phplaravelmongodbphp-mongodb

Authorization error while creating a new MongoDB database dynamically using PHP MongoDB driver


I am trying to create new mongoDB database in runtime, via php/Laravel code:-

Initially, I had created the mongodb user via mongoshell like this:-

use test_mongodb;

db.createUser({user: "test_mongodbu", pwd: "test_password", roles: [{ role: "dbOwner", db: "test_mongodb"}]})

In my env file, I have the data like this:-

MONGODB_CONNECTION=mongodb
MONGODB_HOST=localhost
MONGODB_PORT=27017
MONGODB_DATABASE=test_mongodb
MONGODB_USERNAME=test_mongodbu
MONGODB_PASSWORD=test_password
MONGODB_MASTER_DATABASE=test_mongodb

I am dynamically creating a new db via php MongoDrive like this:-

use MongoDB\Client as MongoClient;
use MongoDB\Driver\Manager as MongoManager;
use MongoDB\Driver\Command as MongoCommand;

$databaseName      = $username; // 'little_buds'
$collectionName    = 'test'; 
$connectionString  = 'mongodb://' . env('MONGODB_USERNAME') . ':' . env('MONGODB_PASSWORD') . '@' . env('MONGODB_HOST') . ':' . env('MONGODB_PORT') . '/?authSource=' . env('MONGODB_DATABASE');

$client     = new MongoClient($connectionString);  // Connect to MongoDB server
$manager    = new MongoManager($connectionString); 
$database   = $client->$databaseName;              // Dynamically create a database
$command    = array(
                'grantRolesToUser'  => env('MONGODB_USERNAME'),
                'roles'             => array(
                                        array(
                                            'role'  => 'dbOwner', 
                                            'db'    => $databaseName
                                        )
                                    )
            ); // command to grant the role of 'dbOwner' to existing user test_mongodbu

$manager->executeCommand(env('MONGODB_DATABASE'), new MongoCommand($command)); // executing the command
$database->$collectionName->insertOne(array('key' => 'value'));  // Insert a document into a collection

My idea is to create a new db (say little_buds) and grant the role of 'dbOwner' to the already existing test_mongodbu user of database test_mongodb

I am getting this error-

Not authorized on little_roses to execute command { insert: "test", ordered: true, $db: "little_buds", lsid: { id: UUID("d9ca3d5f-4299-4545-a487-7c565bc59ed4") } }

WHat am I doing wrong? Do I need to update the permission of the user- Like from roles: [{ role: "dbOwner", db: "lppportal_mongodb"}] to roles: [{ role: "userAdminAnyDatabase", db: "lppportal_mongodb"}]?


Solution

  • In principle you would need to create the user with these roles:

    use test_mongodb;
    db.createUser({
       user: "test_mongodbu", 
       pwd: "test_password", 
       roles: [
          { role: "dbOwner", db: "test_mongodb"},
          { role: "readWrite", db: "lppportal_mongodb"}
       ]
    })
    

    However, this does not work, see Manage Users and Roles

    Except for roles created in the admin database, a role can only include privileges that apply to its database and can only inherit from other roles in its database.

    A role created in the admin database can include privileges that apply to the admin database, other databases or to the cluster resource, and can inherit from roles in other databases as well as the admin database.

    You must create the user in admin database, for example

    db.getSiblingDB('admin').createUser({
       user: "test_mongodbu", 
       pwd: "test_password", 
       roles: [
          { role: "dbOwner", db: "test_mongodb"},
          { role: "readWrite", db: "lppportal_mongodb"}
       ]
    })
    

    In this case, your connection string must be like this:

     $connectionString  = 'mongodb://' 
       . env('MONGODB_USERNAME') . ':' . env('MONGODB_PASSWORD') 
       . '@' . env('MONGODB_HOST') . ':' . env('MONGODB_PORT') 
       . '/' . env('MONGODB_DATABASE') . '?authSource=admin';
    
      -> 'mongodb://test_mongodbu:test_password@localhost:27017/test_mongodb?authSource=admin'