Ensure secrets on cluster update (#171)

vasilevp · antonlisovenko · web-flow · commit 85654e6bd31f · 2021-03-31T18:00:05.000+03:00
Co-authored-by: antonlisovenko &lt;anton.lisovenko@mongodb.com&gt;
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -174,7 +174,7 @@ jobs:
         go version
         go get github.com/onsi/ginkgo/ginkgo && \
         go get github.com/onsi/gomega/...
-        ginkgo --focus "${TEST_NAME}" -nodes=3 test/e2e/
+        ginkgo --focus "${TEST_NAME}" -v -nodes=3 test/e2e/
 
     - name: Upload operator logs
       if: ${{ failure() }}
diff --git a/pkg/api/v1/atlasdatabaseuser_types.go b/pkg/api/v1/atlasdatabaseuser_types.go
@@ -220,6 +220,7 @@ func (p *AtlasDatabaseUser) WithName(name string) *AtlasDatabaseUser {
 	p.Name = name
 	return p
 }
+
 func (p *AtlasDatabaseUser) WithAtlasUserName(name string) *AtlasDatabaseUser {
 	p.Spec.Username = name
 	return p
@@ -239,6 +240,7 @@ func (p *AtlasDatabaseUser) WithScope(scopeType ScopeType, name string) *AtlasDa
 	p.Spec.Scopes = append(p.Spec.Scopes, ScopeSpec{Name: name, Type: scopeType})
 	return p
 }
+
 func (p *AtlasDatabaseUser) ClearScopes() *AtlasDatabaseUser {
 	p.Spec.Scopes = make([]ScopeSpec, 0)
 	return p
diff --git a/pkg/api/v1/project/ipaccesslist.go.go b/pkg/api/v1/project/ipaccesslist.go.go
@@ -48,18 +48,22 @@ func (i IPAccessList) WithComment(comment string) IPAccessList {
 	i.Comment = comment
 	return i
 }
+
 func (i IPAccessList) WithIP(ip string) IPAccessList {
 	i.IPAddress = ip
 	return i
 }
+
 func (i IPAccessList) WithCIDR(cidr string) IPAccessList {
 	i.CIDRBlock = cidr
 	return i
 }
+
 func (i IPAccessList) WithAWSGroup(group string) IPAccessList {
 	i.AwsSecurityGroup = group
 	return i
 }
+
 func (i IPAccessList) WithDeleteAfterDate(date string) IPAccessList {
 	i.DeleteAfterDate = date
 	return i
diff --git a/pkg/api/v1/status/atlasdatabaseuser.go b/pkg/api/v1/status/atlasdatabaseuser.go
@@ -10,6 +10,7 @@ func AtlasDatabaseUserPasswordVersion(passwordVersion string) AtlasDatabaseUserS
 		s.PasswordVersion = passwordVersion
 	}
 }
+
 func AtlasDatabaseUserNameOption(name string) AtlasDatabaseUserStatusOption {
 	return func(s *AtlasDatabaseUserStatus) {
 		s.UserName = name
diff --git a/pkg/api/v1/status/atlasproject.go b/pkg/api/v1/status/atlasproject.go
@@ -12,6 +12,7 @@ func AtlasProjectIDOption(id string) AtlasProjectStatusOption {
 		s.ID = id
 	}
 }
+
 func AtlasProjectExpiredIPAccessOption(lists []project.IPAccessList) AtlasProjectStatusOption {
 	return func(s *AtlasProjectStatus) {
 		s.ExpiredIPAccessList = lists
diff --git a/pkg/api/v1/status/status.go b/pkg/api/v1/status/status.go
@@ -38,6 +38,7 @@ type Common struct {
 func (c Common) GetConditions() []Condition {
 	return c.Conditions
 }
+
 func (c Common) GetObservedGeneration() int64 {
 	return c.ObservedGeneration
 }
diff --git a/pkg/controller/atlascluster/atlascluster_controller.go b/pkg/controller/atlascluster/atlascluster_controller.go
@@ -58,8 +58,6 @@ type AtlasClusterReconciler struct {
 // +kubebuilder:rbac:groups=atlas.mongodb.com,namespace=default,resources=atlasclusters/status,verbs=get;update;patch
 
 func (r *AtlasClusterReconciler) Reconcile(context context.Context, req ctrl.Request) (ctrl.Result, error) {
-	// TODO use the context passed
-	_ = context
 	log := r.Log.With("atlascluster", req.NamespacedName)
 
 	cluster := &mdbv1.AtlasCluster{}
@@ -104,6 +102,11 @@ func (r *AtlasClusterReconciler) Reconcile(context context.Context, req ctrl.Req
 		return result.ReconcileResult(), nil
 	}
 
+	if csResult := ensureConnectionSecrets(ctx, r.Client, project, c); !csResult.IsOk() {
+		ctx.SetConditionFromResult(status.ClusterReadyType, csResult)
+		return csResult.ReconcileResult(), nil
+	}
+
 	ctx.
 		SetConditionTrue(status.ClusterReadyType).
 		EnsureStatusOption(status.AtlasClusterMongoDBVersionOption(c.MongoDBVersion)).
diff --git a/pkg/controller/atlascluster/cluster.go b/pkg/controller/atlascluster/cluster.go
@@ -9,10 +9,15 @@ import (
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"go.mongodb.org/atlas/mongodbatlas"
 	"go.uber.org/zap"
+	v1 "k8s.io/api/core/v1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	mdbv1 "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/status"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/connectionsecret"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/workflow"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/compat"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/stringutil"
 )
 
 func (r *AtlasClusterReconciler) ensureClusterState(ctx *workflow.Context, project *mdbv1.AtlasProject, cluster *mdbv1.AtlasCluster) (atlasCluster *mongodbatlas.Cluster, _ workflow.Result) {
@@ -152,3 +157,50 @@ func ClustersEqual(log *zap.SugaredLogger, clusterAtlas mongodbatlas.Cluster, cl
 
 	return d == ""
 }
+
+func ensureConnectionSecrets(ctx *workflow.Context, k8sClient client.Client, project *mdbv1.AtlasProject, cluster *mongodbatlas.Cluster) workflow.Result {
+	databaseUsers := mdbv1.AtlasDatabaseUserList{}
+	err := k8sClient.List(context.TODO(), &databaseUsers, client.InNamespace(project.Namespace))
+	if err != nil {
+		return workflow.Terminate(workflow.Internal, err.Error())
+	}
+
+	for _, dbUser := range databaseUsers.Items {
+		found := false
+		for _, c := range dbUser.Status.Conditions {
+			if c.Type == status.ReadyType && c.Status == v1.ConditionTrue {
+				found = true
+				break
+			}
+		}
+
+		if !found {
+			ctx.Log.Debugw("AtlasDatabaseUser not ready - not creating connection secret", "user.name", dbUser.Name)
+			continue
+		}
+
+		scopes := dbUser.GetScopes(mdbv1.ClusterScopeType)
+		if len(scopes) != 0 && !stringutil.Contains(scopes, cluster.Name) {
+			continue
+		}
+
+		password, err := dbUser.ReadPassword(k8sClient)
+		if err != nil {
+			return workflow.Terminate(workflow.ClusterConnectionSecretsNotCreated, err.Error())
+		}
+
+		data := connectionsecret.ConnectionData{
+			DBUserName: dbUser.Spec.Username,
+			ConnURL:    cluster.ConnectionStrings.Standard,
+			SrvConnURL: cluster.ConnectionStrings.StandardSrv,
+			Password:   password,
+		}
+
+		_, err = connectionsecret.Ensure(k8sClient, project.Namespace, project.Spec.Name, project.ID(), cluster.Name, data)
+		if err != nil {
+			return workflow.Terminate(workflow.ClusterConnectionSecretsNotCreated, err.Error())
+		}
+	}
+
+	return workflow.OK()
+}
diff --git a/pkg/controller/atlascluster/cluster_test.go b/pkg/controller/atlascluster/cluster_test.go
@@ -79,12 +79,15 @@ func TestClusterMatchesSpec(t *testing.T) {
 	t.Run("Clusters match when Atlas adds default ReplicationSpecs", func(t *testing.T) {
 		atlasCluster, err := mdbv1.DefaultAWSCluster("test-ns", "project-name").Spec.Cluster()
 		assert.NoError(t, err)
-		atlasCluster.ReplicationSpecs = []mongodbatlas.ReplicationSpec{{
-			ID:        "id",
-			NumShards: int64ptr(1),
-			ZoneName:  "zone1",
-			RegionsConfig: map[string]mongodbatlas.RegionsConfig{
-				"US_EAST": {AnalyticsNodes: int64ptr(0), ElectableNodes: int64ptr(3), Priority: int64ptr(7), ReadOnlyNodes: int64ptr(0)}}},
+		atlasCluster.ReplicationSpecs = []mongodbatlas.ReplicationSpec{
+			{
+				ID:        "id",
+				NumShards: int64ptr(1),
+				ZoneName:  "zone1",
+				RegionsConfig: map[string]mongodbatlas.RegionsConfig{
+					"US_EAST": {AnalyticsNodes: int64ptr(0), ElectableNodes: int64ptr(3), Priority: int64ptr(7), ReadOnlyNodes: int64ptr(0)},
+				},
+			},
 		}
 		operatorCluster := mdbv1.DefaultAWSCluster("test-ns", "project-name")
 		operatorCluster.Spec.ReplicationSpecs = []mdbv1.ReplicationSpec{{
@@ -101,12 +104,15 @@ func TestClusterMatchesSpec(t *testing.T) {
 	t.Run("Clusters don't match when Atlas adds default ReplicationSpecs and Operator overrides something", func(t *testing.T) {
 		atlasCluster, err := mdbv1.DefaultAWSCluster("test-ns", "project-name").Spec.Cluster()
 		assert.NoError(t, err)
-		atlasCluster.ReplicationSpecs = []mongodbatlas.ReplicationSpec{{
-			ID:        "id",
-			NumShards: int64ptr(1),
-			ZoneName:  "zone1",
-			RegionsConfig: map[string]mongodbatlas.RegionsConfig{
-				"US_EAST": {AnalyticsNodes: int64ptr(0), ElectableNodes: int64ptr(3), Priority: int64ptr(7), ReadOnlyNodes: int64ptr(0)}}},
+		atlasCluster.ReplicationSpecs = []mongodbatlas.ReplicationSpec{
+			{
+				ID:        "id",
+				NumShards: int64ptr(1),
+				ZoneName:  "zone1",
+				RegionsConfig: map[string]mongodbatlas.RegionsConfig{
+					"US_EAST": {AnalyticsNodes: int64ptr(0), ElectableNodes: int64ptr(3), Priority: int64ptr(7), ReadOnlyNodes: int64ptr(0)},
+				},
+			},
 		}
 		operatorCluster := mdbv1.DefaultAWSCluster("test-ns", "project-name")
 		operatorCluster.Spec.ReplicationSpecs = []mdbv1.ReplicationSpec{{
@@ -117,12 +123,15 @@ func TestClusterMatchesSpec(t *testing.T) {
 		merged, err := MergedCluster(*atlasCluster, operatorCluster.Spec)
 		assert.NoError(t, err)
 
-		expectedReplicationSpecs := []mongodbatlas.ReplicationSpec{{
-			ID:        "id",
-			NumShards: int64ptr(2),
-			ZoneName:  "zone5",
-			RegionsConfig: map[string]mongodbatlas.RegionsConfig{
-				"US_EAST": {AnalyticsNodes: int64ptr(0), ElectableNodes: int64ptr(3), Priority: int64ptr(7), ReadOnlyNodes: int64ptr(0)}}},
+		expectedReplicationSpecs := []mongodbatlas.ReplicationSpec{
+			{
+				ID:        "id",
+				NumShards: int64ptr(2),
+				ZoneName:  "zone5",
+				RegionsConfig: map[string]mongodbatlas.RegionsConfig{
+					"US_EAST": {AnalyticsNodes: int64ptr(0), ElectableNodes: int64ptr(3), Priority: int64ptr(7), ReadOnlyNodes: int64ptr(0)},
+				},
+			},
 		}
 		assert.Equal(t, expectedReplicationSpecs, merged.ReplicationSpecs)
 
@@ -167,6 +176,7 @@ func TestClusterMatchesSpec(t *testing.T) {
 		assert.False(t, equal)
 	})
 }
+
 func int64ptr(i int64) *int64 {
 	return &i
 }
diff --git a/pkg/controller/atlasdatabaseuser/connectionsecrets.go b/pkg/controller/atlasdatabaseuser/connectionsecrets.go
@@ -14,8 +14,7 @@ import (
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/stringutil"
 )
 
-// createOrUpdateConnectionSecrets
-func createOrUpdateConnectionSecrets(ctx *workflow.Context, k8sClient client.Client, project mdbv1.AtlasProject, dbUser mdbv1.AtlasDatabaseUser) workflow.Result {
+func CreateOrUpdateConnectionSecrets(ctx *workflow.Context, k8sClient client.Client, project mdbv1.AtlasProject, dbUser mdbv1.AtlasDatabaseUser) workflow.Result {
 	clusters, _, err := ctx.Client.Clusters.List(context.Background(), project.ID(), &mongodbatlas.ListOptions{})
 	if err != nil {
 		return workflow.Terminate(workflow.DatabaseUserConnectionSecretsNotCreated, err.Error())
diff --git a/pkg/controller/atlasdatabaseuser/databaseuser.go b/pkg/controller/atlasdatabaseuser/databaseuser.go
@@ -43,7 +43,7 @@ func (r *AtlasDatabaseUserReconciler) ensureDatabaseUser(ctx *workflow.Context,
 		return result
 	}
 
-	if result := createOrUpdateConnectionSecrets(ctx, r.Client, project, dbUser); !result.IsOk() {
+	if result := CreateOrUpdateConnectionSecrets(ctx, r.Client, project, dbUser); !result.IsOk() {
 		return result
 	}
 
@@ -131,6 +131,7 @@ func performUpdateInAtlas(ctx *workflow.Context, k8sClient client.Client, projec
 		// after the successful update we'll retry reconciliation so that clusters had a chance to start working
 		return retryAfterUpdate
 	}
+
 	return workflow.OK()
 }
 
diff --git a/pkg/controller/workflow/reason.go b/pkg/controller/workflow/reason.go
@@ -19,10 +19,11 @@ const (
 
 // Atlas Cluster reasons
 const (
-	ClusterNotCreatedInAtlas ConditionReason = "ClusterNotCreatedInAtlas"
-	ClusterNotUpdatedInAtlas ConditionReason = "ClusterNotUpdatedInAtlas"
-	ClusterCreating          ConditionReason = "ClusterCreating"
-	ClusterUpdating          ConditionReason = "ClusterUpdating"
+	ClusterNotCreatedInAtlas           ConditionReason = "ClusterNotCreatedInAtlas"
+	ClusterNotUpdatedInAtlas           ConditionReason = "ClusterNotUpdatedInAtlas"
+	ClusterCreating                    ConditionReason = "ClusterCreating"
+	ClusterUpdating                    ConditionReason = "ClusterUpdating"
+	ClusterConnectionSecretsNotCreated ConditionReason = "ClusterConnectionSecretsNotCreated"
 )
 
 // Atlas Database User reasons
diff --git a/pkg/util/kube/kube_test.go b/pkg/util/kube/kube_test.go
@@ -46,6 +46,7 @@ func TestNormalizeIdentifier(t *testing.T) {
 		}
 	})
 }
+
 func TestNormalizeLabelValue(t *testing.T) {
 	t.Run("Valid Label Value", func(t *testing.T) {
 		successCases := []string{
diff --git a/test/app/main.go b/test/app/main.go
@@ -117,7 +117,6 @@ func getMongoClient() (*mongo.Client, error) {
 
 func getMongoCollection(DbName string, CollectionName string) (*mongo.Collection, error) {
 	client, err := getMongoClient()
-
 	if err != nil {
 		return nil, err
 	}
diff --git a/test/e2e/cli/kube/kubectl.go b/test/e2e/cli/kube/kubectl.go
@@ -1,12 +1,11 @@
 package kube
 
 import (
+	"encoding/json"
 	"fmt"
 	"os"
 	"strings"
 
-	"encoding/json"
-
 	. "github.com/onsi/gomega"
 	. "github.com/onsi/gomega/gbytes"
 	"github.com/onsi/gomega/gexec"
diff --git a/test/e2e/configuration_test.go b/test/e2e/configuration_test.go
@@ -27,10 +27,9 @@ type testDataProvider struct {
 }
 
 var _ = Describe("[cluster-ns] Configuration namespaced. Deploy cluster", func() {
-
 	var data testDataProvider
 
-	var _ = AfterEach(func() {
+	_ = AfterEach(func() {
 		GinkgoWriter.Write([]byte("===============================================\n"))
 		GinkgoWriter.Write([]byte("Operator namespace: " + data.resources.Namespace + "\n"))
 		GinkgoWriter.Write([]byte("===============================================\n"))
@@ -47,7 +46,6 @@ var _ = Describe("[cluster-ns] Configuration namespaced. Deploy cluster", func()
 		} else {
 			Eventually(kube.DeleteNamespace(data.resources.Namespace)).Should(Say("deleted"), "Cant delete namespace after testing")
 		}
-
 	})
 
 	// TODO remove portGroup (nodePort for the app)
diff --git a/test/e2e/operator_type_wide_test.go b/test/e2e/operator_type_wide_test.go
@@ -15,11 +15,10 @@ import (
 )
 
 var _ = Describe("[cluster-wide] Users (Norton and Nimnul) can work with one Cluster wide operator", func() {
-
 	var NortonSpec, NimnulSpec model.UserInputs
 	commonClusterName := "megacluster"
 
-	var _ = BeforeEach(func() {
+	_ = BeforeEach(func() {
 		By("User Install CRD, cluster wide Operator", func() {
 			Eventually(kube.Apply(ConfigAll)).Should(
 				Say("customresourcedefinition.apiextensions.k8s.io/atlasclusters.atlas.mongodb.com"),
@@ -31,7 +30,7 @@ var _ = Describe("[cluster-wide] Users (Norton and Nimnul) can work with one Clu
 		})
 	})
 
-	var _ = AfterEach(func() {
+	_ = AfterEach(func() {
 		By("Delete clusters", func() {
 			if CurrentGinkgoTestDescription().Failed {
 				GinkgoWriter.Write([]byte("Resources wasn't clean"))
diff --git a/test/e2e/utils/utils.go b/test/e2e/utils/utils.go
@@ -2,10 +2,9 @@ package utils
 
 import (
 	"encoding/json"
-	"os"
-
 	"io/ioutil"
 	"log"
+	"os"
 	"path/filepath"
 
 	yaml "gopkg.in/yaml.v3"
diff --git a/test/int/cluster_test.go b/test/int/cluster_test.go
diff --git a/test/int/dbuser_test.go b/test/int/dbuser_test.go

Original file line number	Diff line number	Diff line change
`@@ -48,18 +48,22 @@ func (i IPAccessList) WithComment(comment string) IPAccessList {`
`48`	`48`	`i.Comment = comment`
`49`	`49`	`return i`
`50`	`50`	`}`
	`51`	`+`
`51`	`52`	`func (i IPAccessList) WithIP(ip string) IPAccessList {`
`52`	`53`	`i.IPAddress = ip`
`53`	`54`	`return i`
`54`	`55`	`}`
	`56`	`+`
`55`	`57`	`func (i IPAccessList) WithCIDR(cidr string) IPAccessList {`
`56`	`58`	`i.CIDRBlock = cidr`
`57`	`59`	`return i`
`58`	`60`	`}`
	`61`	`+`
`59`	`62`	`func (i IPAccessList) WithAWSGroup(group string) IPAccessList {`
`60`	`63`	`i.AwsSecurityGroup = group`
`61`	`64`	`return i`
`62`	`65`	`}`
	`66`	`+`
`63`	`67`	`func (i IPAccessList) WithDeleteAfterDate(date string) IPAccessList {`
`64`	`68`	`i.DeleteAfterDate = date`
`65`	`69`	`return i`
Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ func AtlasDatabaseUserPasswordVersion(passwordVersion string) AtlasDatabaseUserS`
`10`	`10`	`s.PasswordVersion = passwordVersion`
`11`	`11`	`}`
`12`	`12`	`}`
	`13`	`+`
`13`	`14`	`func AtlasDatabaseUserNameOption(name string) AtlasDatabaseUserStatusOption {`
`14`	`15`	`return func(s *AtlasDatabaseUserStatus) {`
`15`	`16`	`s.UserName = name`
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@ func AtlasProjectIDOption(id string) AtlasProjectStatusOption {`
`12`	`12`	`s.ID = id`
`13`	`13`	`}`
`14`	`14`	`}`
	`15`	`+`
`15`	`16`	`func AtlasProjectExpiredIPAccessOption(lists []project.IPAccessList) AtlasProjectStatusOption {`
`16`	`17`	`return func(s *AtlasProjectStatus) {`
`17`	`18`	`s.ExpiredIPAccessList = lists`
Original file line number	Diff line number	Diff line change
`@@ -38,6 +38,7 @@ type Common struct {`
`38`	`38`	`func (c Common) GetConditions() []Condition {`
`39`	`39`	`return c.Conditions`
`40`	`40`	`}`
	`41`	`+`
`41`	`42`	`func (c Common) GetObservedGeneration() int64 {`
`42`	`43`	`return c.ObservedGeneration`
`43`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -14,8 +14,7 @@ import (`
`14`	`14`	`"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/stringutil"`
`15`	`15`	`)`
`16`	`16`
`17`		`-// createOrUpdateConnectionSecrets`
`18`		`-func createOrUpdateConnectionSecrets(ctx *workflow.Context, k8sClient client.Client, project mdbv1.AtlasProject, dbUser mdbv1.AtlasDatabaseUser) workflow.Result {`
	`17`	`+func CreateOrUpdateConnectionSecrets(ctx *workflow.Context, k8sClient client.Client, project mdbv1.AtlasProject, dbUser mdbv1.AtlasDatabaseUser) workflow.Result {`
`19`	`18`	`clusters, _, err := ctx.Client.Clusters.List(context.Background(), project.ID(), &mongodbatlas.ListOptions{})`
`20`	`19`	`if err != nil {`
`21`	`20`	`return workflow.Terminate(workflow.DatabaseUserConnectionSecretsNotCreated, err.Error())`