Add SSL & auth support to MongoDB client

[tomconte]

This a first stab at providing additional MongoDB connection options (issue #1281).

Turning SSL on is just an option to add in the MongoClient() constructor.

Authentication needs to be performed at the database level, so that is a separate call to authenticate().

Note: currently the MongoDB backend requires admin access (not sure this is a good idea BTW, this might not be possible in shared/hosted environments), so the user must have the right privileges/role.

Here is how to setup a test MongoDB instance:

Run MongoDB with auth:

docker run --name dev-mongo -d mongo --auth --replSet bigchain-rs

Create root user:

docker exec -it dev-mongo mongo admin
rs.initiate()
db.createUser({ user: 'tconte', pwd: 'Pass1234', roles: [ { role: "root", db: "admin" } ] });

(exit mongo shell)

docker exec -it dev-mongo mongo -u tconte -p Pass1234 admin
use bigchain
db.createUser({ user: 'bcdb', pwd: 'Pass1234', roles: [ { role: "root", db: "admin" } ] });

Now the bcdb user in the bigchain database has root role.

A couple (optional) parameters can be added to .bigchaindb to provide the new values, e.g.

        "ssl": false,
        "login": "bcdb",
        "password": "Pass1234",

[krish7919]

@tomconte To clarify, this is between the pymongo driver in BigchainDB and the MongoDB instance?

[codecov-io]

Codecov Report

Merging #1299 into master will increase coverage by <.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #1299      +/-   ##
==========================================
+ Coverage   98.19%   98.19%   +<.01%     
==========================================
  Files          54       54              
  Lines        2433     2444      +11     
==========================================
+ Hits         2389     2400      +11     
  Misses         44       44

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0edb1c1...0471080. Read the comment docs.

[tomconte]

@krish7919 yes, so that BigchainDB can connect to a secured MongoDB instance.

[ttmc]

I'm not super-familiar with the code for establishing the connection to MongoDB, so I think I'll ask @vrde to take a look at this pull request too.

We'll also have to update the docs page about the BigchainDB Server settings, i.e. https://docs.bigchaindb.com/projects/server/en/latest/server-reference/configuration.html
the source of which is in docs/server/source/server-reference/configuration.md.
We'll also have to document how to set up and use authentication (as you did above in this pull request, but we don't consider the set of GitHub comments on pull requests to be our official documentation 😄 ).
I could do that documentation if you like.

Codecov is also complaining about a decline in unit test coverage...

[tomconte]

Looks like I need to work on these tests :)

[vrde]

Hi, thanks for your PR, looks pretty good! There are a couple of things to change, then we are ready to go 💃.

[vrde]

The params in the function signature have higher priority than the one in the configuration. This means that if your config defines 'ssl': True, but the connect function is called with ssl=False, then False has priority. It's better to have ssl=None here. See next comment for the other part of the explanation.

[vrde]

This should do the trick:

ssl = ssl if ssl is not None else bigchaindb.config['database'].get('ssl', False)

It says: if ssl has a value different than none, then use that value, read the configuration otherwise. If in the configuration the value is not defined, assume False.

[vrde]

Same as before ssl=None.

[vrde]

ssl = ssl if ssl is not None else bigchaindb.config['database'].get('ssl', False)

[vrde]

Unfortunately pymongo doesn't provide a specific exception when the authentication fails, but a generic OperationFailure. This might trigger a retry, but it's not the correct behavior: if credentials are wrong we want BigchainDB to fail and give an explicit error message to the user.

You don't have to care about it in this PR, some of us can do it after we merge your PR 😄

See #1336

[vrde]

@tomconte thanks for updating your PR. If you allow us to change your PR I can fix the test coverage and get this merged soon.

[tomconte]

@vrde many thanks! The "Allow edits from maintainers" option is enabled on this PR.

[vrde]

A couple (optional) parameters can be added to .bigchaindb to provide the new values, e.g.

I addressed it in 699e615, but I noticed I was adding too much scope, so I reverted it in 0471080. I've created #1346 to keep track of this issue.

[chrisckchang]

Hi folks, not sure if this is the right place for this comment but the best practice for connecting to replica sets is to include the host&port information for each primary-electable replica set member (no arbiter or hidden secondary nodes) in the connection string.

You may want to consider supporting the MongoDB connection URI, which can be passed directly into the driver: https://docs.mongodb.com/manual/reference/connection-string/. For example, Meteor.js allows users to pass an entire URI via CLI: https://github.com/meteor/meteor/blob/master/tools/cli/commands.js#L374. You can then use the pymongo uri_parser lib if you need specific parts of the URI.

[ttmc]

@vrde Maybe we could create a new issue to look into using the MongoDB connection URI as suggested by @chrisckchang (so that idea doesn't get lost in the comments of a merged PR)? ( #1299 (comment) )

[vrde]

@chrisckchang wrote:

Hi folks, not sure if this is the right place for this comment but the best practice for connecting to replica sets is to include the host&port information for each primary-electable replica set member (no arbiter or hidden secondary nodes) in the connection string.

AFAIK having multiple servers in the connection string allows the client to have multiple choices if one server is not reachable. Since BigchainDB is a federated system, when the driver fails to connect to the mongod it is supposed to talk with, then the driver should not try to connect to other instances, and BigchainDB should not fail to start.