[2.9] Fix issue with MongoDB 4.0.20 (#71393)

Co-authored-by: Matt Davis <nitzmahone@users.noreply.github.com>

changelogs/fragments/71393-mongodb-replicaset-use-db-ismaster.yaml

@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - mongodb_replicaset - fixes authentication to determine replicaset name (https://github.com/ansible-collections/community.mongodb/issues/136).

lib/ansible/modules/database/mongodb/mongodb_replicaset.py

@@ -207,16 +207,14 @@ def check_compatibility(module, client):
 
 def replicaset_find(client):
     """Check if a replicaset exists.
-
     Args:
         client (cursor): Mongodb cursor on admin database.
-        replica_set (str): replica_set to check.
-
     Returns:
         dict: when user exists, False otherwise.
     """
-    for rs in client["local"].system.replset.find({}):
+    doc = client['admin'].command('isMaster')
-        return rs["_id"]
+    if 'setName' in doc.keys():
+        return str(doc['setName'])
     return False
 
 
@@ -356,15 +354,26 @@ def main():
         module.fail_json(msg='Unable to connect to database: %s' % to_native(e))
 
     try:
-        check_compatibility(module, client)
+        rs = replicaset_find(client)
-    except Exception as excep:
+    except Exception as e:
-        if "not authorized on" not in str(excep) and "there are no users authenticated" not in str(excep):
+        module.fail_json(msg='Unable to connect to query replicaset: %s' % to_native(e))
-            raise excep
-        if login_user is None or login_password is None:
-            raise excep
-        client.admin.authenticate(login_user, login_password, source=login_database)
-        check_compatibility(module, client)
 
+    if isinstance(rs, str):
+        if replica_set == rs:
+            result['changed'] = False
+            result['replica_set'] = rs
+            module.exit_json(**result)
+        else:
+            module.fail_json(msg="The replica_set name of {0} does not match the expected: {1}".format(rs, replica_set))
+    else:  # replicaset does not exit
+
+        # Some validation stuff
+        if len(replica_set) == 0:
+            module.fail_json(msg="Parameter replica_set must not be an empty string")
+
+        if module.check_mode is False:
+            try:
+                # If we have auth details use then otherwise attempt without
                 if login_user is None and login_password is None:
                     mongocnf_creds = load_mongocnf()
                     if mongocnf_creds is not False:
@@ -373,42 +382,30 @@ def main():
                 elif login_password is None or login_user is None:
                     module.fail_json(msg="When supplying login arguments, both 'login_user' and 'login_password' must be provided")
 
-    try:
-        client['admin'].command('listDatabases', 1.0)  # if this throws an error we need to authenticate
-    except Exception as excep:
-        if "not authorized on" in str(excep) or "command listDatabases requires authentication" in str(excep):
                 if login_user is not None and login_password is not None:
+                    try:
                         client.admin.authenticate(login_user, login_password, source=login_database)
-            else:
+                        # Get server version:
-                raise excep
-        else:
-            raise excep
-
-    if len(replica_set) == 0:
-        module.fail_json(msg="Parameter 'replica_set' must not be an empty string")
-
                         try:
-        rs = replicaset_find(client)
+                            srv_version = LooseVersion(client.server_info()['version'])
                         except Exception as e:
-        module.fail_json(msg='Unable to query replica_set info: %s' % to_native(e))
+                            module.fail_json(msg='Unable to get MongoDB server version: %s' % to_native(e))
 
-    if not rs:
+                        # Get driver version::
-        if not module.check_mode:
+                        driver_version = LooseVersion(PyMongoVersion)
-            try:
+                        # Check driver and server version compatibility:
-                replicaset_add(module, client, replica_set, members, arbiter_at_index, protocol_version,
+                        check_compatibility(module, srv_version, driver_version)
-                               chaining_allowed, heartbeat_timeout_secs, election_timeout_millis)
+                    except Exception as excep:
+                        module.fail_json(msg='Unable to authenticate with MongoDB: %s' % to_native(excep))
+                replicaset_add(module, client, replica_set, members,
+                               arbiter_at_index, protocol_version,
+                               chaining_allowed, heartbeat_timeout_secs,
+                               election_timeout_millis)
                 result['changed'] = True
             except Exception as e:
                 module.fail_json(msg='Unable to create replica_set: %s' % to_native(e))
         else:
-        if not module.check_mode:
+            result['changed'] = True
-            try:
-                rs = replicaset_find(client)
-            except Exception as e:
-                module.fail_json(msg='Unable to query replica_set info: %s' % to_native(e))
-            if rs is not None and rs != replica_set:
-                module.fail_json(msg="The replica_set name of '{0}' does not match the expected: '{1}'".format(rs, replica_set))
-        result['changed'] = False
 
         module.exit_json(**result)
 

test/integration/targets/mongodb_replicaset/aliases

@@ -4,4 +4,3 @@ skip/osx
 skip/freebsd
 skip/rhel
 needs/root
-disabled  # broken with newer mongodb (4.0.20)

test/integration/targets/mongodb_replicaset/tasks/main.yml

@@ -33,8 +33,6 @@
 # test with yaml list
 - name: Create replicaset with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"
@@ -119,28 +117,6 @@
   assert:
     that: mongodb_replicaset.changed == False
 
-- name: Test with bad password
-  mongodb_replicaset:
-    login_user: "{{ mongodb_admin_user }}"
-    login_password: XXXXXXXXXXXXXXXX
-    login_host: "localhost"
-    login_port: 3001
-    login_database: "admin"
-    replica_set: "{{ mongodb_replicaset1 }}"
-    election_timeout_millis: 1000
-    members:
-     - "localhost:3001"
-     - "localhost:3002"
-     - "localhost:3003"
-  register: mongodb_replicaset_bad_pw
-  ignore_errors: True
-
-- name: Assert login failed
-  assert:
-    that:
-      - "mongodb_replicaset_bad_pw.rc == 1"
-      - "'Authentication failed' in mongodb_replicaset_bad_pw.module_stderr"
-
   #############################################################
 
 - include_tasks: mongod_teardown.yml
@@ -157,8 +133,6 @@
 # Test with python style list
 - name: Create replicaset with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"
@@ -196,8 +170,6 @@
 # Test with csv string
 - name: Create replicaset with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"
@@ -234,8 +206,6 @@
 # Test with arbiter_at_index
 - name: Create replicaset with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"
@@ -277,8 +247,6 @@
 # Test with chainingAllowed
 - name: Create replicaset with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"
@@ -323,8 +291,6 @@
 # Test with 5 mongod processes
 - name: Create replicaset with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"
@@ -371,8 +337,6 @@
 # Test withheartbeatTimeoutSecs
 - name: Create replicaset with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"
@@ -410,8 +374,6 @@
 # Test with heartbeatTimeoutSecs
 - name: Create replicaset with module protocolVersion 0 (Mongodb 3.0)
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"
@@ -427,8 +389,6 @@
 
 - name: Create replicaset with module protocolVersion 1 (MongoDB 4.0+)
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"

test/integration/targets/mongodb_shard/aliases

@@ -4,4 +4,3 @@ skip/osx
 skip/freebsd
 skip/rhel
 needs/root
-disabled  # broken with newer mongodb (4.0.20)

test/integration/targets/mongodb_shard/tasks/main.yml

@@ -46,8 +46,6 @@
 
 - name: Create replicaset1 with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"
@@ -59,8 +57,6 @@
 
 - name: Create replicaset2 with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3004
     login_database: "admin"
@@ -72,8 +68,6 @@
 
 - name: Create config srv replicaset with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 4000
     login_database: "admin"
@@ -191,8 +185,6 @@
 
 - name: Create replicaset1 with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3001
     login_database: "admin"
@@ -204,8 +196,6 @@
 
 - name: Create replicaset2 with module
   mongodb_replicaset:
-    login_user: admin
-    login_password: secret
     login_host: "localhost"
     login_port: 3004
     login_database: "admin"
@@ -220,8 +210,6 @@
 
 - name: Create config srv replicaset with module
   mongodb_replicaset:
-    login_user: "{{ mongodb_admin_user }}"
-    login_password: "{{ mongodb_admin_password }}"
     login_port: 4000
     login_database: "admin"
     replica_set: "{{ configsrv_replicaset }}"