community / community.mongodb / 1.6.1 / module / mongodb_user Adds or removes a user from a MongoDB database | "added in version" 1.0.0 of community.mongodb" Authors: Elliott Foster (@elliotttf), Julien Thebault (@Lujeni)community.mongodb.mongodb_user (1.6.1) — module
Install with ansible-galaxy collection install community.mongodb:==1.6.1
collections: - name: community.mongodb version: 1.6.1
Adds or removes a user from a MongoDB database.
- name: Create 'burgers' database user with name 'bob' and password '12345'. community.mongodb.mongodb_user: database: burgers name: bob password: 12345 state: present
- name: Create a database user via SSL (MongoDB must be compiled with the SSL option and configured properly) community.mongodb.mongodb_user: database: burgers name: bob password: 12345 state: present ssl: True
- name: Delete 'burgers' database user with name 'bob'. community.mongodb.mongodb_user: database: burgers name: bob state: absent
- name: Define more users with various specific roles (if not defined, no roles is assigned, and the user will be added via pre mongo 2.2 style) community.mongodb.mongodb_user: database: burgers name: ben password: 12345 roles: read state: present
- name: Define roles community.mongodb.mongodb_user: database: burgers name: jim password: 12345 roles: readWrite,dbAdmin,userAdmin state: present
- name: Define roles community.mongodb.mongodb_user: database: burgers name: joe password: 12345 roles: readWriteAnyDatabase state: present
- name: Add a user to database in a replica set, the primary server is automatically discovered and written to community.mongodb.mongodb_user: database: burgers name: bob replica_set: belcher password: 12345 roles: readWriteAnyDatabase state: present
# add a user 'oplog_reader' with read only access to the 'local' database on the replica_set 'belcher'. This is useful for oplog access (MONGO_OPLOG_URL). # please notice the credentials must be added to the 'admin' database because the 'local' database is not synchronized and can't receive user credentials # To login with such user, the connection string should be MONGO_OPLOG_URL="mongodb://oplog_reader:oplog_reader_password@server1,server2/local?authSource=admin" # This syntax requires mongodb 2.6+ and pymongo 2.5+ - name: Roles as a dictionary community.mongodb.mongodb_user: login_user: root login_password: root_password database: admin user: oplog_reader password: oplog_reader_password state: present replica_set: belcher roles: - db: local role: read
- name: Adding a user with X.509 Member Authentication community.mongodb.mongodb_user: login_host: "mongodb-host.test" login_port: 27001 login_database: "$external" database: "admin" name: "admin" password: "test" roles: - dbAdminAnyDatabase ssl: true ssl_ca_certs: "/tmp/ca.crt" ssl_certfile: "/tmp/tls.key" #cert and key in one file state: present auth_mechanism: "MONGODB-X509" connection_options: - "tlsAllowInvalidHostnames=true"
ssl: aliases: - tls default: false description: - Whether to use an SSL connection when connecting to the database. required: false type: bool name: aliases: - user description: - The name of the user to add or remove. required: true type: str roles: description: - 'The database user roles valid values could either be one or more of the following strings: ''read'', ''readWrite'', ''dbAdmin'', ''userAdmin'', ''clusterAdmin'', ''readAnyDatabase'', ''readWriteAnyDatabase'', ''userAdminAnyDatabase'', ''dbAdminAnyDatabase'' ' - 'Or the following dictionary ''{ db: DATABASE_NAME, role: ROLE_NAME }''.' - This param requires pymongo 2.5+. If it is a string, mongodb 2.4+ is also required. If it is a dictionary, mongo 2.6+ is required. elements: raw type: list state: choices: - absent - present default: present description: - The database user state. type: str database: aliases: - db description: - The name of the database to add/remove the user from. required: true type: str password: aliases: - pass description: - The password to use for the user. type: str atlas_auth: default: false description: - Authentication path intended for MongoDB Atlas Instances type: bool login_host: default: localhost description: - The host running MongoDB instance to login to. required: false type: str login_port: default: 27017 description: - The MongoDB server port to login to. required: false type: int login_user: description: - The MongoDB user to login with. - Required when I(login_password) is specified. required: false type: str replica_set: description: - Replica set to connect to (automatically connects to primary for writes). type: str ssl_crlfile: description: - The ssl_crlfile option takes a path to a CRL file. required: false type: str ssl_keyfile: description: - Private key for the client certificate. required: false type: str ssl_ca_certs: aliases: - tlsCAFile description: - The ssl_ca_certs option takes a path to a CA file. required: false type: str ssl_certfile: aliases: - tlsCertificateKeyFile description: - Present a client certificate using the ssl_certfile option. required: false type: str ssl_cert_reqs: aliases: - tlsAllowInvalidCertificates choices: - CERT_NONE - CERT_OPTIONAL - CERT_REQUIRED default: CERT_REQUIRED description: - Specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided. required: false type: str auth_mechanism: choices: - SCRAM-SHA-256 - SCRAM-SHA-1 - MONGODB-X509 - GSSAPI - PLAIN description: - Authentication type. required: false type: str login_database: default: admin description: - The database where login credentials are stored. required: false type: str login_password: description: - The password used to authenticate with. - Required when I(login_user) is specified. required: false type: str update_password: choices: - always - on_create default: always description: - C(always) will always update passwords and cause the module to return changed. - C(on_create) will only set the password for newly created users. - This must be C(always) to use the localhost exception when adding the first admin user. - This option is effectively ignored when using x.509 certs. It is defaulted to 'on_create' to maintain a a specific module behaviour when the login_database is '$external'. type: str connection_options: description: - Additional connection options. - Supply as a list of dicts or strings containing key value pairs seperated with '='. elements: raw required: false type: list ssl_pem_passphrase: aliases: - tlsCertificateKeyFilePassword description: - Passphrase to decrypt encrypted private keys. required: false type: str strict_compatibility: default: true description: - Enforce strict requirements for pymongo and MongoDB software versions type: bool create_for_localhost_exception: description: - This is parmeter is only useful for handling special treatment around the localhost exception. - If C(login_user) is defined, then the localhost exception is not active and this parameter has no effect. - If this file is NOT present (and C(login_user) is not defined), then touch this file after successfully adding the user. - If this file is present (and C(login_user) is not defined), then skip this task. type: path
user: description: The name of the user to add or remove. returned: success type: str