Skip to content

Commit 1c95796

Browse files
helderjshelderjs
authored
CLOUDP-167740: Fix connection secrets generation for DBUsers in separated namespaces (#914)
1 parent 0671745 commit 1c95796

File tree

8 files changed

+447
-169
lines changed

8 files changed

+447
-169
lines changed

pkg/controller/atlasdeployment/advanced_deployment.go

Lines changed: 25 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -396,13 +396,19 @@ func isInstanceSizeTheSame(currentDeployment *mongodbatlas.AdvancedCluster, desi
396396

397397
func (r *AtlasDeploymentReconciler) ensureConnectionSecrets(ctx *workflow.Context, project *mdbv1.AtlasProject, name string, connectionStrings *mongodbatlas.ConnectionStrings, deploymentResource *mdbv1.AtlasDeployment) workflow.Result {
398398
databaseUsers := mdbv1.AtlasDatabaseUserList{}
399-
err := r.Client.List(context.TODO(), &databaseUsers, client.InNamespace(project.Namespace))
399+
err := r.Client.List(context.TODO(), &databaseUsers, &client.ListOptions{})
400400
if err != nil {
401401
return workflow.Terminate(workflow.Internal, err.Error())
402402
}
403403

404404
secrets := make([]string, 0)
405-
for _, dbUser := range databaseUsers.Items {
405+
for i := range databaseUsers.Items {
406+
dbUser := databaseUsers.Items[i]
407+
408+
if !dbUserBelongsToProject(&dbUser, project) {
409+
continue
410+
}
411+
406412
found := false
407413
for _, c := range dbUser.Status.Conditions {
408414
if c.Type == status.ReadyType && c.Status == v1.ConditionTrue {
@@ -436,7 +442,7 @@ func (r *AtlasDeploymentReconciler) ensureConnectionSecrets(ctx *workflow.Contex
436442

437443
ctx.Log.Debugw("Creating a connection Secret", "data", data)
438444

439-
secretName, err := connectionsecret.Ensure(r.Client, project.Namespace, project.Spec.Name, project.ID(), name, data)
445+
secretName, err := connectionsecret.Ensure(r.Client, dbUser.Namespace, project.Spec.Name, project.ID(), name, data)
440446
if err != nil {
441447
return workflow.Terminate(workflow.DeploymentConnectionSecretsNotCreated, err.Error())
442448
}
@@ -449,3 +455,19 @@ func (r *AtlasDeploymentReconciler) ensureConnectionSecrets(ctx *workflow.Contex
449455

450456
return workflow.OK()
451457
}
458+
459+
func dbUserBelongsToProject(dbUser *mdbv1.AtlasDatabaseUser, project *mdbv1.AtlasProject) bool {
460+
if dbUser.Spec.Project.Name != project.Name {
461+
return false
462+
}
463+
464+
if dbUser.Spec.Project.Namespace == "" && dbUser.Namespace != project.Namespace {
465+
return false
466+
}
467+
468+
if dbUser.Spec.Project.Namespace != "" && dbUser.Spec.Project.Namespace != project.Namespace {
469+
return false
470+
}
471+
472+
return true
473+
}

0 commit comments

Comments
 (0)