Set correct auth_mechanism for updateUser

Currently the mongodb command `updateUser` defaults to SCRAM-SHA-256 but you can't update these passwords. And also show an error when the update goes wrong.
voxpupuli · Jan 26, 2023 · 1658799 · 1658799
1 parent 60e16ce
commit 1658799
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb
@@ -101,10 +101,12 @@ def password_hash=(_value)
       command = {
         updateUser: @resource[:username],
         pwd: @resource[:password_hash],
-        digestPassword: false
+        digestPassword: false,
+        mechanisms: @resource[:auth_mechanism] == :scram_sha_1 ? ['SCRAM-SHA-1'] : ['SCRAM-SHA-256'],
       }
 
-      mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
+      out = JSON.parse(mongo_eval("db.runCommand(#{command.to_json})", @resource[:database]))
+      raise "Failed update User password for user '#{@resource[:username]}'\n#{out}" if out['ok'].zero?
     else
       Puppet.warning 'User password operations are available only from master host'
     end

diff --git a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb
@@ -93,7 +93,8 @@
       {
           "updateUser":"new_user",
           "pwd":"pass",
-          "digestPassword":false
+          "digestPassword":false,
+          "mechanisms":["SCRAM-SHA-1"]
       }
       EOS
       allow(provider).to receive(:mongo_eval).