DBZ-713 Only getting collections for databases matching filters #566
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This protects against authorization failures when listing collections from DBs the connector user isn't authorized for. It also simplifies usage of MongoPrimary#databaseNames() and collections() as consumers don't need to apply filtering themselves.
This simplifies interaction with execute(), as we don't need to alter collections, references as a side effect but instead can work with the return value.
Closed
jpechane
reviewed
Jul 3, 2018
| replicaSet, | ||
| (desc, error) -> { | ||
| // propagate authorization failures | ||
| if (error.getMessage() != null && error.getMessage().startsWith("Command failed with error 13")) { |
There was a problem hiding this comment.
This should be extracted as a constant
jpechane
reviewed
Jul 3, 2018
| */ | ||
| public <T> T execute(String desc, Function<MongoClient, T> operation) { | ||
| final Metronome errorMetronome = Metronome.sleeper(PAUSE_AFTER_ERROR, Clock.SYSTEM); | ||
| while (true) { |
There was a problem hiding this comment.
Will this loop terminate when the connector is stopped?
There was a problem hiding this comment.
Good point; indeed it seems they'd keep running if the connector is shut down and they don't complete normally. I'll log an issue.
|
@gunnarmorling Good for me, just two questions were raised |
|
@gunnarmorling Applied, thanks. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://issues.jboss.org/browse/DBZ-713
https://issues.jboss.org/browse/DBZ-782
@jpechane This fixes two issues, I noticed DBZ-782 while working on DBZ-713. It's best reviewed commit by commit, as they are largely independent and I did some clean-up not strictly related to the original issue. Also disable whitelist differences to further ease the diff. Thanks!
In terms of testing, it seems all the MongoDB ITs we have don't deal with authentication/authorization at all. It seems worth to have some tests for that, but let's handle it separately. I tested the original issue manually successfully, i.e. collections from a DB the connector user isn't authorized for won't cause any harm if that other DB is not part of the filter config. I've added some basic tests which make sure that the methods of
MongoPrimaryonly return the databases/collections matching the given filter config.