Skip to content

Commit

Permalink
Merge pull request #760 from stevenpost/admin_password/fix
Browse files Browse the repository at this point in the history
Backslashes in a password need to be escaped
  • Loading branch information
h-haaks authored May 7, 2024
2 parents 3c22469 + 2ab8ca2 commit d1f5c38
Show file tree
Hide file tree
Showing 3 changed files with 96 additions and 1 deletion.
79 changes: 79 additions & 0 deletions spec/acceptance/server_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,24 @@ class { 'mongodb::globals':
end

describe 'installation using authentication' do
after :all do
pp = <<-EOS
class { 'mongodb::globals':
#{repo_ver_param}
}
-> class { 'mongodb::server':
ensure => absent,
package_ensure => purged,
service_ensure => stopped
}
-> class { 'mongodb::client':
ensure => purged
}
EOS

apply_manifest(pp, catch_failures: true)
end

it 'works with no errors' do
pp = <<-EOS
class { 'mongodb::globals':
Expand Down Expand Up @@ -154,6 +172,67 @@ class { 'mongodb::globals':
end
end

describe 'installation using authentication with complex password' do
it 'works with no errors' do
pp = <<-EOS
class { 'mongodb::globals':
#{repo_ver_param}
}
-> class { 'mongodb::server':
auth => true,
create_admin => true,
handle_creds => true,
store_creds => true,
admin_username => 'admin',
admin_password => 'admin_\\\\_\\'_"_&_password',
restart => true,
}
class { 'mongodb::client': }
EOS

apply_manifest(pp, catch_failures: true)
apply_manifest(pp, catch_changes: true)
end

describe package(package_name) do
it { is_expected.to be_installed }
end

describe file(config_file) do
it { is_expected.to be_file }
end

describe service(service_name) do
it { is_expected.to be_enabled }
it { is_expected.to be_running }
end

describe port(27_017) do
it { is_expected.to be_listening }
end

describe command('mongosh --quiet --eval "db.serverCmdLineOpts().ok"') do
its(:stderr) { is_expected.to match %r{requires authentication} }
end

describe file('/root/.mongoshrc.js') do
it { is_expected.to be_file }
it { is_expected.to be_owned_by 'root' }
it { is_expected.to be_grouped_into 'root' }
it { is_expected.to be_mode 600 }
it { is_expected.to contain 'admin.auth(\'admin\', \'admin_\\\\_\\\'_"_&_password\')' }
end

describe command("mongosh admin --quiet --eval \"load('/root/.mongoshrc.js');EJSON.stringify(db.getUser('admin')['customData'])\"") do
its(:exit_status) { is_expected.to eq 0 }
its(:stdout) { is_expected.to match "{\"createdBy\":\"Puppet Mongodb_user['User admin on db admin']\"}\n" }
end

describe command('mongod --version') do
its(:exit_status) { is_expected.to eq 0 }
end
end

describe 'uninstallation' do
it 'uninstalls mongodb' do
pp = <<-EOS
Expand Down
16 changes: 16 additions & 0 deletions spec/classes/server_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -452,6 +452,22 @@
with_mode('0600').
with_content(%r{admin\.auth\('admin', 'password'\)})
}

context 'with complex password' do
let :params do
{
admin_username: 'admin',
admin_password: 'complex_\\_\'_"_&_password',
auth: true,
store_creds: true
}
end

it {
is_expected.to contain_file('/root/.mongoshrc.js').
with_content(%r{admin\.auth\('admin', 'complex_\\\\_\\'_"_&_password'\)})
}
end
end

context 'false' do
Expand Down
2 changes: 1 addition & 1 deletion templates/mongoshrc.js.erb
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ if (authRequired()) {
<%- end -%>
try {
admin = db.getSiblingDB('admin')
admin.auth('<%= @admin_username %>', '<%= @admin_password_unsensitive %>')
admin.auth('<%= @admin_username %>', '<%= @admin_password_unsensitive.gsub('\\','\\\\\\\\').gsub("'","\\\\'") %>')
}
catch (err) {
// Silently ignore this error, we can't really do anything about it.
Expand Down

0 comments on commit d1f5c38

Please sign in to comment.