Fix connection secret creation (#774)

Author: Sugar-pack

pkg/controller/atlasdatabaseuser/atlasdatabaseuser_controller.go

@@ -22,8 +22,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/validate"
-
 	"go.mongodb.org/atlas/mongodbatlas"
 	"go.uber.org/zap"
 	corev1 "k8s.io/api/core/v1"
@@ -39,8 +37,10 @@ import (
 	mdbv1 "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/status"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/atlas"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/connectionsecret"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/customresource"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/statushandler"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/validate"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/watch"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/kube"
@@ -182,7 +182,7 @@ func (r AtlasDatabaseUserReconciler) Delete(e event.DeleteEvent) error {
 	}
 
 	// We ignore the error as it will be printed by the function
-	_ = removeStaleSecretsByUserName(r.Client, project.ID(), dbUser.Spec.Username, *dbUser, log)
+	_ = connectionsecret.RemoveStaleSecretsByUserName(r.Client, project.ID(), dbUser.Spec.Username, *dbUser, log)
 
 	return nil
 }

pkg/controller/atlasdatabaseuser/databaseuser.go

@@ -6,8 +6,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/atlasdeployment"
-
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"go.mongodb.org/atlas/mongodbatlas"
@@ -18,6 +16,8 @@ import (
 	mdbv1 "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/status"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/atlas"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/atlasdeployment"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/connectionsecret"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/compat"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/timeutil"
@@ -45,7 +45,7 @@ func (r *AtlasDatabaseUserReconciler) ensureDatabaseUser(ctx *workflow.Context,
 		return result
 	}
 
-	if result := CreateOrUpdateConnectionSecrets(ctx, r.Client, r.EventRecorder, project, dbUser); !result.IsOk() {
+	if result := connectionsecret.CreateOrUpdateConnectionSecrets(ctx, r.Client, r.EventRecorder, project, dbUser); !result.IsOk() {
 		return result
 	}
 
@@ -89,7 +89,7 @@ func checkUserExpired(log *zap.SugaredLogger, k8sClient client.Client, projectID
 		return workflow.Terminate(workflow.DatabaseUserInvalidSpec, err.Error()).WithoutRetry()
 	}
 	if deleteAfter.Before(time.Now()) {
-		if err = removeStaleSecretsByUserName(k8sClient, projectID, dbUser.Spec.Username, dbUser, log); err != nil {
+		if err = connectionsecret.RemoveStaleSecretsByUserName(k8sClient, projectID, dbUser.Spec.Username, dbUser, log); err != nil {
 			return workflow.Terminate(workflow.Internal, err.Error())
 		}
 		return workflow.Terminate(workflow.DatabaseUserExpired, "The database user is expired and has been removed from Atlas").WithoutRetry()

pkg/controller/atlasdeployment/deployment.go

@@ -245,6 +245,9 @@ func (r *AtlasDeploymentReconciler) ensureConnectionSecrets(ctx *workflow.Contex
 			SrvConnURL: connectionStrings.StandardSrv,
 			Password:   password,
 		}
+		connectionsecret.FillPrivateConnStrings(connectionStrings, &data)
+
+		ctx.Log.Debugw("Creating a connection Secret", "data", data)
 
 		secretName, err := connectionsecret.Ensure(r.Client, project.Namespace, project.Spec.Name, project.ID(), name, data)
 		if err != nil {

pkg/controller/atlasdatabaseuser/connectionsecrets.go renamed to pkg/controller/connectionsecret/connectionsecrets.go

@@ -1,4 +1,4 @@
-package atlasdatabaseuser
+package connectionsecret
 
 import (
 	"context"
@@ -10,7 +10,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	mdbv1 "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1"
-	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/connectionsecret"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/kube"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/stringutil"
@@ -91,16 +90,16 @@ func createOrUpdateConnectionSecretsFromDeploymentSecrets(ctx *workflow.Context,
 		if err != nil {
 			return workflow.Terminate(workflow.DatabaseUserConnectionSecretsNotCreated, err.Error())
 		}
-		data := connectionsecret.ConnectionData{
+		data := ConnectionData{
 			DBUserName: dbUser.Spec.Username,
 			Password:   password,
 			ConnURL:    ds.connectionStrings.Standard,
 			SrvConnURL: ds.connectionStrings.StandardSrv,
 		}
-		fillPrivateConnStrings(ds.connectionStrings, &data)
+		FillPrivateConnStrings(ds.connectionStrings, &data)
 
 		var secretName string
-		if secretName, err = connectionsecret.Ensure(k8sClient, dbUser.Namespace, project.Spec.Name, project.ID(), ds.name, data); err != nil {
+		if secretName, err = Ensure(k8sClient, dbUser.Namespace, project.Spec.Name, project.ID(), ds.name, data); err != nil {
 			return workflow.Terminate(workflow.DatabaseUserConnectionSecretsNotCreated, err.Error())
 		}
 		secrets = append(secrets, secretName)
@@ -128,7 +127,7 @@ func cleanupStaleSecrets(ctx *workflow.Context, k8sClient client.Client, project
 	// Performing the cleanup of old secrets only if the username has changed
 	if user.Status.UserName != user.Spec.Username {
 		// Note, that we pass the username from the status, not from the spec
-		return removeStaleSecretsByUserName(k8sClient, projectID, user.Status.UserName, user, ctx.Log)
+		return RemoveStaleSecretsByUserName(k8sClient, projectID, user.Status.UserName, user, ctx.Log)
 	}
 	return nil
 }
@@ -139,12 +138,12 @@ func removeStaleByScope(ctx *workflow.Context, k8sClient client.Client, projectI
 	if len(scopes) == 0 {
 		return nil
 	}
-	secrets, err := connectionsecret.ListByUserName(k8sClient, user.Namespace, projectID, user.Spec.Username)
+	secrets, err := ListByUserName(k8sClient, user.Namespace, projectID, user.Spec.Username)
 	if err != nil {
 		return err
 	}
 	for i, s := range secrets {
-		deployment, ok := s.Labels[connectionsecret.ClusterLabelKey]
+		deployment, ok := s.Labels[ClusterLabelKey]
 		if !ok {
 			continue
 		}
@@ -158,9 +157,9 @@ func removeStaleByScope(ctx *workflow.Context, k8sClient client.Client, projectI
 	return nil
 }
 
-// removeStaleSecretsByUserName removes the stale secrets when the database user name changes (as it's used as a part of Secret name)
-func removeStaleSecretsByUserName(k8sClient client.Client, projectID, userName string, user mdbv1.AtlasDatabaseUser, log *zap.SugaredLogger) error {
-	secrets, err := connectionsecret.ListByUserName(k8sClient, user.Namespace, projectID, userName)
+// RemoveStaleSecretsByUserName removes the stale secrets when the database user name changes (as it's used as a part of Secret name)
+func RemoveStaleSecretsByUserName(k8sClient client.Client, projectID, userName string, user mdbv1.AtlasDatabaseUser, log *zap.SugaredLogger) error {
+	secrets, err := ListByUserName(k8sClient, user.Namespace, projectID, userName)
 	if err != nil {
 		return err
 	}
@@ -181,7 +180,7 @@ func removeStaleSecretsByUserName(k8sClient client.Client, projectID, userName s
 	return lastError
 }
 
-func fillPrivateConnStrings(connStrings *mongodbatlas.ConnectionStrings, data *connectionsecret.ConnectionData) {
+func FillPrivateConnStrings(connStrings *mongodbatlas.ConnectionStrings, data *ConnectionData) {
 	if connStrings.Private != "" {
 		data.PvtConnURL = connStrings.Private
 		data.PvtSrvConnURL = connStrings.PrivateSrv

test/int/dbuser_test.go

@@ -13,22 +13,18 @@ import (
 	. "github.com/onsi/gomega"
 	"go.mongodb.org/atlas/mongodbatlas"
 	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/mongo"
 	"go.mongodb.org/mongo-driver/mongo/options"
 	corev1 "k8s.io/api/core/v1"
 	apiErrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/atlasdatabaseuser"
-
-	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/customresource"
-
-	"go.mongodb.org/mongo-driver/mongo"
-
 	mdbv1 "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/project"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/status"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/connectionsecret"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/customresource"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/kube"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/testutil"
@@ -427,7 +423,7 @@ var _ = Describe("AtlasDatabaseUser", Label("int", "AtlasDatabaseUser"), func()
 				s1 := validateSecret(k8sClient, *createdProject, *createdDeploymentAWS, *createdDBUser)
 				s2 := validateSecret(k8sClient, *createdProject, *createdDeploymentAzure, *createdDBUser)
 
-				testutil.EventExists(k8sClient, createdDBUser, "Normal", atlasdatabaseuser.ConnectionSecretsEnsuredEvent,
+				testutil.EventExists(k8sClient, createdDBUser, "Normal", connectionsecret.ConnectionSecretsEnsuredEvent,
 					fmt.Sprintf("Connection Secrets were created/updated: (%s|%s|, ){3}", s1.Name, s2.Name))
 			})
 			By("Changing the db user name - two stale secret are expected to be removed, two added instead", func() {