Ensure that the password is not blank and add warning when use default passowrds

carlos-gonzaga · carlos-gonzaga · commit a78312f1c070 · 2020-12-01T11:32:49.000-03:00
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,10 +1,20 @@
 ---
+- name: Ensure users and passwords are defined
+  assert:
+    that: 
+      - mongodb_user_admin_name | length != 0
+      - mongodb_user_admin_password | length != 0
+      - mongodb_root_admin_name | length != 0
+      - mongodb_root_admin_password | length != 0
+      - mongodb_root_backup_name | length != 0
+      - mongodb_root_backup_password | length != 0
+    fail_msg: "Please set the user, password variables to Mongodb!"
 
 - name: Check value of variable mongodb_net_ssl_host
   fail:
     msg: 'Set mongodb_net_ssl_mode is preferSSL or set valid hostname for mongodb_net_ssl_host!'
   when: ( mongodb_net_ssl_mode == 'requireSSL'
-          and mongodb_net_ssl_host == '' )
+          and mongodb_net_ssl_host | length > 0 )
 
 - name: Check value of variable mongodb_login_host
   fail:
@@ -13,6 +23,10 @@
           and mongodb_net_ssl_host != mongodb_login_host
           and not mongodb_replication_replset )
 
+- name: Check if password is default
+  include: warning_default_password.yml
+  tags: [mongodb]
+
 - name: Include OS-specific variables
   include_vars: "{{ item }}"
   with_first_found:
diff --git a/tasks/warning_default_password.yml b/tasks/warning_default_password.yml
@@ -0,0 +1,14 @@
+---
+- name: Check passwords
+  fail:
+    msg: "[WARNING]: Using default password to user: {{ item.user }}"
+  ignore_errors: yes
+  loop:
+    - user: "{{ mongodb_user_admin_name }}"
+      password: "{{ mongodb_user_admin_password }}"
+    - user: "{{ mongodb_root_admin_name }}"
+      password: "{{ mongodb_root_admin_password }}"
+    - user: "{{ mongodb_root_backup_name }}"
+      password: "{{ mongodb_root_backup_password }}"
+  when: item.password == "passw0rd"
+  run_once: yes
