3

这是问题所在。我有mongos连接到远程的本地实例mongod。远程数据库使用基本密码认证。我正在尝试使用简单的 Scala 应用程序为特定集合设置 ChangeStream 观察程序。实际代码如下所示:

  private val mongo = new MongoClient(
    new ServerAddress("localhost", 27017),
    MongoCredential.createCredential("username", "myDB", "password".toCharArray),
    MongoClientOptions.builder().addServerListener(ServerStateListener).build()
  )
  private val collection = mongo
    .getDatabase(DB)
    .getCollection("someObjectsCollection")

  private val ch = collection
    .watch()
    .fullDocument(FullDocument.UPDATE_LOOKUP)
    .iterator()

它断线.fullDocument(FullDocument.UPDATE_LOOKUP)告诉:

Exception in thread "main" com.mongodb.MongoCommandException: Command failed with error 13: 'not authorized on myDB to execute command { aggregate: "someObjectsCollection", pipeline: [ { $changeStream: { fullDocument: "updateLookup" } } ], cursor: {}, $db: "myDB", $clusterTime: { clusterTime: Timestamp(1524064297, 2), ....

这很令人困惑,因为给定的用户凭据mongo shell在 remote DB 和 local 上都有效mongos。此外,我尝试在该应用程序中使用集合执行一些其他操作(如collection.count())并且它有效!当我尝试设置观察者时出现问题。

4

1 回答 1

3

最后我发现我的设置出了什么问题...

我用来使用更改流的原始用户“用户名”具有严格的权限集:

"inheritedPrivileges" : [
    {
        "resource" : {
            "db" : "abuCoreDev", 
            "collection" : ""
        }, 
        "actions" : [
            "convertToCapped", 
            "createCollection", 
            "createIndex", 
            "dropIndex", 
            "find", 
            "insert", 
            "listCollections", 
            "listIndexes", 
            "planCacheIndexFilter", 
            "remove", 
            "update"
        ]
    }
],

我没有意识到我需要特殊changeStream权限才能使用更改流!当我连接到具有该受诅咒的权限时,一切mongos正常root

在这里您可以看到我的 root 用户的权限:

{
            "resource" : {
                "db" : "", 
                "collection" : ""
            }, 
            "actions" : [
                "bypassDocumentValidation", 
                "changeCustomData", 
                "changePassword", 
                "changeStream", 
                "collMod", 
                "collStats", 
                "compact", 
                "convertToCapped", 
                "createCollection", 
                "createIndex", 
                "createRole", 
                "createUser", 
                "dbHash", 
                "dbStats", 
                "dropCollection", 
                "dropDatabase", 
                "dropIndex", 
                "dropRole", 
                "dropUser", 
                "emptycapped", 
                "enableProfiler", 
                "enableSharding", 
                "find", 
                "getShardVersion", 
                "grantRole", 
                "indexStats", 
                "insert", 
                "killCursors", 
                "listCollections", 
                "listIndexes", 
                "moveChunk", 
                "planCacheIndexFilter", 
                "planCacheRead", 
                "planCacheWrite", 
                "reIndex", 
                "remove", 
                "renameCollectionSameDB", 
                "repairDatabase", 
                "revokeRole", 
                "setAuthenticationRestriction", 
                "splitChunk", 
                "splitVector", 
                "storageDetails", 
                "update", 
                "validate", 
                "viewRole", 
                "viewUser"
            ]
        }
于 2018-04-20T09:18:52.277 回答