Try SpotterAdds or removes a role from a MongoDB database
| "added in version" 1.5.0 of community.mongodb"
Authors: Rhys Campbell (@rhysmeister)
Install with ansible-galaxy collection install community.mongodb:==1.7.3
collections:
- name: community.mongodb
version: 1.7.3Adds or removes a role from a MongoDB database.
For further information on the required format for the privileges, authenticationRestriction or roles parameters, see the MongoDB Documentation https://www.mongodb.com/docs/manual/reference/command/createRole/
- name: Create sales role
community.mongodb.mongodb_role:
name: sales
database: salesdb
privileges:
- resource:
db: salesdb
collection: ""
actions:
- find
state: present
- name: Create ClusterAdmin Role
community.mongodb.mongodb_role:
name: myClusterwideAdmin
database: admin
privileges:
- resource:
cluster: true
actions:
- addShard
- resource:
db: config
collection: ""
actions:
- find
- update
- insert
- remove
- resource:
db: "users"
collection: "usersCollection"
actions:
- update
- insert
- remove
- resource:
db: ""
collection: ""
actions:
- find
roles:
- role: "read"
db: "admin"
state: present
- name: Create ClusterAdmin Role with a login only from 127.0.0.1 restriction
community.mongodb.mongodb_role:
name: myClusterwideAdmin
database: admin
privileges:
- resource:
cluster: true
actions:
- addShard
- resource:
db: config
collection: ""
actions:
- find
- update
- insert
- resource:
db: "users"
collection: "usersCollection"
actions:
- update
- insert
- remove
- resource:
db: ""
collection: ""
actions:
- find
roles:
- role: "read"
db: "admin"
- role: "read"
db: "mynewdb"
authenticationRestrictions:
- clientSource:
- "127.0.0.1"
serverAddress: []
state: present
- name: Delete sales role
community.mongodb.mongodb_role:
name: sales
database: "salesdb"
state: absent
- name: Delete myClusterwideAdmin role
community.mongodb.mongodb_role:
name: myClusterwideAdmin
database: admin
state: absent
ssl:
aliases:
- tls
default: false
description:
- Whether to use an SSL connection when connecting to the database.
required: false
type: bool
name:
aliases:
- user
description:
- The name of the role to add or remove.
required: true
type: str
debug:
default: false
description:
- Enable extra debugging output.
type: bool
roles:
default: []
description:
- 'The database user roles should be provided as a dictionary with the db and role
keys.
'
elements: raw
type: list
state:
choices:
- absent
- present
default: present
description:
- The database user state.
type: str
database:
aliases:
- db
description:
- The name of the database to add/remove the role from.
required: true
type: str
atlas_auth:
default: false
description:
- Authentication path intended for MongoDB Atlas Instances
type: bool
login_host:
default: localhost
description:
- The host running MongoDB instance to login to.
required: false
type: str
login_port:
default: 27017
description:
- The MongoDB server port to login to.
required: false
type: int
login_user:
description:
- The MongoDB user to login with.
- Required when I(login_password) is specified.
required: false
type: str
privileges:
default: []
description:
- 'The privileges to grant the role. A privilege consists of a resource and permitted
actions.
'
elements: raw
type: list
replica_set:
description:
- Replica set to connect to (automatically connects to primary for writes).
type: str
ssl_crlfile:
description:
- The ssl_crlfile option takes a path to a CRL file.
required: false
type: str
ssl_keyfile:
description:
- Private key for the client certificate.
required: false
type: str
ssl_ca_certs:
aliases:
- tlsCAFile
description:
- The ssl_ca_certs option takes a path to a CA file.
required: false
type: str
ssl_certfile:
aliases:
- tlsCertificateKeyFile
description:
- Present a client certificate using the ssl_certfile option.
required: false
type: str
ssl_cert_reqs:
aliases:
- tlsAllowInvalidCertificates
choices:
- CERT_NONE
- CERT_OPTIONAL
- CERT_REQUIRED
default: CERT_REQUIRED
description:
- Specifies whether a certificate is required from the other side of the connection,
and whether it will be validated if provided.
required: false
type: str
auth_mechanism:
choices:
- SCRAM-SHA-256
- SCRAM-SHA-1
- MONGODB-X509
- GSSAPI
- PLAIN
description:
- Authentication type.
required: false
type: str
login_database:
default: admin
description:
- The database where login credentials are stored.
required: false
type: str
login_password:
description:
- The password used to authenticate with.
- Required when I(login_user) is specified.
required: false
type: str
connection_options:
description:
- Additional connection options.
- Supply as a list of dicts or strings containing key value pairs seperated with '='.
elements: raw
required: false
type: list
ssl_pem_passphrase:
aliases:
- tlsCertificateKeyFilePassword
description:
- Passphrase to decrypt encrypted private keys.
required: false
type: str
strict_compatibility:
default: true
description:
- Enforce strict requirements for pymongo and MongoDB software versions
type: bool
authenticationRestrictions:
default: []
description:
- 'The authentication restrictions the server enforces on the role. Specifies a list
of IP addresses and CIDR ranges users granted this role are allowed to connect to
and/or which they can connect from. Provide a list of dictionaries with the following
fields: clientSource (list), serverAddress (list). Provide an empty list if you
don''t want to use the field.
'
elements: raw
type: list
user: description: The name of the role to add or remove. returned: success type: str