From a9a63e36bc322bee613bf0bb9377890d6172d702 Mon Sep 17 00:00:00 2001
From: Vadim Aleksandrov <valeksandrov@me.com>
Date: Wed, 16 Apr 2025 13:14:20 +0300
Subject: [PATCH] Ignore X.509 users in scram secret collision validation

Signed-off-by: Vadim Aleksandrov <valeksandrov@me.com>
---
 controllers/validation/validation.go | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/controllers/validation/validation.go b/controllers/validation/validation.go
index 3d84cc1c0..1b9f2f32f 100644
--- a/controllers/validation/validation.go
+++ b/controllers/validation/validation.go
@@ -83,16 +83,18 @@ func validateUsers(mdb mdbv1.MongoDBCommunity) error {
 			connectionStringSecretNameMap[connectionStringSecretName] = user
 		}
 
-		// Ensure no collisions in the secret holding scram credentials
-		scramSecretName := user.ScramCredentialsSecretName
-		if previousUser, exists := scramSecretNameMap[scramSecretName]; exists {
-			scramSecretNameCollisions = append(scramSecretNameCollisions,
-				fmt.Sprintf(`[scram secret name: "%s" for user: "%s" and user: "%s"]`,
-					scramSecretName,
-					previousUser.Username,
-					user.Username))
-		} else {
-			scramSecretNameMap[scramSecretName] = user
+		if user.Database != constants.ExternalDB {
+			// Ensure no collisions in the secret holding scram credentials
+			scramSecretName := user.ScramCredentialsSecretName
+			if previousUser, exists := scramSecretNameMap[scramSecretName]; exists {
+				scramSecretNameCollisions = append(scramSecretNameCollisions,
+					fmt.Sprintf(`[scram secret name: "%s" for user: "%s" and user: "%s"]`,
+						scramSecretName,
+						previousUser.Username,
+						user.Username))
+			} else {
+				scramSecretNameMap[scramSecretName] = user
+			}
 		}
 
 		if user.Database == constants.ExternalDB {