From c2d152e52b033f30f48f0ad2e0377de7c6a48f08 Mon Sep 17 00:00:00 2001 From: Jethro van Ginkel Date: Wed, 25 Jan 2023 16:01:12 +0100 Subject: [PATCH] Set correct auth_mechanism for updateUser Currently the mongodb command `updateUser` defaults to SCRAM-SHA-256 but you can't update these passwords. And also show an error when the update goes wrong. --- lib/puppet/provider/mongodb_user/mongodb.rb | 9 +++++++-- spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb | 3 ++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb index 07762fd57..dccda6f0e 100644 --- a/lib/puppet/provider/mongodb_user/mongodb.rb +++ b/lib/puppet/provider/mongodb_user/mongodb.rb @@ -101,10 +101,15 @@ def password_hash=(_value) command = { updateUser: @resource[:username], pwd: @resource[:password_hash], - digestPassword: false + digestPassword: false, + mechanisms: @resource[:auth_mechanism] == :scram_sha_1 ? ['SCRAM-SHA-1'] : ['SCRAM-SHA-256'], } - mongo_eval("db.runCommand(#{command.to_json})", @resource[:database]) + out = mongo_eval("db.runCommand(#{command.to_json})", @resource[:database]) + return if out.nil? # we do this to satisfy the rspec test as no real mongo command wil be executed + + out = JSON.parse(out) + raise "Failed update User password for user '#{@resource[:username]}'\n#{out}" if out['ok'].zero? else Puppet.warning 'User password operations are available only from master host' end diff --git a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb index 197605108..677db7e00 100644 --- a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb +++ b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb @@ -93,7 +93,8 @@ { "updateUser":"new_user", "pwd":"pass", - "digestPassword":false + "digestPassword":false, + "mechanisms":["SCRAM-SHA-1"] } EOS allow(provider).to receive(:mongo_eval).