Fix merging volume claim templates (#150)

Author: chatton

deploy/crds/arbitrary_statefulset_configuration/mongodb.com_v1_custom_volume_cr.yaml

@@ -6,6 +6,19 @@ spec:
   members: 3
   type: ReplicaSet
   version: "4.2.6"
+  security:
+    authentication:
+      modes: ["SCRAM"]
+  users:
+    - name: my-user
+      db: admin
+      passwordSecretRef:
+        name: my-user-password
+      roles:
+        - name: clusterAdmin
+          db: admin
+        - name: userAdminAnyDatabase
+          db: admin
   statefulSet:
     spec:
       template:

deploy/crds/mongodb.com_v1_mongodb_cr.yaml

@@ -6,3 +6,16 @@ spec:
   members: 3
   type: ReplicaSet
   version: "4.2.6"
+  security:
+    authentication:
+      modes: ["SCRAM"]
+  users:
+    - name: my-user
+      db: admin
+      passwordSecretRef:
+        name: my-user-password
+      roles:
+        - name: clusterAdmin
+          db: admin
+        - name: userAdminAnyDatabase
+          db: admin

deploy/crds/mongodb.com_v1_mongodb_openshift_cr.yaml

@@ -6,6 +6,19 @@ spec:
   members: 3
   type: ReplicaSet
   version: "4.2.6"
+  security:
+    authentication:
+      modes: ["SCRAM"]
+  users:
+    - name: my-user
+      db: admin
+      passwordSecretRef:
+        name: my-user-password
+      roles:
+        - name: clusterAdmin
+          db: admin
+        - name: userAdminAnyDatabase
+          db: admin
   statefulSet:
     spec:
       template:

deploy/crds/mongodb.com_v1_mongodb_tls_cr.yaml

@@ -7,9 +7,21 @@ spec:
   type: ReplicaSet
   version: "4.2.7"
   security:
+    authentication:
+      modes: ["SCRAM"]
     tls:
       enabled: true
       certificateKeySecretRef:
         name: tls-secret-name
       caConfigMapRef:
         name: tls-ca-configmap-name
+  users:
+    - name: my-user
+      db: admin
+      passwordSecretRef:
+        name: my-user-password
+      roles:
+        - name: clusterAdmin
+          db: admin
+        - name: userAdminAnyDatabase
+          db: admin

pkg/controller/mongodb/replica_set_controller.go

@@ -183,9 +183,11 @@ func (r *ReplicaSetReconciler) Reconcile(request reconcile.Request) (reconcile.R
 
 	isTLSValid, err := r.validateTLSConfig(mdb)
 	if err != nil {
+		r.log.Warnf("Error validating TLS config: %s", err)
 		return reconcile.Result{}, err
 	}
 	if !isTLSValid {
+		r.log.Infof("TLS config is not yet valid, retrying in 10 seconds")
 		return reconcile.Result{RequeueAfter: 10 * time.Second}, nil
 	}
 
@@ -197,7 +199,9 @@ func (r *ReplicaSetReconciler) Reconcile(request reconcile.Request) (reconcile.R
 
 	currentSts := appsv1.StatefulSet{}
 	if err := r.client.Get(context.TODO(), mdb.NamespacedName(), &currentSts); err != nil {
-		r.log.Warnf("Error getting StatefulSet: %s", err)
+		if !apiErrors.IsNotFound(err) {
+			r.log.Warnf("Error getting StatefulSet: %s", err)
+		}
 		return reconcile.Result{}, err
 	}
 
@@ -401,11 +405,11 @@ func dummyToolsVersionConfig() automationconfig.ToolsVersion {
 }
 
 func readVersionManifestFromDisk() (automationconfig.VersionManifest, error) {
-	bytes, err := ioutil.ReadFile(versionManifestFilePath)
+	versionManifestBytes, err := ioutil.ReadFile(versionManifestFilePath)
 	if err != nil {
 		return automationconfig.VersionManifest{}, err
 	}
-	return versionManifestFromBytes(bytes)
+	return versionManifestFromBytes(versionManifestBytes)
 }
 
 func versionManifestFromBytes(bytes []byte) (automationconfig.VersionManifest, error) {

pkg/controller/mongodb/replicaset_controller_test.go

@@ -2,11 +2,17 @@ package mongodb
 
 import (
 	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
 	"os"
 	"reflect"
 	"testing"
 	"time"
 
+	"k8s.io/apimachinery/pkg/runtime"
+	"sigs.k8s.io/yaml"
+
 	"github.com/pkg/errors"
 
 	"github.com/stretchr/objx"
@@ -414,6 +420,76 @@ func AssertReplicaSetIsConfiguredWithScram(t *testing.T, mdb mdbv1.MongoDB) {
 	})
 }
 
+func TestOpenshift_Configuration(t *testing.T) {
+	sts := performReconciliationAndGetStatefulSet(t, "openshift_mdb.yaml")
+	assert.Equal(t, "MANAGED_SECURITY_CONTEXT", sts.Spec.Template.Spec.Containers[0].Env[1].Name)
+	assert.Equal(t, "MANAGED_SECURITY_CONTEXT", sts.Spec.Template.Spec.Containers[1].Env[1].Name)
+}
+
+func TestVolumeClaimTemplates_Configuration(t *testing.T) {
+	sts := performReconciliationAndGetStatefulSet(t, "volume_claim_templates_mdb.yaml")
+
+	assert.Len(t, sts.Spec.VolumeClaimTemplates, 2)
+
+	pvcSpec := sts.Spec.VolumeClaimTemplates[1].Spec
+
+	storage := pvcSpec.Resources.Requests[corev1.ResourceStorage]
+	storageRef := &storage
+
+	assert.Equal(t, "1Gi", storageRef.String())
+	assert.Len(t, pvcSpec.AccessModes, 1)
+	assert.Contains(t, pvcSpec.AccessModes, corev1.ReadWriteOnce)
+}
+
+func TestChangeDataVolume_Configuration(t *testing.T) {
+	sts := performReconciliationAndGetStatefulSet(t, "change_data_volume.yaml")
+	assert.Len(t, sts.Spec.VolumeClaimTemplates, 1)
+
+	dataVolume := sts.Spec.VolumeClaimTemplates[0]
+
+	storage := dataVolume.Spec.Resources.Requests[corev1.ResourceStorage]
+	storageRef := &storage
+
+	assert.Equal(t, "data-volume", dataVolume.Name)
+	assert.Equal(t, "50Gi", storageRef.String())
+}
+
+func performReconciliationAndGetStatefulSet(t *testing.T, filePath string) appsv1.StatefulSet {
+	mdb, err := loadTestFixture(filePath)
+	assert.NoError(t, err)
+	mgr := client.NewManager(&mdb)
+	assert.NoError(t, generatePasswordsForAllUsers(mdb, mgr.Client))
+	r := newReconciler(mgr, mockManifestProvider(mdb.Spec.Version))
+	res, err := r.Reconcile(reconcile.Request{NamespacedName: mdb.NamespacedName()})
+	assertReconciliationSuccessful(t, res, err)
+
+	sts, err := mgr.Client.GetStatefulSet(mdb.NamespacedName())
+	assert.NoError(t, err)
+	return sts
+}
+
+func generatePasswordsForAllUsers(mdb mdbv1.MongoDB, c client.Client) error {
+	for _, user := range mdb.Spec.Users {
+
+		key := "password"
+		if user.PasswordSecretRef.Key != "" {
+			key = user.PasswordSecretRef.Key
+		}
+
+		passwordSecret := secret.Builder().
+			SetName(user.PasswordSecretRef.Name).
+			SetNamespace(mdb.Namespace).
+			SetField(key, "GAGTQK2ccRRaxJFudI5y").
+			Build()
+
+		if err := c.CreateSecret(passwordSecret); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
 func assertReconciliationSuccessful(t *testing.T, result reconcile.Result, err error) {
 	assert.NoError(t, err)
 	assert.Equal(t, false, result.Requeue)
@@ -431,3 +507,29 @@ func makeStatefulSetReady(t *testing.T, c k8sClient.Client, mdb mdbv1.MongoDB) {
 	err = c.Update(context.TODO(), &sts)
 	assert.NoError(t, err)
 }
+
+// loadTestFixture will create a MongoDB resource from a given fixture
+func loadTestFixture(yamlFileName string) (mdbv1.MongoDB, error) {
+	testPath := fmt.Sprintf("testdata/%s", yamlFileName)
+	mdb := mdbv1.MongoDB{}
+	data, err := ioutil.ReadFile(testPath)
+	if err != nil {
+		return mdb, errors.Errorf("error reading file: %s", err)
+	}
+
+	if err := marshalRuntimeObjectFromYAMLBytes(data, &mdb); err != nil {
+		return mdb, errors.Errorf("error converting yaml bytes to service account: %s", err)
+	}
+
+	return mdb, nil
+}
+
+// marshalRuntimeObjectFromYAMLBytes accepts the bytes of a yaml resource
+// and unmarshals them into the provided runtime Object
+func marshalRuntimeObjectFromYAMLBytes(bytes []byte, obj runtime.Object) error {
+	jsonBytes, err := yaml.YAMLToJSON(bytes)
+	if err != nil {
+		return err
+	}
+	return json.Unmarshal(jsonBytes, &obj)
+}

pkg/controller/mongodb/testdata/change_data_volume.yaml

@@ -0,0 +1,32 @@
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: change-data-volume-mdb
+spec:
+  members: 3
+  type: ReplicaSet
+  version: "4.2.6"
+  persistent: true
+  security:
+    authentication:
+      modes: ["SCRAM"]
+  users:
+    - name: my-user
+      db: admin
+      passwordSecretRef:
+        name: my-user-password
+      roles:
+        - name: clusterAdmin
+          db: admin
+        - name: userAdminAnyDatabase
+          db: admin
+  statefulSet:
+    spec:
+      volumeClaimTemplates:
+        - metadata:
+            name: data-volume
+          spec:
+            accessModes: [ "ReadWriteOnce", "ReadWriteMany" ]
+            resources:
+              requests:
+                storage: 50Gi

pkg/controller/mongodb/testdata/openshift_mdb.yaml

@@ -0,0 +1,34 @@
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: example-openshift-mongodb
+spec:
+  members: 3
+  type: ReplicaSet
+  version: "4.2.6"
+  security:
+    authentication:
+      modes: ["SCRAM"]
+  users:
+    - name: my-user
+      db: admin
+      passwordSecretRef:
+        name: my-user-password
+      roles:
+        - name: clusterAdmin
+          db: admin
+        - name: userAdminAnyDatabase
+          db: admin
+  statefulSet:
+    spec:
+      template:
+        spec:
+          containers:
+            - name: "mongodb-agent"
+              env:
+                - name: MANAGED_SECURITY_CONTEXT
+                  value: "true"
+            - name: "mongod"
+              env:
+                - name: MANAGED_SECURITY_CONTEXT
+                  value: "true"

pkg/controller/mongodb/testdata/volume_claim_templates_mdb.yaml

@@ -0,0 +1,19 @@
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: volume-claim-templates-mdb
+spec:
+  members: 3
+  type: ReplicaSet
+  version: "4.2.6"
+  persistent: true
+  statefulSet:
+    spec:
+      volumeClaimTemplates:
+        - metadata:
+            name: volume-claim-templates
+          spec:
+            accessModes: [ "ReadWriteOnce" ]
+            resources:
+              requests:
+                storage: 1Gi

pkg/kube/client/mocked_client.go

@@ -40,8 +40,16 @@ func (m *mockedClient) ensureMapFor(obj runtime.Object) map[k8sClient.ObjectKey]
 func (m *mockedClient) Get(_ context.Context, key k8sClient.ObjectKey, obj runtime.Object) error {
 	relevantMap := m.ensureMapFor(obj)
 	if val, ok := relevantMap[key]; ok {
-		v := reflect.ValueOf(obj).Elem()
-		v.Set(reflect.ValueOf(val).Elem())
+		if currSts, ok := val.(*appsv1.StatefulSet); ok {
+			// TODO: this currently doesn't work with additional mongodb config
+			// just doing it for StatefulSets for now
+			objCopy := currSts.DeepCopyObject()
+			v := reflect.ValueOf(obj).Elem()
+			v.Set(reflect.ValueOf(objCopy).Elem())
+		} else {
+			v := reflect.ValueOf(obj).Elem()
+			v.Set(reflect.ValueOf(val).Elem())
+		}
 		return nil
 	}
 	return notFoundError()