[SERVER-53724] Make DBClient able to reauthenticate with x509 automatically when reconnecting for tenant migrations Created: 12/Jan/21 Updated: 29/Oct/23 Resolved: 26/Jan/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 4.9.0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Vesselina Ratcheva (Inactive) | Assignee: | Jason Zhang |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | pm-1791_milestone-P | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Sprint: | Sharding 2021-01-25, Sharding 2021-02-08 | ||||||||
| Participants: | |||||||||
| Description |
|
Currently, we pass in the transientSSLParams for x509 when calling connect(). This allows us to connect and authenticate successfully, but at this time we are not able to reauthenticate after automatic DBClient reconnects here. We already have provisions for doing something similar with keyauth here, so hopefully we can leverage some of that functionality. Ideally, this should all be handled internally in DBClient itself. We need information from the recipient service to reauthenticate, but perhaps that can be done cleanly via storing a lambda. |
| Comments |
| Comment by Githook User [ 25/Jan/21 ] |
|
Author: {'name': 'Jason Zhang', 'email': 'jason.zhang@mongodb.com', 'username': 'jz1242'}Message: |
| Comment by Mark Benvenuto [ 13/Jan/21 ] |
|
jack.mulrow as you suggested, just cache transientSSLParams in DBClientConnection. There does not need to be any interaction with the authCache as these are separate concerns. The transientSSLParams is related to the connection and is not something with login credentials. I would also remove the optional parameter from connect() to find any other possible issues related to not calling connect with the right parameters. |
| Comment by Jack Mulrow [ 12/Jan/21 ] |
|
I think one way to handle this is to cache the transientSSLParams passed to DBClientConnection::connectSocketOnly() (added in spencer.jackson (or mark.benvenuto since you reviewed |