MongoDB exporter on arbiters shows authorization failures after monitoring ACL fix #1226
Description
Summary
After applying least-privilege monitoring permissions for the monitor user, primaries/secondaries and config servers stopped logging authorization errors.
Arbiters still emit repeated authorization failures for system and diagnostic reads when polled by the MongoDB exporter.
Representative log entries and mongodb.log file:
{"t":{"$date":"2026-01-15T11:52:19.901+00:00"},"s":"I","c":"ACCESS","id":10483900,"svc":"S","ctx":"conn3691","msg":"Connection not authenticating","attr":{"client":"127.0.0.1:56900","doc":{"application":{"name":"mongodb_exporter"},"driver":{"name":"mongo-go-driver","version":"1.17.3"},"os":{"type":"linux","architecture":"amd64"},"platform":"go1.23.7"}}}
{"t":{"$date":"2026-01-15T11:52:19.904+00:00"},"s":"I","c":"ACCESS","id":20436,"svc":"S","ctx":"conn3691","msg":"Checking authorization failed","attr":{"error":{"code":13,"codeName":"Unauthorized","errmsg":"not authorized on admin to execute command { replSetGetConfig: 1, ... }"}}}
{"t":{"$date":"2026-01-15T11:52:19.904+00:00"},"s":"I","c":"ACCESS","id":20436,"svc":"S","ctx":"conn3691","msg":"Checking authorization failed","attr":{"error":{"code":13,"codeName":"Unauthorized","errmsg":"not authorized on config to execute command { find: "version", ... }"}}}
{"t":{"$date":"2026-01-15T11:52:19.905+00:00"},"s":"I","c":"ACCESS","id":20436,"svc":"S","ctx":"conn3691","msg":"Checking authorization failed","attr":{"error":{"code":13,"codeName":"Unauthorized","errmsg":"not authorized on admin to execute command { find: "system.version", filter: { _id: "shardIdentity" }, ... }"}}}
{"t":{"$date":"2026-01-15T11:52:19.908+00:00"},"s":"I","c":"ACCESS","id":20436,"svc":"S","ctx":"conn3691","msg":"Checking authorization failed","attr":{"error":{"code":13,"codeName":"Unauthorized","errmsg":"not authorized on admin to execute command { getDiagnosticData: "1", ... }"}}}
Expected behavior
Gracefully avoid privileged commands on arbiters to prevent noisy logs.