FIX deprecated old db CLI

CHANGES_NEXT_RELEASE

@@ -1,3 +1,4 @@
 - Fix: changed the default value of `-dbTimeout` to 0 to resolve conflict with `-dbURI` (#4496) 
 - Fix: wrong INFO startup log showing ORION_MONGO_TIMEOUT, ORION_IN_REQ_PAYLOAD_MAX_SIZE and ORION_OUT_REQ_MSG_MAX_SIZE env var values (#4496)
 - Fix: return 400 Bad Request when subject.entities exists but it is an empty array (#4499)
+- Deprecate: `-dbhost`, `-rplSet`, `-dbTimeout`, `-dbuser`, `-dbAuthMech`, `-dbAuthDb`, `-dbSSL` and `-dbDisableRetryWrites` CLI parameters along with associated env vars (use `-dbURI` instead`)

ci/deb/build.sh

@@ -93,8 +93,8 @@ function _execute()
 
     sleep 3
 
-    contextBroker -port 30001 -dbhost localhost:20001 -pidpath cb1.pid &
-    contextBroker -port 30002 -dbhost localhost:20002 -pidpath cb2.pid &
+    contextBroker -port 30001 -dbURI mongodb://localhost:20001 -pidpath cb1.pid &
+    contextBroker -port 30002 -dbURI mongodb://localhost:20002 -pidpath cb2.pid &
 }
 
 [ $# = 0 ] && _usage

ci/deb/makefile

@@ -69,7 +69,7 @@ install_unit: install
 unit:
 	@echo '------------------------------------- make unit ----------------------------------------'
 
-	BUILD_UNIT/test/unittests/unitTest -t 0-255 -dbhost ${MONGO_HOST} --gtest_output=xml:/tmp/builder/logs/unit.xml
+	BUILD_UNIT/test/unittests/unitTest -t 0-255 -dbURI mongodb://${MONGO_HOST} --gtest_output=xml:/tmp/builder/logs/unit.xml
 
 build_functional: prepare
 	@echo '------------------------------------- make build_functional ----------------------------'

doc/manuals/admin/cli.md

@@ -49,36 +49,9 @@ The list of available options is the following:
 -   **-dbURI <uri>** : The URI to use the MongoDB.
     If the URI contains the string `${PWD}`, it will be replaced with the password
     specified in `-dbpwd` or the environment variable `ORION_MONGO_PASSWORD`.
-    This option cannot be combined with `-dbhost`, `-rplSet`, `-dbTimeout`, `-dbuser`,
-    `-dbAuthMech`, `-dbAuthDb`, `-dbSSL` and `-dbDisableRetryWrites` (if you attempt to do that
-    Orion will exit with an error on startup).
--   **-dbhost <host>**. The MongoDB host and port to use, e.g. `-dbhost
-    localhost:12345`.
--   **-rplSet <replicat_set>**. If used, Orion CB connnects to a
-    MongoDB replica set (instead of a stand-alone MongoDB instance).
-    The name of the replica set to use is the value of the parameter. In
-    this case, the -dbhost parameter can be a list of hosts (separated
-    by ",") which are used as seed for the replica set.
--   **-dbTimeout <interval>**. Only used in the case of using replica
-    set (-rplSet), ignored otherwise. It specifies the timeout in
-    milliseconds for connections to the replica set.
--   **-dbuser <user>**. The MongoDB user to use. If your MongoDB doesn't
-    use authorization then this option must be avoided. See [database
-    authorization section](database_admin.md#database-authorization).
 -   **-dbpwd <pass>**. The MongoDB password to use. If your MongoDB
     doesn't use authorization then this option must be avoided. See [database
-    authorization section]( database_admin.md#database-authorization).
--   **-dbAuthMech <mechanism>**. The MongoDB authentication mechanism to use in the case
-    of providing `-dbuser` and `-dbpwd`. Alternatives are SCRAM-SHA-1 or SCRAM-SHA-256.
--   **-dbAuthDb <database>**. Specifies the database to use for authentication in the case
-    of providing `-dbuser` and `-dbpwd`.
--   **-dbSSL**. Enable SSL in the connection to MongoDB. You have to use this option if your
-    MongoDB server or replica set is using SSL (or, the other way around, you have not to use
-    this option if your MongoDB server or replicat set is not using SSL). Note there is
-    currently a limitation: Orion uses `tlsAllowInvalidCertificates=true` in this case,
-    so the certificate used by MongoDB server is not being validated.
--   **-dbDisableRetryWrites**. Set retryWrite parameter to false in DB connections (not
-    recommended, only to keep compatibility with old MongoDB instances)
+    authorization section](database_admin.md#database-authorization).
 -   **-dbPoolSize <size>**. Database connection pool. Default size of
     the pool is 10 connections.
 -   **-writeConcern <0|1>**. Write concern for MongoDB write operations:
@@ -218,15 +191,8 @@ Two facts have to be taken into account:
 |	ORION_PORT	|	port	|
 |	ORION_PID_PATH	|	pidpath	|
 |	ORION_MONGO_URI	|	dbURI	|
-|	ORION_MONGO_HOST	|	dbhost	|
-|	ORION_MONGO_REPLICA_SET	|	rplSet	|
-|	ORION_MONGO_USER	|	dbuser	|
 |	ORION_MONGO_PASSWORD	|	dbpwd	|
-|	ORION_MONGO_AUTH_MECH	|	dbAuthMech	|
-|	ORION_MONGO_AUTH_SOURCE	|	dbAuthDb	|
-|	ORION_MONGO_SSL	|	dbSSL	|
 |	ORION_MONGO_DB	|	db	|
-|	ORION_MONGO_TIMEOUT	|	dbTimeout	|
 |	ORION_MONGO_POOL_SIZE	|	dbPoolSize	|
 |	ORION_USEIPV4	|	ipv4	|
 |	ORION_USEIPV6	|	ipv6	|

doc/manuals/admin/database_admin.md

@@ -65,41 +65,44 @@ you need to apply the procedures to each per-tenant/service database.
 
 ## Database authorization
 
-MongoDB authorization is configured with the `-db`, `-dbuser` and `-dbpwd`
-options ([see section on command line
-options](cli.md)). There are a few different cases
+MongoDB authorization is configured using `-dbURI` and `-dbpwd`
+options ([see section on command line options](cli.md)). There are a few different cases
 to take into account:
 
 -   If your MongoDB instance/cluster doesn't use authorization,
-    then do not use the `-dbuser` and `-dbpwd` options.
--   You can specify authentication mechanism with `-dbAuthMech`.
+    then do not use the `-dbpwd` and use `-dbURI` without the `username:${PWD}@` part.
+-   You can specify authentication mechanism within the `-dbURI`, using the `authMechanism` option.
 -   If your MongoDB instance/cluster uses authorization , then:
+    -   In the `-dbURI` you have to use the `username:${PWD}@` part. The `${PWD}` will be replaced
+        by the value of the `dbpwd` parameter.
     -   If you run Orion in single service/tenant mode (i.e.
         without `-multiservice`) then you are using only one database
-        (the one specified by the -db option) and the authorization is
-        done with `-dbuser` and `-dbpwd` in that database.
+        (the one specified by the `-db` option) and the authorization is
+        done in that database with the username specified in the `-dbURI` and `-dbpwd`.
     -   If you run Orion in multi service/tenant mode (i.e.
         with `-multiservice`) then the authorization is done at `admin`
-        database using `-dbuser` and `-dbpwd`. As described [later in this
+        database using the username specified in the `-dbURI` and `-dbpwd`. As described [later in this
         document](#multiservicemultitenant-database-separation),
         in multi service/tenant mode, Orion uses several databases
         (which in addition can potentially be created on the fly), thus
         authorizing on `admin` DB ensures permissions in all of them.
-    -   Anyway, you can override the above default with `-dbAuthDb` and
+    -   Anyway, you can override the above default with `defaultauthdb` in the `-dbURI` and
         specify the authentication DB you want.
 
+Check the [MongoURI documentation](https://www.mongodb.com/docs/manual/reference/connection-string) for additional information.
+
 Let's consider the following example. If your MongoDB configuration is so you typically access to it
 using:
 
 ```
-mongo "mongodb://example1.net:27017,example2.net:27017,example3.net:27017/orion?replicaSet=rs0" --ssl --authenticationDatabase admin --username orion --password orionrules
+mongosh mongodb://orion@orionrules:example1.net:27017,example2.net:27017,example3.net:27017/admin?replicaSet=rs0&tls=true&tlsAllowInvalidCertificates=true
 ```
 
 Then the equivalent connection in Context Broker CLI parameters will be:
 
 
 ```
--dbhost examples1.net:27017,example2.net:27017,example3.net:27017 -rplSet rs0 -dbSSL -dbAuthDb admin -dbuser orion -dbpwd orionrules
+-dbURI mongodb://orion@${PWD}:example1.net:27017,example2.net:27017,example3.net:27017/admin?replicaSet=rs0&tls=true&tlsAllowInvalidCertificates=true -dbpwd orionrules
 ```
 
 

doc/manuals/admin/diagnosis.md

@@ -288,7 +288,7 @@ The symptoms of a database connection problem are the following:
 ```
 
 In both cases, check that the connection to MonogDB is correctly
-configured (in particular, the "-dbhost" option [from the command
+configured (in particular, the `-dbURI` option [from the command
 line](cli.md)) and that the mongod/mongos
 process (depending if you are using sharding or not) is up and running.
 

doc/manuals/admin/sanity_check.md

@@ -46,7 +46,7 @@ A process named "contextBroker" should be up and running, e.g.:
 
 ```
 $ ps ax | grep contextBroker
- 8517 ?        Ssl    8:58 /usr/bin/contextBroker -port 1026 -logDir /var/log/contextBroker -pidpath /var/log/contextBroker/contextBroker.pid -dbhost localhost -db orion
+ 8517 ?        Ssl    8:58 /usr/bin/contextBroker -port 1026 -logDir /var/log/contextBroker -pidpath /var/log/contextBroker/contextBroker.pid -dbURI mongodb://localhost/ -db orion
 ```
 
 [Top](#top)
@@ -63,25 +63,18 @@ changed using the -port command line option.
 The Orion Context Broker uses a MongoDB database, whose parameters are
 provided using the command line options:
 
-* `-dbhost`
+* `-dbUri`
 * `-db`
-* `-dbuser`
 * `-dbpwd`
-* `-dbAuthMech`
-* `-dbAuthDb`
-* `-dbSSL`
-* `-dbDisableRetryWrites`
-* `-dbTimeout`
 * `-dbPoolSize`
 * `-writeConcern`
 
-Note that `-dbuser`, `-dbpwd`, `-dbAuthMech` and `-dbAuthDb`.
-are only used if MongoDB runs using authentication, i.e. with `--auth`.
+Note that `-dbpwd` is only used if MongoDB runs using authentication, i.e. with `--auth`.
 
 You can check that the database is working using the mongo console:
 
 ```
-mongo <dbhost>/<db>
+mongosh <mongoUri>/<db>
 ```
 
 You can check the different collections used by the broker using the

doc/manuals/admin/watchdog.md

@@ -90,7 +90,7 @@ e.g.:
 
     # ps -ef | grep contextBroker
     500      27175     1  0 21:06 ?        00:00:00 monit -v -c /home/localadmin/monit_CB/monitBROKER.conf -d 10 -p /var/log/contextBroker/monit.pid
-    500      27205     1  0 21:06 ?        00:00:00 /usr/bin/contextBroker -port 1026 -logDir /var/log/contextBroker -pidpath /var/log/contextBroker/contextBroker.pid -dbhost localhost -db orion;
+    500      27205     1  0 21:06 ?        00:00:00 /usr/bin/contextBroker -port 1026 -logDir /var/log/contextBroker -pidpath /var/log/contextBroker/contextBroker.pid -dbURI mongodb://localhost/ -db orion;
 
 Then, kill contextBroker, e.g.:
 

doc/manuals/deprecated.md

@@ -15,6 +15,9 @@ not maintained or evolved any longer. In particular:
 
 A list of deprecated features and the version in which they were deprecated follows:
 
+* CLI parameters (and associated env vars): `-dbhost`, `-rplSet`, `-dbTimeout`, `-dbuser`,
+  `-dbAuthMech`, `-dbAuthDb`, `-dbSSL` and `-dbDisableRetryWrites` in Orion 3.12.0. Use `dbURI` instead,
+  checking [this section](#mapping-to-mongouri-from-old-cli-parameters) if you need to know hot to build the MongoDB URI.
 * `geo:point`, `geo:line`, `geo:box` and `geo:polygon` attribute types in Orion 3.10.0. Use `geo:json` instead.
 * `GET /v2` operation in Orion 3.8.0. This operation is pretty useless and not actually used.
 * Initial notification in subscriptions (along with `skipInitialNotification` option) in Orion 3.1.0.
@@ -77,6 +80,30 @@ A list of deprecated features and the version in which they were deprecated foll
 * Configuration Manager role (deprecated in 0.21.0, removed in 0.25.0)
 * Associations (deprecated in 0.21.0, removed in 0.25.0).
 
+### Mapping to MongoURI from old CLI parameters
+
+Considering we have the following CLI parameters:
+
+* `-dbhost HOST`
+* `-rplSet RPLSET`
+* `-dbTimeout TIMEOUT`
+* `-dbuser USER`
+* `-dbpass PASS`
+* `-dbAuthMech AUTHMECH`
+* `-dbAuthDb AUTHDB`
+* `-dbSSL`
+* `-dbDisableRetryWrites`
+
+The resulting MongoURI (i.e. the value for `-dbURI`) should be:
+
+> mongodb://[USER:PASS@]HOST/[AUTHDB][?replicaSet=RPLSET[&authMechanism=AUTHMECH][&tls=true&tlsAllowInvalidCertificates=true][&retryWrites=false][&connectTimeoutMS=TIMEOUT]
+
+Notes:
+
+* The `&tls=true&tlsAllowInvalidCertificates=true` token is added if `-dbSSL` is used
+* The `&retryWrites=false` token is added if `-dbDisableRetryWrites` is used
+* Other `[...]` mean optional tokens, depending on if the corresponding parameter is used or not.
+
 ## Log deprecation warnings
 
 Some (not all) usages of deprecated features can be logged using the `-logDeprecate` [CLI flag](admin/cli.md)
@@ -107,6 +134,7 @@ The following table provides information about the last Orion version supporting
 
 | **Removed feature**                                                        | **Last Orion version supporting feature** | **That version release date**   |
 |----------------------------------------------------------------------------|-------------------------------------------|---------------------------------|
+| CLI `-dbhost`, `-rplSet`, `-dbTimeout`, `-dbuser`, `-dbAuthMech`, `-dbAuthDb`, `-dbSSL` and `-dbDisableRetryWrites` (and associated env vars)                        | Not yet defined                           | Not yet defined                 |
 | `attributes` field in `POST /v2/entities` operation                        | Not yet defined                           | Not yet defined                 |
 | `APPEND`, `UPDATE`, etc. action types in `POST /v2/op/update`              | Not yet defined                           | Not yet defined                 |
 | `dateCreated` and `dateModified` in `options` URI parameter                | Not yet defined                           | Not yet defined                 |

doc/manuals/devel/cookbook.md

@@ -20,7 +20,7 @@ You basically need to implement two things:
 * a **new item** in the `PaArgument` vector `paArgs`
 
 If the new CLI parameter is a boolean one, like `-v` (verbose), a `bool` variable is needed,
-if it's a text parameter, like `-dbHost <host name>`, a char-vector is used, and so on.
+if it's a text parameter, like `-dbURI <MongoDB URI>`, a char-vector is used, and so on.
 
 The easiest way is to simply copy an older CLI parameter of the same type.
 

docker/README.md

@@ -35,7 +35,7 @@ Follow these steps:
 		      - "1026:1026"
 		    depends_on:
 		      - mongo
-		    command: -dbhost mongo
+		    command: -dbURI mongodb://mongo
 		
 		  mongo:
 		    image: mongo:6.0
@@ -81,7 +81,7 @@ In case you want to run MongoDB on another container you can launch it like this
 
 And then run Orion with this command
 
-	sudo docker run -d --name orion1 --link mongodb:mongodb -p 1026:1026 fiware/orion -dbhost mongodb
+	sudo docker run -d --name orion1 --link mongodb:mongodb -p 1026:1026 fiware/orion -dbURI mongodb://mongodb
 
 Check that everything works with
 
@@ -93,7 +93,7 @@ This method is functionally equivalent as the one described in section 1, but do
 
 If you want to connect to a different MongoDB instance do the following command **instead of** the previous one
 
-	sudo docker run -d --name orion1 -p 1026:1026 fiware/orion -dbhost <MongoDB Host>
+	sudo docker run -d --name orion1 -p 1026:1026 fiware/orion -dbURI mongodb://<MongoDB Host>
 
 Check that everything works with
 
@@ -113,10 +113,10 @@ Steps:
 	* Manually, running MongoDB on another container: 
 		1. `sudo docker run --name mongodb -d mongo:6.0`
 		2. `sudo docker build -t orion .`
-		3. `sudo docker run -d --name orion1 --link mongodb:mongodb -p 1026:1026 orion -dbhost mongodb`.
+		3. `sudo docker run -d --name orion1 --link mongodb:mongodb -p 1026:1026 orion -dbURI mongodb://mongodb`.
 	* Manually, specifying where to find your MongoDB host:
 		1. `sudo docker build -t orion .`
-		2. `sudo docker run -d --name orion1 -p 1026:1026 orion -dbhost <MongoDB Host>`.
+		2. `sudo docker run -d --name orion1 -p 1026:1026 orion -dbURI mongodb://<MongoDB Host>`.
 
 Check that everything works with
 

docker/docker-compose.yml

@@ -7,7 +7,7 @@ services:
       - "1026:1026"
     depends_on:
       - mongo
-    command: -dbhost mongo
+    command: -dbURI mongodb://mongo
 
   mongo:
     image: mongo:6.0

docker/docker_swarm.md

@@ -185,7 +185,7 @@ Details on how to deploy a MongoDB ReplicaSet in Docker Swarm are available
         image: fiware/orion:latest
         ports:
           - "1026:1026"
-        command: -logLevel DEBUG -dbhost mongo_mongo -rplSet rs -dbTimeout 10000
+        command: -logLevel DEBUG -dbURI mongodb://mongo_mongo/?replicaSet=rs&connectTimeoutMS=10000
         deploy:
           replicas: 2
         networks:

docker/raspberry_pi.md

@@ -46,7 +46,7 @@ services:
       - "1026:1026"
     depends_on:
       - mongo
-    command: -dbhost mongo
+    command: -dbURI mongodb://mongo
 
   mongo:
     image: mongo:6.0

etc/init.d/contextBroker.centos

@@ -79,19 +79,22 @@ BROKER_OPTS="-port ${BROKER_PORT} \
    -logDir ${BROKER_LOG_DIR} \
    -logLevel ${BROKER_LOG_LEVEL} \
    -pidpath ${BROKER_PID_FILE} \
-   -dbhost ${BROKER_DATABASE_HOST} \
+   -dbURI mongodb://${BROKER_DATABASE_HOST} \
    -db ${BROKER_DATABASE_NAME} \
    ${BROKER_EXTRA_OPS}"
 
 # Optional parameters
+# FIXME: -dbuser option is deprecated. This needs to be migrated to -dbURI usage
 if [[ ! -z "${BROKER_DATABASE_USER}" ]]; then
    BROKER_OPTS="${BROKER_OPTS} -dbuser ${BROKER_DATABASE_USER}"
 fi
 
+# FIXME: -dbpwd needs ${PWD} in the -dbURI CLI. This needs to be adapted
 if [[ ! -z "${BROKER_DATABASE_PASSWORD}" ]]; then
    BROKER_OPTS="${BROKER_OPTS} -dbpwd ${BROKER_DATABASE_PASSWORD}"
 fi
 
+# FIXME: -rplsSet option is deprecated. This needs to be migrated to -dbURI usage
 if [[ ! -z "${BROKER_DATABASE_RPLSET}" ]]; then
     BROKER_OPTS="${BROKER_OPTS} -rplSet ${BROKER_DATABASE_RPLSET}"
 fi

etc/init.d/contextBroker.ubuntu

@@ -58,7 +58,7 @@ SCRIPTNAME=/etc/init.d/$NAME
 DAEMON_ARGS="-port ${BROKER_PORT} \
    -logDir ${BROKER_LOG_DIR} \
    -pidpath ${BROKER_PID_FILE} \
-   -dbhost ${BROKER_DATABASE_HOST} \
+   -dbURI mongodb://${BROKER_DATABASE_HOST} \
    -db ${BROKER_DATABASE_NAME} \
    ${BROKER_EXTRA_OPS}"
 

makefile

@@ -216,9 +216,9 @@ build_unit_test: prepare_unit_test
 unit_test: build_unit_test
 	@echo '------------------------------- unit_test starts ---------------------------------'
 	if [ -z "${TEST_FILTER}" ]; then \
-	   BUILD_UNITTEST/test/unittests/unitTest -t 0-255 -dbhost ${MONGO_HOST} --gtest_output=xml:BUILD_UNITTEST/unit_test.xml; \
+	   BUILD_UNITTEST/test/unittests/unitTest -t 0-255 -dbURI mongodb://${MONGO_HOST} --gtest_output=xml:BUILD_UNITTEST/unit_test.xml; \
         else \
-	   BUILD_UNITTEST/test/unittests/unitTest -t 0-255 -dbhost ${MONGO_HOST} --gtest_output=xml:BUILD_UNITTEST/unit_test.xml --gtest_filter=${TEST_FILTER}; \
+	   BUILD_UNITTEST/test/unittests/unitTest -t 0-255 -dbURI mongodb://${MONGO_HOST} --gtest_output=xml:BUILD_UNITTEST/unit_test.xml --gtest_filter=${TEST_FILTER}; \
         fi
 	@echo '------------------------------- unit_test ended ---------------------------------'
 

test/acceptance/behave/components/common_steps/initial_steps.py

@@ -82,7 +82,7 @@ def start_context_broker(context):
     __logger__.debug("Starting contextBroker per command line interface...")
     props_cb["CB_EXTRA_OPS"] = props_cb["CB_EXTRA_OPS"].replace('"', "")
     # hint: the -harakiri option is used to kill contextBroker (must be compiled in DEBUG mode)
-    command = "contextBroker -port %s -logDir %s -pidpath %s -dbhost %s -db %s %s -harakiri" %\
+    command = "contextBroker -port %s -logDir %s -pidpath %s -dbURI mondodb://%s -db %s %s -harakiri" %\
               (props_cb["CB_PORT"], props_cb["CB_LOG_FILE"], props_cb["CB_PID_FILE"], props_mongo["MONGO_HOST"],
                props_mongo["MONGO_DATABASE"], props_cb["CB_EXTRA_OPS"])
     __logger__.debug("command: %s" % command)