community.mongodb.mongodb_role module – Adds or removes a role from a MongoDB database
Note
This module is part of the community.mongodb collection (version 1.7.7).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.mongodb
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.mongodb.mongodb_role
.
New in community.mongodb 1.5.0
Synopsis
Adds or removes a role from a MongoDB database.
For further information on the required format for the privileges, authenticationRestriction or roles parameters, see the MongoDB Documentation https://www.mongodb.com/docs/manual/reference/command/createRole/
Requirements
The below requirements are needed on the host that executes this module.
pymongo
Parameters
Parameter |
Comments |
---|---|
Authentication path intended for MongoDB Atlas Instances Choices:
|
|
Authentication type. Choices:
|
|
The authentication restrictions the server enforces on the role. Specifies a list of IP addresses and CIDR ranges users granted this role are allowed to connect to and/or which they can connect from. Provide a list of dictionaries with the following fields: clientSource (list), serverAddress (list). Provide an empty list if you don’t want to use the field. Default: |
|
Additional connection options. Supply as a list of dicts or strings containing key value pairs seperated with ‘=’. |
|
The name of the database to add/remove the role from. |
|
Enable extra debugging output. Choices:
|
|
The database where login credentials are stored. Default: |
|
The host running MongoDB instance to login to. Default: |
|
The password used to authenticate with. Required when login_user is specified. |
|
The MongoDB server port to login to. Default: |
|
The MongoDB user to login with. Required when login_password is specified. |
|
The name of the role to add or remove. |
|
The privileges to grant the role. A privilege consists of a resource and permitted actions. Default: |
|
Replica set to connect to (automatically connects to primary for writes). |
|
The database user roles should be provided as a dictionary with the db and role keys. Default: |
|
Whether to use an SSL connection when connecting to the database. Choices:
|
|
The ssl_ca_certs option takes a path to a CA file. |
|
Specifies whether a certificate is required from the other side of the connection, and whether it will be validated if provided. Choices:
|
|
Present a client certificate using the ssl_certfile option. |
|
The ssl_crlfile option takes a path to a CRL file. |
|
Private key for the client certificate. |
|
Passphrase to decrypt encrypted private keys. |
|
The database user state. Choices:
|
|
Enforce strict requirements for pymongo and MongoDB software versions Choices:
|
Notes
Note
Requires the pymongo Python package on the remote host, version 4+. This can be installed using pip or the OS package manager. Newer mongo server versions require newer pymongo versions. @see https://www.mongodb.com/docs/languages/python/pymongo-driver/current/compatibility/
Examples
- name: Create sales role
community.mongodb.mongodb_role:
name: sales
database: salesdb
privileges:
- resource:
db: salesdb
collection: ""
actions:
- find
state: present
- name: Create ClusterAdmin Role
community.mongodb.mongodb_role:
name: myClusterwideAdmin
database: admin
privileges:
- resource:
cluster: true
actions:
- addShard
- resource:
db: config
collection: ""
actions:
- find
- update
- insert
- remove
- resource:
db: "users"
collection: "usersCollection"
actions:
- update
- insert
- remove
- resource:
db: ""
collection: ""
actions:
- find
roles:
- role: "read"
db: "admin"
state: present
- name: Create ClusterAdmin Role with a login only from 127.0.0.1 restriction
community.mongodb.mongodb_role:
name: myClusterwideAdmin
database: admin
privileges:
- resource:
cluster: true
actions:
- addShard
- resource:
db: config
collection: ""
actions:
- find
- update
- insert
- resource:
db: "users"
collection: "usersCollection"
actions:
- update
- insert
- remove
- resource:
db: ""
collection: ""
actions:
- find
roles:
- role: "read"
db: "admin"
- role: "read"
db: "mynewdb"
authenticationRestrictions:
- clientSource:
- "127.0.0.1"
serverAddress: []
state: present
- name: Delete sales role
community.mongodb.mongodb_role:
name: sales
database: "salesdb"
state: absent
- name: Delete myClusterwideAdmin role
community.mongodb.mongodb_role:
name: myClusterwideAdmin
database: admin
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The name of the role to add or remove. Returned: success |