From d330228d11e31cc55a96e21a7468df564ed26027 Mon Sep 17 00:00:00 2001
From: Ben Podoll <podollb@gmail.com>
Date: Mon, 12 Aug 2013 15:03:31 -0500
Subject: [PATCH] adding the ability to specify roles when adding/modifying a
 mongo user

---
 library/database/mongodb_user | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/library/database/mongodb_user b/library/database/mongodb_user
index be3ad06c670..fe2029b535c 100644
--- a/library/database/mongodb_user
+++ b/library/database/mongodb_user
@@ -60,6 +60,12 @@ options:
             - The password to use for the user
         required: false
         default: null
+    roles:
+        version_added: "1.3"
+        description:
+            - The database user roles valid values are one or more of the following: "read", "readWrite", "dbAdmin", "userAdmin", "clusterAdmin", "readAnyDatabase", "readWriteAnyDatabase", "userAdminAnyDatabase", "dbAdminAnyDatabase"
+        required: false
+        default: "readWrite"
     state:
         state:
         description:
@@ -80,6 +86,11 @@ EXAMPLES = '''
 
 # Delete 'burgers' database user with name 'bob'.
 - mongodb_user: database=burgers name=bob state=absent
+
+# Define more users with various specific roles (default is 'readWrite')
+- mongodb_user: database=burgers name=ben password=12345 roles='read' state=present
+- mongodb_user: database=burgers name=jim password=12345 roles='readWrite,dbAdmin,userAdmin' state=present
+- mongodb_user: database=burgers name=joe password=12345 roles='readWriteAnyDatabase' state=present
 '''
 
 import ConfigParser
@@ -101,14 +112,13 @@ else:
 # MongoDB module specific support methods.
 #
 
-def user_add(client, db_name, user, password):
+def user_add(client, db_name, user, password, roles):
     try:
         db = client[db_name]
-        db.add_user(user, password)
+        db.add_user(user, password, None, roles=roles)
     except OperationFailure:
         return False
 
-
     return True
 
 def user_remove(client, db_name, user):
@@ -151,6 +161,7 @@ def main():
             database=dict(required=True, aliases=['db']),
             user=dict(required=True, aliases=['name']),
             password=dict(aliases=['pass']),
+            roles=dict(default=['readWrite'], type='list'),
             state=dict(default='present', choices=['absent', 'present']),
         )
     )
@@ -165,6 +176,7 @@ def main():
     db_name = module.params['database']
     user = module.params['user']
     password = module.params['password']
+    roles = module.params['roles']
     state = module.params['state']
 
     try:
@@ -186,7 +198,7 @@ def main():
     if state == 'present':
         if password is None:
             module.fail_json(msg='password parameter required when adding a user')
-        if user_add(client, db_name, user, password) is not True:
+        if user_add(client, db_name, user, password, roles) is not True:
             module.fail_json(msg='Unable to add or update user, check login_user and login_password are correct and that this user has access to the admin collection')
     elif state == 'absent':
         if user_remove(client, db_name, user) is not True: