aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes')
-rw-r--r--kubernetes/mongodb/add-user.yaml54
1 files changed, 54 insertions, 0 deletions
diff --git a/kubernetes/mongodb/add-user.yaml b/kubernetes/mongodb/add-user.yaml
new file mode 100644
index 0000000..df68d31
--- /dev/null
+++ b/kubernetes/mongodb/add-user.yaml
@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: mongodb-standalone
+data:
+ ensure-users.js: |
+ const targetDbStr = 'training';
+ const rootUser = cat('/etc/k8-training/admin/MONGO_ROOT_USERNAME');
+ const rootPass = cat('/etc/k8-training/admin/MONGO_ROOT_PASSWORD');
+ const usersStr = cat('/etc/k8-training/MONGO_USERS_LIST');
+ // auth against admin
+ const adminDb = db.getSiblingDB('admin');
+ adminDb.auth(rootUser, rootPass);
+ print('Successfully authenticated admin user');
+ // we'll create the users here
+ const targetDb = db.getSiblingDB(targetDbStr);
+ // user-defined roles should be stored in the admin db
+ const customRoles = adminDb
+ .getRoles({rolesInfo: 1, showBuiltinRoles: false})
+ .map(role => role.role)
+ .filter(Boolean);
+ // parse the list of users, and create each user as needed
+ usersStr
+ .trim()
+ .split(';')
+ .map(s => s.split(':'))
+ .forEach(user => {
+ const username = user[0];
+ const rolesStr = user[1];
+ const password = user[2];
+ if (!rolesStr || !password) {
+ return;
+ }
+ const roles = rolesStr.split(',');
+ const userDoc = {
+ user: username,
+ pwd: password,
+ };
+ userDoc.roles = roles.map(role => {
+ if (!~customRoles.indexOf(role)) {
+ // is this a user defined role?
+ return role; // no, it is built-in, just use the role name
+ }
+ return {role: role, db: 'admin'}; // yes, user-defined, specify the long format
+ });
+ try {
+ targetDb.createUser(userDoc);
+ } catch (err) {
+ if (!~err.message.toLowerCase().indexOf('duplicate')) {
+ // if not a duplicate user
+ throw err; // rethrow
+ }
+ }
+ });