Add private endpoint for AWS (#355)

* Add PE Service Creator

* Add endpoint clean up

* Fix status update

* Use statuses to track PEs state

* Fix project deletion

* Fix status conversion for AZURE

* Refactor the code changes

* Enable private link tests

* Apply a fix from Svetlana

* fixup! Refactor the code changes

Author: fabritsius

.github/workflows/test.yml

@@ -145,7 +145,7 @@ jobs:
             "helm-wide",
             "helm-update",
             "multinamespaced",
-            # "privatelink-aws",
+            "privatelink-aws",
           ]
         include:
           - k8s: "latest-openshift"

pkg/api/v1/project/privateendpoint.go

@@ -27,3 +27,8 @@ func (i PrivateEndpoint) ToAtlas() (*mongodbatlas.PrivateEndpoint, error) {
 	err := compat.JSONCopy(result, i)
 	return result, err
 }
+
+// Identifier is required to satisfy "Identifiable" iterface
+func (i PrivateEndpoint) Identifier() interface{} {
+	return string(i.Provider) + i.Region
+}

pkg/api/v1/status/atlascluster.go

@@ -82,6 +82,10 @@ type Endpoint struct {
 
 	// Region to which you deployed the private endpoint.
 	Region string `json:"region,omitempty"`
+
+	// Private IP address of the private endpoint network interface you created in your Azure VNet.
+	// +optional
+	IP string `json:"ip,omitempty"`
 }
 
 // +k8s:deepcopy-gen=false

pkg/api/v1/status/atlasproject.go

@@ -1,6 +1,8 @@
 package status
 
-import "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/project"
+import (
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/project"
+)
 
 // +k8s:deepcopy-gen=false
 
@@ -19,6 +21,43 @@ func AtlasProjectExpiredIPAccessOption(lists []project.IPAccessList) AtlasProjec
 	}
 }
 
+func AtlasProjectAddPrivateEnpointsOption(privateEndpoints []ProjectPrivateEndpoint) AtlasProjectStatusOption {
+	return func(s *AtlasProjectStatus) {
+		s.PrivateEndpoints = append(s.PrivateEndpoints, privateEndpoints...)
+	}
+}
+
+func AtlasProjectUpdatePrivateEnpointsOption(privateEndpoints []ProjectPrivateEndpoint) AtlasProjectStatusOption {
+	return func(s *AtlasProjectStatus) {
+		result := []ProjectPrivateEndpoint{}
+
+		for _, currentPE := range privateEndpoints {
+			var matchedPE *ProjectPrivateEndpoint
+			for peIdx, statusPE := range s.PrivateEndpoints {
+				if currentPE.ID == statusPE.ID {
+					if currentPE.ServiceName != "" {
+						s.PrivateEndpoints[peIdx].ServiceName = currentPE.ServiceName
+					}
+					if currentPE.ServiceResourceID != "" {
+						s.PrivateEndpoints[peIdx].ServiceResourceID = currentPE.ServiceResourceID
+					}
+					if currentPE.InterfaceEndpointID != "" {
+						s.PrivateEndpoints[peIdx].InterfaceEndpointID = currentPE.InterfaceEndpointID
+					}
+
+					matchedPE = &s.PrivateEndpoints[peIdx]
+				}
+			}
+
+			if matchedPE != nil {
+				result = append(result, *matchedPE)
+			}
+		}
+
+		s.PrivateEndpoints = result
+	}
+}
+
 // AtlasProjectStatus defines the observed state of AtlasProject
 type AtlasProjectStatus struct {
 	Common `json:",inline"`

pkg/api/v1/status/condition.go

@@ -33,8 +33,10 @@ const (
 
 // AtlasProject condition types
 const (
-	ProjectReadyType      ConditionType = "ProjectReady"
-	IPAccessListReadyType ConditionType = "IPAccessListReady"
+	ProjectReadyType                ConditionType = "ProjectReady"
+	IPAccessListReadyType           ConditionType = "IPAccessListReady"
+	PrivateEndpointServiceReadyType ConditionType = "PrivateEndpointServiceReady"
+	PrivateEndpointReadyType        ConditionType = "PrivateEndpointReady"
 )
 
 // AtlasCluster condition types

pkg/api/v1/status/privateendpoint.go

@@ -3,12 +3,20 @@ package status
 import "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/provider"
 
 type ProjectPrivateEndpoint struct {
+	// Unique identifier for AWS or AZURE Private Link Connection.
+	ID string `json:"id,omitempty"`
 	// Cloud provider for which you want to retrieve a private endpoint service. Atlas accepts AWS or AZURE.
 	Provider provider.ProviderName `json:"provider"`
 	// Cloud provider region for which you want to create the private endpoint service.
 	Region string `json:"region"`
 	// Name of the AWS or Azure Private Link Service that Atlas manages.
 	ServiceName string `json:"serviceName,omitempty"`
-	// Unique identifier of the AWS or Azure PrivateLink connection.
+	// Unique identifier of the Azure Private Link Service (for AWS the same as ID).
 	ServiceResourceID string `json:"serviceResourceId,omitempty"`
+	// Unique identifier of the AWS or Azure Private Link Interface Endpoint.
+	InterfaceEndpointID string `json:"interfaceEndpointId,omitempty"`
+}
+
+func (pe ProjectPrivateEndpoint) Identifier() interface{} {
+	return string(pe.Provider) + pe.Region
 }

pkg/api/v1/status/zz_generated.deepcopy.go

@@ -128,6 +128,11 @@ func (r *AtlasProjectReconciler) Reconcile(context context.Context, req ctrl.Req
 				return result.ReconcileResult(), nil
 			}
 
+			if result = DeleteAllPrivateEndpoints(ctx, atlasClient, projectID, project.Status.PrivateEndpoints, log); !result.IsOk() {
+				ctx.SetConditionFromResult(status.PrivateEndpointReadyType, result)
+				return result.ReconcileResult(), nil
+			}
+
 			if err = r.deleteAtlasProject(context, atlasClient, project); err != nil {
 				result = workflow.Terminate(workflow.Internal, err.Error())
 				ctx.SetConditionFromResult(status.ClusterReadyType, result)
@@ -155,6 +160,11 @@ func (r *AtlasProjectReconciler) Reconcile(context context.Context, req ctrl.Req
 	ctx.SetConditionTrue(status.IPAccessListReadyType)
 	r.EventRecorder.Event(project, "Normal", string(status.IPAccessListReadyType), "")
 
+	if result = r.ensurePrivateEndpoint(ctx, projectID, project); !result.IsOk() {
+		return result.ReconcileResult(), nil
+	}
+	r.EventRecorder.Event(project, "Normal", string(status.PrivateEndpointReadyType), "")
+
 	ctx.SetConditionTrue(status.ReadyType)
 	return ctrl.Result{}, nil
 }