Skip to content

Commit

Permalink
Drop support for mongodb versions before 2.6
Browse files Browse the repository at this point in the history
  • Loading branch information
ekohl committed Oct 14, 2018
1 parent ea3feb2 commit fa66548
Show file tree
Hide file tree
Showing 7 changed files with 92 additions and 434 deletions.
7 changes: 3 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -219,9 +219,9 @@ When `manage_package_repo` is set to true, this setting indicates if it will
use the Community Edition (false, the default) or the Enterprise one (true).

##### `version`
The version of MonogDB to install/manage. This is a simple way of providing
a specific version such as '2.2' or '2.4' for example. If not specified,
the module will use the default for your OS distro.
The version of MonogDB to install/manage. This is needed when managing
repositories. If not specified, the module will use the default for your OS
distro.

##### `repo_location`
This setting can be used to override the default MongoDB repository location.
Expand Down Expand Up @@ -340,7 +340,6 @@ Default: None
##### `objcheck`
Forces the mongod to validate all requests from clients upon receipt to ensure
that clients never insert invalid documents into the database.
Default: on v2.4 default to true and on earlier version to false

##### `quota`
Set to true to enable a maximum limit for the number of data files each database
Expand Down
60 changes: 13 additions & 47 deletions lib/puppet/provider/mongodb.rb
Original file line number Diff line number Diff line change
Expand Up @@ -27,44 +27,19 @@ def self.mongod_conf_file
end

def self.mongo_conf
file = mongod_conf_file
# The mongo conf is probably a key-value store, even though 2.6 is
# supposed to use YAML, because the config template is applied
# based on $mongodb::globals::version which is the user will not
# necessarily set. This attempts to get the port from both types of
# config files.
config = YAML.load_file(file)
config_hash = {}
if config.is_a?(Hash) # Using a valid YAML file for mongo 2.6
config_hash['bindip'] = config['net.bindIp']
config_hash['port'] = config['net.port']
config_hash['ipv6'] = config['net.ipv6']
config_hash['allowInvalidHostnames'] = config['net.ssl.allowInvalidHostnames']
config_hash['ssl'] = config['net.ssl.mode']
config_hash['sslcert'] = config['net.ssl.PEMKeyFile']
config_hash['sslca'] = config['net.ssl.CAFile']
config_hash['auth'] = config['security.authorization']
config_hash['shardsvr'] = config['sharding.clusterRole']
config_hash['confsvr'] = config['sharding.clusterRole']
else # It has to be a key-value config file
config = {}
File.readlines(file).map do |line|
k, v = line.split('=')
config[k.rstrip] = v.lstrip.chomp if k && v
end
config_hash['bindip'] = config['bind_ip']
config_hash['port'] = config['port']
config_hash['ipv6'] = config['ipv6']
config_hash['ssl'] = config['sslOnNormalPorts']
config_hash['allowInvalidHostnames'] = config['allowInvalidHostnames']
config_hash['sslcert'] = config['sslPEMKeyFile']
config_hash['sslca'] = config['sslCAFile']
config_hash['auth'] = config['auth']
config_hash['shardsvr'] = config['shardsvr']
config_hash['confsvr'] = config['confsvr']
end

config_hash
config = YAML.load_file(mongod_conf_file) || {}
{
'bindip' => config['net.bindIp'],
'port' => config['net.port'],
'ipv6' => config['net.ipv6'],
'allowInvalidHostnames' => config['net.ssl.allowInvalidHostnames'],
'ssl' => config['net.ssl.mode'],
'sslcert' => config['net.ssl.PEMKeyFile'],
'sslca' => config['net.ssl.CAFile'],
'auth' => config['security.authorization'],
'shardsvr' => config['sharding.clusterRole'],
'confsvr' => config['sharding.clusterRole']
}
end

def self.ipv6_is_enabled(config = nil)
Expand Down Expand Up @@ -192,15 +167,6 @@ def mongo_version
self.class.mongo_version
end

def self.mongo_24?
v = mongo_version
!v[%r{^2\.4\.}].nil?
end

def mongo_24?
self.class.mongo_24?
end

def self.mongo_26?
v = mongo_version
!v[%r{^2\.6\.}].nil?
Expand Down
117 changes: 36 additions & 81 deletions lib/puppet/provider/mongodb_user/mongodb.rb
Original file line number Diff line number Diff line change
Expand Up @@ -8,36 +8,16 @@ def self.instances
require 'json'

if db_ismaster
if mongo_24?
dbs = JSON.parse mongo_eval('printjson(db.getMongo().getDBs()["databases"].map(function(db){return db["name"]}))') || 'admin'

allusers = []

dbs.each do |db|
users = JSON.parse mongo_eval('printjson(db.system.users.find().toArray())', db)

allusers += users.map do |user|
new(name: user['_id'],
ensure: :present,
username: user['user'],
database: db,
roles: user['roles'].sort,
password_hash: user['pwd'])
end
end
return allusers
else
users = JSON.parse mongo_eval('printjson(db.system.users.find().toArray())')

users.map do |user|
new(name: user['_id'],
ensure: :present,
username: user['user'],
database: user['db'],
roles: from_roles(user['roles'], user['db']),
password_hash: user['credentials']['MONGODB-CR'],
scram_credentials: user['credentials']['SCRAM-SHA-1'])
end
users = JSON.parse mongo_eval('printjson(db.system.users.find().toArray())')

users.map do |user|
new(name: user['_id'],
ensure: :present,
username: user['user'],
database: user['db'],
roles: from_roles(user['roles'], user['db']),
password_hash: user['credentials']['MONGODB-CR'],
scram_credentials: user['credentials']['SCRAM-SHA-1'])
end
else
Puppet.warning 'User info is available only from master host'
Expand All @@ -58,36 +38,23 @@ def self.prefetch(resources)

def create
if db_ismaster
if mongo_24?
if @resource[:password_hash]
raise Puppet::Error, "password_hash can't be set on MongoDB older than 3.0; use password instead"
end
user = {
user: @resource[:username],
pwd: @resource[:password],
roles: @resource[:roles]
}

mongo_eval("db.addUser(#{user.to_json})", @resource[:database])
else
password_hash = @resource[:password_hash]

if password_hash
elsif @resource[:password]
password_hash = Puppet::Util::MongodbMd5er.md5(@resource[:username], @resource[:password])
end
cmd_json = <<-EOS.gsub(%r{^\s*}, '').gsub(%r{$\n}, '')
{
"createUser": "#{@resource[:username]}",
"pwd": "#{password_hash}",
"customData": {"createdBy": "Puppet Mongodb_user['#{@resource[:name]}']"},
"roles": #{@resource[:roles].to_json},
"digestPassword": false
}
EOS

mongo_eval("db.runCommand(#{cmd_json})", @resource[:database])
password_hash = @resource[:password_hash]

if password_hash
elsif @resource[:password]
password_hash = Puppet::Util::MongodbMd5er.md5(@resource[:username], @resource[:password])
end
cmd_json = <<-EOS.gsub(%r{^\s*}, '').gsub(%r{$\n}, '')
{
"createUser": "#{@resource[:username]}",
"pwd": "#{password_hash}",
"customData": {"createdBy": "Puppet Mongodb_user['#{@resource[:name]}']"},
"roles": #{@resource[:roles].to_json},
"digestPassword": false
}
EOS

mongo_eval("db.runCommand(#{cmd_json})", @resource[:database])
else
Puppet.warning 'User creation is available only from master host'

Expand All @@ -102,15 +69,7 @@ def create
end

def destroy
if db_ismaster
if mongo_24?
mongo_eval("db.removeUser('#{@resource[:username]}')")
else
mongo_eval("db.dropUser('#{@resource[:username]}')")
end
else
mongo_eval("db.dropUser('#{@resource[:username]}')")
end
mongo_eval("db.dropUser('#{@resource[:username]}')")
end

def exists?
Expand All @@ -133,7 +92,7 @@ def password_hash=(_value)
end

def password=(value)
if mongo_24? || mongo_26?
if mongo_26?
mongo_eval("db.changeUserPassword('#{@resource[:username]}','#{value}')", @resource[:database])
else
cmd_json = <<-EOS.gsub(%r{^\s*}, '').gsub(%r{$\n}, '')
Expand All @@ -150,18 +109,14 @@ def password=(value)

def roles=(roles)
if db_ismaster
if mongo_24?
mongo_eval("db.system.users.update({user:'#{@resource[:username]}'}, { $set: {roles: #{@resource[:roles].to_json}}})")
else
grant = roles - @property_hash[:roles]
unless grant.empty?
mongo_eval("db.getSiblingDB('#{@resource[:database]}').grantRolesToUser('#{@resource[:username]}', #{grant. to_json})")
end

revoke = @property_hash[:roles] - roles
unless revoke.empty?
mongo_eval("db.getSiblingDB('#{@resource[:database]}').revokeRolesFromUser('#{@resource[:username]}', #{revoke.to_json})")
end
grant = roles - @property_hash[:roles]
unless grant.empty?
mongo_eval("db.getSiblingDB('#{@resource[:database]}').grantRolesToUser('#{@resource[:username]}', #{grant. to_json})")
end

revoke = @property_hash[:roles] - roles
unless revoke.empty?
mongo_eval("db.getSiblingDB('#{@resource[:database]}').revokeRolesFromUser('#{@resource[:username]}', #{revoke.to_json})")
end
else
Puppet.warning 'User roles operations are available only from master host'
Expand Down
9 changes: 1 addition & 8 deletions manifests/server/config.pp
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@
$ssl_invalid_hostnames = $mongodb::server::ssl_invalid_hostnames
$ssl_mode = $mongodb::server::ssl_mode
$storage_engine = $mongodb::server::storage_engine
$version = $mongodb::server::version

File {
owner => $user,
Expand Down Expand Up @@ -108,16 +107,10 @@
# Template has available user-supplied data
# - $config_data
$cfg_content = template($config_template)
} elsif $version and (versioncmp($version, '2.6.0') >= 0) {
# Template has available user-supplied data
# - $config_data
$cfg_content = template('mongodb/mongodb.conf.2.6.erb')
} else {
# Fall back to oldest most basic config
#
# Template has available user-supplied data
# - $config_data
$cfg_content = template('mongodb/mongodb.conf.erb')
$cfg_content = template('mongodb/mongodb.conf.2.6.erb')
}

file { $config:
Expand Down
Loading

0 comments on commit fa66548

Please sign in to comment.