From bc8e8173ad1ff0eebaf2456b96e426668a87e0b2 Mon Sep 17 00:00:00 2001
From: gyurco <gyurco@freemail.hu>
Date: Thu, 21 Jul 2016 08:23:05 +0200
Subject: [PATCH] mongodb_user: properly guard user adding with try...except
 (#2582)

The user adding part is not properly guarded by a try...except
block, so pymongo exceptions can escape from it.
Also there's a double-guarding where roles are given.

Fixes: #2575
---
 .../extras/database/misc/mongodb_user.py      | 24 ++++++++-----------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/lib/ansible/modules/extras/database/misc/mongodb_user.py b/lib/ansible/modules/extras/database/misc/mongodb_user.py
index f4a4cc46bd..aeac37723c 100644
--- a/lib/ansible/modules/extras/database/misc/mongodb_user.py
+++ b/lib/ansible/modules/extras/database/misc/mongodb_user.py
@@ -192,11 +192,7 @@ def user_add(module, client, db_name, user, password, roles):
     if roles is None:
         db.add_user(user, password, False)
     else:
-        try:
-            db.add_user(user, password, None, roles=roles)
-        except OperationFailure, e:
-            err_msg = str(e)
-            module.fail_json(msg=err_msg)
+        db.add_user(user, password, None, roles=roles)
 
 def user_remove(module, client, db_name, user):
     exists = user_find(client, user, db_name)
@@ -339,16 +335,16 @@ def main():
         if password is None and update_password == 'always':
             module.fail_json(msg='password parameter required when adding a user unless update_password is set to on_create')
 
-        uinfo = user_find(client, user, db_name)
-        if update_password != 'always' and uinfo:
-            password = None
-            if not check_if_roles_changed(uinfo, roles, db_name):
-                module.exit_json(changed=False, user=user)
-
-        if module.check_mode:
-            module.exit_json(changed=True, user=user)
-
         try:
+            uinfo = user_find(client, user, db_name)
+            if update_password != 'always' and uinfo:
+                password = None
+                if not check_if_roles_changed(uinfo, roles, db_name):
+                    module.exit_json(changed=False, user=user)
+
+            if module.check_mode:
+                module.exit_json(changed=True, user=user)
+
             user_add(module, client, db_name, user, password, roles)
         except OperationFailure, e:
             module.fail_json(msg='Unable to add or update user: %s' % str(e))