Cannot auto discover databases and collections: cannot list the collections & Checking authorization failed

1

We appear to be getting a few permissions related errors, seen else where that this could be related to metrics server related.

time=“2023-08-01T00:53:04Z” level=error msg=“cannot auto discover databases and collections: cannot list the collections for "avatar-store": cannot get the list of collections for discovery: (Unauthorized) not authorized on avatar-store to execute command { listCollections: 1, filter: {}, nameOnly: true, cursor: {}, lsid: { id: UUID("87045589-a8c0-4fd7-800f-3680a205feaa") }, $clusterTime: { clusterTime: Timestamp(1690851181, 2), signature: { hash: BinData(0, 3AEFD3A070F0C63D712A1CD4CF1AB119BAF0495D), keyId: 7235977075700531206 } }, $db: "avatar-store", $readPreference: { mode: "primaryPreferred" } }”

{“t”:{“$date”:“2023-08-01T00:53:04.387+00:00”},“s”:“I”, “c”:“ACCESS”, “id”:20436, “ctx”:“conn27024609”,“msg”:“Checking authorization failed”,“attr”:{“error”:{“code”:13,“codeName”:“Unauthorized”,“errmsg”:“not authorized on avatar-store to execute command { listCollections: 1, filter: {}, nameOnly: true, cursor: {}, lsid: { id: UUID("87045589-a8c0-4fd7-800f-3680a205feaa") }, $clusterTime: { clusterTime: Timestamp(1690851181, 2), signature: { hash: BinData(0, 3AEFD3A070F0C63D712A1CD4CF1AB119BAF0495D), keyId: 7235977075700531206 } }, $db: "avatar-store", $readPreference: { mode: "primaryPreferred" } }”}}}

psmdb-db.values.yaml

pmm:
  enabled: false
  image:
    repository: percona/pmm-client
    tag: 2.35.0
  serverHost: monitoring-service

replsets:
  - name: rs0
    size: 1
    sidecars:
    - image: percona/mongodb_exporter:0.36
      env:
      - name: EXPORTER_USER
        valueFrom:
          secretKeyRef:
            name: psmdb-db-secrets
            key: MONGODB_CLUSTER_MONITOR_USER
      - name: EXPORTER_PASS
        valueFrom:
          secretKeyRef:
            name: psmdb-db-secrets
            key: MONGODB_CLUSTER_MONITOR_PASSWORD
      - name: POD_IP
        valueFrom:
          fieldRef:
            fieldPath: status.podIP
      - name: MONGODB_URI
        value: "mongodb://$(EXPORTER_USER):$(EXPORTER_PASS)@$(POD_IP):27017"
      args: ["--discovering-mode", "--compatible-mode", "--collect-all", "--mongodb.uri=$(MONGODB_URI)"]
      name: metrics

Any fix or workaround for this? ( strangely it seems to only be affecting this one db and collection)

2

Hi @Kay_Khan ,

From the above error, it seems to be lack of privileges granted to MONGODB_CLUSTER_MONITOR_USER.
Kindly share the roles granted to this user. Also verify all the roles and privileges are granted as mentioned in the link.

Regards,
Parag

3

I believe this user is automatically created by the percona operator? We did not create this user or define its roles.

{
    "_id" : "admin.clusterMonitor",
    "userId" : UUID("d4f1e927-6838-4f2b-b7c6-6ad02431e319"),
    "user" : "clusterMonitor",
    "db" : "admin",
    "credentials" : {
        "SCRAM-SHA-1" : {
         ...
        },
        "SCRAM-SHA-256" : {
          ...
         }
    },
    "roles" : [
        {
            "role" : "explainRole",
            "db" : "admin"
        },
        {
            "role" : "read",
            "db" : "local"
        },
        {
            "role" : "clusterMonitor",
            "db" : "admin"
        }
    ]
}
4

Hi @Kay_Khan ,

For the above output, the user has lack of privileges. Kindly manually add the below mentioned roles to the above user and verify it.

db.getSiblingDB(“admin”).updateUser(“clusterMonitor”, {
roles: [
{ role: “explainRole”, db: “admin” },
{ role: “clusterMonitor”, db: “admin” },
{ role: “read”, db: “local” },
{ “db” : “admin”, “role” : “readWrite”, “collection”: “” },
{ “db” : “admin”, “role” : “backup” },
{ “db” : “admin”, “role” : “clusterMonitor” },
{ “db” : “admin”, “role” : “restore” },
{ “db” : “admin”, “role” : “pbmAnyAction” }
]
})

Post adding the necessary roles, if you still facing issue then do let us know.

Regards,
Parag