CLOUDP-66799: Configure SCRAM users (#99)

Author: chatton

deploy/crds/mongodb.com_mongodb_crd.yaml

@@ -53,6 +53,19 @@ spec:
               description: Security configures security features, such as TLS, and
                 authentication settings for a deployment
               properties:
+                authentication:
+                  properties:
+                    modes:
+                      description: Modes is an array specifying which authentication
+                        methods should be enabled
+                      items:
+                        enum:
+                        - SCRAM
+                        type: string
+                      type: array
+                  required:
+                  - modes
+                  type: object
                 tls:
                   description: TLS configuration for both client-server and server-server
                     communication
@@ -101,11 +114,61 @@ spec:
               enum:
               - ReplicaSet
               type: string
+            users:
+              description: Users specifies the MongoDB users that should be configured
+                in your deployment
+              items:
+                properties:
+                  db:
+                    description: DB is the database the user is stored in. Defaults
+                      to "admin"
+                    type: string
+                  name:
+                    description: Name is the username of the user
+                    type: string
+                  passwordSecretRef:
+                    description: PasswordSecretRef is a reference to the secret containing
+                      this user's password
+                    properties:
+                      key:
+                        description: Key is the key in the secret storing this password.
+                          Defaults to "password"
+                        type: string
+                      name:
+                        description: Name is the name of the secret storing this user's
+                          password
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  roles:
+                    description: Roles is an array of roles assigned to this user
+                    items:
+                      description: Role is the database role this user should have
+                      properties:
+                        db:
+                          description: DB is the database the role can act on
+                          type: string
+                        name:
+                          description: Name is the name of the role
+                          type: string
+                      required:
+                      - db
+                      - name
+                      type: object
+                    type: array
+                required:
+                - name
+                - passwordSecretRef
+                - roles
+                type: object
+              type: array
             version:
               description: Version defines which version of MongoDB will be used
               type: string
           required:
           - type
+          - users
           - version
           type: object
         status:

deploy/crds/mongodb.com_v1_mongodb_scram_cr.yaml

@@ -8,7 +8,6 @@ spec:
   version: "4.2.6"
   security:
     authentication:
-      enabled: true
       modes: ["SCRAM"]
   users:
     - name: my-user

pkg/apis/mongodb/v1/mongodb_types.go

@@ -26,6 +26,10 @@ const (
 	Running Phase = "Running"
 )
 
+const (
+	defaultPasswordKey = "password"
+)
+
 // MongoDBSpec defines the desired state of MongoDB
 type MongoDBSpec struct {
 	// Members is the number of members in the replica set
@@ -48,7 +52,7 @@ type MongoDBSpec struct {
 
 	// Users specifies the MongoDB users that should be configured in your deployment
 	// +required
-	Users []MongoDBUser `json:"-"` // `json:"users"`
+	Users []MongoDBUser `json:"users"`
 
 	// +optional
 	StatefulSetConfiguration StatefulSetConfiguration `json:"statefulSet,omitempty"`
@@ -112,6 +116,21 @@ type MongoDBUser struct {
 	Roles []Role `json:"roles"`
 }
 
+func (m MongoDBUser) GetPasswordSecretKey() string {
+	if m.PasswordSecretRef.Key == "" {
+		return defaultPasswordKey
+	}
+	return m.PasswordSecretRef.Key
+}
+
+func (m MongoDBUser) GetPasswordSecretName() string {
+	return m.PasswordSecretRef.Name
+}
+
+func (m MongoDBUser) GetUserName() string {
+	return m.Name
+}
+
 // SecretKeyReference is a reference to the secret containing the user's password
 type SecretKeyReference struct {
 	// Name is the name of the secret storing this user's password
@@ -132,7 +151,7 @@ type Role struct {
 
 type Security struct {
 	// +optional
-	Authentication Authentication `json:"-"` //`json:"authentication"`
+	Authentication Authentication `json:"authentication"`
 	// TLS configuration for both client-server and server-server communication
 	// +optional
 	TLS TLS `json:"tls"`
@@ -167,9 +186,6 @@ type LocalObjectReference struct {
 }
 
 type Authentication struct {
-	// Enabled specifies if authentication should be enabled
-	Enabled bool `json:"enabled"`
-
 	// Modes is an array specifying which authentication methods should be enabled
 	Modes []AuthMode `json:"modes"`
 }
@@ -230,7 +246,7 @@ func (m MongoDB) ServiceName() string {
 	return m.Name + "-svc"
 }
 
-func (m MongoDB) ConfigMapName() string {
+func (m MongoDB) AutomationConfigSecretName() string {
 	return m.Name + "-config"
 }
 
@@ -256,7 +272,7 @@ func (m MongoDB) NamespacedName() types.NamespacedName {
 }
 
 func (m *MongoDB) ScramCredentialsNamespacedName() types.NamespacedName {
-	return types.NamespacedName{Name: "agent-scram-credentials", Namespace: m.Namespace}
+	return types.NamespacedName{Name: fmt.Sprintf("%s-agent-scram-credentials", m.Name), Namespace: m.Namespace}
 }
 
 // GetFCV returns the feature compatibility version. If no FeatureCompatibilityVersion is specified.