From 3af6592dfc8700cda3e391b5b1d2d121fc1a878e Mon Sep 17 00:00:00 2001
From: Vadim Aleksandrov <valeksandrov@me.com>
Date: Wed, 14 May 2025 18:07:38 +0300
Subject: [PATCH 1/2] Ignore X.509 users in scram secret collision validation

Signed-off-by: Vadim Aleksandrov <valeksandrov@me.com>
---
 .../controllers/validation/validation.go      | 22 ++++++++++---------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/mongodb-community-operator/controllers/validation/validation.go b/mongodb-community-operator/controllers/validation/validation.go
index 4d7fae049..a642169da 100644
--- a/mongodb-community-operator/controllers/validation/validation.go
+++ b/mongodb-community-operator/controllers/validation/validation.go
@@ -83,16 +83,18 @@ func validateUsers(mdb mdbv1.MongoDBCommunity) error {
 			connectionStringSecretNameMap[connectionStringSecretName] = user
 		}
 
-		// Ensure no collisions in the secret holding scram credentials
-		scramSecretName := user.ScramCredentialsSecretName
-		if previousUser, exists := scramSecretNameMap[scramSecretName]; exists {
-			scramSecretNameCollisions = append(scramSecretNameCollisions,
-				fmt.Sprintf(`[scram secret name: "%s" for user: "%s" and user: "%s"]`,
-					scramSecretName,
-					previousUser.Username,
-					user.Username))
-		} else {
-			scramSecretNameMap[scramSecretName] = user
+		if user.Database != constants.ExternalDB {
+			// Ensure no collisions in the secret holding scram credentials
+			scramSecretName := user.ScramCredentialsSecretName
+			if previousUser, exists := scramSecretNameMap[scramSecretName]; exists {
+				scramSecretNameCollisions = append(scramSecretNameCollisions,
+					fmt.Sprintf(`[scram secret name: "%s" for user: "%s" and user: "%s"]`,
+						scramSecretName,
+						previousUser.Username,
+						user.Username))
+			} else {
+				scramSecretNameMap[scramSecretName] = user
+			}
 		}
 
 		if user.Database == constants.ExternalDB {

From 301c8bd5e7f9c18294df6de0af41662915ca0a84 Mon Sep 17 00:00:00 2001
From: Vadim Aleksandrov <valeksandrov@me.com>
Date: Mon, 26 May 2025 18:43:27 +0300
Subject: [PATCH 2/2] Fix conditional based on a suggestion from the PR

Signed-off-by: Vadim Aleksandrov <valeksandrov@me.com>
---
 .../controllers/validation/validation.go                    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mongodb-community-operator/controllers/validation/validation.go b/mongodb-community-operator/controllers/validation/validation.go
index a642169da..635aa2417 100644
--- a/mongodb-community-operator/controllers/validation/validation.go
+++ b/mongodb-community-operator/controllers/validation/validation.go
@@ -83,9 +83,9 @@ func validateUsers(mdb mdbv1.MongoDBCommunity) error {
 			connectionStringSecretNameMap[connectionStringSecretName] = user
 		}
 
-		if user.Database != constants.ExternalDB {
-			// Ensure no collisions in the secret holding scram credentials
-			scramSecretName := user.ScramCredentialsSecretName
+		// Ensure no collisions in the secret holding scram credentials
+		scramSecretName := user.ScramCredentialsSecretName
+		if scramSecretName != "" {
 			if previousUser, exists := scramSecretNameMap[scramSecretName]; exists {
 				scramSecretNameCollisions = append(scramSecretNameCollisions,
 					fmt.Sprintf(`[scram secret name: "%s" for user: "%s" and user: "%s"]`,