[BUG] mongodb_user.present state overwrites password even though state is run in test mode (regression)

[anitakrueger]

Description

When a mongodb user has already been created, the mongodb_user.present state will overwrite a users password and roles even though it is run in test mode (either via state.test or test=True).

Setup

Create a mongodb user with the mongodb_user.present state like this:

sls/mongodb/user.sls

mongodb_user_present_testuser:
  mongodb_user.present:
  - name: testuser
  - passwd: verysecret
  - database: testdb
  - user: admin
  - password: adminpassword
  - roles: ['readWrite']
  - authdb: testdb
  - host: mongo.local
  - port: 27017

sudo salt 'mongo' state.apply mongodb.user

The user will be created.

Now change the password in the user.sls state:

mongodb_user_present_testuser:
  mongodb_user.present:
  - name: testuser
  - passwd: evenmoresecret
  - database: testdb
  - user: admin
  - password: adminpassword
  - roles: ['readWrite']
  - authdb: testdb
  - host: mongo.local
  - port: 27017

Then run the test state to see what should happen:

-bash-4.2$ sudo salt 'mongodb' state.apply mongodb.users test=True
mongodb:

Summary for mongodb
-------------
Succeeded: 1
Failed:     0
-------------
Total states run:     1
Total run time:    2.696 s

And e voila, the password is changed.

Steps to Reproduce the behavior

There are no debug logs, just info:

2021-12-10 07:46:55,027 [salt.state                                                             ][INFO    ] Executing state mongodb_user.present for [testuser]
2021-12-10 07:46:55,061 [salt.loaded.int.module.mongodb                                         ][INFO    ] Creating user testuser
2021-12-10 07:46:55,064 [salt.state                                                             ][INFO    ] User testuser is already present
2021-12-10 07:46:55,064 [salt.state                                                             ][INFO    ] Completed state [testuser] at time 07:46:55.064170 (duration_in_ms=38.527)

Expected behavior

When running with state.test or test=True, nothing should happen.

Versions Report

Salt Version:
          Salt: 3004

Dependency Versions:
          cffi: 1.14.5
      cherrypy: 18.6.0
      dateutil: 2.8.1
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 2.11.1
       libgit2: Not Installed
      M2Crypto: 0.35.2
          Mako: Not Installed
       msgpack: 0.6.2
  msgpack-pure: Not Installed
  mysql-python: 1.4.6
     pycparser: 2.20
      pycrypto: 3.10.1
  pycryptodome: Not Installed
        pygit2: Not Installed
        Python: 3.6.8 (default, Aug  7 2019, 17:28:10)
  python-gnupg: Not Installed
        PyYAML: 5.4.1
         PyZMQ: 17.0.0
         smmap: Not Installed
       timelib: Not Installed
       Tornado: 4.5.3
           ZMQ: 4.1.4

System Versions:
          dist: centos 7 Core
        locale: UTF-8
       machine: x86_64
       release: 3.10.0-1062.4.1.el7.x86_64
        system: Linux
       version: CentOS Linux 7 Core

Additional context

The issue seems to be here: https://github.com/saltstack/salt/blob/master/salt/states/mongodb_user.py#L133
No check for __opts__["test"] is done like for when a new user is supposed to be created: https://github.com/saltstack/salt/blob/master/salt/states/mongodb_user.py#L133

So the module mongodb.user_create is run which in turn runs an add_user on the mdb connection and that updates passwords and roles.

I do recall this not always being the case and looking in the develop branch, there is a check for __opts__['test']: https://github.com/saltstack/salt/blob/develop/salt/states/mongodb_user.py#L124

This has caused a production outage in our case, because we ran the test state while our secret management system wasn't available (because of #61191) so our state generated all new passwords and updated all mongodb users with the new passwords even though we thought we only ran in test mode.