Vh2;ddlmZmZmZeZdZdZdZddl Z ddl Z ddl m Z m Z ddlmZmZddlmZmZdd lm Z mZmZmZmZmZd Zd Zd Zd ZdZedk(reyy))absolute_importdivisionprint_functionaz --- module: mongodb_user short_description: Adds or removes a user from a MongoDB database description: - Adds or removes a user from a MongoDB database. version_added: "1.0.0" extends_documentation_fragment: - community.mongodb.login_options - community.mongodb.ssl_options options: replica_set: description: - Replica set to connect to (automatically connects to primary for writes). type: str database: description: - The name of the database to add/remove the user from. required: true type: str aliases: [db] name: description: - The name of the user to add or remove. required: true aliases: [user] type: str password: description: - The password to use for the user. type: str aliases: [pass] roles: type: list elements: raw description: - > The database user roles valid values could either be one or more of the following strings: 'read', 'readWrite', 'dbAdmin', 'userAdmin', 'clusterAdmin', 'readAnyDatabase', 'readWriteAnyDatabase', 'userAdminAnyDatabase', 'dbAdminAnyDatabase' - "Or the following dictionary '{ db: DATABASE_NAME, role: ROLE_NAME }'." - "This param requires pymongo 2.5+. If it is a string, mongodb 2.4+ is also required. If it is a dictionary, mongo 2.6+ is required." state: description: - The database user state. default: present choices: [absent, present] type: str update_password: default: always choices: [always, on_create] description: - C(always) will always update passwords and cause the module to return changed. - C(on_create) will only set the password for newly created users. - This must be C(always) to use the localhost exception when adding the first admin user. - This option is effectively ignored when using x.509 certs. It is defaulted to 'on_create' to maintain a a specific module behaviour when the login_database is '$external'. type: str create_for_localhost_exception: type: path description: - This is parmeter is only useful for handling special treatment around the localhost exception. - If C(login_user) is defined, then the localhost exception is not active and this parameter has no effect. - If this file is NOT present (and C(login_user) is not defined), then touch this file after successfully adding the user. - If this file is present (and C(login_user) is not defined), then skip this task. notes: - Requires the pymongo Python package on the remote host, version 4+. This can be installed using pip or the OS package manager. Newer mongo server versions require newer pymongo versions. @see https://www.mongodb.com/docs/languages/python/pymongo-driver/current/compatibility/ requirements: - "pymongo" author: - "Elliott Foster (@elliotttf)" - "Julien Thebault (@Lujeni)" a - name: Create 'burgers' database user with name 'bob' and password '12345'. community.mongodb.mongodb_user: database: burgers name: bob password: 12345 state: present - name: Create a database user via SSL (MongoDB must be compiled with the SSL option and configured properly) community.mongodb.mongodb_user: database: burgers name: bob password: 12345 state: present ssl: True - name: Delete 'burgers' database user with name 'bob'. community.mongodb.mongodb_user: database: burgers name: bob state: absent - name: Define more users with various specific roles (if not defined, no roles is assigned, and the user will be added via pre mongo 2.2 style) community.mongodb.mongodb_user: database: burgers name: ben password: 12345 roles: read state: present - name: Define roles community.mongodb.mongodb_user: database: burgers name: jim password: 12345 roles: readWrite,dbAdmin,userAdmin state: present - name: Define roles community.mongodb.mongodb_user: database: burgers name: joe password: 12345 roles: readWriteAnyDatabase state: present - name: Add a user to database in a replica set, the primary server is automatically discovered and written to community.mongodb.mongodb_user: database: burgers name: bob replica_set: belcher password: 12345 roles: readWriteAnyDatabase state: present # add a user 'oplog_reader' with read only access to the 'local' database on the replica_set 'belcher'. This is useful for oplog access (MONGO_OPLOG_URL). # please notice the credentials must be added to the 'admin' database because the 'local' database is not synchronized and can't receive user credentials # To login with such user, the connection string should be MONGO_OPLOG_URL="mongodb://oplog_reader:oplog_reader_password@server1,server2/local?authSource=admin" # This syntax requires mongodb 2.6+ and pymongo 2.5+ - name: Roles as a dictionary community.mongodb.mongodb_user: login_user: root login_password: root_password database: admin user: oplog_reader password: oplog_reader_password state: present replica_set: belcher roles: - db: local role: read - name: Adding a user with X.509 Member Authentication community.mongodb.mongodb_user: login_host: "mongodb-host.test" login_port: 27001 login_database: "$external" database: "admin" name: "admin" password: "test" roles: - dbAdminAnyDatabase ssl: true ssl_ca_certs: "/tmp/ca.crt" ssl_certfile: "/tmp/tls.key" #cert and key in one file state: present auth_mechanism: "MONGODB-X509" connection_options: - "tlsAllowInvalidHostnames=true" zc user: description: The name of the user to add or remove. returned: success type: str N) AnsibleModulemissing_required_lib) binary_type text_type) to_nativeto_bytes)rmongodb_common_argument_spec mongo_authPYMONGO_IMP_ERR pymongo_foundget_mongodb_clientc ||jddD] }|d|k(s d|vr|cS|d|dfvs|cS y #t$r'}t|dr|jdk(rnYd}~y d}~wwxYw) zCheck if the user exists. Args: client (cursor): Mongodb cursor on admin database. user (str): User to check. db_name (str): User's database. Returns: dict: when user exists, False otherwise. usersInfousersuserdbadmincode NF)command Exceptionhasattrr)clientrdb_name mongo_userexceps r/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/mongodb/plugins/modules/mongodb_user.py user_findr!s /11+>wG &J&!T)z)%%d#'99%% &   5& !ejjB&6     s%">> >>> A.A))A.c||} t|||}|rd} nd} i} ||| d<||| d<|j| |fi| y#t$r)}t|dr|jdk(rd}nYd}~Yd}~wwxYw)Nr F updateUser createUserpwdroles)r!rrrr) modulerrrpasswordr'rexistsruser_add_db_command user_dicts r user_addr-s B 641**I# % " 'BJJ"D6I6-  5& !ejjB&6F   s A A2 A--A2ct|||}|r7|jr|jd|||}|jd|y|jd|y)NTchangedrdropUserF)r! check_mode exit_jsonr)r(rrrr*rs r user_remover4 sY vtW -F      T  5 G_ :t$T2c|d}|||}|jdg}t|dt|dk(ryy)Nct}|D]@}t|ttfr||d}|j |0|j |B|S)N)roler)list isinstancerr append)r'routputr8new_roles r "make_sure_roles_are_a_list_of_dictzBcheck_if_roles_changed..make_sure_roles_are_a_list_of_dict(sP $D$i 89$(8 h' d#  $  r5r'c4t|jSNsorteditemsr's r z(check_if_roles_changed..5svekkm7Lr5)keyc4t|jSr@rArDs r rEz(check_if_roles_changed..5s*w}DJJLxMr5FT)getrB)uinfor'rr>roles_as_list_of_dict uinfo_roless r check_if_roles_changedrLsR"?ugN))GR(K #)LMQWXcjMRNN r5c t}|jtddgtddgtdgdtdtddd td d d g tdddgdtddt|d}|jd}|jddk(rd|jd<t s |j tdt|jd}| t|dnd}|jd}|jd }|jd!}|jd"xsg}|jd#} |jd} d} |jd$d} t|| %} t|| | %} | d k(r|| dk(r|j d('|G|Etjj!|r&  j#|j%d|dd)* | dk7r1t' ||}|r"d}t)|||s|j%d|+|j*r|j%d|+t-| ||||  j#|C|A t3|d-j#n%| d k(r t5| ||  j#|j%d|+y#t$r)} |j d&t| z'Yd} ~ dd} ~ wwxYw#t$rY&wxYw#t$r;} |j d,t| zt/j0Yd} ~ d} ~ wwxYw#t$rYwxYw#  j#w#t$rYwwxYwxYw#t$r@} |j dd.|d/t| t/j00Yd} ~ d} ~ wwxYw#t$r<} |j d1t| zt/j0Yd} ~ qd} ~ wwxYw#t$rYtwxYw#  j#w#t$rYwwxYwxYw)2NTr)requiredaliasesrpass)rOno_log)defaultr9raw)rRtypeelementspresentabsent)rRchoicesalways on_createF)rRrXrQpath)rRrT)databasenamer) replica_setr'stateupdate_passwordcreate_for_localhost_exception) argument_specsupports_check_mode login_userlogin_databasez $externalr`pymongo)msg exceptionrasurrogate_or_strict)errorsr\r]r)r'r_r^)directConnectionz!Unable to connect to database: %s)rgzYpassword parameter required when adding a user unless update_password is set to on_createz2The path in create_for_localhost_exception exists.)r0rskippedrgr/z Unable to add or update user: %swbzCAdded user but unable to touch create_for_localhost_exception file z: )r0rgrhzUnable to remove user: %s)r updatedictrparamsr fail_jsonrrr rr rr osr[r*closer3r!rLr2r- traceback format_excopenr4)rbr(rdra b_create_for_localhost_exceptionrrr)r'r_r`rkrerIs r mainry>s02MtdV4 4& 2vht4&4fu=9x.CDX+7NW\]'+Dv'F # F|,J}}%&+5+6 '( 1)<#2  4&,]]3S%T" * 5 /8MN;?% mmJ'G == D}}Z(H MM' " (bE MM' "Emm$56OQ  == ' /# #F=MNFF=MN   8 ;   !|  }  "@"Lww~~>?LLN  T4NB C (*!&$8#H1%H((T(B    D 9 VVWdHe D    "@"L 5t<BBD (    6   T-y Q@9Q<OPPQ! v   !CiPQl!R^g^r^r^t  u u v           hFHQRSHTU'224!  o   !rs{A@ M ^Y v  K;::7@3 Ni.X zFr5