Set mongo user credentials. Close db connections.

Author: Tyrion85

api/v1beta1/mongodb_types.go

@@ -20,6 +20,12 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+type MongoDBRootSecretLookup struct {
+	Name      string `json:"name"`
+	Namespace string `json:"namespace"`
+	Field     string `json:"field"`
+}
+
 type MongoDBCredentials []MongoDBCredential
 type MongoDBCredential struct {
 	UserName string `json:"username"`
@@ -29,16 +35,14 @@ type MongoDBCredential struct {
 // MongoDBSpec defines the desired state of MongoDB
 // IMPORTANT: Run "make" to regenerate code after modifying this file
 type MongoDBSpec struct {
-	// Database name
 	DatabaseName string `json:"databaseName"`
-	// Database Server host name and port
-	HostName string `json:"hostName"`
+	HostName     string `json:"hostName"`
 	// +optional
 	RootUsername string `json:"rootUsername"`
 	// +optional
-	RootAuthenticationDatabase string `json:"rootAuthDatabase"`
-	// Database credentials
-	Credentials MongoDBCredentials `json:"credentials"`
+	RootAuthenticationDatabase string                  `json:"rootAuthDatabase"`
+	RootSecretLookup           MongoDBRootSecretLookup `json:"rootSecretLookup"`
+	Credentials                MongoDBCredentials      `json:"credentials"`
 }
 
 // MongoDBStatus defines the observed state of MongoDB

api/v1beta1/postgresql_types.go

@@ -42,18 +42,14 @@ type PostgreSQLCredential struct {
 // PostgreSQLSpec defines the desired state of PostgreSQL
 // IMPORTANT: Run "make" to regenerate code after modifying this file
 type PostgreSQLSpec struct {
-	// Database name
 	DatabaseName string `json:"databaseName"`
-	// Database Server host name
-	Host string `json:"host"`
-	Port int64  `json:"port"`
+	HostName     string `json:"hostName"`
 	// +optional
 	RootUsername string `json:"rootUsername"`
 	// +optional
 	RootAuthenticationDatabase string                     `json:"rootAuthDatabase"`
 	RootSecretLookup           PostgreSQLRootSecretLookup `json:"rootSecretLookup"`
-	// Database credentials
-	Credentials PostgreSQLCredentials `json:"credentials"`
+	Credentials                PostgreSQLCredentials      `json:"credentials"`
 }
 
 // PostgreSQLStatus defines the observed state of PostgreSQL

api/v1beta1/zz_generated.deepcopy.go

@@ -0,0 +1,31 @@
+package mongodb
+
+type Cache struct {
+	cache map[string]*MongoDBServer
+}
+
+func NewCache() *Cache {
+	c := make(map[string]*MongoDBServer)
+	return &Cache{
+		cache: c,
+	}
+}
+
+func (c *Cache) Get(host string, rootUsername string, rootPassword string, rootAuthenticationDatabase string) (*MongoDBServer, error) {
+	if _, ok := c.cache[host]; !ok {
+		if server, err := NewMongoDBServer(host, rootUsername, rootPassword, rootAuthenticationDatabase); err != nil {
+			return nil, err
+		} else {
+			c.cache[host] = server
+		}
+	}
+	return c.cache[host], nil
+}
+
+func (c *Cache) Remove(host string) {
+	server := c.cache[host]
+	if server != nil {
+		_ = server.Close()
+	}
+	delete(c.cache, host)
+}

common/db/mongodb/cache.go

@@ -2,6 +2,7 @@ package mongodb
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"go.mongodb.org/mongo-driver/bson"
 	"go.mongodb.org/mongo-driver/bson/primitive"
@@ -17,19 +18,13 @@ type Role struct {
 	DB   string `json:"db" bson:"db"`
 }
 
-type Users struct {
-	Users []User `json:"users" bson:"users"`
-}
+type Users []User
 type User struct {
 	User  string `json:"user" bson:"user"`
 	DB    string `json:"db" bson:"db"`
 	Roles Roles  `json:"roles" bson:"roles"`
 }
 
-type UserHolder struct {
-	User Users `json:"user" bson:"user"`
-}
-
 type MongoDBServer struct {
 	client                 *mongo.Client
 	uri                    string
@@ -61,47 +56,80 @@ func NewMongoDBServer(uri string, rootUser string, rootPassword string, authenti
 	}, nil
 }
 
-func (m *MongoDBServer) SetupUser(database string, username string, password string) (string, error) {
+func (m *MongoDBServer) Close() error {
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+	return m.client.Disconnect(ctx)
+}
+
+func (m *MongoDBServer) SetupUser(database string, username string, password string) error {
 	doesUserExist, err := m.doesUserExist(database, username)
 	if err != nil {
-		return "", err
+		return err
 	}
 	if !doesUserExist {
-		return m.createUser(database, username, password)
+		if err := m.createUser(database, username, password); err != nil {
+			return err
+		}
+		if doesUserExistNow, err := m.doesUserExist(database, username); err != nil {
+			return err
+		} else if !doesUserExistNow {
+			return errors.New("user doesn't exist after create")
+		}
+	} else {
+		if err := m.updateUserPasswordAndRoles(database, username, password); err != nil {
+			return err
+		}
 	}
-	return "user already exists", nil
+	return nil
 }
 
 func (m *MongoDBServer) doesUserExist(database string, username string) (bool, error) {
-	command := &bson.D{primitive.E{Key: "usersInfo", Value: username}}
-	r := m.runCommand(database, command)
-	if err := r.Err(); err != nil {
+	users, err := m.getAllUsers(database, username)
+	if err != nil {
 		return false, err
 	}
-	var user Users
-	if err := r.Decode(&user); err != nil {
-		return false, err
+	return users != nil && len(users) > 0, nil
+}
+
+func (m *MongoDBServer) getAllUsers(database string, username string) (Users, error) {
+	users := make(Users, 0)
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+	collection := m.client.Database(m.authenticationDatabase).Collection("system.users")
+	cursor, err := collection.Find(ctx, bson.D{primitive.E{Key: "user", Value: username}, primitive.E{Key: "db", Value: database}})
+	if err != nil {
+		return users, err
+	}
+	defer cursor.Close(ctx)
+	for cursor.Next(ctx) {
+		var user User
+		if err := cursor.Decode(&user); err != nil {
+			return users, err
+		}
+		users = append(users, user)
 	}
-	if user.Users == nil || len(user.Users) == 0 {
-		return false, nil
+	return users, nil
+}
+
+func (m *MongoDBServer) createUser(database string, username string, password string) error {
+	command := &bson.D{primitive.E{Key: "createUser", Value: username}, primitive.E{Key: "pwd", Value: password},
+		primitive.E{Key: "roles", Value: []bson.M{{"role": "readWrite", "db": database}}}}
+	r := m.runCommand(database, command)
+	if _, err := r.DecodeBytes(); err != nil {
+		return err
 	}
-	return true, nil
-	//if br, err := r.DecodeBytes(); err != nil {
-	//	return "", err
-	//} else {
-	//	return br.String(), nil
-	//}
+	return nil
 }
 
-func (m *MongoDBServer) createUser(database string, username string, password string) (string, error) {
-	//command := &bson.D{{"createUser", username}, {"pwd", password}, {"roles", []bson.M{{"role": "readWrite", "db": database}}}}
-	//r := m.runCommand(m.authenticationDatabase, command)
-	//if br, err := r.DecodeBytes(); err != nil {
-	//	return "", err
-	//} else {
-	//	return br.String(), nil
-	//}
-	return "", nil
+func (m *MongoDBServer) updateUserPasswordAndRoles(database string, username string, password string) error {
+	command := &bson.D{primitive.E{Key: "updateUser", Value: username}, primitive.E{Key: "pwd", Value: password},
+		primitive.E{Key: "roles", Value: []bson.M{{"role": "readWrite", "db": database}}}}
+	r := m.runCommand(database, command)
+	if _, err := r.DecodeBytes(); err != nil {
+		return err
+	}
+	return nil
 }
 
 func (m *MongoDBServer) runCommand(database string, command *bson.D) *mongo.SingleResult {

common/db/mongodb/repository.go

@@ -23,5 +23,9 @@ func (c *Cache) Get(host string, rootUsername string, rootPassword string, rootA
 }
 
 func (c *Cache) Remove(host string) {
+	server := c.cache[host]
+	if server != nil {
+		server.Close()
+	}
 	delete(c.cache, host)
 }

common/db/postgresql/cache.go

@@ -35,6 +35,10 @@ func NewPostgreSQLServer(host string, rootUser string, rootPassword string, root
 	}, nil
 }
 
+func (s *PostgreSQLServer) Close() {
+	s.dbpool.Close()
+}
+
 // TODO Prepared Statements
 func (s *PostgreSQLServer) CreateDatabaseIfNotExists(database string) error {
 	if databaseExists, err := s.doesDatabaseExist(database); err != nil {

common/db/postgresql/repository.go

@@ -38,7 +38,6 @@ spec:
             Run "make" to regenerate code after modifying this file'
           properties:
             credentials:
-              description: Database credentials
               items:
                 properties:
                   username:
@@ -68,19 +67,31 @@ spec:
                 type: object
               type: array
             databaseName:
-              description: Database name
               type: string
             hostName:
-              description: Database Server host name and port
               type: string
             rootAuthDatabase:
               type: string
+            rootSecretLookup:
+              properties:
+                field:
+                  type: string
+                name:
+                  type: string
+                namespace:
+                  type: string
+              required:
+              - field
+              - name
+              - namespace
+              type: object
             rootUsername:
               type: string
           required:
           - credentials
           - databaseName
           - hostName
+          - rootSecretLookup
           type: object
         status:
           description: 'MongoDBStatus defines the observed state of MongoDB IMPORTANT:

config/crd/bases/infra.doodle.com_mongodbs.yaml

@@ -38,7 +38,6 @@ spec:
             Run "make" to regenerate code after modifying this file'
           properties:
             credentials:
-              description: Database credentials
               items:
                 properties:
                   username:
@@ -68,14 +67,9 @@ spec:
                 type: object
               type: array
             databaseName:
-              description: Database name
               type: string
-            host:
-              description: Database Server host name
+            hostName:
               type: string
-            port:
-              format: int64
-              type: integer
             rootAuthDatabase:
               type: string
             rootSecretLookup:
@@ -96,8 +90,7 @@ spec:
           required:
           - credentials
           - databaseName
-          - host
-          - port
+          - hostName
           - rootSecretLookup
           type: object
         status:

config/crd/bases/infra.doodle.com_postgresqls.yaml

@@ -13,7 +13,21 @@ spec:
     namespace: devops
     field: mongodb-root-password
   credentials:
-  - username: admin
+  - username: doodle
+    vault:
+      useAvailable: true
+      host: vault.devops
+      path: secret/doodle/devbox/monolith
+      userField: USERNAME
+      secretField: PASSWORD
+  - username: keycloak
+    vault:
+      useAvailable: true
+      host: vault.devops
+      path: secret/doodle/devbox/monolith
+      userField: USERNAME
+      secretField: PASSWORD
+  - username: monolith-doodle
     vault:
       useAvailable: true
       host: vault.devops