MongoDB user management commands

Spec for enabling various user management commands for MongoDB. user-create, list, and delete, root-enable and show, and user-grant- and revoke-access will be supported. Change-Id: I71f7226cdd07446b2ca19f42f711544e93f288dd Implements: blueprint mongodb-users
2015-04-24 14:02:53 -04:00 · 2015-04-24 14:02:53 -04:00 · ce59684356
commit ce59684356
parent e2c85ecfdb
2 changed files with 242 additions and 0 deletions
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@ -20,6 +20,14 @@ Kilo approved specs:

   specs/kilo/*

+Liberty approved specs:
+
+.. toctree::
+   :glob:
+   :maxdepth: 1
+
+   specs/liberty/*
+
 ======================
 Repository Information
 ======================
--- a/specs/liberty/mongodb-users.rst
+++ b/specs/liberty/mongodb-users.rst
@ -0,0 +1,234 @@
+..
+ This work is licensed under a Creative Commons Attribution 3.0 Unported
+ License.
+
+ http://creativecommons.org/licenses/by/3.0/legalcode
+
+ Sections of this template were taken directly from the Nova spec
+ template at:
+ https://github.com/openstack/nova-specs/blob/master/specs/template.rst
+
+
+==========================
+ MongoDB users management
+==========================
+
+https://blueprints.launchpad.net/trove/+spec/mongodb-users
+
+Enable MongoDB users management functionality.
+
+
+Problem description
+===================
+
+The MongoDB guest agent does not support users management features. Allowing
+the user to create, list, and delete users, enable/check root access, and
+grant/revoke user access through the API is essential.
+
+MongoDB users are unique to each database. A user is identified by both its name
+and database. Therefore the Trove actions requiring user names need
+the value to be in the following string format: "<database>.<username>".
+MongoDB does not allow the following characters in the database name: /\. "$
+
+
+Proposed change
+===============
+
+Calls to MongoDB will be done in Python via the PyMongo library, which is
+required to be pre-installed on the guest.
+
+Features
+--------
+
+A number of Trove commands will be enabled for the MongoDB datastore.
+Also, MongoDB's authentication protocol will be enabled by default, making
+the database secure.
+
+Functions
+~~~~~~~~~
+
+Several standard Trove commands will be enabled for MongoDB. Below are the
+corresponding CLI commands with all allowed arguments:
+
+::
+
+    user-create <instance> <database>.<name> <password>
+    user-list <instance>
+    user-delete <instance> <database>.<name>
+    user-show <instance> <database>.<name>
+    root-enable <instance>
+    root-show <instance>
+    user-grant-access <instance> <database>.<name> <access_databases>
+    user-revoke-access <instance> <database>.<name> <access_database>
+    user-show-access <instance> <database>.<name>
+
+The code changes will be to implement a new class service.MongoAdmin and the
+corresponding methods as members of the class. The methods of manager.Manager
+will be updated to call the admin functions.
+
+
+Security
+~~~~~~~~
+
+Currently the MongoDB datastore creates an insecure database. To make the
+above functionality useful the guest agent's MongoDB server will be made
+secure. This will be done by enabling authentication and creating a Trove
+user 'os_admin' on the server by default. The Trove user will have user and
+database administrator privileges, but not read/write. When the guest is first
+started the guest agent will generate a password and
+connect (because of the localhost exception) to the server. It will then run
+the following (below is Mongo shell code, but it will be implemented using
+PyMongo):
+
+::
+
+    use admin
+    db.createUser(
+        {
+            user: "os_admin",
+            pwd: "<generated_password>",
+            roles: [
+                { role: "userAdminAnyDatabase", db: "admin" },
+                { role: "dbAdminAnyDatabase", db: "admin" },
+                { role: "cluserAdmin", db: "admin" }
+            ]
+        }
+    )
+
+Authentication will be enabled by default. To disable it a configuration group
+can be used with the option {'auth': 'false'}.
+
+Note: enabling authentication on MongoDB effects clustering as shards are
+required to use a shared key file to connect to each other. Therefore a new
+cryptographically secure key will be generated during cluster-create to be used
+by the shards. This key value will be pushed to each shard, where it will be
+stored for connection use. The key will not be stored on the controller. The
+controller will ask an existing cluster guest for the key when adding new
+shards.
+
+
+Configuration
+-------------
+
+The mongodb configuration file will have 'auth' set to 'on' to enable
+authentication on the server.
+
+A new MongoDB RC script will be created at ~/.mongorc.js. This file will store
+the username and generated password, allowing the local MongoDB client to
+automatically connect using those credentials.
+
+
+Database
+--------
+
+No new items will be added here.
+
+
+Public API
+----------
+
+No API changes.
+
+
+Public API Security
+-------------------
+
+No API Security changes.
+
+
+Internal API
+------------
+
+No Internal API changes.
+
+
+Guest Agent
+-----------
+
+Modified files:
+
+::
+
+    trove/guestagent/db/models.py - add a MongoDBUser class.
+    trove/guestagent/datastore/experimental/mongodb/manager.py - enable functions.
+    trove/guestagent/datastore/experimental/mongodb/service.py - add functions.
+    trove/guestagent/datastore/experimental/mongodb/system.py - store system constants.
+
+The Guest Agent will be changed to support the following manager functions:
+
+- create user - using 'createUser()'
+- list users - query the admin database's system.users collection
+- delete user - using 'dropUser()'
+- show user - using 'getUser()'
+- enable root - create user "root" and grant the role "root"
+- check if root is enabled - check if user "root" exists
+- grant user access to a database - using 'updateUser()'
+- revoke user access to a database - using 'updateUser()'
+- show user access to a database - using 'getUser()'
+
+
+Alternatives
+------------
+
+Grant os_admin “root” role for full access.
+
+
+Implementation
+==============
+
+Assignee(s)
+-----------
+
+Matthew Van Dijk
+
+
+Milestones
+----------
+
+liberty-1
+
+
+Work Items
+----------
+
+The work will be split into four deliverables:
+
+1) Enable authentication on server
+2) create/list/show/delete users
+3) enable/check root
+4) grant/show/revoke access
+
+
+Upgrade Implications
+====================
+
+There will be no upgrade implications.
+
+
+Dependencies
+============
+
+There are no dependencies on other work in progress.
+
+
+Testing
+=======
+
+Unit tests will be added to validate non-trivial codepaths.
+Integration tests may be added if necessary.
+
+
+Documentation Impact
+====================
+
+Documentation will be required to explain that authentication is enabled on
+MongoDB guests. The MongoDB datastore documentation can be updated to reflect
+the enabled features.
+
+
+References
+==========
+
+`MongoDB manual
+<http://docs.mongodb.org/manual/>`_
+