diff options
Diffstat (limited to 'kubernetes')
| -rw-r--r-- | kubernetes/mongodb/add-user.yaml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/kubernetes/mongodb/add-user.yaml b/kubernetes/mongodb/add-user.yaml new file mode 100644 index 0000000..df68d31 --- /dev/null +++ b/kubernetes/mongodb/add-user.yaml @@ -0,0 +1,54 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: mongodb-standalone +data: + ensure-users.js: | + const targetDbStr = 'training'; + const rootUser = cat('/etc/k8-training/admin/MONGO_ROOT_USERNAME'); + const rootPass = cat('/etc/k8-training/admin/MONGO_ROOT_PASSWORD'); + const usersStr = cat('/etc/k8-training/MONGO_USERS_LIST'); + // auth against admin + const adminDb = db.getSiblingDB('admin'); + adminDb.auth(rootUser, rootPass); + print('Successfully authenticated admin user'); + // we'll create the users here + const targetDb = db.getSiblingDB(targetDbStr); + // user-defined roles should be stored in the admin db + const customRoles = adminDb + .getRoles({rolesInfo: 1, showBuiltinRoles: false}) + .map(role => role.role) + .filter(Boolean); + // parse the list of users, and create each user as needed + usersStr + .trim() + .split(';') + .map(s => s.split(':')) + .forEach(user => { + const username = user[0]; + const rolesStr = user[1]; + const password = user[2]; + if (!rolesStr || !password) { + return; + } + const roles = rolesStr.split(','); + const userDoc = { + user: username, + pwd: password, + }; + userDoc.roles = roles.map(role => { + if (!~customRoles.indexOf(role)) { + // is this a user defined role? + return role; // no, it is built-in, just use the role name + } + return {role: role, db: 'admin'}; // yes, user-defined, specify the long format + }); + try { + targetDb.createUser(userDoc); + } catch (err) { + if (!~err.message.toLowerCase().indexOf('duplicate')) { + // if not a duplicate user + throw err; // rethrow + } + } + }); |