Closed JJClements closed 2 years ago
The most important bit here is
If false, the client digests the password and passes the digested password to the server. Not compatible with SCRAM-SHA-256
The mongo ruby gem v.1.12.5 forces digestPassword to be false at https://github.com/mongodb/mongo-ruby-driver/blob/4ca3c2c8142e1fcf4cbf2efd719d2c539b55a290/lib/mongo/db.rb#L749
And SCRAM-SHA-256 is enabled by default on mongodb 4.0.
@JJClements Did you succeed with implementing SSL + Authorization using this cookbook or your wrapper cookbook ? If yes, can you share how you did it ?
is their a way to pass scram-sha-1 ?
Just encountered this problem as well, is anyone currently working on this?
Have made below change to fix this:
Replace db.add_user(username, password, false, roles: roles)
with db.add_user(username, password, false, roles: roles, mechanisms: ['SCRAM-SHA-1'])
at below lines :
https://github.com/sous-chefs/mongodb/blob/master/libraries/user.rb#L42
https://github.com/sous-chefs/mongodb/blob/master/libraries/user.rb#L59
@pkazi Did you fork the repo to make this change? Is this likely to be fixed in Master soon?
Hi! Any news on this? Encountering the same problem here.
@vibhaG @pkazi My pull request #242 should fix the user creation error, can you please test?
I have converges using v4.0.1 of this cookbook failing on Centos7 with this error:
Recipe: sc-mongodb::user_management
* sc_mongodb_user[root] action add
================================================================================
Error executing action `add` on resource 'sc_mongodb_user[root]'
================================================================================
Mongo::OperationFailure
-----------------------
Database command 'updateUser' failed: "mechanisms" is not a valid argument to updateUser
Cookbook Trace:
---------------
/var/chef/cache/cookbooks/sc-mongodb/libraries/user.rb:42:in `add_user'
/var/chef/cache/cookbooks/sc-mongodb/resources/user.rb:18:in `block in class_from_file'
Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/sc-mongodb/recipes/user_management.rb
37: mongodb_user user['username'] do
38: password user['password']
39: roles user['roles']
40: database user['database']
41: connection node['mongodb']
42: if node.recipe?('sc-mongodb::mongos') || node.recipe?('sc-mongodb::replicaset')
43: # If it's a replicaset or mongos, don't make any users until the end
44: action :nothing
45: subscribes :add, 'ruby_block[config_replicaset]', :delayed
46: subscribes :add, 'ruby_block[config_sharding]', :delayed
47: else
48: action user['action'] || :add
49: end
50: end
Compiled Resource:
------------------
# Declared in /var/chef/cache/cookbooks/sc-mongodb/recipes/user_management.rb:37:in `block in from_file'
my suspicion is that the version of the mongo-ruby-driver
gem which is resolving in my environment is not compatible with the changes made in #242
what version(s) of the mongo driver gem is this change compatible with?
in version v4.0.1
of this cookbook the mongo gem is pinned (in ./attributes/default.rb
under `default['mongodb']['ruby_versions']) to:
default['mongodb']['ruby_gems'] = {
mongo: '~> 1.12',
bson_ext: nil,
}
and on my server it appears to resolve to mongo gem version 1.12.5
@davidalpert does this happen on the currently released version of the cookbook still?
I reverted to 1.0.0 to unblock our team but will test again when we upgrade to 4.1.0/latest.
Confirmed that v4.1.3 of this cookbook converges for me without error in test kitchen against Chef 14.14.29
Thank you!
When attempting to create users while using this cookbook with the new MongoDB stable 4.0 build, user creation fails with:
Database command 'createUser' failed: Use of SCRAM-SHA-256 requires undigested passwords
Likely related to: digestPassword https://docs.mongodb.com/manual/reference/command/createUser/#dbcmd.createUser