[authentication] make ismaster work with authentication enbaled before user admin is created

Johan De Wit · Johan De Wit · commit 7b3513110c7c · 2024-02-12T16:04:35.000+01:00
diff --git a/lib/facter/is_master.rb b/lib/facter/is_master.rb
@@ -16,39 +16,71 @@ def get_options_from_hash_config(config)
   # - sslMode is "requireSSL"
   # - Parameter --sslPEMKeyFile is set
   # - Parameter --sslCAFile is set
-  result << "--ssl --host #{Facter.value(:fqdn)}" if ['allowSSL', 'preferSSL', 'requireSSL'].include? config['net.ssl.mode'] || !config['net.ssl.PEMKeyFile'].nil? || !config['net.ssl.CAFile'].nil?
+  result << "--ssl --host #{Facter.value(:fqdn)}" if config['net.ssl.mode'] == 'requireSSL' || !config['net.ssl.PEMKeyFile'].nil? || !config['net.ssl.CAFile'].nil?
   result << "--sslPEMKeyFile #{config['net.ssl.PEMKeyFile']}" unless config['net.ssl.PEMKeyFile'].nil?
   result << "--sslCAFile #{config['net.ssl.CAFile']}" unless config['net.ssl.CAFile'].nil?
-  result << "--sslAllowInvalidHostnames" if config['net.ssl.allowInvalidHostnames'] == true
   # use --tls and --host if:
   # - tlsMode is "requireTLS"
   # - Parameter --tlsCertificateKeyFile is set
   # - Parameter --tlsCAFile is set
-  result << "--tls --host #{Facter.value(:fqdn)}" if ['allowTLS', 'prefeTLS', 'requireTLS'].include? config['net.tls.mode'] || !config['net.tls.certificateKeyFile'].nil? || !config['net.tls.CAFile'].nil?
+  result << "--tls --host #{Facter.value(:fqdn)}" if config['net.tls.mode'] == 'requireTLS' || !config['net.tls.certificateKeyFile'].nil? || !config['net.tls.CAFile'].nil?
   result << "--tlsCertificateKeyFile #{config['net.tls.certificateKeyFile']}" unless config['net.tls.certificateKeyFile'].nil?
   result << "--tlsCAFile #{config['net.tls.CAFile']}" unless config['net.tls.CAFile'].nil?
-  result << "--tlsAllowInvalidHostnames" if config['net.tls.allowInvalidHostnames'] == true
 
   result << '--ipv6' unless config['net.ipv6'].nil?
 
   result.join(' ')
 end
 
+def get_options_from_keyvalue_config(file)
+  config = {}
+  File.readlines(file).map do |line|
+    k, v = line.split('=')
+    config[k.rstrip] = v.lstrip.chomp if k && v
+  end
+
+  result = []
+
+  result << "--port #{config['port']}" unless config['port'].nil?
+  # use --ssl and --host if:
+  # - sslMode is "requireSSL"
+  # - Parameter --sslPEMKeyFile is set
+  # - Parameter --sslCAFile is set
+  result << "--ssl --host #{Facter.value(:fqdn)}" if config['ssl'] == 'requireSSL' || !config['sslcert'].nil? || !config['sslca'].nil?
+  result << "--sslPEMKeyFile #{config['sslcert']}" unless config['sslcert'].nil?
+  result << "--sslCAFile #{config['sslca']}" unless config['sslca'].nil?
+  # use --tls and --host if:
+  # - tlsMode is "requireTLS"
+  # - Parameter --tlsCertificateKeyFile is set
+  # - Parameter --tlsCAFile is set
+  result << "--tls --host #{Facter.value(:fqdn)}" if config['tls'] == 'requireTLS' || !config['tlscert'].nil? || !config['tlsca'].nil?
+  result << "--tlsCertificateKeyFile #{config['tlscert']}" unless config['tlscert'].nil?
+  result << "--tlsCAFile #{config['tlsca']}" unless config['tlsca'].nil?
+
+  result << '--ipv6' unless config['ipv6'].nil?
+
+  result.join(' ')
+end
+
 def get_options_from_config(file)
   config = YAML.load_file(file)
-  get_options_from_hash_config(config)
+  if config.is_a?(Hash) # Using a valid YAML file for mongo 2.6
+    get_options_from_hash_config(config)
+  else # It has to be a key-value config file
+    get_options_from_keyvalue_config(file)
+  end
 end
 
 Facter.add('mongodb_is_master') do
   setcode do
-    if %w[mongo mongod].all? { |m| Facter::Util::Resolution.which m }
+    if %w[mongosh mongod].all? { |m| Facter::Util::Resolution.which m }
       file = mongod_conf_file
       if file
         options = get_options_from_config(file)
         e = File.exist?('/root/.mongoshrc.js') ? 'load(\'/root/.mongoshrc.js\'); ' : ''
 
         # Check if the mongodb server is responding:
-        Facter::Core::Execution.exec("mongosh --quiet #{options} --eval \"#{e}EJSON.stringify(db.adminCommand({ ping: 1 }))\"")
+        Facter::Core::Execution.exec("mongosh --quiet #{options} --eval \"#{e}printjson(db.adminCommand({ ping: 1 }))\"")
 
         if $CHILD_STATUS.success?
           Facter::Core::Execution.exec("mongosh --quiet #{options} --eval \"#{e}db.isMaster().ismaster\"")
diff --git a/lib/facter/mongodb_version.rb b/lib/facter/mongodb_version.rb
@@ -2,9 +2,9 @@
 
 Facter.add(:mongodb_version) do
   setcode do
-    if Facter::Core::Execution.which('mongo')
-      mongodb_version = Facter::Core::Execution.execute('mongo --version 2>&1')
-      %r{MongoDB shell version:?\s+v?([\w.]+)}.match(mongodb_version)[1]
+    if Facter::Core::Execution.which('mongod')
+      mongodb_version = Facter::Core::Execution.execute('mongod --version 2>&1')
+      %r{^db version:?\s+v?([\w.]+)}.match(mongodb_version)[1]
     end
   end
 end
diff --git a/lib/puppet/provider/mongodb_shard/mongo.rb b/lib/puppet/provider/mongodb_shard/mongo.rb
@@ -13,7 +13,7 @@
 
   mk_resource_methods
 
-  commands mongo: 'mongo'
+  commands mongosh: 'mongosh'
 
   def initialize(value = {})
     super(value)
diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb
@@ -18,11 +18,8 @@ def self.instances
       return [] if auth_enabled && (out.include?('requires authentication') || out.include?('not authorized on admin'))
 
       users = JSON.parse out
-      Puppet.debug("Result of users in self.instances: #{users}")
-      Puppet.debug("Type of users in self.instances: #{users.class}")
 
       users.map do |user|
-        Puppet.debug("Fetching user  #{user}")
         db = if user['db'] == '$external'
                # For external users, we need to retreive the original DB name from here.
                user['customData']['createdBy'][%r{.* (.*)'\]$}, 1]
@@ -55,7 +52,6 @@ def self.prefetch(resources)
   mk_resource_methods
 
   def create
-    Puppet.debug("In mongodb_user.create. Only works when on the primery node")
     if db_ismaster
       password_hash = @resource[:password_hash]
       password_hash = Puppet::Util::MongodbMd5er.md5(@resource[:username], @resource[:password]) if !password_hash && @resource[:password]
@@ -85,10 +81,8 @@ def create
       end
 
       if @resource[:auth_mechanism] == :x509
-        Puppet.debug("Creating user for x509 with command #{command}")
         mongo_eval("db.getSiblingDB(\"$external\").runCommand(#{command.to_json})", @resource[:database])
       else
-        Puppet.debug("Creating user for with command #{command}")
         mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
       end
 
