adding the ability to specify roles when adding/modifying a mongo user
This commit is contained in:
parent
3e32654f9d
commit
d330228d11
1 changed files with 16 additions and 4 deletions
|
@ -60,6 +60,12 @@ options:
|
||||||
- The password to use for the user
|
- The password to use for the user
|
||||||
required: false
|
required: false
|
||||||
default: null
|
default: null
|
||||||
|
roles:
|
||||||
|
version_added: "1.3"
|
||||||
|
description:
|
||||||
|
- The database user roles valid values are one or more of the following: "read", "readWrite", "dbAdmin", "userAdmin", "clusterAdmin", "readAnyDatabase", "readWriteAnyDatabase", "userAdminAnyDatabase", "dbAdminAnyDatabase"
|
||||||
|
required: false
|
||||||
|
default: "readWrite"
|
||||||
state:
|
state:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
|
@ -80,6 +86,11 @@ EXAMPLES = '''
|
||||||
|
|
||||||
# Delete 'burgers' database user with name 'bob'.
|
# Delete 'burgers' database user with name 'bob'.
|
||||||
- mongodb_user: database=burgers name=bob state=absent
|
- mongodb_user: database=burgers name=bob state=absent
|
||||||
|
|
||||||
|
# Define more users with various specific roles (default is 'readWrite')
|
||||||
|
- mongodb_user: database=burgers name=ben password=12345 roles='read' state=present
|
||||||
|
- mongodb_user: database=burgers name=jim password=12345 roles='readWrite,dbAdmin,userAdmin' state=present
|
||||||
|
- mongodb_user: database=burgers name=joe password=12345 roles='readWriteAnyDatabase' state=present
|
||||||
'''
|
'''
|
||||||
|
|
||||||
import ConfigParser
|
import ConfigParser
|
||||||
|
@ -101,14 +112,13 @@ else:
|
||||||
# MongoDB module specific support methods.
|
# MongoDB module specific support methods.
|
||||||
#
|
#
|
||||||
|
|
||||||
def user_add(client, db_name, user, password):
|
def user_add(client, db_name, user, password, roles):
|
||||||
try:
|
try:
|
||||||
db = client[db_name]
|
db = client[db_name]
|
||||||
db.add_user(user, password)
|
db.add_user(user, password, None, roles=roles)
|
||||||
except OperationFailure:
|
except OperationFailure:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def user_remove(client, db_name, user):
|
def user_remove(client, db_name, user):
|
||||||
|
@ -151,6 +161,7 @@ def main():
|
||||||
database=dict(required=True, aliases=['db']),
|
database=dict(required=True, aliases=['db']),
|
||||||
user=dict(required=True, aliases=['name']),
|
user=dict(required=True, aliases=['name']),
|
||||||
password=dict(aliases=['pass']),
|
password=dict(aliases=['pass']),
|
||||||
|
roles=dict(default=['readWrite'], type='list'),
|
||||||
state=dict(default='present', choices=['absent', 'present']),
|
state=dict(default='present', choices=['absent', 'present']),
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
@ -165,6 +176,7 @@ def main():
|
||||||
db_name = module.params['database']
|
db_name = module.params['database']
|
||||||
user = module.params['user']
|
user = module.params['user']
|
||||||
password = module.params['password']
|
password = module.params['password']
|
||||||
|
roles = module.params['roles']
|
||||||
state = module.params['state']
|
state = module.params['state']
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -186,7 +198,7 @@ def main():
|
||||||
if state == 'present':
|
if state == 'present':
|
||||||
if password is None:
|
if password is None:
|
||||||
module.fail_json(msg='password parameter required when adding a user')
|
module.fail_json(msg='password parameter required when adding a user')
|
||||||
if user_add(client, db_name, user, password) is not True:
|
if user_add(client, db_name, user, password, roles) is not True:
|
||||||
module.fail_json(msg='Unable to add or update user, check login_user and login_password are correct and that this user has access to the admin collection')
|
module.fail_json(msg='Unable to add or update user, check login_user and login_password are correct and that this user has access to the admin collection')
|
||||||
elif state == 'absent':
|
elif state == 'absent':
|
||||||
if user_remove(client, db_name, user) is not True:
|
if user_remove(client, db_name, user) is not True:
|
||||||
|
|
Loading…
Reference in a new issue