search

rueckstiess / mtools

A collection of scripts to set up MongoDB test environments and parse and visualize MongoDB log files.
Apache License 2.0
1.88k stars 397 forks source link

mlaunch: Use default SASL/SCRAM mechanisms when creating users. #880

Closed matthewdale closed 2 years ago

matthewdale commented 2 years ago

Description of changes

There is currently a check that explicitly prevents creating a SCRAM-SHA-256 user credential for newer server versions. Remove that SASL/SCRAM default mechanism override now that all official MongoDB drivers support SASL/SCRAM mechanism SCRAM-SHA-256 (see DRIVERS-439).

Fixes https://github.com/rueckstiess/mtools/issues/879

Testing

  1. Create a standalone deployment with auth enabled. 
    python3 mtools/mlaunch/mlaunch.py init \
--dir ~/data/mtools/5.0.0 \
--single \
--binarypath $(m bin 5.0.0)  \
--auth
  2. List user info and confirm that credentials for all default SASL/SCRAM mechanisms for MongoDB v5.0.0 are created (SCRAM-SHA-1, SCRAM-SHA-256). 
    mongosh "mongodb://user:password@localhost:27017/admin" --quiet --eval "db.system.users.find()"
[
{
_id: 'admin.user',
userId: UUID("72e25aa8-a058-47a4-b83b-d7c856291511"),
user: 'user',
db: 'admin',
credentials: {
  'SCRAM-SHA-1': {
    iterationCount: 10000,
    salt: <REDACTED>,
    storedKey: <REDACTED>,
    serverKey: <REDACTED>
  },
  'SCRAM-SHA-256': {
    iterationCount: 15000,
    salt: <REDACTED>,
    storedKey: <REDACTED>,
    serverKey: <REDACTED>
  }
},
roles: [
  { role: 'dbAdminAnyDatabase', db: 'admin' },
  { role: 'readWriteAnyDatabase', db: 'admin' },
  { role: 'userAdminAnyDatabase', db: 'admin' },
  { role: 'clusterAdmin', db: 'admin' }
]
}
]
O/S testing: O/S Version(s)
Linux
macOS 12.4
Windows
stennie commented 2 years ago

Thanks @matthewdale !