dlite icon indicating copy to clipboard operation
dlite copied to clipboard

Published 20 hours ago verified publisher icon SINTEF

Change to default client behavior for mongodb dlite storage

Open daniel-sintef opened this issue 2 years ago • 1 comments

Currently the mongodb python storage back end connects to a pymongo client via the following:

          client = pymongo.MongoClient(
              host=uri,
              username=user,
              password=password,
              authSource=opts.database,
              authMechanism=opts.authMechanism,
          )

Where opts.database defaults to dlite and opts.authMechanism defaults to SCRAM-SHA-256. However, these defaults are causing connection errors when I try to connect to a MongoDB atlas server. I wanted to know if we really need these defaults, or we could switch to something like the following:

          client = pymongo.MongoClient(
              host=uri,
              username=user,
              password=password,
              **opts.client_kwargs #many other ways of implementing this 
          )

This way the user can still pass an options they want to the client but are not forced to use some dlite-selected faults. (It seems to me that it makes way more sense that we let pymongo choose the defaults where possible in any case...)

daniel-sintef avatar Feb 02 '23 10:02 daniel-sintef

So to me there are some considerations here, all depending on how general users should connect to MongoDB Atlas and how it should connect to a local MongoDB instance and again how non-general users, but rather "creators" or similar connects to both of these kind of servers.

I'd think to have general users connect to MongoDB Atlas (external) should result in always using "guest/guest" credentials resulting in read-only permissions. Then they can retrieve all entities stored there through this. They can then not use this storage backend to store anything in, only retrieve, but that's still one of the main ideas of having this external DB. For "creators" this should of course not be the case, but this can be changed by changing credentials to someone with write-access.

For a local MongoDB instance, however, one should have full write permissions, furthermore, the specific options might be quite different in this case.

In the end, it makes sense to me to have DLite work with the MongoDB Atlas guest/guest read-only connection in a separate way than normal storage backends. I.e., it would set this up separately and retrieve any entity models there locally, possibly, and synchronize in the background whenever. This idea synergizes with the separate DLite service running on machines with DLite that essentially is equivalent to a local DLite DB.

CasperWA avatar Feb 02 '23 11:02 CasperWA