fix #1731 : mongodb_user always says changed

9 years ago · b07e1c13f7
parent d20b7ee6e6
commit b07e1c13f7
1 changed files with 13 additions and 4 deletions
--- a/lib/ansible/modules/extras/database/misc/mongodb_user.py
+++ b/lib/ansible/modules/extras/database/misc/mongodb_user.py
@ -159,9 +159,9 @@ else:
 # MongoDB module specific support methods.
 #

-def user_find(client, user):
+def user_find(client, user, db_name):
    for mongo_user in client["admin"].system.users.find():
-        if mongo_user['user'] == user:
+        if mongo_user['user'] == user and mongo_user['db'] == db_name:
            return mongo_user
    return False

@ -169,6 +169,7 @@ def user_add(module, client, db_name, user, password, roles):
    #pymongo's user_add is a _create_or_update_user so we won't know if it was changed or updated
    #without reproducing a lot of the logic in database.py of pymongo
    db = client[db_name]
+
    if roles is None:
        db.add_user(user, password, False)
    else:
@ -181,7 +182,7 @@ def user_add(module, client, db_name, user, password, roles):
            module.fail_json(msg=err_msg)

 def user_remove(module, client, db_name, user):
-    exists = user_find(client, user)
+    exists = user_find(client, user, db_name)
    if exists:
        if module.check_mode:
            module.exit_json(changed=True, user=user)
@ -274,8 +275,11 @@ def main():
        if password is None and update_password == 'always':
            module.fail_json(msg='password parameter required when adding a user unless update_password is set to on_create')

-        if update_password != 'always' and user_find(client, user):
+        uinfo = user_find(client, user, db_name)
+        if update_password != 'always' and uinfo:
            password = None
+            if list(map((lambda x: x['role']), uinfo['roles'])) == roles:
+                module.exit_json(changed=False, user=user)

        if module.check_mode:
            module.exit_json(changed=True, user=user)
@ -285,6 +289,11 @@ def main():
        except OperationFailure, e:
            module.fail_json(msg='Unable to add or update user: %s' % str(e))

+            # Here we can  check password change if mongo provide a query for that : https://jira.mongodb.org/browse/SERVER-22848
+            #newuinfo = user_find(client, user, db_name)
+            #if uinfo['role'] == newuinfo['role'] and CheckPasswordHere:
+            #    module.exit_json(changed=False, user=user)
+
    elif state == 'absent':
        try:
            user_remove(module, client, db_name, user)