Added option to authenticate to a Mongo instance.

renctan · renctan · commit b1f22cf6e1f8 · 2011-08-24T17:29:26.000-04:00
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -3,6 +3,7 @@ PATH
   specs:
     msolr (0.1)
       hamster
+      highline
       mongo (>= 1.3.1)
       rsolr
 
@@ -12,6 +13,7 @@ GEM
     bson (1.3.1)
     builder (3.0.0)
     hamster (0.4.2)
+    highline (1.6.2)
     mocha (0.9.12)
     mongo (1.3.1)
       bson (= 1.3.1)
diff --git a/bin/msolrd b/bin/msolrd
@@ -126,6 +126,7 @@ connection_opts = {
 
 if (mongo_loc =~ /^mongodb:\/\//) then
   mongo = Mongo::Connection.from_uri(mongo_loc)
+  authenticate_to_db(mongo, options.auth)
   connected_to_mongos = is_mongos?(mongo)
 
   pool_size = options.conn_pool_size
@@ -143,6 +144,7 @@ else
   end
 
   mongo = Mongo::Connection.new(mongo_host, mongo_port)
+  authenticate_to_db(mongo, options.auth)
   connected_to_mongos = is_mongos?(mongo)
 
   if options.conn_pool_size.nil? then
diff --git a/lib/msolr/argument_parser.rb b/lib/msolr/argument_parser.rb
@@ -1,5 +1,7 @@
+require "rubygems"
 require "optparse"
 require "ostruct"
+require "highline"
 require_relative "../version"
 
 module MongoSolr
@@ -113,26 +115,34 @@ def self.parse_options(args, &block)
           exit
         end
 
-#        opts.separator ""
-#        opts.on("-a", "--auth FILE_PATH",
-#                "The file that contains authentication",
-#                "credentials to the databases. The file",
-#                "should have separate entries for each",
-#                "database in one line with database",
-#                "name, user name and password separated",
-#                "by a comma. Sample file contents:",
-#                " ",
-#                "admin,root_user,root_password",
-#                "local_db,user,strong_password",
-#                " ",
-#                "Note that spaces are valid characters in",
-#                "user name and passwords so space characters",
-#                "will not be ignored in the file. There are",
-#                "currently issues for username and password",
-#                "usernames that contains the comma (,)",
-#                "character.") do |path|
-#          options.auth = load_auth_file(path)
-#        end
+        opts.separator ""
+        opts.on("--iauth",
+                "Interactive authentication. A more secured ",
+                "alternative to --auth. Prompts the admin ",
+                "username and password.") do
+          options.auth = prompt_password("admin")
+        end
+
+        opts.separator ""
+        opts.on("-a", "--auth FILE_PATH",
+                "The file that contains authentication",
+                "credentials to the databases. The file",
+                "should have separate entries for each",
+                "database in one line with database",
+                "name, user name and password separated",
+                "by a comma. Sample file contents:",
+                " ",
+                "admin,root_user,root_password",
+                "local_db,user,strong_password",
+                " ",
+                "Note that spaces are valid characters in",
+                "user name and passwords so space characters",
+                "will not be ignored in the file. There are",
+                "currently issues for username and password",
+                "usernames that contains the comma (,)",
+                "character.") do |path|
+          options.auth = load_auth_file(path)
+        end
 
         yield opts, options if block_given?
 
@@ -150,12 +160,14 @@ def self.parse_options(args, &block)
     ############################################################################
     private
 
-    # Build a hash structure from the contents of an authentication file that conforms with
-    # the formatting for the opt[:db_pass] parameter for SolrSynchronizer#sync.
+    # Builds a hash structure from the contents of an authentication file that contains
+    # the username and passwords for each database.
     #
     # @param file_path [String] the path of the authentication file.
     #
     # @return [Hash] the Hash object.
+    #
+    # @see Util::authenticate_to_db
     def self.load_auth_file(file_path)
       auth_data = {}
 
@@ -170,6 +182,23 @@ def self.load_auth_file(file_path)
 
       return auth_data
     end
+
+    # Prompts the user the username and password of a database.
+    #
+    # @param db_name [String] The name of the database to authenticate.
+    #
+    # @return [Hash] the Hash object containing the username and password.
+    #
+    # @see Util::authenticate_to_db
+    def self.prompt_password(db_name)
+      print("Please enter a username for #{db_name} db: ")
+      user = gets
+
+      hl = HighLine.new
+      pwd = hl.ask("Password: ") { |q| q.echo = "*" }
+
+      return { db_name => { :user => user.strip, :pwd => pwd.strip }}
+    end
   end
 end
 
diff --git a/lib/msolr/solr_synchronizer.rb b/lib/msolr/solr_synchronizer.rb
@@ -134,11 +134,6 @@ def update_config(opt = {}, &block)
     #      cursor was updated.
     #
     # @raise [OplogException]
-    #
-    # Example:
-    # auth = { "users" => { :user => "root", :pwd => "root" },
-    #          "admin" => { :user => "admin", :pwd => "" } }
-    # solr.sync({ :db_pass => auth, :interval => 1 })
     def sync(&block)
       # Lock usage:
       # 1. @stop.mutex->@is_synching.mutex
diff --git a/msolr.gemspec b/msolr.gemspec
@@ -26,5 +26,6 @@ Gem::Specification.new do |s|
   s.add_dependency("rsolr")
   s.add_dependency("mongo", [">= 1.3.1"])
   s.add_dependency("hamster")
+  s.add_dependency("highline")
 end
 
diff --git a/test/js_plugin_wrapper.rb b/test/js_plugin_wrapper.rb
@@ -26,14 +26,22 @@ def eval(js_code)
   #
   # @param db [String] The database name of the collection.
   # @param coll [String] The collection name.
-  def index_to_solr(db, coll = "")
+  # @param auth [Hash] Hash table containing the authentication details
+  def index_to_solr(db, coll = "", auth = {})
+    auth_line = ""
+
+    auth.each do |db_name, auth|
+      auth_line << "db.getSiblingDB(\"#{db_name}\").auth(\"#{auth[:user]}\", \"#{auth[:pwd]}\");"
+    end
+
     if coll.empty? then
       index_line = "db.getSiblingDB(\"#{db}\").solrIndex();"
     else
       index_line = "db.getSiblingDB(\"#{db}\").#{coll}.solrIndex();"
     end
 
-    code = <<JAVASCRIPT
+    code = auth_line
+    code << <<JAVASCRIPT
     MSolr.connect("#{SOLR_LOC}");
     #{index_line}
 JAVASCRIPT
diff --git a/test/slow_tests/auth_file b/test/slow_tests/auth_file
@@ -0,0 +1 @@
+admin,root,ugat
diff --git a/test/slow_tests/replica_set_test.rb b/test/slow_tests/replica_set_test.rb
@@ -198,7 +198,7 @@ def default_doc
       @js.index_to_solr(SMOKE_TEST_DB, @test_coll.name)
       @test_coll.insert(default_doc.merge({ :x => "hello" }), { :safe => true })
 
-      run_daemon("-d #{@conn_str} --err_interval 0") do
+      run_daemon("-d #{@conn_str} --err_interval 0") do |pio|
         solr_doc = nil
 
         # This block is just for synchronization purposes and is used to make
@@ -228,7 +228,7 @@ def default_doc
       @js.index_to_solr(SMOKE_TEST_DB, @test_coll.name)
       @test_coll.insert(default_doc.merge({ :x => "hello" }), { :safe => true })
 
-      run_daemon("-d #{@conn_str} --err_interval 0") do
+      run_daemon("-d #{@conn_str} --err_interval 0") do |pio|
         solr_doc = nil
 
         # This block is just for synchronization purposes and is used to make
diff --git a/test/slow_tests/sharding_test.rb b/test/slow_tests/sharding_test.rb
@@ -87,7 +87,7 @@ def self.presplit(shard, mid_val, n)
       mock = mock()
       mock.expects(:daemon_end).once
 
-      run_daemon("-p #{ShardManager::MONGOS_PORT}") do
+      run_daemon("-p #{ShardManager::MONGOS_PORT}") do |pio|
         @coll.insert({ SHARD_KEY => 7 })
         @coll.insert({ SHARD_KEY => 77 })
 
@@ -109,7 +109,7 @@ def self.presplit(shard, mid_val, n)
       mock = mock()
       mock.expects(:daemon_end).once
 
-      run_daemon("-p #{ShardManager::MONGOS_PORT}") do
+      run_daemon("-p #{ShardManager::MONGOS_PORT}") do |pio|
         @coll.remove(doc)
 
         solr_doc = nil
@@ -130,7 +130,7 @@ def self.presplit(shard, mid_val, n)
       mock = mock()
       mock.expects(:daemon_end).once
 
-      run_daemon("-p #{ShardManager::MONGOS_PORT}") do
+      run_daemon("-p #{ShardManager::MONGOS_PORT}") do |pio|
         midval = 60
         doc = { SHARD_KEY => midval }
         doc_id = @coll.insert(doc)
diff --git a/test/slow_tests/smoke_test.rb b/test/slow_tests/smoke_test.rb
@@ -63,7 +63,7 @@ def self.shutdown
       @js.index_to_solr(TEST_DB, @test_coll.name)
       @test_coll.insert(default_doc.merge({ :x => "hello" }), { :safe => true })
 
-      run_daemon(DAEMON_ARGS) do
+      run_daemon(DAEMON_ARGS) do |pio|
         solr_doc = nil
 
         result = retry_until_true(TIMEOUT) do
@@ -82,7 +82,7 @@ def self.shutdown
       @js.index_to_solr(TEST_DB, @test_coll.name)
       @test_coll.insert(default_doc.merge({ :x => "hello" }), { :safe => true })
 
-      run_daemon(DAEMON_ARGS) do
+      run_daemon(DAEMON_ARGS) do |pio|
         solr_doc = nil
 
         # This block is just for synchronization purposes and is used to make
@@ -113,7 +113,7 @@ def self.shutdown
       @js.index_to_solr(TEST_DB, @test_coll.name)
       @test_coll.insert(default_doc.merge({ :x => "hello" }), { :safe => true })
 
-      run_daemon(DAEMON_ARGS) do
+      run_daemon(DAEMON_ARGS) do |pio|
         solr_doc = nil
 
         # This block is just for synchronization purposes and is used to make
@@ -142,6 +142,65 @@ def self.shutdown
         @mock.daemon_end
       end
     end
+
+    context "authentication" do
+      setup do
+        @admin_user = "root"
+        @admin_pwd = "ugat"
+
+        @admin_db = @mongo_conn["admin"]
+        @admin_db.add_user(@admin_user, @admin_pwd)
+        @admin_db.authenticate(@admin_user, @admin_pwd)
+        @auth = { "admin" => { :user => @admin_user, :pwd => @admin_pwd }}
+      end
+
+      teardown do
+        @admin_db.remove_user(@admin_user)
+      end
+
+      should "be able to authenticate interactively" do
+        @js.index_to_solr(TEST_DB, @test_coll.name, @auth)
+        @test_coll.insert(default_doc.merge({ :x => "hello" }), { :safe => true })
+
+        run_daemon(DAEMON_ARGS + " --iauth") do |pio|
+          pio.write "#{@admin_user}\n"
+          pio.write "#{@admin_pwd}\n"
+
+          solr_doc = nil
+          result = retry_until_true(TIMEOUT) do
+            response = @solr.select({ :params => { :q => SOLR_TEST_Q }})
+            solr_doc = response["response"]["docs"].first
+            not solr_doc.nil?
+          end
+
+          assert(result, "Failed to index to Solr within #{TIMEOUT} seconds")
+          assert_equal("hello", solr_doc["x"])
+
+          @mock.daemon_end
+        end
+      end
+
+      should "be able to authenticate using file" do
+        auth_file_path = File.expand_path("../auth_file", __FILE__)
+
+        @js.index_to_solr(TEST_DB, @test_coll.name, @auth)
+        @test_coll.insert(default_doc.merge({ :x => "hello" }), { :safe => true })
+
+        run_daemon(DAEMON_ARGS + " -a #{auth_file_path}") do |pio|
+          solr_doc = nil
+          result = retry_until_true(TIMEOUT) do
+            response = @solr.select({ :params => { :q => SOLR_TEST_Q }})
+            solr_doc = response["response"]["docs"].first
+            not solr_doc.nil?
+          end
+
+          assert(result, "Failed to index to Solr within #{TIMEOUT} seconds")
+          assert_equal("hello", solr_doc["x"])
+
+          @mock.daemon_end
+        end
+      end
+    end
   end
 
   context "plugin" do
diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -39,7 +39,8 @@ def initialize
   def start
     if @pipe_io.nil? then
       FileUtils.mkdir_p DATA_DIR
-      cmd = "mongod --master --dbpath #{DATA_DIR} --port #{PORT} --logpath /dev/null --quiet"
+      cmd = "mongod --master --dbpath #{DATA_DIR} --port #{PORT} " + 
+        "--logpath /dev/null --quiet --auth"
       @pipe_io = IO.popen(cmd)
     end
   end
@@ -90,12 +91,13 @@ def retry_until_true(timeout, &block)
   # Run the Mongo-Solr daemon and terminate it.
   #
   # @param args [String] The arguments to pass to the daemon.
-  # @param block [Proc] The procedure to execute before terminating the daemon.
+  # @param block [Proc(pio)] The procedure to execute before terminating the daemon.
+  #   The piped IO to the daemon process is also passed to the block.
   def run_daemon(args = "", &block)
-    daemon_pio = IO.popen("ruby #{PROJ_SRC_PATH}/../../bin/msolrd #{args} 2> /dev/null")
+    daemon_pio = IO.popen("ruby #{PROJ_SRC_PATH}/../../bin/msolrd #{args} > /dev/null", "r+")
 
     begin
-      yield if block_given?
+      yield daemon_pio if block_given?
     ensure
       Process.kill "TERM", daemon_pio.pid
       daemon_pio.close
