From 69819c56a927fc574b2803dd1864ccddfacc2324 Mon Sep 17 00:00:00 2001 From: Aleksandr Makhov Date: Thu, 27 Oct 2022 13:22:59 +0200 Subject: [PATCH 1/4] Add mechanism (SHA-1) to password_hash command --- lib/puppet/provider/mongodb_user/mongodb.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb index 07762fd57..b9b7da380 100644 --- a/lib/puppet/provider/mongodb_user/mongodb.rb +++ b/lib/puppet/provider/mongodb_user/mongodb.rb @@ -103,6 +103,7 @@ def password_hash=(_value) pwd: @resource[:password_hash], digestPassword: false } + command[:mechanisms] = ['SCRAM-SHA-1'] mongo_eval("db.runCommand(#{command.to_json})", @resource[:database]) else From 7f381ae7d28a1aa9668faaf59e1207177f71759d Mon Sep 17 00:00:00 2001 From: Aleksandr Makhov Date: Thu, 27 Oct 2022 13:31:59 +0200 Subject: [PATCH 2/4] roll back on master --- lib/puppet/provider/mongodb_user/mongodb.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb index b9b7da380..07762fd57 100644 --- a/lib/puppet/provider/mongodb_user/mongodb.rb +++ b/lib/puppet/provider/mongodb_user/mongodb.rb @@ -103,7 +103,6 @@ def password_hash=(_value) pwd: @resource[:password_hash], digestPassword: false } - command[:mechanisms] = ['SCRAM-SHA-1'] mongo_eval("db.runCommand(#{command.to_json})", @resource[:database]) else From d46d3ef8d79f284d598d68e2d39c321a53918144 Mon Sep 17 00:00:00 2001 From: Aleksandr Makhov Date: Thu, 27 Oct 2022 13:32:44 +0200 Subject: [PATCH 3/4] Add mechanism (SHA-1) to password_hash command --- lib/puppet/provider/mongodb_user/mongodb.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb index 07762fd57..b9b7da380 100644 --- a/lib/puppet/provider/mongodb_user/mongodb.rb +++ b/lib/puppet/provider/mongodb_user/mongodb.rb @@ -103,6 +103,7 @@ def password_hash=(_value) pwd: @resource[:password_hash], digestPassword: false } + command[:mechanisms] = ['SCRAM-SHA-1'] mongo_eval("db.runCommand(#{command.to_json})", @resource[:database]) else From 6d3cc7368bbf9849223a7f1e3443104c8dbf5548 Mon Sep 17 00:00:00 2001 From: Aleksandr Makhov Date: Thu, 27 Oct 2022 14:56:33 +0200 Subject: [PATCH 4/4] Add mechanism (default SHA1) to password_hash command According the ussie #649, the module ignore changes in passwrd hashes. Add the mechanism parameter to the password_hash command Changed unit test to mongodb_user due to new expected line generated for password_hash command. --- lib/puppet/provider/mongodb_user/mongodb.rb | 2 +- spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb index b9b7da380..513169e26 100644 --- a/lib/puppet/provider/mongodb_user/mongodb.rb +++ b/lib/puppet/provider/mongodb_user/mongodb.rb @@ -103,7 +103,7 @@ def password_hash=(_value) pwd: @resource[:password_hash], digestPassword: false } - command[:mechanisms] = ['SCRAM-SHA-1'] + command[:mechanisms] = @resource[:auth_mechanism] == :scram_sha_1 ? ['SCRAM-SHA-1'] : ['SCRAM-SHA-256'] mongo_eval("db.runCommand(#{command.to_json})", @resource[:database]) else diff --git a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb index 197605108..677db7e00 100644 --- a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb +++ b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb @@ -93,7 +93,8 @@ { "updateUser":"new_user", "pwd":"pass", - "digestPassword":false + "digestPassword":false, + "mechanisms":["SCRAM-SHA-1"] } EOS allow(provider).to receive(:mongo_eval).