All,
I Found a useful collection (git repo link below) for my ansible playbook which simplifies the way mongo atlas database users are created. The collection houses a set of Python modules and only support the creation of database user names with passwords. What I have been trying to do is to update the script slightly such that I could add create user AD authenticated user groups and as such had modified the script to add the extra "ldapAuthType" parameter to the atlas_user.py module.
https://github.com/T-Systems-MMS/ansible-collection-mongodb-atlas
However, when I run the ansible task, it fails with
fatal: [127.0.0.1]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (user) module: ldapAuthType Supported parameters include: apiPassword, apiUsername, databaseName, groupId, password roles, state, username"}
To illustrate, I have the example ansible task snippet below also given in the atlas_user.py module
https://github.com/T-Systems-MMS/ansible-collection-mongodb-atlas/blob/master/plugins/modules/atlas_user.py#L93
- name: test user
atlas_user:
apiUsername: "API_user"
apiPassword: "API_passwort_or_token"
groupId: "GROUP_ID"
username: my_app_user
password: SuperSecret!
roles:
- databaseName: private_info
roleName: read
- databaseName: public_info
roleName: readWrite
What I what to achieve is a task that has the ldapAuthType as a parameter as shown below. For this auth type I don't need the password parameter so have excluded it.
- name: atlas user
atlas_user:
apiUsername: "efewfwefef"
apiPassword: "efwef-wefwefwefwef-ewfwefwefwe-ewe"
groupId: "3241efdva2q4tqvaegq3488888"
databaseName: "admin"
ldapAuthType: "GROUP"
username: "CN=bro-grp,OU=ComDB,OU=Srv accts,OU=Cloud Atlas,DC=Com,DC=net"
roles:
- databaseName: mydb
roleName: readWrite
- databaseName: somedb
roleName: read
I have been trying to add the ldapAuthType parameter in the atlas_user.py module but I get the error mentioned above when I run the ansible task. I'm a python novice so any help is appreciated.
from __future__ import absolute_import, division, print_function
__metaclass__ = type
ANSIBLE_METADATA = {
"metadata_version": "0.1",
"status": ["preview"],
"supported_by": "community",
}
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.t_systems_mms.mongodb_atlas.plugins.module_utils.atlas import (
AtlasAPIObject,
)
# ===========================================
# Module execution.
#
def main():
# add our own arguments
argument_spec = dict(
state=dict(default="present", choices=["absent", "present"]),
apiUsername=dict(required=True),
apiPassword=dict(required=True, no_log=True),
groupId=dict(required=True),
databaseName=dict(default="admin", choices=["admin", "$external"]),
==>>> ldapAuthType=dict(default="GROUP", choices=["GROUP","USER"]),
username=dict(required=True),
password=dict(required=False, no_log=True),
roles=dict(
required=True,
type="list",
options=dict(
databaseName=dict(required=True), roleName=dict(required=True),
),
),
)
# Define the main module
module = AnsibleModule(
argument_spec=argument_spec, supports_check_mode=True
)
data = {
"databaseName": module.params["databaseName"],
==>>> "ldapAuthType": module.params["ldapAuthType"],
"username": module.params["username"],
"password": module.params["password"],
"roles": module.params["roles"],
}
try:
atlas = AtlasAPIObject(
module=module,
path="/databaseUsers",
object_name="username",
groupId=module.params["groupId"],
data=data,
)
except Exception as e:
module.fail_json(
msg="unable to connect to Atlas API. Exception message: %s" % e
)
changed, diff = atlas.update(module.params["state"])
module.exit_json(
changed=changed, data=atlas.data, diff=diff,
)
# import module snippets
if __name__ == "__main__":
main()
