Merge branch 'main' into CLOUD-869

percona · Jan 6, 2025 · 64b99ca · 64b99ca
2 parents 4ab77f6 + 31622a4
commit 64b99ca
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 17 deletions.
diff --git a/go.mod b/go.mod
@@ -23,7 +23,7 @@ require (
 	go.mongodb.org/mongo-driver v1.17.1
 	go.uber.org/zap v1.27.0
 	golang.org/x/sync v0.10.0
-	google.golang.org/grpc v1.69.0
+	google.golang.org/grpc v1.69.2
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.32.0
 	k8s.io/apimachinery v0.32.0

diff --git a/go.sum b/go.sum
@@ -723,8 +723,8 @@ google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ij
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI=
-google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
+google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU=
+google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=

diff --git a/pkg/apis/psmdb/v1/psmdb_types.go b/pkg/apis/psmdb/v1/psmdb_types.go
@@ -119,6 +119,10 @@ func (u *User) UserID() string {
 	return u.DB + "." + u.Name
 }
 
+func (u *User) IsExternalDB() bool {
+	return u.DB == "$external"
+}
+
 type RoleAuthenticationRestriction struct {
 	ClientSource  []string `json:"clientSource,omitempty"`
 	ServerAddress []string `json:"serverAddress,omitempty"`

diff --git a/pkg/controller/perconaservermongodb/custom_users.go b/pkg/controller/perconaservermongodb/custom_users.go
@@ -105,32 +105,28 @@ func handleUsers(ctx context.Context, cr *api.PerconaServerMongoDB, mongoCli mon
 			continue
 		}
 
-		if user.DB == "$external" && userInfo == nil {
+		if user.IsExternalDB() && userInfo == nil {
 			err = createExternalUser(ctx, mongoCli, &user)
 			if err != nil {
 				return errors.Wrapf(err, "create user %s", user.Name)
 			}
 			continue
 		}
 
-		defaultUserSecretName := fmt.Sprintf("%s-custom-user-secret", cr.Name)
-
-		userSecretName := defaultUserSecretName
 		userSecretPassKey := user.Name
 		if user.PasswordSecretRef != nil {
-			userSecretName = user.PasswordSecretRef.Name
 			userSecretPassKey = user.PasswordSecretRef.Key
 		}
 
-		sec, err := getCustomUserSecret(ctx, client, cr, userSecretName, defaultUserSecretName, userSecretPassKey)
+		sec, err := getCustomUserSecret(ctx, client, cr, &user, userSecretPassKey)
 		if err != nil {
 			log.Error(err, "failed to get user secret", "user", user)
 			continue
 		}
 
 		annotationKey := fmt.Sprintf("percona.com/%s-%s-hash", cr.Name, user.Name)
 
-		if userInfo == nil {
+		if userInfo == nil && !user.IsExternalDB() {
 			err = createUser(ctx, client, mongoCli, &user, sec, annotationKey, userSecretPassKey)
 			if err != nil {
 				return errors.Wrapf(err, "create user %s", user.Name)
@@ -293,7 +289,7 @@ func updatePass(
 	annotationKey, passKey string) error {
 	log := logf.FromContext(ctx)
 
-	if userInfo == nil {
+	if userInfo == nil || user.IsExternalDB() {
 		return nil
 	}
 
@@ -417,24 +413,35 @@ func createUser(
 
 // getCustomUserSecret gets secret by name defined by `user.PasswordSecretRef.Name` or returns a secret
 // with newly generated password if name matches defaultName
-func getCustomUserSecret(ctx context.Context, cl client.Client, cr *api.PerconaServerMongoDB, name, defaultName, passKey string) (*corev1.Secret, error) {
+func getCustomUserSecret(ctx context.Context, cl client.Client, cr *api.PerconaServerMongoDB, user *api.User, passKey string) (*corev1.Secret, error) {
 	log := logf.FromContext(ctx)
 
+	if user.IsExternalDB() {
+		return nil, nil
+	}
+
+	defaultSecretName := fmt.Sprintf("%s-custom-user-secret", cr.Name)
+
+	secretName := defaultSecretName
+	if user.PasswordSecretRef != nil {
+		secretName = user.PasswordSecretRef.Name
+	}
+
 	secret := &corev1.Secret{}
-	err := cl.Get(ctx, types.NamespacedName{Name: name, Namespace: cr.Namespace}, secret)
+	err := cl.Get(ctx, types.NamespacedName{Name: secretName, Namespace: cr.Namespace}, secret)
 
-	if err != nil && name != defaultName {
+	if err != nil && secretName != defaultSecretName {
 		return nil, errors.Wrap(err, "failed to get user secret")
 	}
 
-	if err != nil && !k8serrors.IsNotFound(err) && name == defaultName {
+	if err != nil && !k8serrors.IsNotFound(err) && secretName == defaultSecretName {
 		return nil, errors.Wrap(err, "failed to get user secret")
 	}
 
 	if err != nil && k8serrors.IsNotFound(err) {
 		secret = &corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
-				Name:      name,
+				Name:      secretName,
 				Namespace: cr.Namespace,
 			},
 		}
@@ -458,7 +465,7 @@ func getCustomUserSecret(ctx context.Context, cl client.Client, cr *api.PerconaS
 	}
 
 	_, hasPass := secret.Data[passKey]
-	if !hasPass && name == defaultName {
+	if !hasPass && secretName == defaultSecretName {
 		pass, err := s.GeneratePassword()
 		if err != nil {
 			return nil, errors.Wrap(err, "generate custom user password")