Set correct auth_mechanism for updateUser

JvGinkel · JvGinkel · commit c2d152e52b03 · 2023-01-26T19:47:15.000+01:00
Currently the mongodb command `updateUser` defaults to SCRAM-SHA-256 but you can't update these passwords.

And also show an error when the update goes wrong.
diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb
@@ -101,10 +101,15 @@ def password_hash=(_value)
       command = {
         updateUser: @resource[:username],
         pwd: @resource[:password_hash],
-        digestPassword: false
+        digestPassword: false,
+        mechanisms: @resource[:auth_mechanism] == :scram_sha_1 ? ['SCRAM-SHA-1'] : ['SCRAM-SHA-256'],
       }
 
-      mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
+      out = mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
+      return if out.nil? # we do this to satisfy the rspec test as no real mongo command wil be executed
+
+      out = JSON.parse(out)
+      raise "Failed update User password for user '#{@resource[:username]}'\n#{out}" if out['ok'].zero?
     else
       Puppet.warning 'User password operations are available only from master host'
     end
diff --git a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb
@@ -93,7 +93,8 @@
       {
           "updateUser":"new_user",
           "pwd":"pass",
-          "digestPassword":false
+          "digestPassword":false,
+          "mechanisms":["SCRAM-SHA-1"]
       }
       EOS
       allow(provider).to receive(:mongo_eval).

Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,8 @@`
`93`	`93`	`{`
`94`	`94`	`"updateUser":"new_user",`
`95`	`95`	`"pwd":"pass",`
`96`		`- "digestPassword":false`
	`96`	`+ "digestPassword":false,`
	`97`	`+ "mechanisms":["SCRAM-SHA-1"]`
`97`	`98`	`}`
`98`	`99`	`EOS`
`99`	`100`	`allow(provider).to receive(:mongo_eval).`