CLOUDP-84457: fix for global secret (#164)

Author: Anton

config/manager/manager.yaml

@@ -55,7 +55,7 @@ spec:
             cpu: 100m
             memory: 20Mi
         env:
-          - name: OPERATOR_NAME
+          - name: OPERATOR_POD_NAME
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name

main.go

@@ -37,6 +37,7 @@ import (
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/atlasdatabaseuser"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/atlasproject"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/watch"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/kube"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -76,14 +77,14 @@ func main() {
 		os.Exit(1)
 	}
 
-	operatorPod := operatorPodObjectKey()
+	operatorPod := operatorDeploymentObjectKey()
 
 	if err = (&atlascluster.AtlasClusterReconciler{
-		Client:      mgr.GetClient(),
-		Log:         logger.Named("controllers").Named("AtlasCluster").Sugar(),
-		Scheme:      mgr.GetScheme(),
-		AtlasDomain: config.AtlasDomain,
-		OperatorPod: operatorPod,
+		Client:                 mgr.GetClient(),
+		Log:                    logger.Named("controllers").Named("AtlasCluster").Sugar(),
+		Scheme:                 mgr.GetScheme(),
+		AtlasDomain:            config.AtlasDomain,
+		OperatorDeploymentName: operatorPod,
 	}).SetupWithManager(mgr); err != nil {
 		setupLog.Error(err, "unable to create controller", "controller", "AtlasCluster")
 		os.Exit(1)
@@ -159,15 +160,18 @@ func parseConfiguration(log *zap.SugaredLogger) Config {
 	return config
 }
 
-func operatorPodObjectKey() client.ObjectKey {
-	operatorName := os.Getenv("OPERATOR_NAME")
-	if operatorName == "" {
-		log.Fatal(`"OPERATOR_NAME" environment variable must be set!`)
+func operatorDeploymentObjectKey() client.ObjectKey {
+	operatorPodName := os.Getenv("OPERATOR_POD_NAME")
+	if operatorPodName == "" {
+		log.Fatal(`"OPERATOR_POD_NAME" environment variable must be set!`)
 	}
 	operatorNamespace := os.Getenv("OPERATOR_NAMESPACE")
 	if operatorNamespace == "" {
 		log.Fatal(`"OPERATOR_NAMESPACE" environment variable must be set!`)
 	}
-
-	return client.ObjectKey{Namespace: operatorNamespace, Name: operatorName}
+	deploymentName, err := kube.ParseDeploymentNameFromPodName(operatorPodName)
+	if err != nil {
+		log.Fatalf(`Failed to get Operator Deployment name from "OPERATOR_POD_NAME" environment variable: %s`, err.Error())
+	}
+	return client.ObjectKey{Namespace: operatorNamespace, Name: deploymentName}
 }

pkg/controller/atlas/connection.go

@@ -26,15 +26,16 @@ type Connection struct {
 
 // ReadConnection reads Atlas API connection parameters from AtlasProject Secret or from the default Operator one if the
 // former is not specified
-func ReadConnection(log *zap.SugaredLogger, kubeClient client.Client, operatorPodObjectKey client.ObjectKey, projectOverrideSecretRef *client.ObjectKey) (Connection, error) {
+func ReadConnection(log *zap.SugaredLogger, kubeClient client.Client, operatorDeployment client.ObjectKey, projectOverrideSecretRef *client.ObjectKey) (Connection, error) {
 	if projectOverrideSecretRef != nil {
 		// TODO is it possible that part of connection (like orgID is still in the Operator level secret and needs to get merged?)
 		log.Infof("Reading Atlas API credentials from the AtlasProject Secret %s", projectOverrideSecretRef)
 		return readAtlasConnectionFromSecret(kubeClient, *projectOverrideSecretRef)
 	}
 
-	log.Debug("AtlasProject connection Secret is not specified - using the Operator one")
-	return readAtlasConnectionFromSecret(kubeClient, kube.ObjectKey(operatorPodObjectKey.Namespace, operatorPodObjectKey.Name+"-api-key"))
+	operatorAPISecret := kube.ObjectKey(operatorDeployment.Namespace, operatorDeployment.Name+"-api-key")
+	log.Debugf("AtlasProject connection Secret is not specified - using the Operator one: %v", operatorAPISecret)
+	return readAtlasConnectionFromSecret(kubeClient, operatorAPISecret)
 }
 
 func readAtlasConnectionFromSecret(kubeClient client.Client, secretRef client.ObjectKey) (Connection, error) {

pkg/controller/atlascluster/atlascluster_controller.go

@@ -43,11 +43,11 @@ import (
 
 // AtlasClusterReconciler reconciles an AtlasCluster object
 type AtlasClusterReconciler struct {
-	Client      client.Client
-	Log         *zap.SugaredLogger
-	Scheme      *runtime.Scheme
-	AtlasDomain string
-	OperatorPod client.ObjectKey
+	Client                 client.Client
+	Log                    *zap.SugaredLogger
+	Scheme                 *runtime.Scheme
+	AtlasDomain            string
+	OperatorDeploymentName client.ObjectKey
 }
 
 // +kubebuilder:rbac:groups=atlas.mongodb.com,resources=atlasclusters,verbs=get;list;watch;create;update;patch;delete
@@ -77,7 +77,7 @@ func (r *AtlasClusterReconciler) Reconcile(context context.Context, req ctrl.Req
 		return result.ReconcileResult(), nil
 	}
 
-	connection, err := atlas.ReadConnection(log, r.Client, r.OperatorPod, project.ConnectionSecretObjectKey())
+	connection, err := atlas.ReadConnection(log, r.Client, r.OperatorDeploymentName, project.ConnectionSecretObjectKey())
 	if err != nil {
 		result := workflow.Terminate(workflow.AtlasCredentialsNotProvided, err.Error())
 		ctx.SetConditionFromResult(status.ClusterReadyType, result)
@@ -154,7 +154,7 @@ func (r *AtlasClusterReconciler) Delete(e event.DeleteEvent) error {
 
 	log = log.With("projectID", project.Status.ID, "clusterName", cluster.Spec.Name)
 
-	connection, err := atlas.ReadConnection(log, r.Client, r.OperatorPod, project.ConnectionSecretObjectKey())
+	connection, err := atlas.ReadConnection(log, r.Client, r.OperatorDeploymentName, project.ConnectionSecretObjectKey())
 	if err != nil {
 		return err
 	}

pkg/util/kube/kube.go

@@ -1,6 +1,7 @@
 package kube
 
 import (
+	"fmt"
 	"regexp"
 	"strings"
 
@@ -46,6 +47,20 @@ func NormalizeLabelValue(name string) string {
 	return normalize(name, 63, nonLabelRegexp)
 }
 
+// ParseDeploymentNameFromPodName returns the name of Deployment by Pod Name. The Pods for Deployments have two hashes
+// parts as the first one is generated for the ReplicaSet resource created and the second - for the Pod itself.
+// Example:
+// - Deployment: "prometheus-adapter"
+// - ReplicaSet: "prometheus-adapter-65c6cb864f"
+// - Pod: "prometheus-adapter-797f946f88-97f2q"
+func ParseDeploymentNameFromPodName(podName string) (string, error) {
+	parts := strings.Split(podName, "-")
+	if len(parts) <= 2 {
+		return "", fmt.Errorf(`the Pod name must follow the format "<deployment_name>-797f946f88-97f2q" but got %s`, podName)
+	}
+	return strings.Join(parts[0:len(parts)-2], "-"), nil
+}
+
 // Dev note: the algorithm tries to replace the invalid characters with '-' (or simply omit it replacing is not possible)
 // Note, that this algorithm is not ideal - e.g. it won't fix the following: "a.#b" ("a._b" is still not a valid output - as
 // nonalphanumeric symbols cannot go together) though this doesn't intend to work in ALL the cases but in the MAJORITY instead

pkg/util/kube/kube_test.go

@@ -81,3 +81,29 @@ func TestNormalizeLabelValue(t *testing.T) {
 		}
 	})
 }
+
+func TestParseDeploymentNameFromPodName(t *testing.T) {
+	testCases := []struct {
+		in  string
+		out string
+	}{
+		{in: "prometheus-adapter-797f946f88-97f2q", out: "prometheus-adapter"},
+		{in: "cluster-monitoring-operator-686555c948-z2xrh", out: "cluster-monitoring-operator"},
+		{in: "mongodb-atlas-operator-cd75dc789-tdhvp", out: "mongodb-atlas-operator"},
+		{in: "somenondashed-cd75dc789-tdhvp", out: "somenondashed"},
+		{in: "notadeploymentpod-cd75dc789", out: ""},
+		{in: "notadeploymentpod", out: ""},
+		{in: "notadeploymentpod_cd75dc789", out: ""},
+		{in: "notadeploymentpod.cd75dc789", out: ""},
+	}
+	for _, tc := range testCases {
+		out, err := ParseDeploymentNameFromPodName(tc.in)
+		if tc.out != "" {
+			assert.Equal(t, tc.out, out, "in: %q, out: %q, (expected %q)", tc.in, out, tc.out)
+			assert.Nil(t, err)
+		}
+		if tc.out == "" {
+			assert.Error(t, err)
+		}
+	}
+}

test/int/integration_suite_test.go

@@ -189,10 +189,10 @@ func prepareControllers() {
 	Expect(err).ToNot(HaveOccurred())
 
 	err = (&atlascluster.AtlasClusterReconciler{
-		Client:      k8sManager.GetClient(),
-		Log:         logger.Named("controllers").Named("AtlasCluster").Sugar(),
-		AtlasDomain: "https://cloud-qa.mongodb.com",
-		OperatorPod: kube.ObjectKey(namespace.Name, "atlas-operator"),
+		Client:                 k8sManager.GetClient(),
+		Log:                    logger.Named("controllers").Named("AtlasCluster").Sugar(),
+		AtlasDomain:            "https://cloud-qa.mongodb.com",
+		OperatorDeploymentName: kube.ObjectKey(namespace.Name, "atlas-operator"),
 	}).SetupWithManager(k8sManager)
 	Expect(err).ToNot(HaveOccurred())