Question

这是问题所在。我有连接到远程mongos的本地mongod实例。远程数据库使用基本密码验证。我正在尝试使用简单的Scala应用程序为特定集合设置ChangeStream观察器。实际代码如下：

  private val mongo = new MongoClient(
    new ServerAddress("localhost", 27017),
    MongoCredential.createCredential("username", "myDB", "password".toCharArray),
    MongoClientOptions.builder().addServerListener(ServerStateListener).build()
  )
  private val collection = mongo
    .getDatabase(DB)
    .getCollection("someObjectsCollection")

  private val ch = collection
    .watch()
    .fullDocument(FullDocument.UPDATE_LOOKUP)
    .iterator()

它在.fullDocument(FullDocument.UPDATE_LOOKUP)行告诉：

Exception in thread "main" com.mongodb.MongoCommandException: Command failed with error 13: 'not authorized on myDB to execute command { aggregate: "someObjectsCollection", pipeline: [ { $changeStream: { fullDocument: "updateLookup" } } ], cursor: {}, $db: "myDB", $clusterTime: { clusterTime: Timestamp(1524064297, 2), ....

这令人困惑，因为在远程数据库和本地mongo shell上通过mongos提供了用户凭据。此外，我尝试在该应用程序中执行一些其他集合操作（如collection.count()）并且它有效！当我尝试设置观察者时出现问题。

Answer 1

最后我弄清楚我的设置有什么问题...

原始用户＆＃39;用户名＆＃39;我用来使用更改流的权限有严格的权限集：

"inheritedPrivileges" : [
    {
        "resource" : {
            "db" : "abuCoreDev", 
            "collection" : ""
        }, 
        "actions" : [
            "convertToCapped", 
            "createCollection", 
            "createIndex", 
            "dropIndex", 
            "find", 
            "insert", 
            "listCollections", 
            "listIndexes", 
            "planCacheIndexFilter", 
            "remove", 
            "update"
        ]
    }
],

我没有意识到我需要特殊的changeStream权限才能使用更改流！当我连接到具有被诅咒权限的mongos root时，一切正常。

在这里，您可以看到我的root用户的权限：

{
            "resource" : {
                "db" : "", 
                "collection" : ""
            }, 
            "actions" : [
                "bypassDocumentValidation", 
                "changeCustomData", 
                "changePassword", 
                "changeStream", 
                "collMod", 
                "collStats", 
                "compact", 
                "convertToCapped", 
                "createCollection", 
                "createIndex", 
                "createRole", 
                "createUser", 
                "dbHash", 
                "dbStats", 
                "dropCollection", 
                "dropDatabase", 
                "dropIndex", 
                "dropRole", 
                "dropUser", 
                "emptycapped", 
                "enableProfiler", 
                "enableSharding", 
                "find", 
                "getShardVersion", 
                "grantRole", 
                "indexStats", 
                "insert", 
                "killCursors", 
                "listCollections", 
                "listIndexes", 
                "moveChunk", 
                "planCacheIndexFilter", 
                "planCacheRead", 
                "planCacheWrite", 
                "reIndex", 
                "remove", 
                "renameCollectionSameDB", 
                "repairDatabase", 
                "revokeRole", 
                "setAuthenticationRestriction", 
                "splitChunk", 
                "splitVector", 
                "storageDetails", 
                "update", 
                "validate", 
                "viewRole", 
                "viewUser"
            ]
        }

Mongo Change Stream“未授权执行命令”

1 个答案: