Merge pull request pandas-dev#32 from manahl/bugfix/MDP-341-authorization-error-seen-in-prod-2

MDP-341 Reauthing as admin if connection is not authenticated when the library binding is created

Author: mildbyte

arctic/arctic.py

@@ -333,6 +333,14 @@ def __init__(self, arctic, library):
         self.database_name = database_name
         self._db = self.arctic._conn[database_name]
         self._auth(self._db)
+
+        auth_users = self._db.command({'connectionStatus': 1})['authInfo']['authenticatedUsers']
+        if all((r['userSource'] != self._db.name for r in auth_users)):
+            # We're not authenticated to the database,
+            # ensure we are authed to admin so that we can at least read from it
+            if all((r['userSource'] != 'admin' for r in auth_users)):
+                self._auth(self.arctic._adminDB)
+
         self._library_coll = self._db[library]
 
     def __str__(self):
@@ -356,7 +364,7 @@ def _auth(self, database):
 
         auth = get_auth(self.arctic.mongo_host, self.arctic._application_name, database.name)
         if auth:
-            authenticate(self._db, auth.user, auth.password)
+            authenticate(database, auth.user, auth.password)
             self.arctic._conn.close()
 
     def get_name(self):

tests/unit/test_arctic.py

@@ -20,7 +20,14 @@ def test_arctic_lazy_init():
             # do something to trigger lazy arctic init
             store.list_libraries()
             assert mc.called
+            
+mock_conn_info = {u'authInfo': 
+                  {u'authenticatedUsers': [{u'user': u'research', u'userSource': u'admin'}]},
+                  u'ok': 1.0}
 
+mock_conn_info_empty = {u'authInfo':
+                  {u'authenticatedUsers': []},
+                  u'ok': 1.0}
 
 def test_arctic_auth():
     with patch('pymongo.MongoClient', return_value=MagicMock(), autospec=True), \
@@ -39,6 +46,7 @@ def test_arctic_auth():
                 with patch('arctic.arctic.ArcticLibraryBinding.get_library_type', return_value=None, autospec=True):
                     ga.return_value = Credential('db', 'user', 'pass')
                     store._conn['arctic_jblackburn'].name = 'arctic_jblackburn'
+                    store._conn['arctic_jblackburn'].command.return_value = mock_conn_info
                     store['jblackburn.library']
 
             # Creating the library will have attempted to auth against it
@@ -62,12 +70,38 @@ def test_arctic_auth_custom_app_name():
                 with patch('arctic.arctic.ArcticLibraryBinding.get_library_type', return_value=None, autospec=True):
                     ga.return_value = Credential('db', 'user', 'pass')
                     store._conn['arctic_jblackburn'].name = 'arctic_jblackburn'
+                    store._conn['arctic_jblackburn'].command.return_value = mock_conn_info
                     store['jblackburn.library']
 
             # Creating the library will have attempted to auth against it
             assert ga.call_args_list == [call('cluster', sentinel.app_name, 'arctic_jblackburn')]
 
 
+def test_arctic_auth_admin_reauth():
+    with patch('pymongo.MongoClient', return_value=MagicMock(), autospec=True), \
+        patch('arctic.arctic.mongo_retry', autospec=True), \
+        patch('arctic.arctic.get_auth', autospec=True) as ga:
+            ga.return_value = Credential('db', 'admin_user', 'admin_pass')
+            store = Arctic('cluster')
+            # do something to trigger lazy arctic init
+            store.list_libraries()
+            assert ga.call_args_list == [call('cluster', 'arctic', 'admin')]
+            ga.reset_mock()
+
+            # Get a 'missing' library
+            with pytest.raises(LibraryNotFoundException):
+                with patch('arctic.arctic.ArcticLibraryBinding.get_library_type', return_value=None, autospec=True), \
+                patch('arctic.arctic.logger') as logger:
+                    ga.return_value = Credential('db', 'user', 'pass')
+                    store._conn['arctic_jblackburn'].name = 'arctic_jblackburn'
+                    store._conn['arctic_jblackburn'].command.return_value = mock_conn_info_empty
+                    store['jblackburn.library']
+
+            assert store._conn['arctic_jblackburn'].command.call_args_list == [call({'connectionStatus': 1})]
+            assert ga.call_args_list == [call('cluster', 'arctic', 'arctic_jblackburn'),
+                                         call('cluster', 'arctic', store._adminDB.name)]
+
+
 def test_arctic_connect_hostname():
     with patch('pymongo.MongoClient', return_value=MagicMock(), autospec=True) as mc, \
          patch('arctic.arctic.mongo_retry', autospec=True) as ar, \