Set correct auth_mechanism for updateUser

JvGinkel · JvGinkel · commit c6bd001c832b · 2023-01-26T21:31:10.000+01:00
Currently the mongodb command `updateUser` defaults to SCRAM-SHA-256 but you can't update these passwords.

And also show an error when the update goes wrong.
diff --git a/lib/puppet/provider/mongodb_user/mongodb.rb b/lib/puppet/provider/mongodb_user/mongodb.rb
@@ -101,10 +101,12 @@ def password_hash=(_value)
       command = {
         updateUser: @resource[:username],
         pwd: @resource[:password_hash],
-        digestPassword: false
+        digestPassword: false,
+        mechanisms: @resource[:auth_mechanism] == :scram_sha_1 ? ['SCRAM-SHA-1'] : ['SCRAM-SHA-256'],
       }
 
-      mongo_eval("db.runCommand(#{command.to_json})", @resource[:database])
+      out = JSON.parse(mongo_eval("db.runCommand(#{command.to_json})", @resource[:database]))
+      raise "Failed update User password for user '#{@resource[:username]}'\n#{out}" if out['ok'].zero?
     else
       Puppet.warning 'User password operations are available only from master host'
     end
diff --git a/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb b/spec/unit/puppet/provider/mongodb_user/mongodb_spec.rb
@@ -93,11 +93,12 @@
       {
           "updateUser":"new_user",
           "pwd":"pass",
-          "digestPassword":false
+          "digestPassword":false,
+          "mechanisms":["SCRAM-SHA-1"]
       }
       EOS
       allow(provider).to receive(:mongo_eval).
-        with("db.runCommand(#{cmd_json})", 'new_database')
+        with("db.runCommand(#{cmd_json})", 'new_database').and_return('{"ok": 1}')
       provider.password_hash = 'newpass'
       expect(provider).to have_received(:mongo_eval)
     end
