[GODRIVER-803] Add option to allow authenticating with an arbiter Created: 01/Feb/19 Updated: 28/Oct/23 Resolved: 21/Feb/19 |
|
| Status: | Closed |
| Project: | Go Driver |
| Component/s: | Authentication |
| Affects Version/s: | None |
| Fix Version/s: | 1.0.0-rc1 |
| Type: | New Feature | Priority: | Critical - P2 |
| Reporter: | Timothy Olsen (Inactive) | Assignee: | Isabella Siu (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||
| Issue Links: |
|
||||||||||||
| Description |
|
While the authentication specification currently prohibits authenticating against an arbiter, users of the Go driver require this behavior. To enable this do the following:
While unrelated, add a nil check for options.Authenticator to avoid a nil pointer panic.
Under an auth+arbiter setup, the only way to authenticate to an arbiter is to use the keyfile (when X.509 member auth is not used). I am finding that I while I am able to auth using the keyfile to a regular member of the replica set, I am not able to auth to the arbiter. I am attaching the go program I am using. Here is the output: with a regular node:
(no output because the collection is empty) with an arbiter:
Here are the relevant log lines from the regular member:
and from the arbiter:
|
| Comments |
| Comment by Timothy Olsen (Inactive) [ 21/Feb/19 ] |
|
I think the fix for this has introduced a regression: |
| Comment by Timothy Olsen (Inactive) [ 21/Feb/19 ] |
|
Thank you all. I'll try it out |
| Comment by Githook User [ 21/Feb/19 ] |
|
Author: {'name': 'Isabella Siu', 'email': 'isabella.siu@10gen.com', 'username': 'iwysiu'}Message: Change-Id: I580d2801c0ed0e35b20650fc32a5f7ae66362d7b |
| Comment by Isabella Siu (Inactive) [ 20/Feb/19 ] |
|
code review: https://review.gerrithub.io/c/mongodb/mongo-go-driver/+/443635 |
| Comment by Jeffrey Yemin [ 02/Feb/19 ] |
|
Leaving as Critical, but changing to New Feature as the driver is properly implementing the authentication specification, which states: > If the server is not of type Standalone, RSPrimary, RSSecondary or Mongos, no authentication is possible and the handshake is complete. We're discussing the options and will figure out a plan to enable this use case. |