CLOUDP-316083: Third Party Integrations Controller

.licenses-gomod.sha256

@@ -1 +1 @@
-100644 b51d7f78580631183d73f93102e99cb4e9b98d61 go.mod
+100644 cc25241e580d28e8eb50ff3f151b6dbeb85f0ebf go.mod

Makefile

@@ -13,6 +13,15 @@ DOCKER_SBOM_PLUGIN_VERSION=0.6.1
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
 VERSION ?= $(shell git describe --always --tags --dirty --broken | cut -c 2-)
 
+# LD_FLAGS
+LD_FLAG_SET_VERSION = -X github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/version.Version=$(VERSION)
+LD_FLAGS_SET_EXPERIMENTAL = -X github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/version.Experimental=$(EXPERIMENTAL)
+ifdef EXPERIMENTAL
+LD_FLAGS = $(LD_FLAGS_SET_EXPERIMENTAL) $(LD_FLAG_SET_VERSION)
+else
+LD_FLAGS = $(LD_FLAG_SET_VERSION)
+endif
+
 # NEXT_VERSION represents a version that is higher than anything released
 # VERSION default value does not play well with the run target which might end up failing
 # with errors such as:
@@ -218,7 +227,7 @@ bin/$(TARGET_OS)/$(TARGET_ARCH):
 
 bin/$(TARGET_OS)/$(TARGET_ARCH)/manager: $(GO_SOURCES) bin/$(TARGET_OS)/$(TARGET_ARCH)
 	@echo "Building operator with version $(VERSION); $(TARGET_OS) - $(TARGET_ARCH)"
-	CGO_ENABLED=0 GOOS=$(TARGET_OS) GOARCH=$(TARGET_ARCH) go build -o $@ -ldflags="-X github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/version.Version=$(VERSION)" cmd/main.go
+	CGO_ENABLED=0 GOOS=$(TARGET_OS) GOARCH=$(TARGET_ARCH) go build -o $@ -ldflags="$(LD_FLAGS)" cmd/main.go
 	@touch $@
 
 bin/manager: bin/$(TARGET_OS)/$(TARGET_ARCH)/manager
@@ -245,7 +254,9 @@ manifests: CRD_OPTIONS ?= "crd:crdVersions=v1,ignoreUnexportedFields=true"
 manifests: fmt ## Generate manifests e.g. CRD, RBAC etc.
 	controller-gen $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./api/..." paths="./internal/controller/..." output:crd:artifacts:config=config/crd/bases
 	@./scripts/split_roles_yaml.sh
-
+ifdef EXPERIMENTAL
+	controller-gen crd paths="./internal/nextapi/v1" output:crd:artifacts:config=internal/next-crds
+endif
 
 .PHONY: lint
 lint: ## Run the lint against the code
@@ -274,6 +285,9 @@ vet: $(TIMESTAMPS_DIR)/vet ## Run go vet against code
 .PHONY: generate
 generate: ${GO_SOURCES} ## Generate code
 	controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./api/..." paths="./internal/controller/..."
+ifdef EXPERIMENTAL
+	controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./internal/nextapi/v1/..."
+endif
 	$(MAKE) fmt
 
 .PHONY: check-missing-files
@@ -551,8 +565,11 @@ prepare-run: generate vet manifests run-kind install-crds install-credentials
 
 .PHONY: run
 run: prepare-run ## Run a freshly compiled manager against kind
+ifdef EXPERIMENTAL
+	kubectl apply -f internal/next-crds/*.yaml
+endif
 ifdef RUN_YAML
-	kubectl apply -f $(RUN_YAML)
+	kubectl apply -n $(OPERATOR_NAMESPACE) -f $(RUN_YAML)
 endif
 	VERSION=$(NEXT_VERSION) \
 	OPERATOR_POD_NAME=$(OPERATOR_POD_NAME) \

cmd/main.go

@@ -38,6 +38,7 @@ import (
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/collection"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/featureflags"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/kube"
+	akov2next "github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/nextapi/v1"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/operator"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/version"
 )
@@ -71,6 +72,10 @@ func main() {
 	ctrl.SetLogger(zapr.NewLogger(logger))
 	klog.SetLogger(zapr.NewLogger(logger))
 	setupLog := logger.Named("setup").Sugar()
+	if version.IsExperimental() {
+		setupLog.Warn("Experimental features enabled!")
+		utilruntime.Must(akov2next.AddToScheme(akoScheme))
+	}
 	setupLog.Info("starting with configuration", zap.Any("config", config), zap.Any("version", version.Version))
 
 	runnable, err := operator.NewBuilder(operator.ManagerProviderFunc(ctrl.NewManager), akoScheme, time.Duration(minimumIndependentSyncPeriod)*time.Minute).
@@ -85,6 +90,7 @@ func main() {
 		WithDeletionProtection(config.ObjectDeletionProtection).
 		WithIndependentSyncPeriod(time.Duration(config.IndependentSyncPeriod) * time.Minute).
 		WithDryRun(config.DryRun).
+		WithExperimentalReconcilers(version.IsExperimental()).
 		Build(ctx)
 	if err != nil {
 		setupLog.Error(err, "unable to start operator")

go.mod

@@ -28,6 +28,7 @@ require (
 	go.mongodb.org/atlas-sdk/v20231115004 v20231115004.1.0
 	go.mongodb.org/atlas-sdk/v20231115008 v20231115008.5.0
 	go.mongodb.org/atlas-sdk/v20241113001 v20241113001.0.0
+	go.mongodb.org/atlas-sdk/v20250312002 v20250312002.0.0
 	go.mongodb.org/mongo-driver v1.17.3
 	go.uber.org/zap v1.27.0
 	golang.org/x/sync v0.14.0
@@ -143,7 +144,7 @@ require (
 	golang.org/x/sys v0.33.0 // indirect
 	golang.org/x/term v0.32.0 // indirect
 	golang.org/x/text v0.25.0 // indirect
-	golang.org/x/time v0.11.0 // indirect
+	golang.org/x/time v0.11.0
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb // indirect
 	google.golang.org/grpc v1.72.0 // indirect

go.sum

@@ -266,6 +266,8 @@ go.mongodb.org/atlas-sdk/v20231115008 v20231115008.5.0 h1:OuV1HfIpZUZa4+BKvtrvDl
 go.mongodb.org/atlas-sdk/v20231115008 v20231115008.5.0/go.mod h1:0707RpWIrNFZ6Msy/dwRDCzC5JVDon61JoOqcbfCujg=
 go.mongodb.org/atlas-sdk/v20241113001 v20241113001.0.0 h1:G3UZcWwWziGUuaILWp/Gc+jLm1tfu7OUhUOpMWVZSWc=
 go.mongodb.org/atlas-sdk/v20241113001 v20241113001.0.0/go.mod h1:fMiUyCacIAm+XwFkJ4j+rJtYLRsGU7hButtgGv+SBU4=
+go.mongodb.org/atlas-sdk/v20250312002 v20250312002.0.0 h1:KX8PrYp3/PCSxG4NbGLcc3+EsNcfyhcvylGbe/oRlx8=
+go.mongodb.org/atlas-sdk/v20250312002 v20250312002.0.0/go.mod h1:HHCmHxHPdJRr1bUXlvRIZbm7M4gRujjur1GnjE44YgA=
 go.mongodb.org/mongo-driver v1.17.3 h1:TQyXhnsWfWtgAhMtOgtYHMTkZIfBTpMTsMnd9ZBeHxQ=
 go.mongodb.org/mongo-driver v1.17.3/go.mod h1:Hy04i7O2kC4RS06ZrhPRqj/u4DTYkFDAAccj+rVKqgQ=
 go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=

internal/controller/atlas/provider.go

@@ -25,6 +25,7 @@ import (
 	"github.com/mongodb-forks/digest"
 	adminv20231115008 "go.mongodb.org/atlas-sdk/v20231115008/admin"
 	adminv20241113001 "go.mongodb.org/atlas-sdk/v20241113001/admin"
+	adminv20250312002 "go.mongodb.org/atlas-sdk/v20250312002/admin"
 	"go.mongodb.org/atlas/mongodbatlas"
 	"go.uber.org/zap"
 
@@ -49,6 +50,7 @@ type Provider interface {
 type ClientSet struct {
 	SdkClient20231115008 *adminv20231115008.APIClient
 	SdkClient20241113001 *adminv20241113001.APIClient
+	SdkClient20250312002 *adminv20250312002.APIClient
 }
 
 type ProductionProvider struct {
@@ -160,9 +162,18 @@ func (p *ProductionProvider) SdkClientSet(ctx context.Context, creds *Credential
 		return nil, err
 	}
 
+	clientv20241113002, err := adminv20250312002.NewClient(
+		adminv20250312002.UseBaseURL(p.domain),
+		adminv20250312002.UseHTTPClient(httpClient),
+		adminv20250312002.UseUserAgent(operatorUserAgent()))
+	if err != nil {
+		return nil, err
+	}
+
 	return &ClientSet{
 		SdkClient20231115008: clientv20231115008,
 		SdkClient20241113001: clientv20241113001,
+		SdkClient20250312002: clientv20241113002,
 	}, nil
 }
 

internal/controller/atlascustomrole/atlascustomrole_controller.go

@@ -50,7 +50,6 @@ type AtlasCustomRoleReconciler struct {
 	reconciler.AtlasReconciler
 	Scheme                      *runtime.Scheme
 	EventRecorder               record.EventRecorder
-	AtlasProvider               atlas.Provider
 	GlobalPredicates            []predicate.Predicate
 	ObjectDeletionProtection    bool
 	SubObjectDeletionProtection bool
@@ -71,10 +70,10 @@ func NewAtlasCustomRoleReconciler(
 			Client:          c.GetClient(),
 			Log:             logger.Named("controllers").Named("AtlasCustomRoles").Sugar(),
 			GlobalSecretRef: globalSecretRef,
+			AtlasProvider:   atlasProvider,
 		},
 		Scheme:                   c.GetScheme(),
 		EventRecorder:            c.GetEventRecorderFor("AtlasCustomRoles"),
-		AtlasProvider:            atlasProvider,
 		GlobalPredicates:         predicates,
 		ObjectDeletionProtection: deletionProtection,
 		independentSyncPeriod:    independentSyncPeriod,

internal/controller/atlascustomrole/atlascustomrole_controller_test.go

@@ -368,48 +368,48 @@ func TestAtlasCustomRoleReconciler_Reconcile(t *testing.T) {
 				AtlasReconciler: reconciler.AtlasReconciler{
 					Client: k8sClient,
 					Log:    zap.S(),
-				},
-				Scheme:        testScheme,
-				EventRecorder: record.NewFakeRecorder(10),
-				AtlasProvider: &atlasmocks.TestProvider{
-					SdkClientSetFunc: func(ctx context.Context, creds *atlas.Credentials, log *zap.SugaredLogger) (*atlas.ClientSet, error) {
-						if tt.sdkShouldError {
-							return nil, fmt.Errorf("failed to create sdk")
-						}
-						cdrAPI := mockadmin.NewCustomDatabaseRolesApi(t)
-						cdrAPI.EXPECT().GetCustomDatabaseRole(mock.Anything, "testProjectID", "TestRoleName").
-							Return(admin.GetCustomDatabaseRoleApiRequest{ApiService: cdrAPI})
-						cdrAPI.EXPECT().GetCustomDatabaseRoleExecute(admin.GetCustomDatabaseRoleApiRequest{ApiService: cdrAPI}).
-							Return(&admin.UserCustomDBRole{}, &http.Response{StatusCode: http.StatusNotFound}, nil)
-						cdrAPI.EXPECT().CreateCustomDatabaseRole(mock.Anything, "testProjectID",
-							mock.AnythingOfType("*admin.UserCustomDBRole")).
-							Return(admin.CreateCustomDatabaseRoleApiRequest{ApiService: cdrAPI})
-						cdrAPI.EXPECT().CreateCustomDatabaseRoleExecute(admin.CreateCustomDatabaseRoleApiRequest{ApiService: cdrAPI}).
-							Return(nil, nil, nil)
+					AtlasProvider: &atlasmocks.TestProvider{
+						SdkClientSetFunc: func(ctx context.Context, creds *atlas.Credentials, log *zap.SugaredLogger) (*atlas.ClientSet, error) {
+							if tt.sdkShouldError {
+								return nil, fmt.Errorf("failed to create sdk")
+							}
+							cdrAPI := mockadmin.NewCustomDatabaseRolesApi(t)
+							cdrAPI.EXPECT().GetCustomDatabaseRole(mock.Anything, "testProjectID", "TestRoleName").
+								Return(admin.GetCustomDatabaseRoleApiRequest{ApiService: cdrAPI})
+							cdrAPI.EXPECT().GetCustomDatabaseRoleExecute(admin.GetCustomDatabaseRoleApiRequest{ApiService: cdrAPI}).
+								Return(&admin.UserCustomDBRole{}, &http.Response{StatusCode: http.StatusNotFound}, nil)
+							cdrAPI.EXPECT().CreateCustomDatabaseRole(mock.Anything, "testProjectID",
+								mock.AnythingOfType("*admin.UserCustomDBRole")).
+								Return(admin.CreateCustomDatabaseRoleApiRequest{ApiService: cdrAPI})
+							cdrAPI.EXPECT().CreateCustomDatabaseRoleExecute(admin.CreateCustomDatabaseRoleApiRequest{ApiService: cdrAPI}).
+								Return(nil, nil, nil)
 
-						pAPI := mockadmin.NewProjectsApi(t)
-						if tt.akoCustomRole.Spec.ExternalProjectRef != nil {
-							grp := &admin.Group{
-								Id:   &tt.akoCustomRole.Spec.ExternalProjectRef.ID,
-								Name: tt.akoCustomRole.Spec.ExternalProjectRef.ID,
+							pAPI := mockadmin.NewProjectsApi(t)
+							if tt.akoCustomRole.Spec.ExternalProjectRef != nil {
+								grp := &admin.Group{
+									Id:   &tt.akoCustomRole.Spec.ExternalProjectRef.ID,
+									Name: tt.akoCustomRole.Spec.ExternalProjectRef.ID,
+								}
+								pAPI.EXPECT().GetProject(context.Background(), tt.akoCustomRole.Spec.ExternalProjectRef.ID).
+									Return(admin.GetProjectApiRequest{ApiService: pAPI})
+								pAPI.EXPECT().GetProjectExecute(admin.GetProjectApiRequest{ApiService: pAPI}).
+									Return(grp, nil, nil)
 							}
-							pAPI.EXPECT().GetProject(context.Background(), tt.akoCustomRole.Spec.ExternalProjectRef.ID).
-								Return(admin.GetProjectApiRequest{ApiService: pAPI})
-							pAPI.EXPECT().GetProjectExecute(admin.GetProjectApiRequest{ApiService: pAPI}).
-								Return(grp, nil, nil)
-						}
-						return &atlas.ClientSet{SdkClient20231115008: &admin.APIClient{
-							CustomDatabaseRolesApi: cdrAPI,
-							ProjectsApi:            pAPI,
-						}}, nil
-					},
-					IsCloudGovFunc: func() bool {
-						return false
-					},
-					IsSupportedFunc: func() bool {
-						return tt.isSupported
+							return &atlas.ClientSet{SdkClient20231115008: &admin.APIClient{
+								CustomDatabaseRolesApi: cdrAPI,
+								ProjectsApi:            pAPI,
+							}}, nil
+						},
+						IsCloudGovFunc: func() bool {
+							return false
+						},
+						IsSupportedFunc: func() bool {
+							return tt.isSupported
+						},
 					},
 				},
+				Scheme:        testScheme,
+				EventRecorder: record.NewFakeRecorder(10),
 			}
 
 			result, err := r.Reconcile(context.Background(), ctrl.Request{

internal/controller/atlasdatabaseuser/atlasdatabaseuser_controller.go

@@ -54,7 +54,6 @@ var ErrOIDCNotEnabled = fmt.Errorf("'OIDCAuthType' field is set but OIDC authent
 // AtlasDatabaseUserReconciler reconciles an AtlasDatabaseUser object
 type AtlasDatabaseUserReconciler struct {
 	reconciler.AtlasReconciler
-	AtlasProvider               atlas.Provider
 	Scheme                      *runtime.Scheme
 	EventRecorder               record.EventRecorder
 	GlobalPredicates            []predicate.Predicate
@@ -287,8 +286,8 @@ func NewAtlasDatabaseUserReconciler(
 			Client:          c.GetClient(),
 			Log:             logger.Named("controllers").Named("AtlasDatabaseUser").Sugar(),
 			GlobalSecretRef: globalSecretRef,
+			AtlasProvider:   atlasProvider,
 		},
-		AtlasProvider:            atlasProvider,
 		Scheme:                   c.GetScheme(),
 		EventRecorder:            c.GetEventRecorderFor("AtlasDatabaseUser"),
 		GlobalPredicates:         predicates,

internal/controller/atlasdatabaseuser/atlasdatabaseuser_controller_test.go

@@ -162,10 +162,10 @@ func TestReconcile(t *testing.T) {
 				Build()
 			r := &AtlasDatabaseUserReconciler{
 				AtlasReconciler: reconciler.AtlasReconciler{
-					Client: k8sClient,
-					Log:    zaptest.NewLogger(t).Sugar(),
+					Client:        k8sClient,
+					Log:           zaptest.NewLogger(t).Sugar(),
+					AtlasProvider: DefaultTestProvider(t),
 				},
-				AtlasProvider: DefaultTestProvider(t),
 				EventRecorder: record.NewFakeRecorder(10),
 			}
 

internal/controller/atlasdatabaseuser/databaseuser_test.go

@@ -310,8 +310,8 @@ func TestHandleDatabaseUser(t *testing.T) {
 						Namespace: "default",
 						Name:      "secret",
 					},
+					AtlasProvider: tt.atlasProvider,
 				},
-				AtlasProvider: tt.atlasProvider,
 			}
 			ctx := &workflow.Context{
 				Context: context.Background(),

internal/controller/atlasdeployment/atlasdeployment_controller.go

@@ -60,7 +60,6 @@ type AtlasDeploymentReconciler struct {
 	Scheme                      *runtime.Scheme
 	GlobalPredicates            []predicate.Predicate
 	EventRecorder               record.EventRecorder
-	AtlasProvider               atlas.Provider
 	ObjectDeletionProtection    bool
 	SubObjectDeletionProtection bool
 	independentSyncPeriod       time.Duration
@@ -422,11 +421,11 @@ func NewAtlasDeploymentReconciler(
 			Client:          c.GetClient(),
 			Log:             suggaredLogger,
 			GlobalSecretRef: globalSecretref,
+			AtlasProvider:   atlasProvider,
 		},
 		Scheme:                   c.GetScheme(),
 		EventRecorder:            c.GetEventRecorderFor("AtlasDeployment"),
 		GlobalPredicates:         predicates,
-		AtlasProvider:            atlasProvider,
 		ObjectDeletionProtection: deletionProtection,
 		independentSyncPeriod:    independentSyncPeriod,
 	}