community.mongodb.mongodb_user – Adds or removes a user from a MongoDB database
community.mongodb.mongodb_user – Adds or removes a user from a MongoDB database
Note
This plugin is part of the community.mongodb collection (version 1.1.1).
To install it use: ansible-galaxy collection install community.mongodb
.
To use it in a playbook, specify: community.mongodb.mongodb_user
.
New in version 1.0.0: of community.mongodb
Synopsis
- Adds or removes a user from a MongoDB database.
Requirements
The below requirements are needed on the host that executes this module.
- pymongo
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
auth_mechanism string |
|
Authentication type. |
connection_options list / elements=raw |
Additional connection options. Supply as a list of dicts or strings containing key value pairs seperated with '='. | |
create_for_localhost_exception path |
This is parmeter is only useful for handling special treatment around the localhost exception. If If this file is NOT present (and If this file is present (and | |
database string / required |
The name of the database to add/remove the user from.
| |
login_database string |
Default: "admin" |
The database where login credentials are stored. |
login_host string |
Default: "localhost" |
The host running MongoDB instance to login to. |
login_password string |
The password used to authenticate with. Required when login_user is specified. | |
login_port integer |
Default: 27017 |
The MongoDB server port to login to. |
login_user string |
The MongoDB user to login with. Required when login_password is specified. | |
name string / required |
The name of the user to add or remove.
| |
password string |
The password to use for the user.
| |
replica_set string |
Replica set to connect to (automatically connects to primary for writes). | |
roles list / elements=raw |
The database user roles valid values could either be one or more of the following strings: 'read', 'readWrite', 'dbAdmin', 'userAdmin', 'clusterAdmin', 'readAnyDatabase', 'readWriteAnyDatabase', 'userAdminAnyDatabase', 'dbAdminAnyDatabase' Or the following dictionary '{ db: DATABASE_NAME, role: ROLE_NAME }'. This param requires pymongo 2.5+. If it is a string, mongodb 2.4+ is also required. If it is a dictionary, mongo 2.6+ is required. | |
ssl boolean |
|
Whether to use an SSL connection when connecting to the database. |
ssl_ca_certs string |
The ssl_ca_certs option takes a path to a CA file. | |
ssl_cert_reqs string |
|
Specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided. |
ssl_certfile string |
Present a client certificate using the ssl_certfile option. | |
ssl_crlfile string |
The ssl_crlfile option takes a path to a CRL file. | |
ssl_keyfile string |
Private key for the client certificate. | |
ssl_pem_passphrase string |
Passphrase to decrypt encrypted private keys. | |
state string |
|
The database user state. |
update_password string |
|
This must be |
Notes
Note
- Requires the pymongo Python package on the remote host, version 2.4.2+. This can be installed using pip or the OS package manager. Newer mongo server versions require newer pymongo versions. @see http://api.mongodb.org/python/current/installation.html
Examples
- name: Create 'burgers' database user with name 'bob' and password '12345'.
community.mongodb.mongodb_user:
database: burgers
name: bob
password: 12345
state: present
- name: Create a database user via SSL (MongoDB must be compiled with the SSL option and configured properly)
community.mongodb.mongodb_user:
database: burgers
name: bob
password: 12345
state: present
ssl: True
- name: Delete 'burgers' database user with name 'bob'.
community.mongodb.mongodb_user:
database: burgers
name: bob
state: absent
- name: Define more users with various specific roles (if not defined, no roles is assigned, and the user will be added via pre mongo 2.2 style)
community.mongodb.mongodb_user:
database: burgers
name: ben
password: 12345
roles: read
state: present
- name: Define roles
community.mongodb.mongodb_user:
database: burgers
name: jim
password: 12345
roles: readWrite,dbAdmin,userAdmin
state: present
- name: Define roles
community.mongodb.mongodb_user:
database: burgers
name: joe
password: 12345
roles: readWriteAnyDatabase
state: present
- name: Add a user to database in a replica set, the primary server is automatically discovered and written to
community.mongodb.mongodb_user:
database: burgers
name: bob
replica_set: belcher
password: 12345
roles: readWriteAnyDatabase
state: present
# add a user 'oplog_reader' with read only access to the 'local' database on the replica_set 'belcher'. This is useful for oplog access (MONGO_OPLOG_URL).
# please notice the credentials must be added to the 'admin' database because the 'local' database is not synchronized and can't receive user credentials
# To login with such user, the connection string should be MONGO_OPLOG_URL="mongodb://oplog_reader:oplog_reader_password@server1,server2/local?authSource=admin"
# This syntax requires mongodb 2.6+ and pymongo 2.5+
- name: Roles as a dictionary
community.mongodb.mongodb_user:
login_user: root
login_password: root_password
database: admin
user: oplog_reader
password: oplog_reader_password
state: present
replica_set: belcher
roles:
- db: local
role: read
- name: Adding a user with X.509 Member Authentication
community.mongodb.mongodb_user:
login_host: "mongodb-host.test"
login_port: 27001
login_database: "$external"
database: "admin"
name: "admin"
password: "test"
roles:
- dbAdminAnyDatabase
ssl: true
ssl_ca_certs: "/tmp/ca.crt"
ssl_certfile: "/tmp/tls.key" #cert and key in one file
state: present
auth_mechanism: "MONGODB-X509"
connection_options:
- "tlsAllowInvalidHostnames=true"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description |
---|---|---|
user string |
success |
The name of the user to add or remove.
|
Authors
- Elliott Foster (@elliotttf)
- Julien Thebault (@Lujeni)
© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/mongodb/mongodb_user_module.html