Making datasource and mass_deploy working with mongodb user management

https://docs.mongodb.com/v2.4/reference/user-privileges/
https://docs.mongodb.com/v2.4/reference/privilege-documents/

plugins/mongodb_datasource/datasource.py

@@ -59,7 +59,7 @@ class MongoDbDatasource(AbstractDatasource):
         self.__conn_hash= None
         ##@brief Stores the database cursor
         self.database = self.__connect(
-            username, password, ro = self.__read_only)
+            username, password, db_name, self.__read_only)
 
     ##@brief Destructor that attempt to close connection to DB
     #
@@ -578,13 +578,14 @@ is not a reference : '%s' field '%s'" % (bref_leo, bref_fname))
     #@param username str
     #@param password str
     #@param ro bool : If True the Datasource is for read only, else the
-    def __connect(self, username, password, ro):
+    def __connect(self, username, password, db_name, ro):
         conn_string = connection_string(
             username = username, password = password,
             host = self.__db_infos['host'],
-            port = self.__db_infos['port'])
-
-        conn_string += "__ReadOnly__:"+str(self.__read_only)
+            port = self.__db_infos['port'],
+            db_name = db_name,
+            ro = ro)
+        
         self.__conn_hash = conn_h = hash(conn_string)
         if conn_h in self._connections:
             self._connections[conn_h]['conn_count'] += 1
@@ -593,11 +594,7 @@ is not a reference : '%s' field '%s'" % (bref_leo, bref_fname))
             logger.info("Opening a new connection to database")
             self._connections[conn_h] = {
                 'conn_count': 1,
-                'db': utils.connection(
-                    host = self.__db_infos['host'],
-                    port = self.__db_infos['port'],
-                    username = username, 
-                    password = password)}
+                'db': utils.connect(conn_string)}
             return self._connections[conn_h]['db'][self.__db_infos['db_name']]
                     
 

plugins/mongodb_datasource/utils.py

@@ -4,6 +4,7 @@ import pymongo
 from pymongo import MongoClient
 
 from lodel.settings.settings import Settings as settings
+from lodel import logger
 
 common_collections = {
     'object': 'objects',
@@ -26,8 +27,17 @@ MANDATORY_CONNECTION_ARGS = ('host', 'port', 'login', 'password', 'dbname')
 class MongoDbConnectionError(Exception):
     pass
 
-
-def connection_string(host, port, username, password):
+##@brief Forge a mongodb uri connection string
+#@param host str : hostname
+#@param port int|str : port number
+#@param username str
+#@param password str
+#@param db_name str : the db to authenticate on (mongo as auth per db)
+#@param ro bool : if True open a read_only connection
+#@return a connection string
+#@see https://docs.mongodb.com/v2.4/reference/connection-string/#connection-string-options
+#@todo escape arguments
+def connection_string(host, port, username, password, db_name = None, ro = None):
     ret = 'mongodb://'
     if username != None:
         ret += username
@@ -40,28 +50,20 @@ def connection_string(host, port, username, password):
     ret += host
     if port is not None:
         ret += ':'+str(port)
+    if db_name is not None:
+        ret += '/'+db_name
+    else:
+        logger.warning("No database indicated. Huge chance for authentication \
+to fails")
+    if ro:
+        ret += '?readOnly='+str(bool(ro))
     return ret
 
-##@brief Return an instanciated MongoClient
-#@param host str : hostname or ip
-#@param port int : port
-#@param username str | None: username
-#@param password str|None : password
-def connection(host, port, username, password):
-    conn_str = connection_string(host, port, username, password)
-    return MongoClient(conn_str)
-
-##@brief Return a database cursor
-#@param host str : hostname or ip
-#@param port int : port
-#@param db_name str : database name
-#@param username str | None: username
-#@param password str|None : password
-def connect(host, port, db_name, username, password):
-    conn = connection(host, port, username, password)
-    database = conn[db_name]
-    return database
-
+##@brief Return an instanciated MongoClient from a connstring
+#@param connstring str : as returned by connection_string() method
+#@return A MongoClient instance
+def connect(connstring):
+    return MongoClient(connstring)
 
 ## @brief Returns a collection name given a EmClass
 # @param class_object EmClass

progs/Makefile.am

@@ -2,9 +2,9 @@ SUBDIRS=slim
 
 lodel2_scripts_dir = $(datadir)/lodel2/scripts
 lodel2_scripts__DATA = create_instance mass_deploy create_mongodb.sh
-CLEANFILES = create_instance mass_deploy
+CLEANFILES = create_instance mass_deploy mass_deploy.cfg
 
-lodel2conf_DATA = ./create_mongodb_config.cfg
+lodel2conf_DATA = mass_deploy.cfg
 lodel2confdir=$(sysconfdir)/lodel2
 
 
@@ -18,7 +18,8 @@ mass_deploy: mass_deploy.sh
 	chmod +x mass_deploy
 
 create_mongodb.sh: ;
-create_mongodb_config.cfg: ;
+mass_deploy.cfg:
+	echo -e "#Uncomment following lines replacing values by your own\n#MONGODB_ADMIN_USER='admin'\n#MONGODB_ADMIN_PASSWORD='pass'\n#Following configurations are optional\nMONGODB_DB_PREFIX='lodel2'\n#You can give only an host or a HOSTNAME:PORT\n#WARNING !!! : mass_deploy script does not forward MONGODB_HOST in instances\n#configurations\n#MONGODB_HOST=''" > mass_deploy.cfg
 
 create_instance: create_instance.sh
 	$(do_subst) < $(srcdir)/create_instance.sh > create_instance

progs/Makefile.in

@@ -141,8 +141,9 @@ am__uninstall_files_from_dir = { \
     || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
          $(am__cd) "$$dir" && rm -f $$files; }; \
   }
-am__installdirs = "$(DESTDIR)$(lodel2_scripts_dir)"
-DATA = $(lodel2_scripts__DATA)
+am__installdirs = "$(DESTDIR)$(lodel2_scripts_dir)" \
+	"$(DESTDIR)$(lodel2confdir)"
+DATA = $(lodel2_scripts__DATA) $(lodel2conf_DATA)
 RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive	\
   distclean-recursive maintainer-clean-recursive
 am__recursive_targets = \
@@ -288,9 +289,14 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 SUBDIRS = slim
 lodel2_scripts_dir = $(datadir)/lodel2/scripts
-lodel2_scripts__DATA = create_instance
-CLEANFILES = $(lodel2_scripts__DATA)
-do_subst = sed -e 's,\[@\]PKGPYTHONDIR\[@\],$(pkgpythondir),g' 
+lodel2_scripts__DATA = create_instance mass_deploy create_mongodb.sh
+CLEANFILES = create_instance mass_deploy mass_deploy.cfg
+lodel2conf_DATA = mass_deploy.cfg
+lodel2confdir = $(sysconfdir)/lodel2
+do_subst = sed 	-e 's,\[@\]PKGPYTHONDIR\[@\],$(pkgpythondir),g' \
+		-e 's,\[@\]LODEL2_PROGSDIR\[@\],$(lodel2_scripts_dir),g' \
+		-e 's,\[@\]LODEL2_CONFDIR\[@\],$(lodel2confdir),g'
+
 all: all-recursive
 
 .SUFFIXES:
@@ -345,6 +351,27 @@ uninstall-lodel2_scripts_DATA:
 	@list='$(lodel2_scripts__DATA)'; test -n "$(lodel2_scripts_dir)" || list=; \
 	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
 	dir='$(DESTDIR)$(lodel2_scripts_dir)'; $(am__uninstall_files_from_dir)
+install-lodel2confDATA: $(lodel2conf_DATA)
+	@$(NORMAL_INSTALL)
+	@list='$(lodel2conf_DATA)'; test -n "$(lodel2confdir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(lodel2confdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(lodel2confdir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(lodel2confdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(lodel2confdir)" || exit $$?; \
+	done
+
+uninstall-lodel2confDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(lodel2conf_DATA)'; test -n "$(lodel2confdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	dir='$(DESTDIR)$(lodel2confdir)'; $(am__uninstall_files_from_dir)
 
 # This directory's subdirectories are mostly independent; you can cd
 # into them and run 'make' without going through this Makefile.
@@ -505,7 +532,7 @@ check: check-recursive
 all-am: Makefile $(DATA)
 installdirs: installdirs-recursive
 installdirs-am:
-	for dir in "$(DESTDIR)$(lodel2_scripts_dir)"; do \
+	for dir in "$(DESTDIR)$(lodel2_scripts_dir)" "$(DESTDIR)$(lodel2confdir)"; do \
 	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
 	done
 install: install-recursive
@@ -559,7 +586,7 @@ info: info-recursive
 
 info-am:
 
-install-data-am: install-lodel2_scripts_DATA
+install-data-am: install-lodel2_scripts_DATA install-lodel2confDATA
 	@$(NORMAL_INSTALL)
 	$(MAKE) $(AM_MAKEFLAGS) install-data-hook
 install-dvi: install-dvi-recursive
@@ -604,7 +631,7 @@ ps: ps-recursive
 
 ps-am:
 
-uninstall-am: uninstall-lodel2_scripts_DATA
+uninstall-am: uninstall-lodel2_scripts_DATA uninstall-lodel2confDATA
 
 .MAKE: $(am__recursive_targets) install-am install-data-am \
 	install-strip
@@ -616,20 +643,29 @@ uninstall-am: uninstall-lodel2_scripts_DATA
 	install-data-am install-data-hook install-dvi install-dvi-am \
 	install-exec install-exec-am install-html install-html-am \
 	install-info install-info-am install-lodel2_scripts_DATA \
-	install-man install-pdf install-pdf-am install-ps \
-	install-ps-am install-strip installcheck installcheck-am \
-	installdirs installdirs-am maintainer-clean \
+	install-lodel2confDATA install-man install-pdf install-pdf-am \
+	install-ps install-ps-am install-strip installcheck \
+	installcheck-am installdirs installdirs-am maintainer-clean \
 	maintainer-clean-generic mostlyclean mostlyclean-generic pdf \
 	pdf-am ps ps-am tags tags-am uninstall uninstall-am \
-	uninstall-lodel2_scripts_DATA
+	uninstall-lodel2_scripts_DATA uninstall-lodel2confDATA
+
+
+#There is clearly a way to factorise those rules
+mass_deploy: mass_deploy.sh
+	$(do_subst) < $(srcdir)/mass_deploy.sh > mass_deploy
+	chmod +x mass_deploy
 
+create_mongodb.sh: ;
+mass_deploy.cfg:
+	echo -e "#Uncomment following lines replacing values by your own\n#MONGODB_ADMIN_USER='admin'\n#MONGODB_ADMIN_PASSWORD='pass'\n#Following configurations are optional\nMONGODB_DB_PREFIX='lodel2'\n#You can give only an host or a HOSTNAME:PORT\n#WARNING !!! : mass_deploy script does not forward MONGODB_HOST in instances\n#configurations\n#MONGODB_HOST=''" > mass_deploy.cfg
 
 create_instance: create_instance.sh
 	$(do_subst) < $(srcdir)/create_instance.sh > create_instance
 	chmod +x create_instance
 
 install-data-hook:
-	chmod +x $(datadir)/lodel2/scripts/create_instance
+	chmod +x $(datadir)/lodel2/scripts/*
 
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.

progs/create_mongodb.sh

@@ -1,42 +0,0 @@
-#! /bin/bash
-
-usage() {
-	echo -e "Usage : $0 host port database newuser_identifier newuser_pwd (admin_identifier|config_file) [admin_pwd]" 1>&2
-    echo -e "config_file has to define ADMIN and ADMINPWD" 1>&2
-	exit 1
-}
-
-if [ $# -lt 6 ]
-then
-	echo "Not enough arguments" 1>&2
-	usage
-fi
-
-if [ $# -eq 6 ]
-then
-    if [ ! -f $6 ]
-    then  
-	    echo "Not enough arguments or the configation file $6 doesn't exist" 1>&2
-        usage
-    else
-	    . $6
-    fi
-fi
-
-if [ $# -eq 7 ]
-then
-    ADMIN=$6
-    ADMINPWD=$7
-fi
-
-host=$1
-port=$2
-db=$3
-newuser=$4
-newuserpwd=$5
-
-mongo $1:$2/admin -u $ADMIN -p $ADMINPWD <<EOF
-db.addUser('$4', '$5')
-use $db
-quit()
-EOF

progs/create_mongodb_config.cfg

@@ -1,3 +0,0 @@
-ADMIN=lodel_admin
-ADMINPWD=lapwd
-

progs/mass_deploy.sh

@@ -1,5 +1,25 @@
 #!/bin/bash
 
+conffile="[@]LODEL2_CONFDIR[@]/mass_deploy.cfg"
+
+badconf() {
+	echo -e "Either the file $conffile cannot be found or it didn't contains expected informations\n\nThe conffile is expected to define MONGODB_ADMIN_USER and MONGODB_ADMIN_PASSWORD variables" >&2
+	exit 1
+}
+
+mongodb_connfail() {
+	echo -e "Credential from $conffile seems to be incorrect. Unable to connect on admin db" >&2
+	exit 2
+}
+
+test -f $conffile || badconf
+#Load conffile
+. $conffile
+test -z "$MONGODB_ADMIN_USER" && badconf
+test -z "$MONGODB_ADMIN_PASSWORD" && badconf
+
+
+#Check for the presence of /usr/share/dict/words to generate random names
 if [ -f '/usr/share/dict/words' ]
 then
 	random_name=$(sed -nE 's/^([A-Za-z0-9]+)$/\1/p' /usr/share/dict/words |shuf|head -n1)
@@ -7,6 +27,7 @@ else
 	random_name=$RANDOM
 fi
 
+#Check for the presence of mongo and its conf
 if hash mongo 2>/dev/null
 then
 	echo "Mongo found"
@@ -15,6 +36,30 @@ else
 	exit
 fi
 
+if [ -f "/etc/mongodb.conf" ]
+then
+	if cat /etc/mongodb.conf  |grep -E '^ *auth *= *true *$' >/dev/null
+	then
+		echo "OK, auth enabled"
+	else
+		echo "WARNING : auth seems disabled on mongod !" >&2
+	fi
+else
+	echo "/etc/mongodb.conf not found. Unable to check if auth is on"
+fi
+
+echo "exit" | mongo $MONGODB_HOST --quiet -u "$MONGODB_ADMIN_USER" -p "$MONGODB_ADMIN_PASSWORD" admin &>/dev/null || mongodb_connfail
+
+#Check for the presence of pwgen for password generation
+if hash pwgen 2>/dev/null
+then
+	echo "Using pwgen to generate passwords"
+	rnd_pass_cmd='pwgen 25 1'
+else
+	echo "pwgen not found !!! Using \$RANDOM to generate passwords"
+	rnd_pass_cmd='$RANDOM'
+fi
+
 ninstance=$1
 instance=${ninstance:=50}
 
@@ -36,7 +81,18 @@ do
 	slim -n $iname -c
 	slim -n $iname -s --interface web
 	slim -n $iname -m
-	slim -n $iname -s --datasource_connectors mongodb --host localhost --user lodel2 --password lodel2 --db_name $iname
-	[@]LODEL2_PROGSDIR[@]/create_mongodb.sh localhost 27015 $iname lodel2 lodel2 [@]LODEL2_CONFDIR[@]/create_mongodb_config.cfg
+
+	#Mongo db database creation
+	dbname="${MONGODB_DB_PREFIX}_$iname"
+	dbuser="lodel2_$i"
+	dbpass=$($rnd_pass_cmd)
+	mongo $MONGODB_HOST -u "$MONGODB_ADMIN_USER" -p "$MONGODB_ADMIN_PASSWORD" admin <<EOF
+use $dbname
+db.addUser('$dbname', '$dbpass', ['readWrite', '$dbname'])
+exit
+EOF
+	#Append created db to instance conf
+	slim -n $iname -s --datasource_connectors mongodb --host localhost --user $dbuser --password $dbpass --db_name $dbname
+
 done