From 8835fd5fd77f7b21901c0115a467b863d2042357 Mon Sep 17 00:00:00 2001 From: Ahmed Muawia Khan Date: Mon, 26 Feb 2018 17:54:07 +0100 Subject: [PATCH] Add support for optional users in MongoDB user creation --- .../container/configure_mdb_users.template.js | 88 +++++++++++-------- k8s/mongodb/container/mongod_entrypoint.bash | 20 ++++- k8s/scripts/configure_mdb.sh | 2 +- 3 files changed, 66 insertions(+), 44 deletions(-) diff --git a/k8s/mongodb/container/configure_mdb_users.template.js b/k8s/mongodb/container/configure_mdb_users.template.js index 1a623b6d..72a20009 100644 --- a/k8s/mongodb/container/configure_mdb_users.template.js +++ b/k8s/mongodb/container/configure_mdb_users.template.js @@ -1,43 +1,53 @@ +var configure_adminUser = CONFIGURE_ADMIN_USER; +var configure_bdbUser = CONFIGURE_BDB_USER; +var configure_mdbMonUser = CONFIGURE_MDB_MON_USER; db = db.getSiblingDB("admin"); -db.createUser({ - user: "MONGODB_ADMIN_USERNAME", - pwd: "MONGODB_ADMIN_PASSWORD", - roles: [{ - role: "userAdminAnyDatabase", - db: "admin" + +if (configure_adminUser) { + db.createUser({ + user: "MONGODB_ADMIN_USERNAME", + pwd: "MONGODB_ADMIN_PASSWORD", + roles: [{ + role: "userAdminAnyDatabase", + db: "admin" + }, + { + role: "clusterManager", + db: "admin" + } + ] + }); +} +if (configure_adminUser && configure_bdbUser) { + db.auth("MONGODB_ADMIN_USERNAME", "MONGODB_ADMIN_PASSWORD"); + db.getSiblingDB("$external").runCommand({ + createUser: 'BDB_USERNAME', + writeConcern: { + w: 'majority', + wtimeout: 5000 }, - { - role: "clusterManager", - db: "admin" - } - ] -}); -db = db.getSiblingDB("admin"); -db.auth("MONGODB_ADMIN_USERNAME", "MONGODB_ADMIN_PASSWORD"); -db.getSiblingDB("$external").runCommand({ - createUser: 'BDB_USERNAME', - writeConcern: { - w: 'majority', - wtimeout: 5000 - }, - roles: [{ - role: 'clusterAdmin', - db: 'admin' + roles: [{ + role: 'clusterAdmin', + db: 'admin' + }, + { + role: 'readWriteAnyDatabase', + db: 'admin' + } + ] + }); +} +if (configure_adminUser && configure_mdbMonUser) { + db.auth("MONGODB_ADMIN_USERNAME", "MONGODB_ADMIN_PASSWORD"); + db.getSiblingDB("$external").runCommand({ + createUser: 'MDB_MON_USERNAME', + writeConcern: { + w: 'majority', + wtimeout: 5000 }, - { - role: 'readWriteAnyDatabase', + roles: [{ + role: 'clusterMonitor', db: 'admin' - } - ] -}); -db.getSiblingDB("$external").runCommand({ - createUser: 'MDB_MON_USERNAME', - writeConcern: { - w: 'majority', - wtimeout: 5000 - }, - roles: [{ - role: 'clusterMonitor', - db: 'admin' - }] -}); \ No newline at end of file + }] + }); +} \ No newline at end of file diff --git a/k8s/mongodb/container/mongod_entrypoint.bash b/k8s/mongodb/container/mongod_entrypoint.bash index 4e7e4360..dd30147b 100755 --- a/k8s/mongodb/container/mongod_entrypoint.bash +++ b/k8s/mongodb/container/mongod_entrypoint.bash @@ -102,14 +102,26 @@ fi # Only configure if all variables are set if [[ -n "${mongodb_admin_username}" && \ - -n "${mongodb_admin_password}" && \ - -n "${bdb_username}" && \ - -n "${mdb_mon_username}" ]]; then + -n "${mongodb_admin_password}" ]]; then sed -i "s|MONGODB_ADMIN_USERNAME|${mongodb_admin_username}|g" ${MONGODB_CONFIGURE_USERS_PATH} sed -i "s|MONGODB_ADMIN_PASSWORD|${mongodb_admin_password}|g" ${MONGODB_CONFIGURE_USERS_PATH} + sed -i "s|CONFIGURE_ADMIN_USER|true|g" ${MONGODB_CONFIGURE_USERS_PATH} +else + sed -i "s|CONFIGURE_ADMIN_USER|false|g" ${MONGODB_CONFIGURE_USERS_PATH} +fi + +if [[ -n "${bdb_username}" ]]; then sed -i "s|BDB_USERNAME|${bdb_username}|g" ${MONGODB_CONFIGURE_USERS_PATH} + sed -i "s|CONFIGURE_BDB_USER|true|g" ${MONGODB_CONFIGURE_USERS_PATH} +else + sed -i "s|CONFIGURE_BDB_USER|false|g" ${MONGODB_CONFIGURE_USERS_PATH} +fi + +if [[ -n "${mdb_mon_username}" ]]; then sed -i "s|MDB_MON_USERNAME|${mdb_mon_username}|g" ${MONGODB_CONFIGURE_USERS_PATH} - echo "True" > /tmp/configure_mongo + sed -i "s|CONFIGURE_MDB_MON_USER|true|g" ${MONGODB_CONFIGURE_USERS_PATH} +else + sed -i "s|CONFIGURE_MDB_MON_USER|false|g" ${MONGODB_CONFIGURE_USERS_PATH} fi # add the hostname and ip to hosts file diff --git a/k8s/scripts/configure_mdb.sh b/k8s/scripts/configure_mdb.sh index 3ab8b0be..8b1ef885 100755 --- a/k8s/scripts/configure_mdb.sh +++ b/k8s/scripts/configure_mdb.sh @@ -14,7 +14,7 @@ fi MONGODB_INSTANCE_NAME=$1 if [[ -n "$MONGODB_INSTANCE_NAME" ]]; then - /usr/local/bin/kubectl exec -it "${MONGODB_INSTANCE_NAME}"\-ss\-0 -- bash -c "if [[ -f /tmp/configure_mongo && -n \$(cat /tmp/configure_mongo) ]]; then /usr/bin/mongo --host localhost --port \$(printenv MONGODB_PORT) --ssl --sslCAFile /etc/mongod/ca/ca.pem --sslPEMKeyFile /etc/mongod/ssl/mdb-instance.pem < /configure_mdb_users.js; fi" + /usr/local/bin/kubectl exec -it "${MONGODB_INSTANCE_NAME}"\-ss\-0 -- bash -c "/usr/bin/mongo --host localhost --port \$(printenv MONGODB_PORT) --ssl --sslCAFile /etc/mongod/ca/ca.pem --sslPEMKeyFile /etc/mongod/ssl/mdb-instance.pem < /configure_mdb_users.js" else echo "Skipping configuration, because relevant files don't exist!!!" fi