-
Notifications
You must be signed in to change notification settings - Fork 69
/
connectionsecrets.go
104 lines (82 loc) · 3.06 KB
/
connectionsecrets.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
package atlasdatafederation
import (
"context"
"fmt"
"strings"
v1 "k8s.io/api/core/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
mdbv1 "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1"
"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/status"
"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/connectionsecret"
"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/workflow"
"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util/stringutil"
)
func (r *AtlasDataFederationReconciler) ensureConnectionSecrets(ctx *workflow.Context, project *mdbv1.AtlasProject, df *mdbv1.AtlasDataFederation) workflow.Result {
databaseUsers := mdbv1.AtlasDatabaseUserList{}
err := r.Client.List(context.TODO(), &databaseUsers, &client.ListOptions{})
if err != nil {
return workflow.Terminate(workflow.Internal, err.Error())
}
atlasDF, _, err := ctx.Client.DataFederation.Get(context.Background(), project.ID(), df.Spec.Name)
if err != nil {
return workflow.Terminate(workflow.Internal, err.Error())
}
connectionHosts := atlasDF.Hostnames
secrets := make([]string, 0)
for i := range databaseUsers.Items {
dbUser := databaseUsers.Items[i]
if !dbUserBelongsToProject(&dbUser, project) {
continue
}
found := false
for _, c := range dbUser.Status.Conditions {
if c.Type == status.ReadyType && c.Status == v1.ConditionTrue {
found = true
break
}
}
if !found {
ctx.Log.Debugw("AtlasDatabaseUser not ready - not creating connection secret", "user.name", dbUser.Name)
continue
}
scopes := dbUser.GetScopes(mdbv1.DeploymentScopeType)
if len(scopes) != 0 && !stringutil.Contains(scopes, df.Spec.Name) {
continue
}
password, err := dbUser.ReadPassword(r.Client)
if err != nil {
return workflow.Terminate(workflow.DeploymentConnectionSecretsNotCreated, err.Error())
}
var connURLs []string
for _, host := range connectionHosts {
connURLs = append(connURLs, fmt.Sprintf("mongodb://%s:%s@%s?ssl=true", dbUser.Spec.Username, password, host))
}
data := connectionsecret.ConnectionData{
DBUserName: dbUser.Spec.Username,
Password: password,
ConnURL: strings.Join(connURLs, ","),
}
ctx.Log.Debugw("Creating a connection Secret", "data", data)
secretName, err := connectionsecret.Ensure(r.Client, dbUser.Namespace, project.Spec.Name, project.ID(), df.Spec.Name, data)
if err != nil {
return workflow.Terminate(workflow.DeploymentConnectionSecretsNotCreated, err.Error())
}
secrets = append(secrets, secretName)
}
if len(secrets) > 0 {
r.EventRecorder.Eventf(df, "Normal", "ConnectionSecretsEnsured", "Connection Secrets were created/updated: %s", strings.Join(secrets, ", "))
}
return workflow.OK()
}
func dbUserBelongsToProject(dbUser *mdbv1.AtlasDatabaseUser, project *mdbv1.AtlasProject) bool {
if dbUser.Spec.Project.Name != project.Name {
return false
}
if dbUser.Spec.Project.Namespace == "" && dbUser.Namespace != project.Namespace {
return false
}
if dbUser.Spec.Project.Namespace != "" && dbUser.Spec.Project.Namespace != project.Namespace {
return false
}
return true
}