Skip to content

Commit

Permalink
New server::admin_password_hash parameter
Browse files Browse the repository at this point in the history 
Allow mongdb to be set up with the specification of a hash of
the password rather than a password itself.
  • Loading branch information
@traylenator
traylenator committed Oct 3, 2023
1 parent 74baa74 commit bad039d
Show file tree
Hide file tree
Showing 3 changed files with 123 additions and 87 deletions.
9 changes: 9 additions & 0 deletions REFERENCE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1185,6 +1185,7 @@ The following parameters are available in the `mongodb::server` class:
* [`tls_conn_without_cert`](#-mongodb--server--tls_conn_without_cert)
* [`tls_invalid_hostnames`](#-mongodb--server--tls_invalid_hostnames)
* [`tls_mode`](#-mongodb--server--tls_mode)
* [`admin_password_hash`](#-mongodb--server--admin_password_hash)
* [`ensure`](#-mongodb--server--ensure)
* [`user`](#-mongodb--server--user)
* [`group`](#-mongodb--server--group)
Expand Down Expand Up @@ -1315,6 +1316,14 @@ Defines if TLS is used for all network connections. Allowed values are 'requireT

Default value: `'requireTLS'`

##### <a name="-mongodb--server--admin_password_hash"></a>`admin_password_hash`

Data type: `Optional[Variant[String[1], Sensitive[String[1]]]]`

Hashed password. Hex encoded md5 hash of mongodb password.

Default value: `undef`

##### <a name="-mongodb--server--ensure"></a>`ensure`

Data type: `Variant[Boolean, String]`
Expand Down
178 changes: 91 additions & 87 deletions manifests/server.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,95 +12,98 @@
# Set to true to disable the validation of the hostnames in TLS certificates.
# @param tls_mode
# Defines if TLS is used for all network connections. Allowed values are 'requireTLS', 'preferTLS' or 'allowTLS'.
# @param admin_password_hash
# Hashed password. Hex encoded md5 hash of mongodb password.
#
class mongodb::server (
Variant[Boolean, String] $ensure = $mongodb::params::ensure,
String $user = $mongodb::params::user,
String $group = $mongodb::params::group,
Stdlib::Absolutepath $config = $mongodb::params::config,
Stdlib::Absolutepath $dbpath = $mongodb::params::dbpath,
Boolean $dbpath_fix = $mongodb::params::dbpath_fix,
Optional[Stdlib::Absolutepath] $pidfilepath = $mongodb::params::pidfilepath,
String $pidfilemode = $mongodb::params::pidfilemode,
Boolean $manage_pidfile = $mongodb::params::manage_pidfile,
String $rcfile = $mongodb::params::rcfile,
Boolean $service_manage = $mongodb::params::service_manage,
Optional[String] $service_provider = $mongodb::params::service_provider,
Optional[String] $service_name = $mongodb::params::service_name,
Boolean $service_enable = $mongodb::params::service_enable,
Enum['stopped', 'running'] $service_ensure = $mongodb::params::service_ensure,
Optional[Enum['stopped', 'running']] $service_status = $mongodb::params::service_status,
Variant[Boolean, String] $package_ensure = $mongodb::params::package_ensure,
String $package_name = $mongodb::params::server_package_name,
Variant[Boolean, Stdlib::Absolutepath] $logpath = $mongodb::params::logpath,
Array[Stdlib::IP::Address] $bind_ip = $mongodb::params::bind_ip,
Optional[Boolean] $ipv6 = undef,
Boolean $logappend = true,
Optional[String] $system_logrotate = undef,
Optional[Boolean] $fork = $mongodb::params::fork,
Optional[Integer[1, 65535]] $port = undef,
Optional[Boolean] $journal = $mongodb::params::journal,
Optional[Boolean] $nojournal = undef,
Optional[Boolean] $smallfiles = undef,
Optional[Boolean] $cpu = undef,
Boolean $auth = false,
Optional[Boolean] $noauth = undef,
Optional[Boolean] $verbose = undef,
Optional[String] $verbositylevel = undef,
Optional[Boolean] $objcheck = undef,
Optional[Boolean] $quota = undef,
Optional[Integer] $quotafiles = undef,
Optional[Integer[0, 7]] $diaglog = undef,
Optional[Boolean] $directoryperdb = undef,
$profile = undef,
Optional[Integer] $maxconns = undef,
Optional[Integer] $oplog_size = undef,
$nohints = undef,
Optional[Boolean] $nohttpinterface = undef,
Optional[Boolean] $noscripting = undef,
Optional[Boolean] $notablescan = undef,
Optional[Boolean] $noprealloc = undef,
Optional[Integer] $nssize = undef,
$mms_token = undef,
$mms_name = undef,
$mms_interval = undef,
Optional[String] $replset = undef,
Optional[Hash] $replset_config = undef,
Optional[Array] $replset_members = undef,
Optional[Boolean] $configsvr = undef,
Optional[Boolean] $shardsvr = undef,
Optional[Boolean] $rest = undef,
Optional[Boolean] $quiet = undef,
Optional[Integer] $slowms = undef,
Optional[Stdlib::Absolutepath] $keyfile = undef,
Optional[Variant[String[6], Sensitive[String[6]]]] $key = undef,
Optional[Variant[String[1], Array[String[1]]]] $set_parameter = undef,
Optional[Boolean] $syslog = undef,
$config_content = undef,
Optional[String] $config_template = undef,
Optional[Hash] $config_data = undef,
Optional[Boolean] $ssl = undef,
Optional[Stdlib::Absolutepath] $ssl_key = undef,
Optional[Stdlib::Absolutepath] $ssl_ca = undef,
Boolean $ssl_weak_cert = false,
Boolean $ssl_invalid_hostnames = false,
Enum['requireSSL', 'preferSSL', 'allowSSL'] $ssl_mode = 'requireSSL',
Boolean $tls = false,
Optional[Stdlib::Absolutepath] $tls_key = undef,
Optional[Stdlib::Absolutepath] $tls_ca = undef,
Boolean $tls_conn_without_cert = false,
Boolean $tls_invalid_hostnames = false,
Enum['requireTLS', 'preferTLS', 'allowTLS'] $tls_mode = 'requireTLS',
Boolean $restart = $mongodb::params::restart,
Optional[String] $storage_engine = undef,
Boolean $create_admin = $mongodb::params::create_admin,
String $admin_username = $mongodb::params::admin_username,
Optional[Variant[String, Sensitive[String]]] $admin_password = undef,
Enum['scram_sha_1', 'scram_sha_256'] $admin_auth_mechanism = $mongodb::params::admin_auth_mechanism,
Boolean $admin_update_password = false,
Boolean $handle_creds = $mongodb::params::handle_creds,
Boolean $store_creds = $mongodb::params::store_creds,
Array $admin_roles = $mongodb::params::admin_roles,
Variant[Boolean, String] $ensure = $mongodb::params::ensure,
String $user = $mongodb::params::user,
String $group = $mongodb::params::group,
Stdlib::Absolutepath $config = $mongodb::params::config,
Stdlib::Absolutepath $dbpath = $mongodb::params::dbpath,
Boolean $dbpath_fix = $mongodb::params::dbpath_fix,
Optional[Stdlib::Absolutepath] $pidfilepath = $mongodb::params::pidfilepath,
String $pidfilemode = $mongodb::params::pidfilemode,
Boolean $manage_pidfile = $mongodb::params::manage_pidfile,
String $rcfile = $mongodb::params::rcfile,
Boolean $service_manage = $mongodb::params::service_manage,
Optional[String] $service_provider = $mongodb::params::service_provider,
Optional[String] $service_name = $mongodb::params::service_name,
Boolean $service_enable = $mongodb::params::service_enable,
Enum['stopped', 'running'] $service_ensure = $mongodb::params::service_ensure,
Optional[Enum['stopped', 'running']] $service_status = $mongodb::params::service_status,
Variant[Boolean, String] $package_ensure = $mongodb::params::package_ensure,
String $package_name = $mongodb::params::server_package_name,
Variant[Boolean, Stdlib::Absolutepath] $logpath = $mongodb::params::logpath,
Array[Stdlib::IP::Address] $bind_ip = $mongodb::params::bind_ip,
Optional[Boolean] $ipv6 = undef,
Boolean $logappend = true,
Optional[String] $system_logrotate = undef,
Optional[Boolean] $fork = $mongodb::params::fork,
Optional[Integer[1, 65535]] $port = undef,
Optional[Boolean] $journal = $mongodb::params::journal,
Optional[Boolean] $nojournal = undef,
Optional[Boolean] $smallfiles = undef,
Optional[Boolean] $cpu = undef,
Boolean $auth = false,
Optional[Boolean] $noauth = undef,
Optional[Boolean] $verbose = undef,
Optional[String] $verbositylevel = undef,
Optional[Boolean] $objcheck = undef,
Optional[Boolean] $quota = undef,
Optional[Integer] $quotafiles = undef,
Optional[Integer[0, 7]] $diaglog = undef,
Optional[Boolean] $directoryperdb = undef,
$profile = undef,
Optional[Integer] $maxconns = undef,
Optional[Integer] $oplog_size = undef,
$nohints = undef,
Optional[Boolean] $nohttpinterface = undef,
Optional[Boolean] $noscripting = undef,
Optional[Boolean] $notablescan = undef,
Optional[Boolean] $noprealloc = undef,
Optional[Integer] $nssize = undef,
$mms_token = undef,
$mms_name = undef,
$mms_interval = undef,
Optional[String] $replset = undef,
Optional[Hash] $replset_config = undef,
Optional[Array] $replset_members = undef,
Optional[Boolean] $configsvr = undef,
Optional[Boolean] $shardsvr = undef,
Optional[Boolean] $rest = undef,
Optional[Boolean] $quiet = undef,
Optional[Integer] $slowms = undef,
Optional[Stdlib::Absolutepath] $keyfile = undef,
Optional[Variant[String[6], Sensitive[String[6]]]] $key = undef,
Optional[Variant[String[1], Array[String[1]]]] $set_parameter = undef,
Optional[Boolean] $syslog = undef,
$config_content = undef,
Optional[String] $config_template = undef,
Optional[Hash] $config_data = undef,
Optional[Boolean] $ssl = undef,
Optional[Stdlib::Absolutepath] $ssl_key = undef,
Optional[Stdlib::Absolutepath] $ssl_ca = undef,
Boolean $ssl_weak_cert = false,
Boolean $ssl_invalid_hostnames = false,
Enum['requireSSL', 'preferSSL', 'allowSSL'] $ssl_mode = 'requireSSL',
Boolean $tls = false,
Optional[Stdlib::Absolutepath] $tls_key = undef,
Optional[Stdlib::Absolutepath] $tls_ca = undef,
Boolean $tls_conn_without_cert = false,
Boolean $tls_invalid_hostnames = false,
Enum['requireTLS', 'preferTLS', 'allowTLS'] $tls_mode = 'requireTLS',
Boolean $restart = $mongodb::params::restart,
Optional[String] $storage_engine = undef,
Boolean $create_admin = $mongodb::params::create_admin,
String $admin_username = $mongodb::params::admin_username,
Optional[Variant[String, Sensitive[String]]] $admin_password = undef,
Optional[Variant[String[1], Sensitive[String[1]]]] $admin_password_hash = undef,
Enum['scram_sha_1', 'scram_sha_256'] $admin_auth_mechanism = $mongodb::params::admin_auth_mechanism,
Boolean $admin_update_password = false,
Boolean $handle_creds = $mongodb::params::handle_creds,
Boolean $store_creds = $mongodb::params::store_creds,
Array $admin_roles = $mongodb::params::admin_roles,
) inherits mongodb::params {
contain mongodb::server::install
contain mongodb::server::config
Expand Down Expand Up @@ -130,6 +133,7 @@
user => $admin_username,
auth_mechanism => $admin_auth_mechanism,
password => $admin_password_unsensitive,
password_hash => $admin_password_hash,
roles => $admin_roles,
update_password => $admin_update_password,
}
Expand Down
23 changes: 23 additions & 0 deletions spec/classes/server_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,29 @@
it { is_expected.to contain_mongodb_database('admin').that_requires('Service[mongodb]') }
end

describe 'with admin_password_hash => xxx89adfaxd' do
let(:params) do
{
create_admin: true,
admin_username: 'admin',
admin_password_hash: 'xxx89adfaxd'
}
end

it_behaves_like 'server classes'

it do
is_expected.to contain_mongodb__db('admin').
with_user('admin').
with_password_hash('xxx89adfaxd').
with_roles(%w[userAdmin readWrite dbAdmin dbAdminAnyDatabase readAnyDatabase
readWriteAnyDatabase userAdminAnyDatabase clusterAdmin clusterManager
clusterMonitor hostManager root restore])
end

it { is_expected.to contain_mongodb_database('admin').that_requires('Service[mongodb]') }
end

describe 'with preset variables' do
let :params do
{
Expand Down

0 comments on commit bad039d

Please sign in to comment.