fixes for the role of user admin

gkech · gkech · commit 6ed87fc9c208 · 2026-01-05T14:12:21.000+02:00
diff --git a/pkg/controller/perconaservermongodb/mgo.go b/pkg/controller/perconaservermongodb/mgo.go
@@ -647,7 +647,7 @@ func (r *ReconcilePerconaServerMongoDB) handleRsAddToShard(ctx context.Context,
 }
 
 // handleReplsetInit initializes the replset within the first running pod's mongod container.
-// This must be ran from within the running container to utilize the MongoDB Localhost Exception.
+// This must be run from within the running container to utilize the MongoDB Localhost Exception.
 //
 // See: https://www.mongodb.com/docs/manual/core/localhost-exception/
 func (r *ReconcilePerconaServerMongoDB) handleReplsetInit(ctx context.Context, cr *api.PerconaServerMongoDB, replset *api.ReplsetSpec, pods []corev1.Pod) (*corev1.Pod, *api.ReplsetMemberStatus, error) {
@@ -809,6 +809,12 @@ func getRoles(cr *api.PerconaServerMongoDB, role api.SystemUserRole) []mongo.Rol
 				{DB: "admin", Role: "directShardOperations"},
 			}
 		}
+	case api.RoleUserAdmin:
+		if cr.CompareVersion("1.22.0") >= 0 {
+			roles = []mongo.Role{
+				{DB: "admin", Role: "userAdminAnyDatabase"},
+			}
+		}
 	}
 	roles = append(roles, mongo.Role{DB: "admin", Role: string(role)})
 	return roles
@@ -1007,6 +1013,7 @@ func (r *ReconcilePerconaServerMongoDB) createOrUpdateSystemUsers(ctx context.Co
 	}
 
 	users := []api.SystemUserRole{api.RoleClusterAdmin, api.RoleClusterMonitor, api.RoleBackup, api.RoleDatabaseAdmin}
+	// When handleReplsetInit is not executed, e.g. when auth is disabled, the UserAdmin role should be created.
 	if cr.CompareVersion("1.22.0") >= 0 {
 		users = append(users, api.RoleUserAdmin)
 	}

Original file line number	Diff line number	Diff line change
`@@ -647,7 +647,7 @@ func (r *ReconcilePerconaServerMongoDB) handleRsAddToShard(ctx context.Context,`
`647`	`647`	`}`
`648`	`648`
`649`	`649`	`// handleReplsetInit initializes the replset within the first running pod's mongod container.`
`650`		`-// This must be ran from within the running container to utilize the MongoDB Localhost Exception.`
	`650`	`+// This must be run from within the running container to utilize the MongoDB Localhost Exception.`
`651`	`651`	`//`
`652`	`652`	`// See: https://www.mongodb.com/docs/manual/core/localhost-exception/`
`653`	`653`	`func (r ReconcilePerconaServerMongoDB) handleReplsetInit(ctx context.Context, cr api.PerconaServerMongoDB, replset api.ReplsetSpec, pods []corev1.Pod) (corev1.Pod, *api.ReplsetMemberStatus, error) {`
`@@ -809,6 +809,12 @@ func getRoles(cr *api.PerconaServerMongoDB, role api.SystemUserRole) []mongo.Rol`
`809`	`809`	`{DB: "admin", Role: "directShardOperations"},`
`810`	`810`	`}`
`811`	`811`	`}`
	`812`	`+ case api.RoleUserAdmin:`
	`813`	`+ if cr.CompareVersion("1.22.0") >= 0 {`
	`814`	`+ roles = []mongo.Role{`
	`815`	`+ {DB: "admin", Role: "userAdminAnyDatabase"},`
	`816`	`+ }`
	`817`	`+ }`
`812`	`818`	`}`
`813`	`819`	`roles = append(roles, mongo.Role{DB: "admin", Role: string(role)})`
`814`	`820`	`return roles`
`@@ -1007,6 +1013,7 @@ func (r *ReconcilePerconaServerMongoDB) createOrUpdateSystemUsers(ctx context.Co`
`1007`	`1013`	`}`
`1008`	`1014`
`1009`	`1015`	`users := []api.SystemUserRole{api.RoleClusterAdmin, api.RoleClusterMonitor, api.RoleBackup, api.RoleDatabaseAdmin}`
	`1016`	`+ // When handleReplsetInit is not executed, e.g. when auth is disabled, the UserAdmin role should be created.`
`1010`	`1017`	`if cr.CompareVersion("1.22.0") >= 0 {`
`1011`	`1018`	`users = append(users, api.RoleUserAdmin)`
`1012`	`1019`	`}`