database: update plugin to adhere to Database v5 interface

[calvn]

Overview

Updates the MongoDB Atlas Database plugin to adhere to the v5 Database interface. Doc updates will be done directly on the SDK and Database v5 feature. The change should be relatively transparent for users.

Related Issues/Pull Requests

• vault#9641 and children PRs

Test Output

Acceptance test output using a real MongoDB Atlas account:

Test Output

=== RUN   TestIntegrationDatabaseUser_Initialize
--- PASS: TestIntegrationDatabaseUser_Initialize (0.00s)
=== RUN   TestAcceptanceDatabaseUser_CreateUser
--- PASS: TestAcceptanceDatabaseUser_CreateUser (1.06s)
=== RUN   TestAcceptanceDatabaseUser_CreateUserWithSpecialChar
--- PASS: TestAcceptanceDatabaseUser_CreateUserWithSpecialChar (0.75s)
=== RUN   TestAcceptanceDatabaseUser_DeleteUser
--- PASS: TestAcceptanceDatabaseUser_DeleteUser (0.66s)
=== RUN   TestAcceptanceDatabaseUser_UpdateUser_Password
--- PASS: TestAcceptanceDatabaseUser_UpdateUser_Password (1.16s)
PASS

Acceptance test output with user connection verification:

Test Output

=== RUN   TestIntegrationDatabaseUser_Initialize
--- PASS: TestIntegrationDatabaseUser_Initialize (0.00s)
=== RUN   TestAcceptanceDatabaseUser_CreateUser
    mongodbatlas_test.go:187: Asserting username: v-test-SWaadlrmUfSZN
--- PASS: TestAcceptanceDatabaseUser_CreateUser (21.30s)
=== RUN   TestAcceptanceDatabaseUser_CreateUserWithSpecialChar
    mongodbatlas_test.go:232: Asserting username: v-test-yOzs6ajy7t5pv
--- PASS: TestAcceptanceDatabaseUser_CreateUserWithSpecialChar (31.46s)
=== RUN   TestAcceptanceDatabaseUser_DeleteUser
    mongodbatlas_test.go:281: Asserting username: v-test-bmAyoVRmV2VHx
--- PASS: TestAcceptanceDatabaseUser_DeleteUser (31.66s)
=== RUN   TestAcceptanceDatabaseUser_UpdateUser_Password
    mongodbatlas_test.go:325: Asserting username: testmongouser
    mongodbatlas_test.go:338: Asserting username: testmongouser
--- PASS: TestAcceptanceDatabaseUser_UpdateUser_Password (123.04s)
PASS

Contributor Checklist

• Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
• Docs update on setting up and running acceptance tests
• Backwards compatible. Not backward compatible with Vault versions that dispenses a v4 database client (i.e. prior to Vault 1.6.0) if ran externally.

[pcman312]

Looks good overall with a couple of issues

[pcman312]

Since any statements beyond the first one are ignored, can you return an error if there are more than one?

[calvn]

It seems that we are currently ignoring the other statements if they are provided (same for the MongoDB implementation/update). Would this be a breaking behavior if this is changed?

[pcman312]

Technically it would since we'd be erroring if they provide more than one command rather than ignoring them, however I think this a bad user experience if we leave it as-is since we claim that we'll do something (additional commands) but don't actually.

[calvn]

Theron pointed me to the elasticsearch bit of code where we do this. I think it's a fair point, though we should probably do the same for the mongodb (non-Atlas) db engine.

[pcman312]

Agreed on the non-Atlas plugin

[tvoran]

I also don't think we need RotateRootCredentials() anymore:

vault-plugin-database-mongodbatlas/mongodbatlas.go

Lines 196 to 199 in 53fc0ec

	// RotateRootCredentials is not currently supported on MongoDB
	func (m *MongoDBAtlas) RotateRootCredentials(ctx context.Context, statements []string) (map[string]interface{}, error) {
	return nil, errors.New("root credential rotation is not currently implemented in this database secrets engine")
	}