From 44730c28cc28b124da727c569ddc9706715f50b1 Mon Sep 17 00:00:00 2001 From: Morgan Robertson Date: Fri, 14 Jul 2017 05:52:19 -0400 Subject: [PATCH] Allow creation of Mongo user via localhost exception (#22792) * Allow creation of user with localhost exception. Fixes #22791 When access control is enabled, Mongo allows a user to be created from localhost (called the "localhost exception": https://docs.mongodb.com/v3.2/core/security-users/#localhost-exception). When the `update_password` parameter was added to this module in Ansible 2.1, this functionality was broken due to a query performed before `user_add()` is called. This fix only performs the query when when `update_password` is set to `on-create`, allowing a user to be created via the localhost exception. * Only set `password = None` when user exists. --- lib/ansible/modules/database/mongodb/mongodb_user.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/ansible/modules/database/mongodb/mongodb_user.py b/lib/ansible/modules/database/mongodb/mongodb_user.py index 76e162d6d9f..b917aebee9d 100644 --- a/lib/ansible/modules/database/mongodb/mongodb_user.py +++ b/lib/ansible/modules/database/mongodb/mongodb_user.py @@ -434,11 +434,12 @@ def main(): module.fail_json(msg='password parameter required when adding a user unless update_password is set to on_create') try: - uinfo = user_find(client, user, db_name) - if update_password != 'always' and uinfo: - password = None - if not check_if_roles_changed(uinfo, roles, db_name): - module.exit_json(changed=False, user=user) + if update_password != 'always': + uinfo = user_find(client, user, db_name) + if uinfo: + password = None + if not check_if_roles_changed(uinfo, roles, db_name): + module.exit_json(changed=False, user=user) if module.check_mode: module.exit_json(changed=True, user=user)