Merge remote-tracking branch 'origin' into pull_182_fix_arbiter

voxpupuli · Jan 4, 2018 · c8a37aa · c8a37aa
2 parents db30ca2 + 2ad1146
commit c8a37aa
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 11 deletions.
diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb
@@ -80,7 +80,7 @@ def create
 	  "createUser": "#{@resource[:username]}",
 	  "pwd": "#{password_hash}",
 	  "customData": {"createdBy": "Puppet Mongodb_user['#{@resource[:name]}']"},
-	  "roles": #{@resource[:roles].to_json},
+	  "roles": #{role_hashes(@resource[:roles], @resource[:database]).to_json},
 	  "digestPassword": false
 	}
 	EOS
@@ -152,14 +152,16 @@ def roles=(roles)
       if mongo_24?
         mongo_eval("db.system.users.update({user:'#{@resource[:username]}'}, { $set: {roles: #{@resource[:roles].to_json}}})")
       else
-        grant = roles - @property_hash[:roles]
+        current_roles = role_strings(roles, @resource[:database])
+        desired_roles = role_strings(@property_hash[:roles], @resource[:database])
+        grant = (current_roles-desired_roles)
         unless grant.empty?
-          mongo_eval("db.getSiblingDB('#{@resource[:database]}').grantRolesToUser('#{@resource[:username]}', #{grant. to_json})")
+          mongo_eval("db.getSiblingDB('#{@resource[:database]}').grantRolesToUser('#{@resource[:username]}', #{role_hashes(grant, @resource[:database]).to_json})")
         end
 
-        revoke = @property_hash[:roles] - roles
+        revoke = (desired_roles-current_roles)
         unless revoke.empty?
-          mongo_eval("db.getSiblingDB('#{@resource[:database]}').revokeRolesFromUser('#{@resource[:username]}', #{revoke.to_json})")
+          mongo_eval("db.getSiblingDB('#{@resource[:database]}').revokeRolesFromUser('#{@resource[:username]}', #{role_hashes(grant, @resource[:database]).to_json})")
         end
       end
     else
@@ -169,13 +171,48 @@ def roles=(roles)
 
   private
 
-  def self.from_roles(roles, db)
+  def self.role_strings(roles, db)
     roles.map do |entry|
-      if entry['db'] == db
-        entry['role']
-      else
-        "#{entry['role']}@#{entry['db']}"
+      if entry.instance_of? Hash and entry.has_key? 'role'
+        if entry['db'] == db
+          entry['role']
+        else
+          "#{entry['role']}@#{entry['db']}"
+        end
+      elsif entry.instance_of? String
+        if entry.end_with? "@#{db}"
+          entry.gsub(/^(.*)@.*$/, '\1')
+        else
+          entry
+        end
       end
     end.sort
   end
+
+  def role_strings(roles, db)
+    self.class.role_strings(roles, db)
+  end
+
+  def role_hashes(roles, db)
+    roles.sort.map do |entry|
+      if entry.instance_of? Hash and entry.has_key? 'role'
+        if entry['db'] == db
+          entry['role']
+        else
+          entry
+        end
+      elsif entry.instance_of? String
+        if entry.end_with? "@#{db}"
+          entry.gsub(/^(.*)@.*$/, '\1')
+        elsif entry.include? '@'
+          {
+            'role' => entry.gsub(/^(.*)@.*$/, '\1'),
+            'db'   => entry.gsub(/^.*@(.*)$/, '\1'),
+          }
+        else
+          entry
+        end
+      end
+    end
+  end
 end
diff --git a/lib/puppet/type/mongodb_user.rb b/lib/puppet/type/mongodb_user.rb
@@ -39,7 +39,7 @@ def initialize(*args)
   newproperty(:roles, array_matching: :all) do
     desc "The user's roles."
     defaultto ['dbAdmin']
-    newvalue(%r{^\w+$})
+    newvalue(%r{^\w+(@\w+)?$})
 
     # Pretty output for arrays.
     def should_to_s(value)