Set correct auth_mechanism for updateUser

Currently the mongodb command `updateUser` defaults to SCRAM-SHA-256 but you can't update these passwords. And also show an error when the update goes wrong.
voxpupuli · Jan 26, 2023 · c2d152e · c2d152e
1 parent 60e16ce
commit c2d152e
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb
@@ -101,10 +101,15 @@ def password_hash=(_value)
       command = {
         updateUser: @resource[:username],
         pwd: @resource[:password_hash],
-        digestPassword: false
+        digestPassword: false,
+        mechanisms: @resource[:auth_mechanism] == :scram_sha_1 ? ['SCRAM-SHA-1'] : ['SCRAM-SHA-256'],
       }
 
-      mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
+      out = mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
+      return if out.nil? # we do this to satisfy the rspec test as no real mongo command wil be executed
+
+      out = JSON.parse(out)
+      raise "Failed update User password for user '#{@resource[:username]}'\n#{out}" if out['ok'].zero?
     else
       Puppet.warning 'User password operations are available only from master host'
     end

diff --git a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb
@@ -93,7 +93,8 @@
       {
           "updateUser":"new_user",
           "pwd":"pass",
-          "digestPassword":false
+          "digestPassword":false,
+          "mechanisms":["SCRAM-SHA-1"]
       }
       EOS
       allow(provider).to receive(:mongo_eval).