User creation fails for MongoDB 4.x

[JJClements]

When attempting to create users while using this cookbook with the new MongoDB stable 4.0 build, user creation fails with:

Database command 'createUser' failed: Use of SCRAM-SHA-256 requires undigested passwords

Likely related to: digestPassword https://docs.mongodb.com/manual/reference/command/createUser/#dbcmd.createUser

Changed in version 4.0: The default value is true. In earlier versions, the default value is false.

[hrak]

The most important bit here is

If false, the client digests the password and passes the digested password to the server. Not compatible with SCRAM-SHA-256

The mongo ruby gem v.1.12.5 forces digestPassword to be false at https://github.com/mongodb/mongo-ruby-driver/blob/4ca3c2c8142e1fcf4cbf2efd719d2c539b55a290/lib/mongo/db.rb#L749

And SCRAM-SHA-256 is enabled by default on mongodb 4.0.

[pkazi]

@JJClements Did you succeed with implementing SSL + Authorization using this cookbook or your wrapper cookbook ? If yes, can you share how you did it ?

[lioraltarescu]

is their a way to pass scram-sha-1 ?

[JumpSplat96]

Just encountered this problem as well, is anyone currently working on this?

[pkazi]

Have made below change to fix this: Replace db.add_user(username, password, false, roles: roles) with db.add_user(username, password, false, roles: roles, mechanisms: ['SCRAM-SHA-1']) at below lines : https://github.com/sous-chefs/mongodb/blob/master/libraries/user.rb#L42 https://github.com/sous-chefs/mongodb/blob/master/libraries/user.rb#L59

[vibhaG]

@pkazi Did you fork the repo to make this change? Is this likely to be fixed in Master soon?

[askz]

Hi! Any news on this? Encountering the same problem here.

[stissot]

@vibhaG @pkazi My pull request #242 should fix the user creation error, can you please test?

[davidalpert]

I have converges using v4.0.1 of this cookbook failing on Centos7 with this error:

Recipe: sc-mongodb::user_management
  * sc_mongodb_user[root] action add

    ================================================================================
    Error executing action `add` on resource 'sc_mongodb_user[root]'
    ================================================================================

    Mongo::OperationFailure
    -----------------------
    Database command 'updateUser' failed: "mechanisms" is not a valid argument to updateUser

    Cookbook Trace:
    ---------------
    /var/chef/cache/cookbooks/sc-mongodb/libraries/user.rb:42:in `add_user'
    /var/chef/cache/cookbooks/sc-mongodb/resources/user.rb:18:in `block in class_from_file'

    Resource Declaration:
    ---------------------
    # In /var/chef/cache/cookbooks/sc-mongodb/recipes/user_management.rb

     37:   mongodb_user user['username'] do
     38:     password user['password']
     39:     roles user['roles']
     40:     database user['database']
     41:     connection node['mongodb']
     42:     if node.recipe?('sc-mongodb::mongos') || node.recipe?('sc-mongodb::replicaset')
     43:       # If it's a replicaset or mongos, don't make any users until the end
     44:       action :nothing
     45:       subscribes :add, 'ruby_block[config_replicaset]', :delayed
     46:       subscribes :add, 'ruby_block[config_sharding]', :delayed
     47:     else
     48:       action user['action'] || :add
     49:     end
     50:   end

    Compiled Resource:
    ------------------
    # Declared in /var/chef/cache/cookbooks/sc-mongodb/recipes/user_management.rb:37:in `block in from_file'

my suspicion is that the version of the mongo-ruby-driver gem which is resolving in my environment is not compatible with the changes made in #242

what version(s) of the mongo driver gem is this change compatible with?

in version v4.0.1 of this cookbook the mongo gem is pinned (in ./attributes/default.rb under `default['mongodb']['ruby_versions']) to:

default['mongodb']['ruby_gems'] = {
  mongo: '~> 1.12',
  bson_ext: nil,
}

and on my server it appears to resolve to mongo gem version 1.12.5

[ramereth]

@davidalpert does this happen on the currently released version of the cookbook still?

[davidalpert]

I reverted to 1.0.0 to unblock our team but will test again when we upgrade to 4.1.0/latest.

[davidalpert]

Confirmed that v4.1.3 of this cookbook converges for me without error in test kitchen against Chef 14.14.29

Thank you!