Merge pull request #2101 from muawiakh/mongodb-container-update

Add support for optional users in MongoDB user creation
2024-10-13 13:34:05 +00:00 · 2018-02-26 18:42:42 +01:00 · 2018-02-26 18:42:42 +01:00 · d0874ccf9a
commit d0874ccf9a
parent 5a4378dbb5 8835fd5fd7
3 changed files with 66 additions and 44 deletions
--- a/k8s/mongodb/container/configure_mdb_users.template.js
+++ b/k8s/mongodb/container/configure_mdb_users.template.js
@ -1,43 +1,53 @@
+var configure_adminUser = CONFIGURE_ADMIN_USER;
+var configure_bdbUser = CONFIGURE_BDB_USER;
+var configure_mdbMonUser = CONFIGURE_MDB_MON_USER;
 db = db.getSiblingDB("admin");
-db.createUser({
-    user: "MONGODB_ADMIN_USERNAME",
-    pwd: "MONGODB_ADMIN_PASSWORD",
-    roles: [{
-            role: "userAdminAnyDatabase",
-            db: "admin"
+
+if (configure_adminUser) {
+    db.createUser({
+        user: "MONGODB_ADMIN_USERNAME",
+        pwd: "MONGODB_ADMIN_PASSWORD",
+        roles: [{
+                role: "userAdminAnyDatabase",
+                db: "admin"
+            },
+            {
+                role: "clusterManager",
+                db: "admin"
+            }
+        ]
+    });
+}
+if (configure_adminUser && configure_bdbUser) {
+    db.auth("MONGODB_ADMIN_USERNAME", "MONGODB_ADMIN_PASSWORD");
+    db.getSiblingDB("$external").runCommand({
+        createUser: 'BDB_USERNAME',
+        writeConcern: {
+            w: 'majority',
+            wtimeout: 5000
        },
-        {
-            role: "clusterManager",
-            db: "admin"
-        }
-    ]
-});
-db = db.getSiblingDB("admin");
-db.auth("MONGODB_ADMIN_USERNAME", "MONGODB_ADMIN_PASSWORD");
-db.getSiblingDB("$external").runCommand({
-    createUser: 'BDB_USERNAME',
-    writeConcern: {
-        w: 'majority',
-        wtimeout: 5000
-    },
-    roles: [{
-            role: 'clusterAdmin',
-            db: 'admin'
+        roles: [{
+                role: 'clusterAdmin',
+                db: 'admin'
+            },
+            {
+                role: 'readWriteAnyDatabase',
+                db: 'admin'
+            }
+        ]
+    });
+}
+if (configure_adminUser && configure_mdbMonUser) {
+    db.auth("MONGODB_ADMIN_USERNAME", "MONGODB_ADMIN_PASSWORD");
+    db.getSiblingDB("$external").runCommand({
+        createUser: 'MDB_MON_USERNAME',
+        writeConcern: {
+            w: 'majority',
+            wtimeout: 5000
        },
-        {
-            role: 'readWriteAnyDatabase',
+        roles: [{
+            role: 'clusterMonitor',
            db: 'admin'
-        }
-    ]
-});
-db.getSiblingDB("$external").runCommand({
-    createUser: 'MDB_MON_USERNAME',
-    writeConcern: {
-        w: 'majority',
-        wtimeout: 5000
-    },
-    roles: [{
-        role: 'clusterMonitor',
-        db: 'admin'
-    }]
-});
+        }]
+    });
+}
--- a/k8s/mongodb/container/mongod_entrypoint.bash
+++ b/k8s/mongodb/container/mongod_entrypoint.bash
@ -102,14 +102,26 @@ fi

 # Only configure if all variables are set
 if [[ -n "${mongodb_admin_username}" && \
-        -n "${mongodb_admin_password}" && \
-        -n "${bdb_username}" && \
-    -n "${mdb_mon_username}" ]]; then
+        -n "${mongodb_admin_password}" ]]; then
    sed -i "s|MONGODB_ADMIN_USERNAME|${mongodb_admin_username}|g" ${MONGODB_CONFIGURE_USERS_PATH}
    sed -i "s|MONGODB_ADMIN_PASSWORD|${mongodb_admin_password}|g" ${MONGODB_CONFIGURE_USERS_PATH}
+    sed -i "s|CONFIGURE_ADMIN_USER|true|g" ${MONGODB_CONFIGURE_USERS_PATH}
+else
+    sed -i "s|CONFIGURE_ADMIN_USER|false|g" ${MONGODB_CONFIGURE_USERS_PATH}
+fi
+
+if [[ -n "${bdb_username}" ]]; then
    sed -i "s|BDB_USERNAME|${bdb_username}|g" ${MONGODB_CONFIGURE_USERS_PATH}
+    sed -i "s|CONFIGURE_BDB_USER|true|g" ${MONGODB_CONFIGURE_USERS_PATH}
+else
+    sed -i "s|CONFIGURE_BDB_USER|false|g" ${MONGODB_CONFIGURE_USERS_PATH}
+fi
+
+if [[ -n "${mdb_mon_username}" ]]; then
    sed -i "s|MDB_MON_USERNAME|${mdb_mon_username}|g" ${MONGODB_CONFIGURE_USERS_PATH}
-    echo "True" > /tmp/configure_mongo
+    sed -i "s|CONFIGURE_MDB_MON_USER|true|g" ${MONGODB_CONFIGURE_USERS_PATH}
+else
+    sed -i "s|CONFIGURE_MDB_MON_USER|false|g" ${MONGODB_CONFIGURE_USERS_PATH}
 fi

 # add the hostname and ip to hosts file
--- a/k8s/scripts/configure_mdb.sh
+++ b/k8s/scripts/configure_mdb.sh
@ -14,7 +14,7 @@ fi
 MONGODB_INSTANCE_NAME=$1

 if [[ -n "$MONGODB_INSTANCE_NAME" ]]; then
-    /usr/local/bin/kubectl exec -it "${MONGODB_INSTANCE_NAME}"\-ss\-0 -- bash -c "if [[ -f /tmp/configure_mongo && -n \$(cat /tmp/configure_mongo) ]]; then  /usr/bin/mongo --host localhost --port \$(printenv MONGODB_PORT) --ssl --sslCAFile /etc/mongod/ca/ca.pem --sslPEMKeyFile  /etc/mongod/ssl/mdb-instance.pem < /configure_mdb_users.js; fi"
+    /usr/local/bin/kubectl exec -it "${MONGODB_INSTANCE_NAME}"\-ss\-0 -- bash -c "/usr/bin/mongo --host localhost --port \$(printenv MONGODB_PORT) --ssl --sslCAFile /etc/mongod/ca/ca.pem --sslPEMKeyFile  /etc/mongod/ssl/mdb-instance.pem < /configure_mdb_users.js"
 else
    echo "Skipping configuration, because relevant files don't exist!!!"
 fi