Merge pull request #760 from stevenpost/admin_password/fix

Backslashes in a password need to be escaped

Author: h-haaks

spec/acceptance/server_spec.rb

@@ -85,6 +85,24 @@ class { 'mongodb::globals':
   end
 
   describe 'installation using authentication' do
+    after :all do
+      pp = <<-EOS
+        class { 'mongodb::globals':
+          #{repo_ver_param}
+        }
+        -> class { 'mongodb::server':
+          ensure         => absent,
+          package_ensure => purged,
+          service_ensure => stopped
+        }
+        -> class { 'mongodb::client':
+          ensure => purged
+        }
+      EOS
+
+      apply_manifest(pp, catch_failures: true)
+    end
+
     it 'works with no errors' do
       pp = <<-EOS
         class { 'mongodb::globals':
@@ -154,6 +172,67 @@ class { 'mongodb::globals':
     end
   end
 
+  describe 'installation using authentication with complex password' do
+    it 'works with no errors' do
+      pp = <<-EOS
+        class { 'mongodb::globals':
+        #{repo_ver_param}
+        }
+        -> class { 'mongodb::server':
+          auth           => true,
+          create_admin   => true,
+          handle_creds   => true,
+          store_creds    => true,
+          admin_username => 'admin',
+          admin_password => 'admin_\\\\_\\'_"_&_password',
+          restart        => true,
+        }
+        class { 'mongodb::client': }
+      EOS
+
+      apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: true)
+    end
+
+    describe package(package_name) do
+      it { is_expected.to be_installed }
+    end
+
+    describe file(config_file) do
+      it { is_expected.to be_file }
+    end
+
+    describe service(service_name) do
+      it { is_expected.to be_enabled }
+      it { is_expected.to be_running }
+    end
+
+    describe port(27_017) do
+      it { is_expected.to be_listening }
+    end
+
+    describe command('mongosh --quiet --eval "db.serverCmdLineOpts().ok"') do
+      its(:stderr) { is_expected.to match %r{requires authentication} }
+    end
+
+    describe file('/root/.mongoshrc.js') do
+      it { is_expected.to be_file }
+      it { is_expected.to be_owned_by 'root' }
+      it { is_expected.to be_grouped_into 'root' }
+      it { is_expected.to be_mode 600 }
+      it { is_expected.to contain 'admin.auth(\'admin\', \'admin_\\\\_\\\'_"_&_password\')' }
+    end
+
+    describe command("mongosh admin --quiet --eval \"load('/root/.mongoshrc.js');EJSON.stringify(db.getUser('admin')['customData'])\"") do
+      its(:exit_status) { is_expected.to eq 0 }
+      its(:stdout) { is_expected.to match "{\"createdBy\":\"Puppet Mongodb_user['User admin on db admin']\"}\n" }
+    end
+
+    describe command('mongod --version') do
+      its(:exit_status) { is_expected.to eq 0 }
+    end
+  end
+
   describe 'uninstallation' do
     it 'uninstalls mongodb' do
       pp = <<-EOS

spec/classes/server_spec.rb

@@ -452,6 +452,22 @@
               with_mode('0600').
               with_content(%r{admin\.auth\('admin', 'password'\)})
           }
+
+          context 'with complex password' do
+            let :params do
+              {
+                admin_username: 'admin',
+                admin_password: 'complex_\\_\'_"_&_password',
+                auth: true,
+                store_creds: true
+              }
+            end
+
+            it {
+              is_expected.to contain_file('/root/.mongoshrc.js').
+                with_content(%r{admin\.auth\('admin', 'complex_\\\\_\\'_"_&_password'\)})
+            }
+          end
         end
 
         context 'false' do

templates/mongoshrc.js.erb

@@ -34,7 +34,7 @@ if (authRequired()) {
   <%- end -%>
   try {
     admin = db.getSiblingDB('admin')
-    admin.auth('<%= @admin_username %>', '<%= @admin_password_unsensitive %>')
+    admin.auth('<%= @admin_username %>', '<%= @admin_password_unsensitive.gsub('\\','\\\\\\\\').gsub("'","\\\\'") %>')
   }
   catch (err) {
     // Silently ignore this error, we can't really do anything about it.