Hi there.
I’m stuck at connecting to MongoDB Atlas with X509 auth mechanism and a certificate.
We are running an MongoDB v6 Atlas cluster and I try to connect with the mongodb_driver (0.9.2) package.
I try to authenticate via X509 by providing a .pem certificate.
The config looks like this:
config :myapp, :mongo_config,
name: :myapp,
appname: "myapp",
url: "mongodb+srv://something.mongodb.net/db",
username: "myuser",
auth_mechanism: :x509,
ssl: true,
ssl_opts: [
certfile: Path.join([cert_dir, "mycert.pem"])
]
And I start it with
{Mongo, Application.fetch_env!(:myapp, :mongo_config)}
in my application.ex
start function.
If I try a simple ping in an iex session, it works:
iex> Mongo.ping(:myapp)
{:ok,
%{
"$clusterTime" => %{
"clusterTime" => #BSON.Timestamp<1665059449:1>,
"signature" => %{
"hash" => #BSON.Binary<aca626330d4014449835f347178287ec49985029>,
"keyId" => 7148690837596012550
}
},
"ok" => 1.0,
"operationTime" => #BSON.Timestamp<1665059449:1>
}}
But if I try to list the collections, it fails:
iex> Mongo.show_collections(:myapp)
#Stream<[
enum: {:error,
%Mongo.Error{
code: 13,
error_labels: [],
fail_command: false,
host: nil,
message: "command listCollections requires authentication",
not_writable_primary_or_recovering: false,
resumable: false,
retryable_reads: false,
retryable_writes: false
}},
funs: [#Function<39.108234003/1 in Stream.filter/2>,
#Function<47.108234003/1 in Stream.map/2>]
]>
The user has readWrite@db
rights, which should be enough.
I’m not sure if I correctly pass the certfile into the right config or if I need to do anything else.
To be sure that I can reach the MongoDB Atlas cluster I temporarily created a user with a password and tried to connect to the cluster by only providing the url mongodb+srv://test:password@something.mongodb.net/db
in the config which works and I got the collections available in these database.
Also, trying both auth mechanisms in MongoDB Compass works without problems.
So I think it is something with the config I constructed with the X509 auth mechanism and the certificate file.
But I can’t figure out what I do wrong.
Did someone of you know what I do wrong?
Cheers
Frank