[PMM-6096] pmm-agent's connection checker does not check authentication for MongoDB - Percona JIRA

XML

Word

Printable

Details

Type: Bug
Status: Done
Priority: Medium
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.14.0
Component/s: PMM Agent
Labels:

Story Points:
2
Epic Link:
Connection check adviser
Needs Review:
Yes
Needs QA:
Yes

Description

pmm-agent's connection checking allows connections without username and password when MongoDB is running with --auth.

-> pmm-admin add mongodb --username=wrong --password=wrong
Connection check failed: connection() : auth error: sasl conversation error: unable to authenticate using mechanism "SCRAM-SHA-1": (AuthenticationFailed) Authentication failed..

-> pmm-admin add mongodb
MongoDB Service added.
Service ID  : /service_id/46e253a4-f3ca-46b7-89d5-f2665fe62e13
Service name: mini-mongodb

Since PMM is about monitoring databases, I think pmm-agent should check that this is possible:

msg="Failed to get server status: (Unauthorized) command serverStatus requires authentication" source="server_status.go:151"  agentID=/agent_id/6e4a5efe-30fb-4d23-96c3-40a176b84a7a component=agent-process type=mongodb_exporter
msg="Failed to get database names, (Unauthorized) command listDatabases requires authentication" source="database_status.go:92"  agentID=/agent_id/6e4a5efe-30fb-4d23-96c3-40a176b84a7a component=agent-process type=mongodb_exporter

In the same time, it still should work with --noauth, so many different combinations should be tested.

Implementation was drafted at https://github.com/percona/pmm-agent/pull/170. It should be finished and tested.

Testing Instruction:

Check with the latest version for official MongoDB and PSMDB both, with Authentication enabled.

Attachments

Activity

People

Assignee:: Maksym Hilliaka (Inactive)

Reporter:: Alexey Palazhchenko (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 05/Jun/20 1:10 PM

Updated:: 28/Jan/21 10:17 PM

Resolved:: 11/Jan/21 6:40 PM