You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/test/integration/targets/mongodb_user/tasks/main.yml

227 lines
6.9 KiB
YAML

# test code for the mongodb_user module
# (c) 2019, Rhys Campbell <rhys.james.campbell@googlemail.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# ============================================================
- name: Ensure tests home exists
file:
path: "{{ remote_tmp_dir }}/tests"
state: directory
- include_tasks: mongod_teardown.yml
- set_fact:
current_replicaset: mongodb_user_tests_replicaset
- set_fact:
mongodb_nodes: [ 3001, 3002, 3003 ]
- include_tasks: mongod_replicaset.yml
- name: Create current_replicaset with module
mongodb_replicaset:
login_port: 3001
replica_set: "{{ current_replicaset }}"
members:
- "localhost:3001"
- "localhost:3002"
- "localhost:3003"
- name: Ensure is_primary script exists on host
copy:
src: js/is_primary.js
dest: "{{ remote_tmp_dir }}/tests/is_primary.js"
- name: Ensure host reaches primary before proceeding 3001
command: mongo admin --port 3001 "{{ remote_tmp_dir }}/tests/is_primary.js"
- name: Create admin user with module
mongodb_user:
login_port: 3001
replica_set: "{{ current_replicaset }}"
database: admin
name: "{{ mongodb_admin_user }}"
password: "{{ mongodb_admin_password }}"
roles: root
state: present
register: mongodb_admin_user_created
- assert:
that:
- mongodb_admin_user_created.changed == True
- name: Kill all mongod processes
command: pkill -{{ kill_signal }} mongod
ignore_errors: true
- name: Getting pids for mongod
pids:
name: mongod
register: pids_of_mongod
- name: Wait for all mongod processes to exit
wait_for:
path: "/proc/{{ item }}/status"
state: absent
delay: 3
with_items: "{{ pids_of_mongod }}"
- set_fact:
mongod_auth: true
- include_tasks: mongod_replicaset.yml
# Tests with auth enable
- name: Ensure host reaches primary before proceeding 3001
command: mongo admin --port 3001 --username "{{ mongodb_admin_user }}" --password "{{ mongodb_admin_password }}" "{{ remote_tmp_dir }}/tests/is_primary.js"
- name: Run admin user creation again
mongodb_user:
login_user: "{{ mongodb_admin_user }}"
login_password: "{{ mongodb_admin_password }}"
login_database: admin
login_port: 3001
replica_set: "{{ current_replicaset }}"
database: admin
name: "{{ mongodb_admin_user }}"
password: "{{ mongodb_admin_password }}"
roles: root
state: present
update_password: on_create
register: mongodb_admin_user_created
- assert:
that:
- mongodb_admin_user_created.changed == False
- name: Run admin user creation again with forced pw update
mongodb_user:
login_user: "{{ mongodb_admin_user }}"
login_password: "{{ mongodb_admin_password }}"
login_database: admin
login_port: 3001
replica_set: "{{ current_replicaset }}"
database: admin
name: "{{ mongodb_admin_user }}"
password: "{{ mongodb_admin_password }}"
roles: root
state: present
update_password: always
register: mongodb_admin_user_created
- assert:
that:
- mongodb_admin_user_created.changed == True
- name: Run user creation
mongodb_user:
login_user: "{{ mongodb_admin_user }}"
login_password: "{{ mongodb_admin_password }}"
login_database: admin
login_port: 3001
replica_set: "{{ current_replicaset }}"
database: "{{ item.database }}"
name: "{{ item.name }}"
password: "{{ item.password }}"
roles: "{{ item.roles }}"
state: present
with_items: "{{ mongodb_user_list }}"
- name: Test login for all users
shell: mongo "{{ item.database }}" --port 3001 --username "{{ item.name }}" --password "{{ item.password }}" --eval "printjson(db.getCollectionNames())"
with_items: "{{ mongodb_user_list }}"
register: login_test
- name: Assert all logins successful
assert:
that: "{{ item.rc == 0 }}"
with_items: "{{ login_test.results }}"
- name: Get admin db users
shell: mongo admin --port 3001 --username "{{ mongodb_admin_user }}" --password "{{ mongodb_admin_password }}" --eval "printjson(db.getUsers())"
register: admin_db_users
- name: Assert that roles exist in admin db output
assert:
that:
- "'clusterAdmin' in admin_db_users.stdout"
- "'readAnyDatabase' in admin_db_users.stdout"
- "'readWriteAnyDatabase' in admin_db_users.stdout"
- "'userAdminAnyDatabase' in admin_db_users.stdout"
- "'dbAdminAnyDatabase' in admin_db_users.stdout"
- name: Get test db users
shell: mongo test --authenticationDatabase admin --port 3001 --username "{{ mongodb_admin_user }}" --password "{{ mongodb_admin_password }}" --eval "printjson(db.getUsers())"
register: test_db_users
- name: Assert that roles exist in test db output
assert:
that:
- "'\"read\"' in test_db_users.stdout"
- "'readWrite' in test_db_users.stdout"
- "'dbAdmin' in test_db_users.stdout"
- "'userAdmin' in test_db_users.stdout"
- name: Drop users in test db
mongodb_user:
login_user: "{{ mongodb_admin_user }}"
login_password: "{{ mongodb_admin_password }}"
login_database: admin
login_port: 3001
replica_set: "{{ current_replicaset }}"
database: "{{ item.database }}"
name: "{{ item.name }}"
state: absent
with_items: "{{ mongodb_user_list }}"
when: item.database == "test"
- name: Get test db users
shell: mongo test --authenticationDatabase admin --port 3001 --username "{{ mongodb_admin_user }}" --password "{{ mongodb_admin_password }}" --eval "printjson(db.getUsers())"
register: test_db_users
- name: Assert that roles do not exist in test db output
assert:
that:
- "'user1' not in test_db_users.stdout"
- "'user2' not in test_db_users.stdout"
- "'user3' not in test_db_users.stdout"
- "'user4' not in test_db_users.stdout"
- name: Create user with multiple roles in test db
mongodb_user:
login_user: "{{ mongodb_admin_user }}"
login_password: "{{ mongodb_admin_password }}"
login_database: admin
login_port: 3001
replica_set: "{{ current_replicaset }}"
database: test
name: test_multiple_roles
password: secret
roles: readWrite,dbAdmin,userAdmin
state: present
- name: Get test db users
shell: mongo test --authenticationDatabase admin --port 3001 --username "{{ mongodb_admin_user }}" --password "{{ mongodb_admin_password }}" --eval "printjson(db.getUsers())"
register: test_db_users
- debug:
var: test_db_users
# Clean up
- include_tasks: mongod_teardown.yml