diff --git a/REFERENCE.md b/REFERENCE.md
index d25a6b4be..0240909a4 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -1185,6 +1185,7 @@ The following parameters are available in the `mongodb::server` class:
* [`tls_conn_without_cert`](#-mongodb--server--tls_conn_without_cert)
* [`tls_invalid_hostnames`](#-mongodb--server--tls_invalid_hostnames)
* [`tls_mode`](#-mongodb--server--tls_mode)
+* [`admin_password_hash`](#-mongodb--server--admin_password_hash)
* [`ensure`](#-mongodb--server--ensure)
* [`user`](#-mongodb--server--user)
* [`group`](#-mongodb--server--group)
@@ -1315,6 +1316,14 @@ Defines if TLS is used for all network connections. Allowed values are 'requireT
Default value: `'requireTLS'`
+##### `admin_password_hash`
+
+Data type: `Optional[Variant[String[1], Sensitive[String[1]]]]`
+
+Hashed password. Hex encoded md5 hash of mongodb password.
+
+Default value: `undef`
+
##### `ensure`
Data type: `Variant[Boolean, String]`
diff --git a/manifests/server.pp b/manifests/server.pp
index 3d094998a..e64eb600a 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -12,95 +12,98 @@
# Set to true to disable the validation of the hostnames in TLS certificates.
# @param tls_mode
# Defines if TLS is used for all network connections. Allowed values are 'requireTLS', 'preferTLS' or 'allowTLS'.
+# @param admin_password_hash
+# Hashed password. Hex encoded md5 hash of mongodb password.
#
class mongodb::server (
- Variant[Boolean, String] $ensure = $mongodb::params::ensure,
- String $user = $mongodb::params::user,
- String $group = $mongodb::params::group,
- Stdlib::Absolutepath $config = $mongodb::params::config,
- Stdlib::Absolutepath $dbpath = $mongodb::params::dbpath,
- Boolean $dbpath_fix = $mongodb::params::dbpath_fix,
- Optional[Stdlib::Absolutepath] $pidfilepath = $mongodb::params::pidfilepath,
- String $pidfilemode = $mongodb::params::pidfilemode,
- Boolean $manage_pidfile = $mongodb::params::manage_pidfile,
- String $rcfile = $mongodb::params::rcfile,
- Boolean $service_manage = $mongodb::params::service_manage,
- Optional[String] $service_provider = $mongodb::params::service_provider,
- Optional[String] $service_name = $mongodb::params::service_name,
- Boolean $service_enable = $mongodb::params::service_enable,
- Enum['stopped', 'running'] $service_ensure = $mongodb::params::service_ensure,
- Optional[Enum['stopped', 'running']] $service_status = $mongodb::params::service_status,
- Variant[Boolean, String] $package_ensure = $mongodb::params::package_ensure,
- String $package_name = $mongodb::params::server_package_name,
- Variant[Boolean, Stdlib::Absolutepath] $logpath = $mongodb::params::logpath,
- Array[Stdlib::IP::Address] $bind_ip = $mongodb::params::bind_ip,
- Optional[Boolean] $ipv6 = undef,
- Boolean $logappend = true,
- Optional[String] $system_logrotate = undef,
- Optional[Boolean] $fork = $mongodb::params::fork,
- Optional[Integer[1, 65535]] $port = undef,
- Optional[Boolean] $journal = $mongodb::params::journal,
- Optional[Boolean] $nojournal = undef,
- Optional[Boolean] $smallfiles = undef,
- Optional[Boolean] $cpu = undef,
- Boolean $auth = false,
- Optional[Boolean] $noauth = undef,
- Optional[Boolean] $verbose = undef,
- Optional[String] $verbositylevel = undef,
- Optional[Boolean] $objcheck = undef,
- Optional[Boolean] $quota = undef,
- Optional[Integer] $quotafiles = undef,
- Optional[Integer[0, 7]] $diaglog = undef,
- Optional[Boolean] $directoryperdb = undef,
- $profile = undef,
- Optional[Integer] $maxconns = undef,
- Optional[Integer] $oplog_size = undef,
- $nohints = undef,
- Optional[Boolean] $nohttpinterface = undef,
- Optional[Boolean] $noscripting = undef,
- Optional[Boolean] $notablescan = undef,
- Optional[Boolean] $noprealloc = undef,
- Optional[Integer] $nssize = undef,
- $mms_token = undef,
- $mms_name = undef,
- $mms_interval = undef,
- Optional[String] $replset = undef,
- Optional[Hash] $replset_config = undef,
- Optional[Array] $replset_members = undef,
- Optional[Boolean] $configsvr = undef,
- Optional[Boolean] $shardsvr = undef,
- Optional[Boolean] $rest = undef,
- Optional[Boolean] $quiet = undef,
- Optional[Integer] $slowms = undef,
- Optional[Stdlib::Absolutepath] $keyfile = undef,
- Optional[Variant[String[6], Sensitive[String[6]]]] $key = undef,
- Optional[Variant[String[1], Array[String[1]]]] $set_parameter = undef,
- Optional[Boolean] $syslog = undef,
- $config_content = undef,
- Optional[String] $config_template = undef,
- Optional[Hash] $config_data = undef,
- Optional[Boolean] $ssl = undef,
- Optional[Stdlib::Absolutepath] $ssl_key = undef,
- Optional[Stdlib::Absolutepath] $ssl_ca = undef,
- Boolean $ssl_weak_cert = false,
- Boolean $ssl_invalid_hostnames = false,
- Enum['requireSSL', 'preferSSL', 'allowSSL'] $ssl_mode = 'requireSSL',
- Boolean $tls = false,
- Optional[Stdlib::Absolutepath] $tls_key = undef,
- Optional[Stdlib::Absolutepath] $tls_ca = undef,
- Boolean $tls_conn_without_cert = false,
- Boolean $tls_invalid_hostnames = false,
- Enum['requireTLS', 'preferTLS', 'allowTLS'] $tls_mode = 'requireTLS',
- Boolean $restart = $mongodb::params::restart,
- Optional[String] $storage_engine = undef,
- Boolean $create_admin = $mongodb::params::create_admin,
- String $admin_username = $mongodb::params::admin_username,
- Optional[Variant[String, Sensitive[String]]] $admin_password = undef,
- Enum['scram_sha_1', 'scram_sha_256'] $admin_auth_mechanism = $mongodb::params::admin_auth_mechanism,
- Boolean $admin_update_password = false,
- Boolean $handle_creds = $mongodb::params::handle_creds,
- Boolean $store_creds = $mongodb::params::store_creds,
- Array $admin_roles = $mongodb::params::admin_roles,
+ Variant[Boolean, String] $ensure = $mongodb::params::ensure,
+ String $user = $mongodb::params::user,
+ String $group = $mongodb::params::group,
+ Stdlib::Absolutepath $config = $mongodb::params::config,
+ Stdlib::Absolutepath $dbpath = $mongodb::params::dbpath,
+ Boolean $dbpath_fix = $mongodb::params::dbpath_fix,
+ Optional[Stdlib::Absolutepath] $pidfilepath = $mongodb::params::pidfilepath,
+ String $pidfilemode = $mongodb::params::pidfilemode,
+ Boolean $manage_pidfile = $mongodb::params::manage_pidfile,
+ String $rcfile = $mongodb::params::rcfile,
+ Boolean $service_manage = $mongodb::params::service_manage,
+ Optional[String] $service_provider = $mongodb::params::service_provider,
+ Optional[String] $service_name = $mongodb::params::service_name,
+ Boolean $service_enable = $mongodb::params::service_enable,
+ Enum['stopped', 'running'] $service_ensure = $mongodb::params::service_ensure,
+ Optional[Enum['stopped', 'running']] $service_status = $mongodb::params::service_status,
+ Variant[Boolean, String] $package_ensure = $mongodb::params::package_ensure,
+ String $package_name = $mongodb::params::server_package_name,
+ Variant[Boolean, Stdlib::Absolutepath] $logpath = $mongodb::params::logpath,
+ Array[Stdlib::IP::Address] $bind_ip = $mongodb::params::bind_ip,
+ Optional[Boolean] $ipv6 = undef,
+ Boolean $logappend = true,
+ Optional[String] $system_logrotate = undef,
+ Optional[Boolean] $fork = $mongodb::params::fork,
+ Optional[Integer[1, 65535]] $port = undef,
+ Optional[Boolean] $journal = $mongodb::params::journal,
+ Optional[Boolean] $nojournal = undef,
+ Optional[Boolean] $smallfiles = undef,
+ Optional[Boolean] $cpu = undef,
+ Boolean $auth = false,
+ Optional[Boolean] $noauth = undef,
+ Optional[Boolean] $verbose = undef,
+ Optional[String] $verbositylevel = undef,
+ Optional[Boolean] $objcheck = undef,
+ Optional[Boolean] $quota = undef,
+ Optional[Integer] $quotafiles = undef,
+ Optional[Integer[0, 7]] $diaglog = undef,
+ Optional[Boolean] $directoryperdb = undef,
+ $profile = undef,
+ Optional[Integer] $maxconns = undef,
+ Optional[Integer] $oplog_size = undef,
+ $nohints = undef,
+ Optional[Boolean] $nohttpinterface = undef,
+ Optional[Boolean] $noscripting = undef,
+ Optional[Boolean] $notablescan = undef,
+ Optional[Boolean] $noprealloc = undef,
+ Optional[Integer] $nssize = undef,
+ $mms_token = undef,
+ $mms_name = undef,
+ $mms_interval = undef,
+ Optional[String] $replset = undef,
+ Optional[Hash] $replset_config = undef,
+ Optional[Array] $replset_members = undef,
+ Optional[Boolean] $configsvr = undef,
+ Optional[Boolean] $shardsvr = undef,
+ Optional[Boolean] $rest = undef,
+ Optional[Boolean] $quiet = undef,
+ Optional[Integer] $slowms = undef,
+ Optional[Stdlib::Absolutepath] $keyfile = undef,
+ Optional[Variant[String[6], Sensitive[String[6]]]] $key = undef,
+ Optional[Variant[String[1], Array[String[1]]]] $set_parameter = undef,
+ Optional[Boolean] $syslog = undef,
+ $config_content = undef,
+ Optional[String] $config_template = undef,
+ Optional[Hash] $config_data = undef,
+ Optional[Boolean] $ssl = undef,
+ Optional[Stdlib::Absolutepath] $ssl_key = undef,
+ Optional[Stdlib::Absolutepath] $ssl_ca = undef,
+ Boolean $ssl_weak_cert = false,
+ Boolean $ssl_invalid_hostnames = false,
+ Enum['requireSSL', 'preferSSL', 'allowSSL'] $ssl_mode = 'requireSSL',
+ Boolean $tls = false,
+ Optional[Stdlib::Absolutepath] $tls_key = undef,
+ Optional[Stdlib::Absolutepath] $tls_ca = undef,
+ Boolean $tls_conn_without_cert = false,
+ Boolean $tls_invalid_hostnames = false,
+ Enum['requireTLS', 'preferTLS', 'allowTLS'] $tls_mode = 'requireTLS',
+ Boolean $restart = $mongodb::params::restart,
+ Optional[String] $storage_engine = undef,
+ Boolean $create_admin = $mongodb::params::create_admin,
+ String $admin_username = $mongodb::params::admin_username,
+ Optional[Variant[String, Sensitive[String]]] $admin_password = undef,
+ Optional[Variant[String[1], Sensitive[String[1]]]] $admin_password_hash = undef,
+ Enum['scram_sha_1', 'scram_sha_256'] $admin_auth_mechanism = $mongodb::params::admin_auth_mechanism,
+ Boolean $admin_update_password = false,
+ Boolean $handle_creds = $mongodb::params::handle_creds,
+ Boolean $store_creds = $mongodb::params::store_creds,
+ Array $admin_roles = $mongodb::params::admin_roles,
) inherits mongodb::params {
contain mongodb::server::install
contain mongodb::server::config
@@ -130,6 +133,7 @@
user => $admin_username,
auth_mechanism => $admin_auth_mechanism,
password => $admin_password_unsensitive,
+ password_hash => $admin_password_hash,
roles => $admin_roles,
update_password => $admin_update_password,
}
diff --git a/spec/classes/server_spec.rb b/spec/classes/server_spec.rb
index e71e86eda..98db5c18e 100644
--- a/spec/classes/server_spec.rb
+++ b/spec/classes/server_spec.rb
@@ -108,6 +108,29 @@
it { is_expected.to contain_mongodb_database('admin').that_requires('Service[mongodb]') }
end
+ describe 'with admin_password_hash => xxx89adfaxd' do
+ let(:params) do
+ {
+ create_admin: true,
+ admin_username: 'admin',
+ admin_password_hash: 'xxx89adfaxd'
+ }
+ end
+
+ it_behaves_like 'server classes'
+
+ it do
+ is_expected.to contain_mongodb__db('admin').
+ with_user('admin').
+ with_password_hash('xxx89adfaxd').
+ with_roles(%w[userAdmin readWrite dbAdmin dbAdminAnyDatabase readAnyDatabase
+ readWriteAnyDatabase userAdminAnyDatabase clusterAdmin clusterManager
+ clusterMonitor hostManager root restore])
+ end
+
+ it { is_expected.to contain_mongodb_database('admin').that_requires('Service[mongodb]') }
+ end
+
describe 'with preset variables' do
let :params do
{