cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

adding the ability to specify roles when adding/modifying a mongo user

Browse source
This commit is contained in:
Ben Podoll 2013-08-12 15:03:31 -05:00
parent 5c3addac8d
commit 8fc19eb4fa
1 changed files with 16 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
database/mongodb_user
View file

@ -60,6 +60,12 @@ options:
- The password to use for the user - The password to use for the user
required: false required: false
default: null default: null
roles:
version_added: "1.3"
description:
- The database user roles valid values are one or more of the following: "read", "readWrite", "dbAdmin", "userAdmin", "clusterAdmin", "readAnyDatabase", "readWriteAnyDatabase", "userAdminAnyDatabase", "dbAdminAnyDatabase"
required: false
default: "readWrite"
state: state:
state: state:
description: description:
@ -80,6 +86,11 @@ EXAMPLES = '''
# Delete 'burgers' database user with name 'bob'. # Delete 'burgers' database user with name 'bob'.
- mongodb_user: database=burgers name=bob state=absent - mongodb_user: database=burgers name=bob state=absent
# Define more users with various specific roles (default is 'readWrite')
- mongodb_user: database=burgers name=ben password=12345 roles='read' state=present
- mongodb_user: database=burgers name=jim password=12345 roles='readWrite,dbAdmin,userAdmin' state=present
- mongodb_user: database=burgers name=joe password=12345 roles='readWriteAnyDatabase' state=present
''' '''
import ConfigParser import ConfigParser
@ -101,14 +112,13 @@ else:
# MongoDB module specific support methods. # MongoDB module specific support methods.
# #
def user_add(client, db_name, user, password): def user_add(client, db_name, user, password, roles):
try: try:
db = client[db_name] db = client[db_name]
db.add_user(user, password) db.add_user(user, password, None, roles=roles)
except OperationFailure: except OperationFailure:
return False return False
return True return True
def user_remove(client, db_name, user): def user_remove(client, db_name, user):
@ -151,6 +161,7 @@ def main():
database=dict(required=True, aliases=['db']), database=dict(required=True, aliases=['db']),
user=dict(required=True, aliases=['name']), user=dict(required=True, aliases=['name']),
password=dict(aliases=['pass']), password=dict(aliases=['pass']),
roles=dict(default=['readWrite'], type='list'),
state=dict(default='present', choices=['absent', 'present']), state=dict(default='present', choices=['absent', 'present']),
) )
) )
@ -165,6 +176,7 @@ def main():
db_name = module.params['database'] db_name = module.params['database']
user = module.params['user'] user = module.params['user']
password = module.params['password'] password = module.params['password']
roles = module.params['roles']
state = module.params['state'] state = module.params['state']
try: try:
@ -186,7 +198,7 @@ def main():
if state == 'present': if state == 'present':
if password is None: if password is None:
module.fail_json(msg='password parameter required when adding a user') module.fail_json(msg='password parameter required when adding a user')
if user_add(client, db_name, user, password) is not True: if user_add(client, db_name, user, password, roles) is not True:
module.fail_json(msg='Unable to add or update user, check login_user and login_password are correct and that this user has access to the admin collection') module.fail_json(msg='Unable to add or update user, check login_user and login_password are correct and that this user has access to the admin collection')
elif state == 'absent': elif state == 'absent':
if user_remove(client, db_name, user) is not True: if user_remove(client, db_name, user) is not True: