Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GODRIVER-3333 Fix default auth source for auth specified via ClientOptions [master] #1798

Merged
merged 2 commits into from
Sep 10, 2024
Merged

GODRIVER-3333 Fix default auth source for auth specified via ClientOptions [master] #1798

merged 2 commits into from
Sep 10, 2024

Conversation

blink1073
Copy link
Member

GODRIVER-3215

Summary

  • Move logic for creating an authenticator from ClientOptions to a new function topology.NewAuthenticator. Use it everywhere that needs to create an authenticator from ClientOptions.
    • Requires moving convertOIDCArgs into the topology package.
  • Move the logic for setting the default auth source into each individual authenticator type.
    • The current logic for setting the default auth source appears to be in topology.NewConfigWithAuthenticator, but actually has no effect currently, so no default auth sources are being set.
  • Update PLAIN authenticator to support auth sources other than "$external".
    • Using the database name from the connection string as the auth source is currently supported in connstring, but is ignored by the PLAIN authenticator. Using database name from the connection string is also described in the spec.
  • Correct MONGODB-OIDC connection string logic for setting auth source (it should be identical to MONGODB-AWS and MONGODB-X509).

Background & Motivation

Currently, if auth mechanism "MONGODB-AWS" is set using ClientOptions.SetAuth, the default auth source is set to "admin" instead of "$external". The result is a confusing error message

MONGODB-AWS source must be empty or $external

There was a further regression (that hasn't been released yet) caused by #1678, which effectively skips all of the default auth source logic. Refactor the authenticator creation logic and the default auth source logic to make similar regressions more obvious.

matthewdale and others added 2 commits September 10, 2024 10:08
@matthewdale @blink1073
GODRIVER-3215 Fix default auth source for auth specified via ClientOp…
06ccb6e 
…tions. (mongodb#1764)

Co-authored-by: Preston Vasquez <prestonvasquez@icloud.com>
Co-authored-by: Steven Silvester <steven.silvester@ieee.org>
(cherry picked from commit 18d1b19)
@blink1073
GODRIVER-3333 (options.ClientOptions).SetAuth with MONGODB-AWS does n…
a107bb4 
…ot set default $external AuthSource
@blink1073 blink1073 added the priority-1-high High Priority PR for Review label Sep 10, 2024
@mongodb-drivers-pr-bot mongodb-drivers-pr-bot
Copy link
Contributor

API Change Report

./v2/mongo/options

incompatible changes

BSONOptions.ObjectIDAsHexString: removed

./v2/x/mongo/driver

incompatible changes

##CursorOptions.MarshalValueEncoderFn: changed from func(io.Writer) ./v2/bson.Encoder to func(io.Writer) (./v2/bson.Encoder, error)

./v2/x/mongo/driver/topology

compatible changes

ConvertCreds: added

@blink1073 blink1073 merged commit 9e7ccb0 into mongodb:master Sep 10, 2024
30 of 33 checks passed
@blink1073 blink1073 deleted the GODRIVER-3333-master branch September 10, 2024 18:05
@blink1073 blink1073 changed the title GODRIVER-3215 Fix default auth source for auth specified via ClientOptions [master] GODRIVER-3333 Fix default auth source for auth specified via ClientOptions [master] Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prestonvasquez prestonvasquez prestonvasquez approved these changes

Assignees
No one assigned
Labels
priority-1-high High Priority PR for Review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@blink1073 @prestonvasquez @matthewdale