add x509 authentication to the rc file

Author: Johan De Wit

lib/puppet/provider/mongodb_user/mongodb.rb

@@ -115,21 +115,17 @@ def password_hash=(_value)
   end
 
   def password=(value)
-    if mongo_26?
-      mongo_eval("db.changeUserPassword(#{@resource[:username].to_json}, #{value.to_json})", @resource[:database])
-    else
-      command = {
-        updateUser: @resource[:username],
-        pwd: @resource[:password],
-        digestPassword: true
-      }
-
-      if mongo_4? || mongo_5? || mongo_6?
-        command[:mechanisms] = @resource[:auth_mechanism] == :scram_sha_256 ? ['SCRAM-SHA-256'] : ['SCRAM-SHA-1'] # rubocop:disable Naming/VariableNumber
-      end
-
-      mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
+    command = {
+      updateUser: @resource[:username],
+      pwd: @resource[:password],
+      digestPassword: true
+    }
+
+    if mongo_4? || mongo_5? || mongo_6?
+      command[:mechanisms] = @resource[:auth_mechanism] == :scram_sha_256 ? ['SCRAM-SHA-256'] : ['SCRAM-SHA-1'] # rubocop:disable Naming/VariableNumber
     end
+
+    mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
   end
 
   def roles=(roles)

templates/mongoshrc.js.erb

@@ -30,10 +30,21 @@ function authRequired() {
 }
 
 if (authRequired()) {
-  <%- if @admin_auth_mechanism != 'x509' -%>
-    <%- if @replset -%>
+  <%- if @replset -%>
   db.getMongo().setReadPref('primaryPreferred')
-    <%- end -%>
+    <%- if @admin_auth_mechanism == 'x509' -%>
+  try {
+    db.getSiblingDB('$external').auth(
+      {
+        mechanism: 'MONGODB-X509'
+      }
+    )
+  }
+  catch(err) {  
+    // This isn't catching authentication errors as I'd expect...
+    throw(err)
+  }
+    <%- else -%>
   try {
     var prev_db = db.getName()
     db = db.getSiblingDB('admin')
@@ -44,6 +55,7 @@ if (authRequired()) {
     // This isn't catching authentication errors as I'd expect...
     throw(err)
   }
+    <%- end -%>
   <%- end -%>
 }
 <% end -%>