From edbad801231668f67e1078c45643c1654ac31e16 Mon Sep 17 00:00:00 2001
From: Guillaume Dufour <guillaume.duff@gmail.com>
Date: Thu, 25 Feb 2016 11:01:34 +0100
Subject: [PATCH] fix #1731 : mongodb_user always says changed

---
 database/misc/mongodb_user.py | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/database/misc/mongodb_user.py b/database/misc/mongodb_user.py
index 12d348e9a92..44659221bc4 100644
--- a/database/misc/mongodb_user.py
+++ b/database/misc/mongodb_user.py
@@ -148,9 +148,9 @@ else:
 # MongoDB module specific support methods.
 #
 
-def user_find(client, user):
+def user_find(client, user, db_name):
     for mongo_user in client["admin"].system.users.find():
-        if mongo_user['user'] == user:
+        if mongo_user['user'] == user and mongo_user['db'] == db_name:
             return mongo_user
     return False
 
@@ -158,6 +158,7 @@ def user_add(module, client, db_name, user, password, roles):
     #pymono's user_add is a _create_or_update_user so we won't know if it was changed or updated
     #without reproducing a lot of the logic in database.py of pymongo
     db = client[db_name]
+
     if roles is None:
         db.add_user(user, password, False)
     else:
@@ -170,7 +171,7 @@ def user_add(module, client, db_name, user, password, roles):
             module.fail_json(msg=err_msg)
 
 def user_remove(module, client, db_name, user):
-    exists = user_find(client, user)
+    exists = user_find(client, user, db_name)
     if exists:
         db = client[db_name]
         db.remove_user(user)
@@ -223,7 +224,7 @@ def main():
     login_host = module.params['login_host']
     login_port = module.params['login_port']
     login_database = module.params['login_database']
-    
+
     replica_set = module.params['replica_set']
     db_name = module.params['database']
     user = module.params['name']
@@ -261,14 +262,22 @@ def main():
         if password is None and update_password == 'always':
             module.fail_json(msg='password parameter required when adding a user unless update_password is set to on_create')
 
-        if update_password != 'always' and user_find(client, user):
+        uinfo = user_find(client, user, db_name)
+        if update_password != 'always' and uinfo:
             password = None
+            if list(map((lambda x: x['role']), uinfo['roles'])) == roles:
+                module.exit_json(changed=False, user=user)
 
         try:
             user_add(module, client, db_name, user, password, roles)
         except OperationFailure, e:
             module.fail_json(msg='Unable to add or update user: %s' % str(e))
 
+            # Here we can  check password change if mongo provide a query for that : https://jira.mongodb.org/browse/SERVER-22848
+            #newuinfo = user_find(client, user, db_name)
+            #if uinfo['role'] == newuinfo['role'] and CheckPasswordHere:
+            #    module.exit_json(changed=False, user=user)
+
     elif state == 'absent':
         try:
             user_remove(module, client, db_name, user)