CLOUDP-260438: Fix redacted integration comparisons

Makefile

@@ -105,6 +105,7 @@ GOMOD_LICENSES_SHA := $(shell cat $(LICENSES_GOMOD_SHA_FILE))
 OPERATOR_NAMESPACE=atlas-operator
 OPERATOR_POD_NAME=mongodb-atlas-operator
 RUN_YAML= # Set to the YAML to run when calling make run
+RUN_LOG_LEVEL ?= debug
 
 LOCAL_IMAGE=mongodb-atlas-kubernetes-operator:compiled
 CONTAINER_SPEC=.spec.template.spec.containers[0]
@@ -533,7 +534,7 @@ ifdef RUN_YAML
 endif
 	OPERATOR_POD_NAME=$(OPERATOR_POD_NAME) \
 	OPERATOR_NAMESPACE=$(OPERATOR_NAMESPACE) \
-	bin/manager --object-deletion-protection=false --log-level=debug \
+	bin/manager --object-deletion-protection=false --log-level=$(RUN_LOG_LEVEL) \
 	--atlas-domain=$(ATLAS_DOMAIN) \
 	--global-api-secret-name=$(ATLAS_KEY_SECRET_NAME)
 

internal/mocks/atlas/integrations.go

@@ -0,0 +1,35 @@
+package atlas
+
+import (
+	"context"
+
+	"go.mongodb.org/atlas/mongodbatlas"
+)
+
+type IntegrationsMock struct {
+	CreateFunc  func(ctx context.Context, projectID string, integrationType string, integration *mongodbatlas.ThirdPartyIntegration) (*mongodbatlas.ThirdPartyIntegrations, *mongodbatlas.Response, error)
+	ReplaceFunc func(ctx context.Context, projectID string, integrationType string, integration *mongodbatlas.ThirdPartyIntegration) (*mongodbatlas.ThirdPartyIntegrations, *mongodbatlas.Response, error)
+	DeleteFunc  func(ctx context.Context, projectID string, integrationType string) (*mongodbatlas.Response, error)
+	GetFunc     func(ctx context.Context, projectID string, integrationType string) (*mongodbatlas.ThirdPartyIntegration, *mongodbatlas.Response, error)
+	ListFunc    func(ctx context.Context, projectID string) (*mongodbatlas.ThirdPartyIntegrations, *mongodbatlas.Response, error)
+}
+
+func (im *IntegrationsMock) Create(ctx context.Context, projectID string, integrationType string, integration *mongodbatlas.ThirdPartyIntegration) (*mongodbatlas.ThirdPartyIntegrations, *mongodbatlas.Response, error) {
+	return im.CreateFunc(ctx, projectID, integrationType, integration)
+}
+
+func (im *IntegrationsMock) Replace(ctx context.Context, projectID string, integrationType string, integration *mongodbatlas.ThirdPartyIntegration) (*mongodbatlas.ThirdPartyIntegrations, *mongodbatlas.Response, error) {
+	return im.ReplaceFunc(ctx, projectID, integrationType, integration)
+}
+
+func (im *IntegrationsMock) Delete(ctx context.Context, projectID string, integrationType string) (*mongodbatlas.Response, error) {
+	return im.DeleteFunc(ctx, projectID, integrationType)
+}
+
+func (im *IntegrationsMock) Get(ctx context.Context, projectID string, integrationType string) (*mongodbatlas.ThirdPartyIntegration, *mongodbatlas.Response, error) {
+	return im.GetFunc(ctx, projectID, integrationType)
+}
+
+func (im *IntegrationsMock) List(ctx context.Context, projectID string) (*mongodbatlas.ThirdPartyIntegrations, *mongodbatlas.Response, error) {
+	return im.ListFunc(ctx, projectID)
+}

pkg/controller/atlasproject/integrations.go

@@ -4,7 +4,6 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
-	"reflect"
 
 	"go.mongodb.org/atlas/mongodbatlas"
 
@@ -82,11 +81,11 @@ func (r *AtlasProjectReconciler) updateIntegrationsAtlas(ctx *workflow.Context,
 			ctx.Log.Warnw("Update Integrations", "Can not convert kube integration", err)
 			return workflow.Terminate(workflow.ProjectIntegrationInternal, "Update Integrations: Can not convert kube integration")
 		}
-		t := mongodbatlas.ThirdPartyIntegration(atlasIntegration)
-		if &t != kubeIntegration {
+		specIntegration := (*aliasThirdPartyIntegration)(kubeIntegration)
+		if !areIntegrationsEqual(specIntegration, &atlasIntegration) {
 			ctx.Log.Debugf("Try to update integration: %s", kubeIntegration.Type)
 			if _, _, err := ctx.Client.Integrations.Replace(ctx.Context, projectID, kubeIntegration.Type, kubeIntegration); err != nil {
-				return workflow.Terminate(workflow.ProjectIntegrationRequest, "Can not convert integration")
+				return workflow.Terminate(workflow.ProjectIntegrationRequest, fmt.Sprintf("Can not apply integration: %v", err))
 			}
 		}
 	}
@@ -136,7 +135,7 @@ func (r *AtlasProjectReconciler) checkIntegrationsReady(ctx *workflow.Context, n
 		} else {
 			specAsAtlas, _ := spec.ToAtlas(ctx.Context, r.Client, namespace)
 			specAlias := aliasThirdPartyIntegration(*specAsAtlas)
-			areEqual = AreIntegrationsEqual(&atlas, &specAlias)
+			areEqual = integrationsApplied(&atlas, &specAlias)
 		}
 		ctx.Log.Debugw("checkIntegrationsReady", "atlas", atlas, "spec", spec, "areEqual", areEqual)
 
@@ -148,41 +147,21 @@ func (r *AtlasProjectReconciler) checkIntegrationsReady(ctx *workflow.Context, n
 	return true
 }
 
-func AreIntegrationsEqual(atlas, specAsAtlas *aliasThirdPartyIntegration) bool {
-	return reflect.DeepEqual(cleanCopyToCompare(atlas), cleanCopyToCompare(specAsAtlas))
-}
-
-func cleanCopyToCompare(input *aliasThirdPartyIntegration) *aliasThirdPartyIntegration {
-	if input == nil {
-		return input
-	}
-
-	result := *input
-	keepLastFourChars(&result.APIKey)
-	keepLastFourChars(&result.APIToken)
-	keepLastFourChars(&result.LicenseKey)
-	keepLastFourChars(&result.Password)
-	keepLastFourChars(&result.ReadToken)
-	keepLastFourChars(&result.RoutingKey)
-	keepLastFourChars(&result.Secret)
-	keepLastFourChars(&result.ServiceKey)
-	keepLastFourChars(&result.WriteToken)
-
-	return &result
+func integrationsApplied(_, _ *aliasThirdPartyIntegration) bool {
+	// As integration secrets are redacted from Alas, we cannot properly compare them,
+	// so as a simple fix here we assume changes were applied correctly as we would
+	// have otherwise errored out as are always needed
+	// TODO: remove and replace calls to this with areIntegrationsEqual when
+	//       that code is properly comparing fields
+	return true
 }
 
-func keepLastFourChars(strPtr *string) {
-	if strPtr == nil {
-		return
-	}
-
-	charCount := 4
-	str := *strPtr
-	if len(str) <= charCount {
-		return
-	}
-
-	*strPtr = str[len(str)-charCount:]
+func areIntegrationsEqual(_, _ *aliasThirdPartyIntegration) bool {
+	// As integration secrets are redacted from Alas, we cannot properly compare them,
+	// so as a simple fix we assume changes are always needed
+	// TODO: Compare using Atlas redacted fields with checksums if accepted OR
+	//       move to implicit state checks if Atlas cannot help with this.
+	return false
 }
 
 type aliasThirdPartyIntegration mongodbatlas.ThirdPartyIntegration