mongodb · lucian-tosa · Jun 17, 2025 · Jun 16, 2025 · Jun 16, 2025 · Jun 16, 2025
@@ -113,7 +113,7 @@ function regenerate_public_rbac_multi_cluster() {
     if echo "$git_last_changed" | grep -q 'public/tools/multicluster'; then
       echo 'regenerating multicluster RBAC public example'
       pushd public/tools/multicluster
-      EXPORT_RBAC_SAMPLES="true" go test -run TestPrintingOutRolesServiceAccountsAndRoleBindings
+      EXPORT_RBAC_SAMPLES="true" go test ./... -run TestPrintingOutRolesServiceAccountsAndRoleBindings
       popd
       git add public/samples/multi-cluster-cli-gitops
     fi

@@ -261,10 +261,7 @@ def intermediate_issuer(cert_manager: str, issuer: str, namespace: str) -> str:
     This fixture creates an intermediate "Issuer" in the testing namespace
     """
     # Create the Certificate for the intermediate CA based on the issuer fixture
-    from kubetester.certs import (
-        Certificate,
-        Issuer,
-    )
+    from kubetester.certs import Certificate, Issuer
 
     intermediate_ca_cert = Certificate(namespace=namespace, name="intermediate-ca-issuer")
     intermediate_ca_cert["spec"] = {
@@ -1418,10 +1415,7 @@ def create_issuer(
         else:
             raise e
 
-    from kubetester.certs import (
-        ClusterIssuer,
-        Issuer,
-    )
+    from kubetester.certs import ClusterIssuer, Issuer
 
     # And then creates the Issuer
     if clusterwide:

@@ -3,10 +3,7 @@
 
 import kubernetes
 from kubetester.automation_config_tester import AutomationConfigTester
-from kubetester.certs import (
-    Certificate,
-    create_multi_cluster_x509_user_cert,
-)
+from kubetester.certs import Certificate, create_multi_cluster_x509_user_cert
 from kubetester.certs_mongodb_multi import (
     create_multi_cluster_mongodb_x509_tls_certs,
     create_multi_cluster_x509_agent_certs,

@@ -10,9 +10,7 @@
 from kubernetes import client
 from kubetester import create_or_update_configmap, create_or_update_service, try_load
 from kubetester.awss3client import AwsS3Client
-from kubetester.certs import (
-    create_ops_manager_tls_certs,
-)
+from kubetester.certs import create_ops_manager_tls_certs
 from kubetester.certs_mongodb_multi import create_multi_cluster_mongodb_tls_certs
 from kubetester.kubetester import KubernetesTester, ensure_ent_version
 from kubetester.kubetester import fixture as _fixture

@@ -1,11 +1,7 @@
 import kubernetes
 import pytest
 from kubeobject import CustomObject
-from kubetester import (
-    create_or_update_secret,
-    get_default_storage_class,
-    try_load,
-)
+from kubetester import create_or_update_secret, get_default_storage_class, try_load
 from kubetester.awss3client import AwsS3Client
 from kubetester.certs import create_sharded_cluster_certs
 from kubetester.kubetester import ensure_ent_version

@@ -1,11 +1,7 @@
 import kubernetes
 import pytest
 from kubeobject import CustomObject
-from kubetester import (
-    create_or_update_secret,
-    get_default_storage_class,
-    try_load,
-)
+from kubetester import create_or_update_secret, get_default_storage_class, try_load
 from kubetester.awss3client import AwsS3Client
 from kubetester.certs import create_sharded_cluster_certs
 from kubetester.kubetester import ensure_ent_version

@@ -20,10 +20,7 @@
 from pymongo import ReadPreference
 from pytest import fixture, mark
 from tests.common.cert.cert_issuer import create_appdb_certs
-from tests.conftest import (
-    assert_data_got_restored,
-    is_multi_cluster,
-)
+from tests.conftest import assert_data_got_restored, is_multi_cluster
 from tests.opsmanager.conftest import mino_operator_install, mino_tenant_install
 from tests.opsmanager.om_ops_manager_backup import S3_SECRET_NAME
 from tests.opsmanager.om_ops_manager_backup_tls_custom_ca import (

@@ -9,10 +9,7 @@
 from kubetester.phase import Phase
 from pytest import fixture, mark
 from tests.common.cert.cert_issuer import create_appdb_certs
-from tests.conftest import (
-    get_member_cluster_api_client,
-    is_multi_cluster,
-)
+from tests.conftest import get_member_cluster_api_client, is_multi_cluster
 from tests.opsmanager.om_ops_manager_backup import (
     BLOCKSTORE_RS_NAME,
     OPLOG_RS_NAME,

@@ -21,6 +21,18 @@ rules:
   - mongodb
   - mongodb/finalizers
   - mongodb/status
+  - mongodbsearch
+  - mongodbsearch/finalizers
+  - mongodbsearch/status
+  verbs:
+  - '*'
+- apiGroups:
+  - mongodbcommunity.mongodb.com
+  resources:
+  - mongodbcommunity
+  - mongodbcommunity/status
+  - mongodbcommunity/spec
+  - mongodbcommunity/finalizers
   verbs:
   - '*'
 - apiGroups:
@@ -49,6 +61,17 @@ rules:
   - delete
   - watch
   - deletecollection
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - watch
+  - patch
 - apiGroups:
   - ""
   resources:
@@ -57,6 +80,8 @@ rules:
   - get
   - list
   - watch
+  - delete
+  - deletecollection
 - apiGroups:
   - ""
   resources:
@@ -65,6 +90,34 @@ rules:
   - list
   - watch
 
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    multi-cluster: "true"
+  name: mongodb-kubernetes-operator-multi-cluster-role-telemetry
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - list
+- apiGroups:
+  - ""
+  resourceNames:
+  - kube-system
+  resources:
+  - namespaces
+  verbs:
+  - get
+- nonResourceURLs:
+  - /version
+  verbs:
+  - get
+
 ---
 # Central Cluster, cluster-scoped resources
 apiVersion: rbac.authorization.k8s.io/v1
@@ -80,20 +133,35 @@ roleRef:
   name: mongodb-kubernetes-operator-multi-cluster-role
 subjects:
 - kind: ServiceAccount
-  name: test-service-account
+  name: mongodb-kubernetes-operator-multicluster
+  namespace: central-namespace
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  creationTimestamp: null
+  labels:
+    multi-cluster: "true"
+  name: mongodb-kubernetes-operator-multi-telemetry-cluster-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: mongodb-kubernetes-operator-multi-cluster-role-telemetry
+subjects:
+- kind: ServiceAccount
+  name: mongodb-kubernetes-operator-multicluster
   namespace: central-namespace
 
 ---
 # Central Cluster, cluster-scoped resources
 apiVersion: v1
 kind: ServiceAccount
-imagePullSecrets:
-- name: image-registries-secret
 metadata:
   creationTimestamp: null
   labels:
     multi-cluster: "true"
-  name: test-service-account
+  name: mongodb-kubernetes-operator-multicluster
   namespace: central-namespace
 
 ---
@@ -33,6 +33,17 @@ rules:
   - delete
   - watch
   - deletecollection
+- apiGroups:
+  - ""
+  resources:
+  - persistentvolumeclaims
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - watch
+  - patch
 - apiGroups:
   - ""
   resources:
@@ -41,13 +52,61 @@ rules:
   - get
   - list
   - watch
+  - delete
+  - deletecollection
 - apiGroups:
   - ""
   resources:
   - namespaces
   verbs:
   - list
   - watch
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resourceNames:
+  - kube-system
+  resources:
+  - namespaces
+  verbs:
+  - get
+- nonResourceURLs:
+  - /version
+  verbs:
+  - get
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  creationTimestamp: null
+  labels:
+    multi-cluster: "true"
+  name: mongodb-kubernetes-operator-multi-cluster-role-telemetry
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - nodes
+  verbs:
+  - list
+- apiGroups:
+  - ""
+  resourceNames:
+  - kube-system
+  resources:
+  - namespaces
+  verbs:
+  - get
+- nonResourceURLs:
+  - /version
+  verbs:
+  - get
 
 ---
 # Member Cluster, cluster-scoped resources
@@ -64,28 +123,35 @@ roleRef:
   name: mongodb-kubernetes-operator-multi-cluster-role
 subjects:
 - kind: ServiceAccount
-  name: test-service-account
-  namespace: member-namespace
+  name: mongodb-kubernetes-operator-multicluster
+  namespace: central-namespace
 
 ---
-# Member Cluster, cluster-scoped resources
-apiVersion: v1
-kind: ServiceAccount
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
   creationTimestamp: null
   labels:
     multi-cluster: "true"
-  name: mongodb-enterprise-appdb
-  namespace: member-namespace
+  name: mongodb-kubernetes-operator-multi-telemetry-cluster-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: mongodb-kubernetes-operator-multi-cluster-role-telemetry
+subjects:
+- kind: ServiceAccount
+  name: mongodb-kubernetes-operator-multicluster
+  namespace: central-namespace
 
 ---
+# Member Cluster, cluster-scoped resources
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   creationTimestamp: null
   labels:
     multi-cluster: "true"
-  name: mongodb-enterprise-database-pods
+  name: mongodb-kubernetes-appdb
   namespace: member-namespace
 
 ---
@@ -95,19 +161,17 @@ metadata:
   creationTimestamp: null
   labels:
     multi-cluster: "true"
-  name: mongodb-enterprise-ops-manager
+  name: mongodb-kubernetes-database-pods
   namespace: member-namespace
 
 ---
 apiVersion: v1
 kind: ServiceAccount
-imagePullSecrets:
-- name: image-registries-secret
 metadata:
   creationTimestamp: null
   labels:
     multi-cluster: "true"
-  name: test-service-account
+  name: mongodb-kubernetes-ops-manager
   namespace: member-namespace
 
 ---