From 623dbb1da198d2a34671c7603677bbed08bf5c17 Mon Sep 17 00:00:00 2001
From: terminaldweller <thabogre@gmail.com>
Date: Thu, 4 Nov 2021 04:30:44 +0330
Subject: added colored strace

---
 kubernetes/mongodb/add-user.yaml | 54 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 kubernetes/mongodb/add-user.yaml

(limited to 'kubernetes/mongodb/add-user.yaml')

diff --git a/kubernetes/mongodb/add-user.yaml b/kubernetes/mongodb/add-user.yaml
new file mode 100644
index 0000000..df68d31
--- /dev/null
+++ b/kubernetes/mongodb/add-user.yaml
@@ -0,0 +1,54 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mongodb-standalone
+data:
+  ensure-users.js: |
+    const targetDbStr = 'training';
+    const rootUser = cat('/etc/k8-training/admin/MONGO_ROOT_USERNAME');
+    const rootPass = cat('/etc/k8-training/admin/MONGO_ROOT_PASSWORD');
+    const usersStr = cat('/etc/k8-training/MONGO_USERS_LIST');
+    // auth against admin
+    const adminDb = db.getSiblingDB('admin');
+    adminDb.auth(rootUser, rootPass);
+    print('Successfully authenticated admin user');
+    // we'll create the users here
+    const targetDb = db.getSiblingDB(targetDbStr);
+    // user-defined roles should be stored in the admin db
+    const customRoles = adminDb
+      .getRoles({rolesInfo: 1, showBuiltinRoles: false})
+      .map(role => role.role)
+      .filter(Boolean);
+    // parse the list of users, and create each user as needed
+    usersStr
+      .trim()
+      .split(';')
+      .map(s => s.split(':'))
+      .forEach(user => {
+        const username = user[0];
+        const rolesStr = user[1];
+        const password = user[2];
+        if (!rolesStr || !password) {
+          return;
+        }
+        const roles = rolesStr.split(',');
+        const userDoc = {
+          user: username,
+          pwd: password,
+        };
+        userDoc.roles = roles.map(role => {
+          if (!~customRoles.indexOf(role)) {
+            // is this a user defined role?
+            return role; // no, it is built-in, just use the role name
+          }
+          return {role: role, db: 'admin'}; // yes, user-defined, specify the long format
+        });
+        try {
+          targetDb.createUser(userDoc);
+        } catch (err) {
+          if (!~err.message.toLowerCase().indexOf('duplicate')) {
+            // if not a duplicate user
+            throw err; // rethrow
+          }
+        }
+      });
-- 
cgit v1.2.3