Enable MongoDB Authentication in OSM

Proposers

Gerardo García (Telefónica)
Gulsum Atici (Canonical)
David Garcia (Canonical)
Guillermo Calviño (Canonical)
Mark Beierl (Canonical)

Target MDG/TF

Common, RO, LCM, MON, NBI, PLA, POL, N2VC, Devops

Description

OSM uses NoSQL database (MongoDB) for many operations in several modules. However, there is not any authentication mechanism enabled in OSM MongoDB till now. This is a security thread especially for the production environment. This feature will cover the necessary changes to enable authentication, impacted modules and implementation steps for smooth transition from unauthenticated status to authentication enabled status.

The objective of this feature is to set the steps to enable authentication with minimal impact/change on modules.

Demo or definition of done

The following tasks should be completed:

Access to the OSM MongoDB by using a non-root user without password from outside the OSM should fail.
Access to the OSM MongoDB by using a non-root user with password which is taken from the secret (obtained from OSM K8s cluster) from outside the OSM should succeed.

This work is considered done when all accesses to OSM MongoDB are performed by non-admin user with credentials and OSM is functioning properly by performing all supported operations.

Edited Mar 07, 2022 by garciadeblas