ansible.builtin.mongodb_user (v2.9.27) — module

Install Ansible via pip

Install with pip install ansible==2.9.27

Description

Adds or removes a user from a MongoDB database.

Requirements

• pymongo

Usage examples

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Create 'burgers' database user with name 'bob' and password '12345'.
- mongodb_user:
    database: burgers
    name: bob
    password: 12345
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Create a database user via SSL (MongoDB must be compiled with the SSL option and configured properly)
- mongodb_user:
    database: burgers
    name: bob
    password: 12345
    state: present
    ssl: True

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Delete 'burgers' database user with name 'bob'.
- mongodb_user:
    database: burgers
    name: bob
    state: absent

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# Define more users with various specific roles (if not defined, no roles is assigned, and the user will be added via pre mongo 2.2 style)
- mongodb_user:
    database: burgers
    name: ben
    password: 12345
    roles: read
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- mongodb_user:
    database: burgers
    name: jim
    password: 12345
    roles: readWrite,dbAdmin,userAdmin
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

- mongodb_user:
    database: burgers
    name: joe
    password: 12345
    roles: readWriteAnyDatabase
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# add a user to database in a replica set, the primary server is automatically discovered and written to
- mongodb_user:
    database: burgers
    name: bob
    replica_set: belcher
    password: 12345
    roles: readWriteAnyDatabase
    state: present

Scanned by Steampunk Spotter

• Success
  Steampunk Spotter scan finished with no errors, warnings or hints.

# add a user 'oplog_reader' with read only access to the 'local' database on the replica_set 'belcher'. This is useful for oplog access (MONGO_OPLOG_URL).
# please notice the credentials must be added to the 'admin' database because the 'local' database is not synchronized and can't receive user credentials
# To login with such user, the connection string should be MONGO_OPLOG_URL="mongodb://oplog_reader:oplog_reader_password@server1,server2/local?authSource=admin"
# This syntax requires mongodb 2.6+ and pymongo 2.5+
- mongodb_user:
    login_user: root
    login_password: root_password
    database: admin
    user: oplog_reader
    password: oplog_reader_password
    state: present
    replica_set: belcher
    roles:
      - db: local
        role: read

Inputs

    
ssl:
    description:
    - Whether to use an SSL connection when connecting to the database
    type: bool
    version_added: '1.8'
    version_added_collection: ansible.builtin

name:
    aliases:
    - user
    description:
    - The name of the user to add or remove
    required: true

roles:
    description:
    - 'The database user roles valid values could either be one or more of the following
      strings: ''read'', ''readWrite'', ''dbAdmin'', ''userAdmin'', ''clusterAdmin'',
      ''readAnyDatabase'', ''readWriteAnyDatabase'', ''userAdminAnyDatabase'', ''dbAdminAnyDatabase''

      '
    - 'Or the following dictionary ''{ db: DATABASE_NAME, role: ROLE_NAME }''.'
    - This param requires pymongo 2.5+. If it is a string, mongodb 2.4+ is also required.
      If it is a dictionary, mongo 2.6+  is required.
    version_added: '1.3'
    version_added_collection: ansible.builtin

state:
    choices:
    - present
    - absent
    default: present
    description:
    - The database user state

database:
    description:
    - The name of the database to add/remove the user from
    required: true

password:
    description:
    - The password to use for the user

login_host:
    default: localhost
    description:
    - The host running the database

login_port:
    default: 27017
    description:
    - The port to connect to

login_user:
    description:
    - The username used to authenticate with

replica_set:
    description:
    - Replica set to connect to (automatically connects to primary for writes)
    version_added: '1.6'
    version_added_collection: ansible.builtin

ssl_cert_reqs:
    choices:
    - CERT_REQUIRED
    - CERT_OPTIONAL
    - CERT_NONE
    default: CERT_REQUIRED
    description:
    - Specifies whether a certificate is required from the other side of the connection,
      and whether it will be validated if provided.
    version_added: '2.2'
    version_added_collection: ansible.builtin

login_database:
    description:
    - The database where login credentials are stored
    version_added: '2.0'
    version_added_collection: ansible.builtin

login_password:
    description:
    - The password used to authenticate with

update_password:
    choices:
    - always
    - on_create
    default: always
    description:
    - C(always) will update passwords if they differ.  C(on_create) will only set the
      password for newly created users.
    version_added: '2.1'
    version_added_collection: ansible.builtin

Outputs

user:
  description: The name of the user to add or remove.
  returned: success
  type: str