enhancements

Author: raffis

Makefile

@@ -1,8 +1,9 @@
 
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
-# Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true"
+
+# Produce CRDs that work back to Kubernetes 1.16
+CRD_OPTIONS ?= crd:crdVersions=v1 
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -71,7 +72,7 @@ ifeq (, $(shell which controller-gen))
 	CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\
 	cd $$CONTROLLER_GEN_TMP_DIR ;\
 	go mod init tmp ;\
-	go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\
+  go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.3.0 ;\
 	rm -rf $$CONTROLLER_GEN_TMP_DIR ;\
 	}
 CONTROLLER_GEN=$(GOBIN)/controller-gen

api/v1beta1/database_types.go

@@ -7,7 +7,8 @@ import (
 
 // Status conditions
 const (
-	ProvisionedCondition = "Provisioned"
+	DatabaseReadyConditionType = "DatabaseReady"
+	UserReadyConditionType     = "UserReady"
 )
 
 // Status reasons
@@ -24,30 +25,38 @@ const (
 
 // DatabaseSpec defines the desired state of MongoDBDatabase
 type DatabaseSpec struct {
-	// The name of the database, if not set the name is taken from metadata.name
+	// DatabaseName is by default the same as metata.name
 	// +optional
 	DatabaseName string `json:"databaseName"`
 
-	// The MongoDB URI
+	// The connect URI
 	// +required
 	Address string `json:"address"`
 
+	// Contains a credentials set of a user with enough permission to manage databases and user accounts
 	// +required
 	RootSecret *SecretReference `json:"rootSecret"`
 }
 
+// DatabaseReference is a named reference to a database kind
 type DatabaseReference struct {
+	// Name referrs to the name of the database kind, mist be located within the same namespace
+	// +required
 	Name string `json:"name"`
 }
 
+// SecretReference is a named reference to a secret which contains user credentials
 type SecretReference struct {
+	// Name referrs to the name of the secret, must be located whithin the same namespace
 	// +required
 	Name string `json:"name"`
 
 	// +optional
+	// +kubebuilder:default:=username
 	UserField string `json:"userField"`
 
-	// +required
+	// +optional
+	// +kubebuilder:default:=password
 	PasswordField string `json:"passwordField"`
 }
 
@@ -56,12 +65,20 @@ type conditionalResource interface {
 	GetStatusConditions() *[]metav1.Condition
 }
 
-func NotProvisioned(in conditionalResource, reason, message string) {
-	setResourceCondition(in, ProvisionedCondition, metav1.ConditionFalse, reason, message)
+func DatabaseNotReadyCondition(in conditionalResource, reason, message string) {
+	setResourceCondition(in, DatabaseReadyConditionType, metav1.ConditionFalse, reason, message)
+}
+
+func DatabaseReadyCondition(in conditionalResource, reason, message string) {
+	setResourceCondition(in, DatabaseReadyConditionType, metav1.ConditionTrue, reason, message)
+}
+
+func UserNotReadyCondition(in conditionalResource, reason, message string) {
+	setResourceCondition(in, UserReadyConditionType, metav1.ConditionFalse, reason, message)
 }
 
-func Provisioned(in conditionalResource, reason, message string) {
-	setResourceCondition(in, ProvisionedCondition, metav1.ConditionTrue, reason, message)
+func UserReadyCondition(in conditionalResource, reason, message string) {
+	setResourceCondition(in, UserReadyConditionType, metav1.ConditionTrue, reason, message)
 }
 
 // setResourceCondition sets the given condition with the given status,

api/v1beta1/mongodbdatabase_types.go

@@ -50,8 +50,14 @@ type MongoDBDatabaseStatus struct {
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 }
 
+// +genclient
+// +genclient:Namespaced
 // +kubebuilder:object:root=true
+// +kubebuilder:resource:shortName=mdb
 // +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Provisioned\")].status",description=""
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Provisioned\")].message",description=""
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
 
 // MongoDBDatabase is the Schema for the mongodbs API
 type MongoDBDatabase struct {

api/v1beta1/mongodbuser_type.go

@@ -22,8 +22,24 @@ import (
 )
 
 type MongoDBUserSpec struct {
-	Database    *DatabaseReference `json:"database"`
-	Credentials *SecretReference   `json:"credentials"`
+	// +required
+	Database *DatabaseReference `json:"database"`
+
+	// +required
+	Credentials *SecretReference `json:"credentials"`
+
+	// +required
+	Roles []*MongoDBRole `json:"roles"`
+
+	// +optional
+	CustomData map[string]string `json:"customData"`
+}
+
+// MongoDBRole see https://docs.mongodb.com/manual/reference/method/db.createUser/#create-user-with-roles
+type MongoDBRole struct {
+	// +optional
+	// +kubebuilder:default:=readWrite
+	Role string `json:"role"`
 }
 
 // GetStatusConditions returns a pointer to the Status.Conditions slice
@@ -39,8 +55,14 @@ type MongoDBUserStatus struct {
 	Conditions []metav1.Condition `json:"conditions,omitempty"`
 }
 
+// +genclient
+// +genclient:Namespaced
 // +kubebuilder:object:root=true
+// +kubebuilder:resource:shortName=mdu
 // +kubebuilder:subresource:status
+// +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.conditions[?(@.type==\"Provisioned\")].status",description=""
+// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[?(@.type==\"Provisioned\")].message",description=""
+// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description=""
 
 // MongoDBUser is the Schema for the mongodbs API
 type MongoDBUser struct {

api/v1beta1/zz_generated.deepcopy.go

@@ -0,0 +1,13 @@
+package db
+
+import (
+	"context"
+)
+
+type Invoke (func(ctx context.Context, uri, username, password string) (Interface, error))
+
+type Interface interface {
+	Close() error
+	SetupUser(database string, username string, password string) error
+	CreateDatabaseIfNotExists(database string) error
+}

common/db/interface.go

@@ -0,0 +1,153 @@
+package mongodb
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/bson/primitive"
+	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/mongo/readpref"
+)
+
+type Roles []Role
+type Role struct {
+	Role string `json:"role" bson:"role"`
+	DB   string `json:"db" bson:"db"`
+}
+
+type Users []User
+type User struct {
+	User  string `json:"user" bson:"user"`
+	DB    string `json:"db" bson:"db"`
+	Roles Roles  `json:"roles" bson:"roles"`
+}
+
+type MongoDBServer struct {
+	client                 *mongo.Client
+	uri                    string
+	authenticationDatabase string
+}
+
+func NewMongoDBServer(ctx context.Context, uri, username, password string) (*MongoDBServer, error) {
+	o := options.Client().ApplyURI(uri)
+	o.SetAuth(options.Credential{
+		Username: username,
+		Password: password,
+	})
+
+	client, err := mongo.Connect(ctx, o)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := client.Ping(ctx, readpref.Primary()); err != nil {
+		return nil, err
+	}
+
+	return &MongoDBServer{
+		client:                 client,
+		uri:                    uri,
+		authenticationDatabase: "admin",
+	}, nil
+}
+
+func (m *MongoDBServer) Close() error {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	return m.client.Disconnect(ctx)
+}
+
+func (m *MongoDBServer) SetupUser(database string, username string, password string) error {
+	doesUserExist, err := m.doesUserExist(database, username)
+	if err != nil {
+		return err
+	}
+
+	if !doesUserExist {
+		if err := m.createUser(database, username, password); err != nil {
+			return err
+		}
+		if doesUserExistNow, err := m.doesUserExist(database, username); err != nil {
+			return err
+		} else if !doesUserExistNow {
+			return errors.New("user doesn't exist after create")
+		}
+	} else {
+		if err := m.updateUserPasswordAndRoles(database, username, password); err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *MongoDBServer) doesUserExist(database string, username string) (bool, error) {
+	users, err := m.getAllUsers(database, username)
+	if err != nil {
+		return false, err
+	}
+
+	return users != nil && len(users) > 0, nil
+}
+
+func (m *MongoDBServer) getAllUsers(database string, username string) (Users, error) {
+	users := make(Users, 0)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+
+	collection := m.client.Database(m.authenticationDatabase).Collection("system.users")
+	cursor, err := collection.Find(ctx, bson.D{primitive.E{Key: "user", Value: username}, primitive.E{Key: "db", Value: database}})
+	if err != nil {
+		return users, err
+	}
+
+	defer cursor.Close(ctx)
+
+	for cursor.Next(ctx) {
+		var user User
+		if err := cursor.Decode(&user); err != nil {
+			return users, err
+		}
+		users = append(users, user)
+	}
+
+	return users, nil
+}
+
+func (m *MongoDBServer) createUser(database string, username string, password string) error {
+	command := &bson.D{primitive.E{Key: "createUser", Value: username}, primitive.E{Key: "pwd", Value: password},
+		primitive.E{Key: "roles", Value: []bson.M{{"role": "readWrite", "db": database}}}}
+	r := m.runCommand(database, command)
+	if _, err := r.DecodeBytes(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *MongoDBServer) updateUserPasswordAndRoles(database string, username string, password string) error {
+	command := &bson.D{primitive.E{Key: "updateUser", Value: username}, primitive.E{Key: "pwd", Value: password},
+		primitive.E{Key: "roles", Value: []bson.M{{"role": "readWrite", "db": database}}}}
+	r := m.runCommand(database, command)
+	if _, err := r.DecodeBytes(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *MongoDBServer) DropUser(database string, username string) error {
+	command := &bson.D{primitive.E{Key: "dropUser", Value: username}}
+	r := m.runCommand(database, command)
+	if _, err := r.DecodeBytes(); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *MongoDBServer) runCommand(database string, command *bson.D) *mongo.SingleResult {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	return m.client.Database(database).RunCommand(ctx, *command)
+}