Affected by 
Documentation
¶
Overview ¶
Package mongodb implements database access proxy that handles authentication, authorization and protocol parsing of connections from MongoDB clients to MongoDB clusters.
After accepting a connection from a MongoDB client and authorizing it, the proxy dials to the target MongoDB cluster, performs x509 authentication and starts relaying wire messages between client and server.
Server selection ================ When connecting to a MongoDB replica set, the proxy will establish connection to the server determined by the "readPreference" setting from the config's connection string.
For example, this configuration will make Teleport to connect to a secondary:
- name: "mongo-rs" protocol: "mongodb" uri: "mongodb://mongo1:27017,mongo2:27017/?replicaSet=rs0&readPreference=secondary"
Command authorization ===================== Each MongoDB command is executed in a particular database. Client commands going through the proxy are inspected and their database is checked against user role's "db_names".
In case of authorization failure the command is not passed to the server, instead an "access denied" error is sent back to the MongoDB client in the standard wire message error format.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MakeTestClient ¶
func MakeTestClient(ctx context.Context, config common.TestClientConfig, opts ...*options.ClientOptions) (*mongo.Client, error)
MakeTestClient returns MongoDB client connection according to the provided parameters.
Types ¶
type Engine ¶
type Engine struct {
// EngineConfig is the common database engine configuration.
common.EngineConfig
// contains filtered or unexported fields
}
Engine implements the MongoDB database service that accepts client connections coming over reverse tunnel from the proxy and proxies them between the proxy and the MongoDB database instance.
Implements common.Engine.
func (*Engine) HandleConnection ¶
HandleConnection processes the connection from MongoDB proxy coming over reverse tunnel.
It handles all necessary startup actions, authorization and acts as a middleman between the proxy and the database intercepting and interpreting all messages i.e. doing protocol parsing.
func (*Engine) InitializeConnection ¶
InitializeConnection initializes the client connection.
type TestServer ¶
type TestServer struct {
// contains filtered or unexported fields
}
TestServer is a test MongoDB server used in functional database access tests.
func NewTestServer ¶
func NewTestServer(config common.TestServerConfig, opts ...TestServerOption) (svr *TestServer, err error)
NewTestServer returns a new instance of a test MongoDB server.
func (*TestServer) GetActiveConnectionsCount ¶
func (s *TestServer) GetActiveConnectionsCount() int32
GetActiveConnectionsCount returns the current value of activeConnection counter.
func (*TestServer) Port ¶
func (s *TestServer) Port() string
Port returns the port server is listening on.
func (*TestServer) Serve ¶
func (s *TestServer) Serve() error
Serve starts serving client connections.
type TestServerOption ¶
type TestServerOption func(*TestServer)
TestServerOption allows to set test server options.
func TestServerWireVersion ¶
func TestServerWireVersion(wireVersion int) TestServerOption
TestServerWireVersion sets the test MongoDB server wire protocol version.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package protocol implements reading/writing MongoDB wire protocol messages from/to client/server and converting them into parsed data structures.
|
Package protocol implements reading/writing MongoDB wire protocol messages from/to client/server and converting them into parsed data structures. |