From 960fcaf67af5dc9be1bb9e8904fa8137464fd392 Mon Sep 17 00:00:00 2001 From: gyurco Date: Thu, 21 Jul 2016 08:23:05 +0200 Subject: [PATCH] mongodb_user: properly guard user adding with try...except (#2582) The user adding part is not properly guarded by a try...except block, so pymongo exceptions can escape from it. Also there's a double-guarding where roles are given. Fixes: #2575 --- database/misc/mongodb_user.py | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) diff --git a/database/misc/mongodb_user.py b/database/misc/mongodb_user.py index 07e54bc8ef0..c17226a5d12 100644 --- a/database/misc/mongodb_user.py +++ b/database/misc/mongodb_user.py @@ -198,11 +198,7 @@ def user_add(module, client, db_name, user, password, roles): if roles is None: db.add_user(user, password, False) else: - try: - db.add_user(user, password, None, roles=roles) - except OperationFailure, e: - err_msg = str(e) - module.fail_json(msg=err_msg) + db.add_user(user, password, None, roles=roles) def user_remove(module, client, db_name, user): exists = user_find(client, user, db_name) @@ -346,16 +342,16 @@ def main(): if password is None and update_password == 'always': module.fail_json(msg='password parameter required when adding a user unless update_password is set to on_create') - uinfo = user_find(client, user, db_name) - if update_password != 'always' and uinfo: - password = None - if not check_if_roles_changed(uinfo, roles, db_name): - module.exit_json(changed=False, user=user) - - if module.check_mode: - module.exit_json(changed=True, user=user) - try: + uinfo = user_find(client, user, db_name) + if update_password != 'always' and uinfo: + password = None + if not check_if_roles_changed(uinfo, roles, db_name): + module.exit_json(changed=False, user=user) + + if module.check_mode: + module.exit_json(changed=True, user=user) + user_add(module, client, db_name, user, password, roles) except OperationFailure, e: module.fail_json(msg='Unable to add or update user: %s' % str(e))