update mongodb test to use auth account and update the docs (#2458)

Signed-off-by: Dani Louca <[email protected]>

Author: dloucasfx

docs/monitors/collectd-mongodb.md

@@ -36,14 +36,19 @@ Documentation for MongoDB can be found [here](http://docs.mongodb.org/manual/).
 
 If you're monitoring a secured MongoDB deployment, it is a good practice to create a MongoDB user with minimal read-only roles, as follows:
 
-If the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats against system.roles 
+If the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats and indexStats 
+against system collections and any collection in the db you're monitoring.
+In the below role, we're adding the appropriate permissions for system collections under the admin db.
+For more details on how to add all your non-admin collections, check https://www.mongodb.com/docs/manual/reference/resource-document/
 
 ```
 use admin
 db.createRole( 
   {
     role: "splunkMonitor",
-    privileges: [ { resource: { db: "admin", collection: "system.roles" }, actions: [ "collStats" ] } ],
+    privileges: [ { resource: { db: 'admin', collection: 'system.roles' }, actions: [ 'collStats', 'indexStats' ] },
+                  { resource: { db: 'admin', collection: 'system.users' }, actions: [ 'collStats', 'indexStats' ] },
+                  { resource: { db: 'admin', collection: 'system.version' }, actions: [ 'collStats', 'indexStats' ] } ],
     roles: [ { role: "read", db: "admin" } ]
   },
   { w: "majority" , wtimeout: 5000 }

pkg/monitors/collectd/mongodb/metadata.yaml

@@ -29,14 +29,19 @@ monitors:
 
     If you're monitoring a secured MongoDB deployment, it is a good practice to create a MongoDB user with minimal read-only roles, as follows:
     
-    If the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats against system.roles 
+    If the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats and indexStats 
+    against system collections and any collection in the db you're monitoring.
+    In the below role, we're adding the appropriate permissions for system collections under the admin db.
+    For more details on how to add all your non-admin collections, check https://www.mongodb.com/docs/manual/reference/resource-document/
     
     ```
     use admin
     db.createRole( 
       {
         role: "splunkMonitor",
-        privileges: [ { resource: { db: "admin", collection: "system.roles" }, actions: [ "collStats" ] } ],
+        privileges: [ { resource: { db: 'admin', collection: 'system.roles' }, actions: [ 'collStats', 'indexStats' ] },
+                      { resource: { db: 'admin', collection: 'system.users' }, actions: [ 'collStats', 'indexStats' ] },
+                      { resource: { db: 'admin', collection: 'system.version' }, actions: [ 'collStats', 'indexStats' ] } ],
         roles: [ { role: "read", db: "admin" } ]
       },
       { w: "majority" , wtimeout: 5000 }

selfdescribe.json

@@ -14927,7 +14927,7 @@
           "description": "Port number of the MongoDB instance"
         }
       },
-      "doc": "Monitors an instance of MongoDB using the [collectd MongoDB Python\nplugin](https://github.com/signalfx/collectd-mongodb).  Requires MongoDB\n2.6 or later.\n\nThis monitor captures the following metrics about MongoDB generally:\n\n* memory\n* network input/output bytes count\n* heap usage\n* db connections\n* operations count\n* active client connections\n* queued operations\n\nThe plugin also captures the following DB-specific metrics:\n\n* db size\n* db counters\n\nDocumentation for MongoDB can be found [here](http://docs.mongodb.org/manual/).\n\n\u003c!--- SETUP ---\u003e\n### Creating a MongoDB user for collectd\n\nIf you're monitoring a secured MongoDB deployment, it is a good practice to create a MongoDB user with minimal read-only roles, as follows:\n\nIf the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats against system.roles \n\n```\nuse admin\ndb.createRole( \n  {\n    role: \"splunkMonitor\",\n    privileges: [ { resource: { db: \"admin\", collection: \"system.roles\" }, actions: [ \"collStats\" ] } ],\n    roles: [ { role: \"read\", db: \"admin\" } ]\n  },\n  { w: \"majority\" , wtimeout: 5000 }\n)\n```\n\n```\nuse admin\ndb.createUser( {\n  user: \"collectd\",\n  pwd: \"collectd\",\n  roles: [ { role: \"readAnyDatabase\", db: \"admin\" }, { role: \"clusterMonitor\", db: \"admin\" }, {role: \"splunkMonitor\", db: \"admin\"} ]\n});\n```\n",
+      "doc": "Monitors an instance of MongoDB using the [collectd MongoDB Python\nplugin](https://github.com/signalfx/collectd-mongodb).  Requires MongoDB\n2.6 or later.\n\nThis monitor captures the following metrics about MongoDB generally:\n\n* memory\n* network input/output bytes count\n* heap usage\n* db connections\n* operations count\n* active client connections\n* queued operations\n\nThe plugin also captures the following DB-specific metrics:\n\n* db size\n* db counters\n\nDocumentation for MongoDB can be found [here](http://docs.mongodb.org/manual/).\n\n\u003c!--- SETUP ---\u003e\n### Creating a MongoDB user for collectd\n\nIf you're monitoring a secured MongoDB deployment, it is a good practice to create a MongoDB user with minimal read-only roles, as follows:\n\nIf the monitor is configured to send collection level metrics, you need to create and add this role so your user has permission to run collStats and indexStats \nagainst system collections and any collection in the db you're monitoring.\nIn the below role, we're adding the appropriate permissions for system collections under the admin db.\nFor more details on how to add all your non-admin collections, check https://www.mongodb.com/docs/manual/reference/resource-document/\n\n```\nuse admin\ndb.createRole( \n  {\n    role: \"splunkMonitor\",\n    privileges: [ { resource: { db: 'admin', collection: 'system.roles' }, actions: [ 'collStats', 'indexStats' ] },\n                  { resource: { db: 'admin', collection: 'system.users' }, actions: [ 'collStats', 'indexStats' ] },\n                  { resource: { db: 'admin', collection: 'system.version' }, actions: [ 'collStats', 'indexStats' ] } ],\n    roles: [ { role: \"read\", db: \"admin\" } ]\n  },\n  { w: \"majority\" , wtimeout: 5000 }\n)\n```\n\n```\nuse admin\ndb.createUser( {\n  user: \"collectd\",\n  pwd: \"collectd\",\n  roles: [ { role: \"readAnyDatabase\", db: \"admin\" }, { role: \"clusterMonitor\", db: \"admin\" }, {role: \"splunkMonitor\", db: \"admin\"} ]\n});\n```\n",
       "groups": {
         "": {
           "description": "",

test-services/mongodb/Dockerfile

@@ -0,0 +1,4 @@
+FROM mongo:3.6
+ENV MONGO_INITDB_ROOT_USERNAME=root
+ENV MONGO_INITDB_ROOT_PASSWORD=passwd
+COPY userAuth.sh /docker-entrypoint-initdb.d/userAuth.sh

test-services/mongodb/userAuth.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+echo "Creating mongo role ..."
+mongo admin --host localhost -u root -p passwd --eval "db.createRole( { role: 'splunkMonitor', \
+                                                      privileges: [ { resource: { db: 'admin', collection: 'system.roles' }, actions: [ 'collStats', 'indexStats' ] }, \
+                                                                    { resource: { db: 'admin', collection: 'system.users' }, actions: [ 'collStats', 'indexStats' ] }, \
+                                                                    { resource: { db: 'admin', collection: 'system.version' }, actions: [ 'collStats', 'indexStats' ] } ], \
+                                                                    roles: [ { role: 'read', db: 'admin' } ] }, { w: 'majority' , wtimeout: 5000 });"
+echo "Creating mongo monitor user ..."
+mongo admin --host localhost -u root -p passwd --eval "db.createUser( { user: 'test123', pwd: 'test123', \
+                                                                        roles: [ { role: 'readAnyDatabase', db: 'admin' }, \
+                                                                                 { role: 'clusterMonitor', db: 'admin' }, \
+                                                                                 {role: 'splunkMonitor', db: 'admin'} ]});"
+echo "Mongo users created."
+

tests/monitors/mongodb/mongodb_test.py

@@ -6,7 +6,7 @@
 from tests.helpers.agent import Agent
 from tests.helpers.assertions import tcp_socket_open
 from tests.helpers.metadata import Metadata
-from tests.helpers.util import container_ip, run_container, wait_for
+from tests.helpers.util import container_ip, run_service, wait_for
 from tests.helpers.verify import verify
 
 pytestmark = [pytest.mark.collectd, pytest.mark.mongodb, pytest.mark.monitor_with_endpoints]
@@ -30,14 +30,16 @@
 
 
 def test_mongo_basic():
-    with run_container("mongo:3.6") as mongo_cont:
+    with run_service("mongodb") as mongo_cont:
         host = container_ip(mongo_cont)
         config = dedent(
             f"""
             monitors:
               - type: collectd/mongodb
                 host: {host}
                 port: 27017
+                username: test123
+                password: test123
                 databases: [admin]
             """
         )
@@ -48,14 +50,16 @@ def test_mongo_basic():
 
 
 def test_mongo_enhanced_metrics():
-    with run_container("mongo:3.6") as mongo_cont:
+    with run_service("mongodb") as mongo_cont:
         host = container_ip(mongo_cont)
         config = dedent(
             f"""
             monitors:
               - type: collectd/mongodb
                 host: {host}
                 port: 27017
+                username: test123
+                password: test123
                 databases: [admin]
                 sendCollectionMetrics: true
                 sendCollectionTopMetrics: true