Merge pull request #790 from kenyon/simplify-sensitive-handling

Convert `mongoshrc.js` template to EPP

Author: kenyon

manifests/db.pp

@@ -40,10 +40,8 @@
       tries  => $tries,
     }
 
-    if $password_hash =~ Sensitive[String] {
+    if $password_hash {
       $hash = $password_hash.unwrap
-    } elsif $password_hash {
-      $hash = $password_hash
     } elsif $password {
       $hash = mongodb_password($user, $password)
     } else {

manifests/server.pp

@@ -430,16 +430,11 @@
     Class['mongodb::server::service'] -> Class['mongodb::server::config'] -> Class['mongodb::server::install']
   }
 
-  $admin_password_unsensitive = if $admin_password =~ Sensitive[String] {
-    $admin_password.unwrap
-  } else {
-    $admin_password
-  }
   if $create_admin and ($service_ensure == 'running' or $service_ensure == true) {
     mongodb::db { 'admin':
       user            => $admin_username,
       auth_mechanism  => $admin_auth_mechanism,
-      password        => $admin_password_unsensitive,
+      password        => $admin_password.unwrap,
       password_hash   => $admin_password_hash,
       roles           => $admin_roles,
       update_password => $admin_update_password,

manifests/server/config.pp

@@ -153,15 +153,10 @@
     }
   }
 
-  $admin_password_unsensitive = if $admin_password =~ Sensitive[String] {
-    $admin_password.unwrap
-  } else {
-    $admin_password
-  }
   if $handle_creds {
     file { $rcfile:
       ensure  => file,
-      content => template('mongodb/mongoshrc.js.erb'),
+      content => epp("${module_name}/mongoshrc.js.epp"),
       owner   => 'root',
       group   => 'root',
       mode    => '0600',

templates/mongoshrc.js.erb templates/mongoshrc.js.epptemplates/mongoshrc.js.erb renamed to templates/mongoshrc.js.epp

@@ -16,7 +16,7 @@ function rsReconfigSettings(settings){
   return rs.reconfig(cfg)
 }
 
-<% if @auth and @store_creds -%>
+<% if $mongodb::server::config::auth and $mongodb::server::config::store_creds { -%>
 function authRequired() {
   try {
     return rs.status().ok != 1;
@@ -29,12 +29,12 @@ function authRequired() {
 }
 
 if (authRequired()) {
-  <%- if @replset -%>
+  <%- if $mongodb::server::config::replset { -%>
   db.getMongo().setReadPref('primaryPreferred')
-  <%- end -%>
+  <%- } -%>
   try {
     admin = db.getSiblingDB('admin')
-    admin.auth('<%= @admin_username %>', '<%= @admin_password_unsensitive.gsub('\\','\\\\\\\\').gsub("'","\\\\'") %>')
+    admin.auth('<%= $mongodb::server::config::admin_username %>', '<%= $mongodb::server::config::admin_password.regsubst('\\\\','\\\\\\\\','G').regsubst("'","\\\\'",'G') %>')
   }
   catch (err) {
     // Silently ignore this error, we can't really do anything about it.
@@ -44,4 +44,4 @@ if (authRequired()) {
     //   This is normal when setting up a new cluster/server.
   }
 }
-<% end -%>
+<% } -%>