Retrieve user info on secondary nodes as well

stevenpost · stevenpost · commit 374f46e12c4d · 2024-07-23T13:00:50.000+02:00
Not doing this causes Puppet to display changes when adding secondary
users.
diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb
@@ -9,28 +9,23 @@
   def self.instances
     require 'json'
 
-    if db_ismaster
-      script = 'EJSON.stringify(db.system.users.find().toArray())'
-      # A hack to prevent prefetching failures until admin user is created
-      script = "try {#{script}} catch (e) { if (e.message.match(/requires authentication/) || e.message.match(/not authorized on admin/)) { 'not authorized on admin' } else {throw e}}" if auth_enabled
-
-      out = mongo_eval(script)
-      return [] if auth_enabled && (out.include?('requires authentication') || out.include?('not authorized on admin'))
-
-      users = JSON.parse out
-
-      users.map do |user|
-        new(name: user['_id'],
-            ensure: :present,
-            username: user['user'],
-            database: user['db'],
-            roles: from_roles(user['roles'], user['db']),
-            password_hash: user['credentials']['MONGODB-CR'],
-            scram_credentials: user['credentials']['SCRAM-SHA-1'])
-      end
-    else
-      Puppet.warning 'User info is available only from master host'
-      []
+    script = 'EJSON.stringify(db.system.users.find().toArray())'
+    # A hack to prevent prefetching failures until admin user is created
+    script = "try {#{script}} catch (e) { if (e.message.match(/requires authentication/) || e.message.match(/not authorized on admin/)) { 'not authorized on admin' } else {throw e}}" if auth_enabled
+
+    out = mongo_eval(script)
+    return [] if auth_enabled && (out.include?('requires authentication') || out.include?('not authorized on admin'))
+
+    users = JSON.parse out
+
+    users.map do |user|
+      new(name: user['_id'],
+          ensure: :present,
+          username: user['user'],
+          database: user['db'],
+          roles: from_roles(user['roles'], user['db']),
+          password_hash: user['credentials']['MONGODB-CR'],
+          scram_credentials: user['credentials']['SCRAM-SHA-1'])
     end
   end
 
diff --git a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb
@@ -71,10 +71,10 @@
     end
   end
 
-  describe 'empty self.instances from slave' do
-    it 'doesn`t retrun array of users' do
-      allow(provider.class).to receive(:db_ismaster).and_return(false)
-      expect(provider.class.instances).to be_empty
+  describe 'same self.instances from slave' do
+    it 'returns an array of users' do
+      usernames = provider.class.instances.map(&:username)
+      expect(parsed_users).to match_array(usernames)
     end
   end
 
