fix: mongodb authz crash #10098
Merged
fix: mongodb authz crash #10098
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
thalesmg
previously approved these changes
Mar 8, 2023
kjellwinblad
force-pushed
the
kjell/fix/mongo_authz_crash
branch
from
073f95e
to
9a1fff4
Compare
Fixed |
Pull Request Test Coverage Report for Build 4375831073
💛 - Coveralls |
savonarola
previously approved these changes
Mar 9, 2023
thalesmg
reviewed
Mar 9, 2023
zmstone
reviewed
Mar 9, 2023
| %% For some reason the collection name is turned into an atom by the emqx_authz | ||
| %% application which causes the mongo query to break. TODO: This should probably | ||
| %% be fixed at another level. | ||
| make_collection_bin(Atom) when is_atom(Atom) -> |
There was a problem hiding this comment.
the field is of type binary() if it ended up as an atom, we should investigate (because it could be a potential atom leak here).
There was a problem hiding this comment.
I will try to investigate this.
There was a problem hiding this comment.
Last night I thought we were in a hurry to get this into 5.1 but now when I know that we have several weeks left until that release I will spend some more time and try to fix the problem at the root.
There was a problem hiding this comment.
Fixed by changing the authz schema (see new commit below). I don't understand why the authz schema don't piggyback on the mongodb connector schema but maybe there is a good reason for that?
zmstone
reviewed
Mar 9, 2023
changes/v5.0.20-en.md
Outdated
|
|
||
| ## Bug Fixes | ||
|
|
||
| - [#10098](https://github.com/emqx/emqx/pull/10098) When configuring mongodb authorization the mongodb connector crashed with an error in the log file. The reason was that the collection name had the wrong type. |
There was a problem hiding this comment.
Suggested change
| - [#10098](https://github.com/emqx/emqx/pull/10098) When configuring mongodb authorization the mongodb connector crashed with an error in the log file. The reason was that the collection name had the wrong type. | |
| - Fix mongodb authorization crash when `collection` is configured. |
There was a problem hiding this comment.
The crash does not happen when the collection is configured. It happens when the authorization system tries to query the mongodb database.
There was a problem hiding this comment.
Updated the changelog text. Please check the Chinese version that is auto translated.
zmstone
reviewed
Mar 9, 2023
This fixes a crash with an error in the log file (see below) that
happened when the MongoDB authorization module queried the database. The
reason is that the collection name that was sent to the mongodb
connection was an atom. This is fixed by making sure it is not an atom.
2023-03-08T17:16:34.215523+01:00 [error] msg: query_mongo_error, mfa:
emqx_authz_mongodb:authorize/4, line: 95, peername: 127.0.0.1:53212,
clientid: client123, collection: mqtt_acl, filter: #{username =>
<<"emqx_u">>}, reason: {resource_error,#{msg => #{error =>
{error,{error_cannot_parse_response,{op_msg_response,#{<<"code">> =>
73,<<"codeName">> => <<"InvalidNamespace">>,<<"errmsg">> => <<"Failed to
parse namespace element">>,<<"ok">> => 0.0}}}},id =>
<<"emqx_authz_mongodb:3">>,name => call_query,request =>
{find,mqtt_acl,#{username => <<"emqx_u">>},#{}},stacktrace =>
[{mc_connection_man,reply,1,[{file,"mc_connection_man.erl"},{line,123}],
...]}, reason => exception}}, resource_id: <<"emqx_authz_mongodb:3">>
Fixes: emqx#9783
kjellwinblad
force-pushed
the
kjell/fix/mongo_authz_crash
branch
from
88a01d4
to
aa57ea9
Compare
|
Squashed the commits after latest changes. |
savonarola
approved these changes
Mar 13, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When configuring mongodb authorization the mongodb connector crashed with the following error in the log file. The reason is that the collection name that was sent to the mongodb connection was an atom. This is fixed by making sure it is not an atom. An even better fix would probably be to to figure out why the configuration data for the connection has the collection stored as an atom and fix the issue at the source.
Fixes: #9783