Uploaded image for project: 'Spark Connector'
  1. Spark Connector
  2. SPARK-111

Permission requirements for using mongo connector with auth enabled mongo instance

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Works as Designed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.0.0
    • Component/s: None
    • Labels:
      None

      We started to use the mongo-spark connector recently. We are planning to use it to just read from mongo and write to spark so we created a mongo user with just read only privileges. We could connect via robomongo using this user's privileges but when using the mongo-spark connector we started getting authentication errors. Below are the errors. We think we should be able to use a read only user to just read from mongo and that is why the ticket. In the meanwhile, would you be able to tell us what are the bare minimum privilege requirements that must be set on the user to use the connector?

      Exception for a read only user:

      com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=SCRAM-SHA-1, userName='<username>', source='<source>', password=<hidden>, mechanismProperties={}}
	at com.mongodb.connection.SaslAuthenticator.authenticate(SaslAuthenticator.java:61)
	at com.mongodb.connection.InternalStreamConnectionInitializer.authenticateAll(InternalStreamConnectionInitializer.java:99)
	at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:44)
	at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:115)
	at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:128)
	at java.lang.Thread.run(Thread.java:745)
Caused by: com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server ws2.mia2.cbsig.net:27017. The full response is { "ok" : 0.0, "code" : 18, "errmsg" : "Authentication failed." }

      When we added write privileges (some combination of insert, update, remove) we got a different error:

      17/02/23 14:42:35 WARN MongoSamplePartitioner: Could not get collection statistics. Server errmsg: Command failed with error 13: 'not authorized on taterstore to execute command { collStats: "user" }' on server example:27017. The full response is { "ok" : 0.0, "errmsg" : "not authorized on taterstore to execute command { collStats: \"user\" }", "code" : 13 }
Exception in thread "main" com.mongodb.MongoCommandException: Command failed with error 13: 'not authorized on taterstore to execute command { collStats: "user" }' on server example:27017. The full response is { "ok" : 0.0, "errmsg" : "not authorized on taterstore to execute command { collStats: \"user\" }", "code" : 13 }
	at com.mongodb.connection.ProtocolHelper.getCommandFailureException(ProtocolHelper.java:115)
	at com.mongodb.connection.CommandProtocol.execute(CommandProtocol.java:114)

      After granting the CollStats and ServerStatus privileges, we could successfully connect to mongo and read data.

      Appreciate any help.

      We are coding in Scala and using the following version of the connector.

      		<!-- https://mvnrepository.com/artifact/org.mongodb.spark/mongo-spark-connector_2.10 -->
		<dependency>
			<groupId>org.mongodb.spark</groupId>
			<artifactId>mongo-spark-connector_2.11</artifactId>
			<version>2.0.0-rc0</version>
		</dependency>

            Assignee:
            Unassigned Unassigned
            Reporter:
            ajantaphatak Ajanta Phatak
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: