TorchlightSoftware/mongo-watch

Where/how do you set username/password if using authentication?

bowlesdr opened this issue · 8 comments

I found a place in lib/main.coffee to set my database, host and port but I cannot figure out where to set the username and password.

I'm getting the following error since I am using authentication:
events.js:72
throw er; // Unhandled 'error' event
^
MongoError: not authorized for query on local.oplog.rs

Thanks!

It looks like I would need to add some code for that:

http://mongodb.github.io/node-mongodb-native/api-generated/db.html#authenticate

Are you using a hosted database? This library won't work in a shared environment, as oplog access would give you access to everyone's data.

We have our own dedicated hosts.

I just figured out how to do this with raw node code so don't worry about adding it just for me.

Could you please add support for authentication?

This should be supported now in version 0.1.12. Use the fields username/password. One caveat: Your user will need to have access to the 'local' database. I was not able to figure out how to create such a user programmatically, as the node native driver doesn't seem to support roles: http://mongodb.github.io/node-mongodb-native/api-generated/admin.html#adduser

Also, a warning if you are on this version: I am about to revert this project to an older branch where mongo-watch was much simpler and just exposed a listener on the oplog. If you are reliant upon the more complex querying functionality you should set your version field to 0.1.12 specifically, as 0.2.0 will be an incompatible API change. I'm deprecating the querying functionality because I want this library to be more focused - querying is something that should be built as an extension. You're welcome to fork it if you would like.

For my use case I need to connect to a mongoDB replica set which is not on localhost and uses authentication. As I understand, authentication will only work with a local DB at the moment?

If you use MongoClient.connect: http://mongodb.github.io/node-mongodb-native/api-generated/mongoclient.html for the mongo connection, you can specify the connection string including host names and username/password. There is no need to create a user in order to authenticate.

That will work fine. Your user just needs to have Admin privileges for the DB instance.

In my earlier comments I'm not talking about where the database is hosted. It can be remote, that's fine. But a given mongo instance has multiple databases - e.g. myapp-dev, myapp-test, myapp-prod. The 'local' database is a system database that is present on every mongo install. It is where the oplog resides, and we need access to it in order to monitor changes to the database. So whatever user credentials you give need to have full administrative access. This is point #1 in the first section of the README.

I found it easier to create the correct connection by specifying the fields separately, and I don't want to interpolate or parse a connection string (which I would have to do). So connection strings will not be supported unless someone else wants to do it.

Can someone test the authentication changes and see if that works for you?

Sounds good! I will test authentication and will let you know if it works for my use case.

Thank you!

I think this is fixed. Closing.