

The MongoDB driver for Go
Other
1.97k stars 230 forks source link

Add 3.6+ user authenticationRestrictions #229

Closed timvaillancourt closed 6 years ago

timvaillancourt commented 6 years ago

This PR adds support for MongoDB user authenticationRestrictions, added in 3.6:

The authentication restrictions the server enforces on the created user. Specifies a list of IP addresses and CIDR ranges from which the user is allowed to connect to the server or from which the server can accept users.

https://docs.mongodb.com/manual/reference/method/db.createUser/#authentication-restrictions

Example user with authenticationRestrictions, post-change:

> db.system.users.find({},{_id:0, credentials:0}).pretty()
{
    "user" : "tim",
    "db" : "admin",
    "roles" : [
        {
            "role" : "root",
            "db" : "admin"
        }
    ],
    "authenticationRestrictions" : [
        {
            "clientSource" : [
                "127.0.0.1"
            ],
            "serverAddress" : [
                "127.0.0.1"
            ]
        }
    ]
}

If it's valuable I can add checks to confirm a valid IP or CIDR was passed as 'clientSource' or 'serverAddress', please let me know.

szank commented 6 years ago

Hi @timvaillancourt, This looks like a great addition, and thank you for taking the time to implement it. It is really appreciated!

I have one remark though. Could you please add some unit tests for using the AuthenticationRestriction? The existing UpsertUser unit tests should be a good template. A success and failure case unit tests would be greatly appreciated.

It will be a nice addition when it is merged :)

timvaillancourt commented 6 years ago

Whoops, sounds good @szank. I will add unit tests shortly

timvaillancourt commented 6 years ago

@szank I've added a test for this. Please review, thanks

EDIT: I made a few more commits to clean up the way I wrote the tests. 100% done this time

domodwyer commented 6 years ago

Thanks @timvaillancourt !