Starburst MongoDB connector#
The Starburst MongoDB connector is an extended, tested and fully supported version of the MongoDB connector with configuration and usage identical.
The following improvements are included:
Requirements#
Fulfill the MongoDB connector requirements.
Additional features of the connector require a valid Starburst Enterprise license, unless otherwise noted.
Performance#
The connector includes a number of performance improvements, detailed in the following sections.
Predicate pushdown support#
The connector supports predicate pushdown, including complex expression predicate pushdown using MongoDB indexing. It also supports predicate pushdown for the following functions:
json_extract_scalar()
with the=
and!=
operators, on columns of typeSTRING
,INTEGER
,LONG
, andBOOLEAN
.from_iso8601_timestamp()
on columns of typeDATE
and when used in conjunction withjson_extract_scalar()
.
Complex expression predicate pushdown is supported on columns of type
SMALLINT
, TINYINT
, INT
, BIGINT
, VARCHAR
, TIMESTAMP(3)
,
and TIMESTAMP WITH TIMEZONE(3)
.
You can set mongodb.complex-expression-pushdown.enabled=true
in the catalog
configuration or use the complex_expression_pushdown_enabled
session property
to enable predicate pushdown. By default, this configuration property is set to
true
.
Security#
The connector includes security-related features detailed in the following section.
Kerberos authentication#
The connector supports Kerberos authentication using a keytab.
To configure Kerberos authentication with a keytab, add the following catalog configuration properties to the catalog properties file:
mongo.authentication.type=KERBEROS
kerberos.client.principal=example@example.com
kerberos.client.keytab=etc/kerberos/example.keytab
kerberos.config=etc/kerberos/krb5.conf
With this configuration the user example@example.com
, defined in the
principal property, is used to connect to the database, and the related Kerberos
service ticket is located in the example.keytab
file.
Kerberos credential pass-through#
The connector can be configured to pass through Kerberos credentials received by SEP to the MongoDB database. Configure Kerberos and SEP, following the instructions in Kerberos credential pass-through.
Next, configure the connector to pass through the credentials from the server to the database in your catalog properties file, and ensure the Kerberos client configuration properties are in place on all nodes.
mongo.authentication.type=KERBEROS_PASS_THROUGH
http.authentication.krb5.config=/etc/krb5.conf
http-server.authentication.krb5.service-name=exampleServiceName
http-server.authentication.krb5.keytab=/path/to/Keytab/File
Note
When delegated Kerberos authentication is configured
for the Starburst Enterprise web UI, make sure the http-server.authentication.krb5.service-name
value is set to HTTP
to match the configured Kerberos service name.
Now any MongoDB database accessed using SEP is subject to the Kerberos-defined data access restrictions and permissions.