Merge pull request #766 from stevenpost/user_creation

Fix secondary users on a replicaset being marked as changed
voxpupuli · Aug 19, 2024 · 3afa42f · 3afa42f
2 parents 048acb0 + 97bcbfb
commit 3afa42f
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 29 deletions.
diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb
@@ -9,28 +9,23 @@
  def self.instances
  require 'json'
 
- if db_ismaster
- script = 'EJSON.stringify(db.system.users.find().toArray())'
- # A hack to prevent prefetching failures until admin user is created
- script = "try {#{script}} catch (e) { if (e.message.match(/requires authentication/) || e.message.match(/not authorized on admin/)) { 'not authorized on admin' } else {throw e}}" if auth_enabled
-
- out = mongo_eval(script)
- return [] if auth_enabled && (out.include?('requires authentication') || out.include?('not authorized on admin'))
-
- users = JSON.parse out
-
- users.map do |user|
- new(name: user['_id'],
- ensure: :present,
- username: user['user'],
- database: user['db'],
- roles: from_roles(user['roles'], user['db']),
- password_hash: user['credentials']['MONGODB-CR'],
- scram_credentials: user['credentials']['SCRAM-SHA-1'])
- end
- else
- Puppet.warning 'User info is available only from master host'
- []
+ script = 'EJSON.stringify(db.system.users.find().toArray())'
+ # A hack to prevent prefetching failures until admin user is created
+ script = "try {#{script}} catch (e) { if (e.message.match(/requires authentication/) || e.message.match(/not authorized on admin/)) { 'not authorized on admin' } else {throw e}}" if auth_enabled
+
+ out = mongo_eval(script)
+ return [] if auth_enabled && (out.include?('requires authentication') || out.include?('not authorized on admin'))
+
+ users = JSON.parse out
+
+ users.map do |user|
+ new(name: user['_id'],
+ ensure: :present,
+ username: user['user'],
+ database: user['db'],
+ roles: from_roles(user['roles'], user['db']),
+ password_hash: user['credentials']['MONGODB-CR'],
+ scram_credentials: user['credentials']['SCRAM-SHA-1'])
  end
  end
 

diff --git a/spec/acceptance/replset_spec.rb b/spec/acceptance/replset_spec.rb
@@ -73,6 +73,20 @@ class { 'mongodb::globals':
  expect(r.stdout).to match %r{some value}
  end
  end
+
+ it 'create a user' do
+ pp = <<-EOS
+ mongodb_user {'testuser':
+ ensure => present,
+ password_hash => mongodb_password('testuser', 'passw0rd'),
+ database => 'testdb',
+ roles => ['readWrite', 'dbAdmin'],
+ }
+ EOS
+
+ apply_manifest_on(hosts, pp, catch_failures: true)
+ apply_manifest_on(hosts, pp, catch_changes: true)
+ end
  end
 
  describe 'mongodb::server with replset_members' do
@@ -347,5 +361,19 @@ class { 'mongodb::globals':
  expect(r.stdout).to match %r{created_by_puppet}
  end
  end
+
+ it 'create a user' do
+ pp = <<-EOS
+ mongodb_user {'testuser':
+ ensure => present,
+ password_hash => mongodb_password('testuser', 'passw0rd'),
+ database => 'testdb',
+ roles => ['readWrite', 'dbAdmin'],
+ }
+ EOS
+
+ apply_manifest_on(hosts, pp, catch_failures: true)
+ apply_manifest_on(hosts, pp, catch_changes: true)
+ end
  end
 end
diff --git a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb
@@ -71,13 +71,6 @@
  end
  end
 
- describe 'empty self.instances from slave' do
- it 'doesn`t retrun array of users' do
- allow(provider.class).to receive(:db_ismaster).and_return(false)
- expect(provider.class.instances).to be_empty
- end
- end
-
  describe 'create' do
  it 'creates a user' do
  cmd_json = <<-EOS.gsub(%r{^\s*}, '').gsub(%r{$\n}, '')