Affected Puppet, Ruby, OS and module versions/distributions
- Puppet: 4.10.9
- Ruby: 2.3.1p112
- Distribution: Ubuntu 16.04
- Module version: 2.0.0
How to reproduce (e.g Puppet code you use)
- Create a database user
mongodb_user { "foobar":
username => 'foo',
database => 'bar',
password => '12345',
roles => ['readWrite'],
}
- Change Puppet code to use "abcde" as password
- Try to authenticate to MongoDB using the new password
What are you seeing
After Step 1 authentication succeeds. But after changing to another password it fails:
root@test:~# mongo -u foo -p abcde bar
MongoDB shell version: 2.6.10
connecting to: bar
2018-02-05T09:35:31.723+0100 Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 } at src/mongo/shell/db.js:1287
exception: login failed
Trying to authenticate using the previous password works:
root@test:~# mongo -u foo -p abcde bar
MongoDB shell version: 2.6.10
connecting to: bar
>
What behaviour did you expect instead
Authentication using the new password should work.
Any additional information
When running Puppet Agent at step 2 there are no error messages. According to the debug output the password change is done using the following command:
Debug: Executing '/usr/bin/mongo bar --quiet --host 127.0.0.1:27017 --eval load('/root/.mongorc.js'); db.runCommand({"updateuser": "foo","pwd": "abcde","digestpassword": true})'
If I run the command manually I get the error "no such cmd: updateuser":
root@test-pu-mongodb:~# mongo bar
MongoDB shell version: 2.6.10
connecting to: bar
> db.runCommand({"updateuser": "foo","pwd": "abcde","digestpassword": true});
{
"ok" : 0,
"errmsg" : "no such cmd: updateuser",
"code" : 59,
"bad cmd" : {
"updateuser" : "foo",
"pwd" : "bar",
"digestpassword" : true
}
}
Comparing the password hash within MongoDB with the expected one shows that it is still using the one for the old password.
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
What are you seeing
After Step 1 authentication succeeds. But after changing to another password it fails:
Trying to authenticate using the previous password works:
What behaviour did you expect instead
Authentication using the new password should work.
Any additional information
When running Puppet Agent at step 2 there are no error messages. According to the debug output the password change is done using the following command:
Debug: Executing '/usr/bin/mongo bar --quiet --host 127.0.0.1:27017 --eval load('/root/.mongorc.js'); db.runCommand({"updateuser": "foo","pwd": "abcde","digestpassword": true})'If I run the command manually I get the error "no such cmd: updateuser":
Comparing the password hash within MongoDB with the expected one shows that it is still using the one for the old password.