Description
What did you do to encounter the bug?
Steps to reproduce the behavior:
We use x509 certificates for validation. In the MongoDBCommunity CustomResource, the users are listed under .spec.users without the scramCredentialsSecretName:
- db: $external
name: CN=user1
roles:
- db: admin
name: clusterAdmin
- db: $external
name: CN=user2
roles:
- db: db2
name: readWriteWhat did you expect?
No validation errors.
What happened instead?
Errors in the MongoDBCommunity status and in the operator logs:
message: 'error validating new Spec: scram credential secret names collision, update
at least one of the users: [scram secret name: "" for user: "CN=user1"
and user: "CN=user2"]
controllers/mongodb_status_options.go:104 error validating new Spec: scram credential secret names collision, update at least one of the users: [scram secret name: "" for user: "CN=user1" and user: "CN=user2"]
Operator Information
- Operator Version - 0.13.0
- MongoDB Image used - 6.0.20
Additional context
Validation was fixed in PR #1597, but according to the documentation, user definitions that use x509 for authentication should not contain scramCredentialsSecretName parameter.
During validation, users without the scramCredentialsSecretName parameter are added to a dictionary with an empty key, which leads to the error mentioned above.
I think we should skip the scram secret collision validation for users authenticated with x509 certificates.