[K8SPSMDB-624] Operator does not grant expected permission to user MONGODB_CLUSTER_MONITOR_USER - Percona JIRA

XML

Word

Printable

Details

Type: Bug
Status: Done
Priority: Medium
Resolution: Fixed
Affects Version/s: 1.10.0
Fix Version/s: 1.12.0
Component/s: None
Labels:
None

Needs QA:
Yes
Needs Deploy:
Yes

Description

Helm charts psmdb-operator-1.10.0 psmdb-db-1.10.1 : could you please align permissions to avoid manual patch on MongoDB databe ? Thanks

Here are the permission roles granted by the Helm charts:

{        "_id" : "admin.clusterMonitor",        "userId" : UUID("1b581b8e-cf06-4c44-b42a-f69ad6bee93f"),        "user" : "clusterMonitor",        "db" : "admin",        "roles" : [                {                        "role" : "clusterMonitor",                        "db" : "admin"                }        ],        "mechanisms" : [                "SCRAM-SHA-1",                "SCRAM-SHA-256"        ]}

Here are the expected permission roles as per Jira case and updated PMM documentation :

db.getSiblingDB("admin").createRole({
    role: "explainRole",
    privileges: [{
        resource: {
            db: "",
            collection: ""
            },
        actions: [
            "listIndexes",
            "listCollections",
            "dbStats",
            "dbHash",
            "collStats",
            "find"
            ]
        }],
    roles:[]
})

db.getSiblingDB("admin").createUser({
   user: "pmm_mongodb",
   pwd: "password",
   roles: [
      { role: "explainRole", db: "admin" },
      { role: "clusterMonitor", db: "admin" },
      { role: "read", db: "local" }
   ]
}
)

Attachments

Issue Links

relates to

K8SPSMDB-670 clusterMonitor user roles are not updated on upgrade

Done

Activity

People

Assignee:: Andrii Dema

Reporter:: Richard CARRE

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 13/Jan/22 10:32 AM

Updated:: 05/May/22 3:51 PM

Resolved:: 05/May/22 3:51 PM