Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New module to manage mongodb roles/privileges #19686

Closed
wants to merge 1 commit into from
Closed

New module to manage mongodb roles/privileges #19686

wants to merge 1 commit into from

Conversation

Lujeni
Copy link
Contributor

@Lujeni Lujeni commented Dec 26, 2016

Context

User administrators can create custom roles to ensure collection-level and command-level granularity and to adhere to the policy of least privilege. Administrators create and edit roles using this module.

Tests

Env

python: 2.7.9
pymongo: 2.8 & 3.0.3
mongodb: 3.x

Ansible

# create the role + 1 privilege (insert+find)
python ansible/hacking/test-module -m ./ansible-modules-extras/database/misc/mongodb_role.py -a "name=foo_find db=foo privilege_db=foo privilege_collection=foobar privilege_actions='find,insert' state='present'"

# update the privilege to support only find
python ansible/hacking/test-module -m ./ansible-modules-extras/database/misc/mongodb_role.py -a "name=foo_find db=foo privilege_db=foo privilege_collection=foobar privilege_actions='find' state='present'"

# create a new privilege (foo) on the same role
python ansible/hacking/test-module -m ./ansible-modules-extras/database/misc/mongodb_role.py -a "name=foo_find db=foo privilege_db=foo privilege_collection=foo privilege_actions='find,insert' state='present'"

# drop the first privilege (foobar)
python ansible/hacking/test-module -m ./ansible-modules-extras/database/misc/mongodb_role.py -a "name=foo_find db=foo privilege_db=foo privilege_collection=foobar privilege_actions='find,insert' state='present' privilege_state='absent'"

# drop the second privilege (foo).
python ansible/hacking/test-module -m ./ansible-modules-extras/database/misc/mongodb_role.py -a "name=foo_find db=foo privilege_db=foo privilege_collection=foo privilege_actions='find,insert' state='present' privilege_state='absent'"

# add a new privilege when the role is empty.
python ansible/hacking/test-module -m ./ansible-modules-extras/database/misc/mongodb_role.py -a "name=foo_find db=foo privilege_db=foo privilege_collection=foobar privilege_actions='find,insert' state='present'"

# drop the role.
python ansible/hacking/test-module -m ./ansible-modules-extras/database/misc/mongodb_role.py -a "name=foo_find db=foo privilege_db=foo privilege_collection=foobar privilege_actions='find,insert' state='absent'"

Mongodb

> db.createUser({name: 'ansible', pwd: 'ansible', roles: ['foo_find']}
> use foo
> db.auth('ansible', 'ansible')
> db.foobar.insert({})
WriteResult({
    "writeError" : {
        "code" : 13,
        "errmsg" : "not authorized on foo to execute command { insert: \"foobar\", documents: ...."
    }
})

Thanks

@Lujeni
Copy link
Contributor Author

Lujeni commented Dec 26, 2016

Migrated from ansible/ansible-modules-extras#1178

@ansibot ansibot added affects_2.3 This issue/PR affects Ansible v2.3 module This issue/PR relates to a module. needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. needs_triage Needs a first human triage before being processed. new_plugin This PR includes a new plugin. plugin labels Dec 26, 2016
@jimi-c jimi-c removed the plugin label Jan 4, 2017
@abadger abadger changed the title New role to manage mongodb roles/privileges New module to manage mongodb roles/privileges Jan 5, 2017
@abadger abadger added new_module This PR includes a new module. community_review In order to be merged, this PR must follow the community review workflow. and removed needs_triage Needs a first human triage before being processed. new_plugin This PR includes a new plugin. labels Jan 5, 2017
@abadger
Copy link
Contributor

abadger commented Jan 5, 2017

Note, ansibot has marked this as needs_revision because it's failing tests. The shippable run shows:

2016-12-26 17:47:26 Compile with Python 3.5
2016-12-26 17:47:26 Run command: python3.5 -m compileall -fq -x /.tox/ ./lib/ansible/modules/database/misc/mongodb_role.py
2016-12-26 17:47:32 *** Error compiling './lib/ansible/modules/database/misc/mongodb_role.py'...
2016-12-26 17:47:32   File "./lib/ansible/modules/database/misc/mongodb_role.py", line 239
2016-12-26 17:47:32     except OperationFailure, e:
2016-12-26 17:47:32                            ^
2016-12-26 17:47:32 SyntaxError: invalid syntax
2016-12-26 17:47:32 
2016-12-26 17:47:32 ERROR: Command "python3.5 -m compileall -fq -x /.tox/ ./lib/ansible/modules/database/misc/mongodb_role.py" returned exit status 1.

@ansibot ansibot added new_module This PR includes a new module. and removed community_review In order to be merged, this PR must follow the community review workflow. labels Jan 5, 2017
@mattclay mattclay added the ci_verified Changes made in this PR are causing tests to fail. label Feb 1, 2017
@Lujeni
Copy link
Contributor Author

Lujeni commented Feb 10, 2017

Hello @abadger,

How i can managed the python3.5 and the compat with old versions ?
Python 2.4 or 2.6 doesn't support the syntax with the as keyword i guess.

@ansibot
Copy link
Contributor

ansibot commented Apr 11, 2017

@Lujeni Greetings! Thanks for taking the time to open this pullrequest. In order for the community to handle your pullrequest effectively, we need a bit more information.

Here are the items we could not find in your description:

  • issue type

Please set the description of this pullrequest with this template:
https://raw.githubusercontent.com/ansible/ansible/devel/.github/PULL_REQUEST_TEMPLATE.md

click here for bot help

@ansibot ansibot added needs_info This issue requires further information. Please answer any outstanding questions. needs_template This issue/PR has an incomplete description. Please fill in the proposed template correctly. stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. labels Apr 11, 2017
@ansibot ansibot added the support:community This issue/PR relates to code supported by the Ansible community. label Jun 29, 2017
@ansibot ansibot removed needs_info This issue requires further information. Please answer any outstanding questions. needs_template This issue/PR has an incomplete description. Please fill in the proposed template correctly. labels Nov 22, 2017
@dagwieers dagwieers added the mongodb MongoDB community label Jan 28, 2019
@dagwieers dagwieers added the database Database category label Feb 13, 2019
@ansibot ansibot added collection Related to Ansible Collections work collection:community.general labels Apr 29, 2020
@ansibot ansibot added the needs_collection_redirect https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md label Apr 29, 2020
@ansibot
Copy link
Contributor

ansibot commented Aug 17, 2020

Thank you very much for your interest in Ansible. Ansible has migrated much of the content into separate repositories to allow for more rapid, independent development. We are closing this issue/PR because this content has been moved to one or more collection repositories.

For further information, please see:
https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md

@ansibot ansibot closed this Aug 17, 2020
@ansible ansible locked and limited conversation to collaborators Sep 14, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
affects_2.3 This issue/PR affects Ansible v2.3 bot_closed ci_verified Changes made in this PR are causing tests to fail. collection:community.general collection Related to Ansible Collections work database Database category module This issue/PR relates to a module. mongodb MongoDB community needs_collection_redirect https://github.com/ansible/ansibullbot/blob/master/docs/collection_migration.md needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. new_module This PR includes a new module. stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@Lujeni @abadger @ansibot @jimi-c @dagwieers @mattclay