CLOUDP-280222: Private Endpoint controller (#1916)

mongodb · Dec 3, 2024 · beaa709 · beaa709
1 parent 678a565
commit beaa709
Show file tree

Hide file tree

Showing 26 changed files with 3,642 additions and 30 deletions.
diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml
@@ -167,6 +167,7 @@ jobs:
             "multinamespaced",
             "networkpeering",
             "privatelink",
+            "private-endpoint",
             "project-settings",
             "serverless-pe",
             "x509auth",

diff --git a/config/crd/bases/atlas.mongodb.com_atlasprivateendpoints.yaml b/config/crd/bases/atlas.mongodb.com_atlasprivateendpoints.yaml
@@ -73,6 +73,9 @@ spec:
                   - id
                   type: object
                 type: array
+                x-kubernetes-list-map-keys:
+                - id
+                x-kubernetes-list-type: map
               azureConfiguration:
                 description: AzureConfiguration is the specific Azure settings for
                   the private endpoint
@@ -93,6 +96,9 @@ spec:
                   - ipAddress
                   type: object
                 type: array
+                x-kubernetes-list-map-keys:
+                - id
+                x-kubernetes-list-type: map
               connectionSecret:
                 description: Name of the secret containing Atlas API private and public
                   keys
@@ -156,6 +162,9 @@ spec:
                   - projectId
                   type: object
                 type: array
+                x-kubernetes-list-map-keys:
+                - groupName
+                x-kubernetes-list-type: map
               projectRef:
                 description: Project is a reference to AtlasProject resource the user
                   belongs to

diff --git a/config/rbac/clusterwide/role.yaml b/config/rbac/clusterwide/role.yaml
@@ -34,6 +34,7 @@ rules:
   - atlasdatafederations
   - atlasdeployments
   - atlasfederatedauths
+  - atlasprivateendpoints
   - atlasprojects
   - atlassearchindexconfigs
   - atlasstreamconnections
@@ -58,6 +59,7 @@ rules:
   - atlasdatafederations/status
   - atlasdeployments/status
   - atlasfederatedauths/status
+  - atlasprivateendpoints/status
   - atlasprojects/status
   - atlassearchindexconfigs/status
   - atlasstreamconnections/status

diff --git a/config/rbac/namespaced/role.yaml b/config/rbac/namespaced/role.yaml
@@ -35,6 +35,7 @@ rules:
   - atlasdatafederations
   - atlasdeployments
   - atlasfederatedauths
+  - atlasprivateendpoints
   - atlasprojects
   - atlassearchindexconfigs
   - atlasstreamconnections
@@ -58,6 +59,7 @@ rules:
   - atlasdatafederations/status
   - atlasdeployments/status
   - atlasfederatedauths/status
+  - atlasprivateendpoints/status
   - atlasprojects/status
   - atlassearchindexconfigs/status
   - atlasstreamconnections/status

diff --git a/internal/translation/privateendpoint/conversion.go b/internal/translation/privateendpoint/conversion.go
@@ -473,3 +473,30 @@ func interfaceCreateToAtlas(peInterface EndpointInterface, gcpProjectID string)
 
 	return nil
 }
+
+type CompositeEndpointInterface struct {
+	AKO   EndpointInterface
+	Atlas EndpointInterface
+}
+
+func MapPrivateEndpoints(akoInterfaces, atlasInterfaces []EndpointInterface) map[string]CompositeEndpointInterface {
+	m := map[string]CompositeEndpointInterface{}
+
+	for _, akoInterface := range akoInterfaces {
+		m[akoInterface.InterfaceID()] = CompositeEndpointInterface{
+			AKO: akoInterface,
+		}
+	}
+
+	for _, atlasInterface := range atlasInterfaces {
+		i := CompositeEndpointInterface{}
+		if existing, ok := m[atlasInterface.InterfaceID()]; ok {
+			i = existing
+		}
+
+		i.Atlas = atlasInterface
+		m[atlasInterface.InterfaceID()] = i
+	}
+
+	return m
+}
diff --git a/pkg/api/condition.go b/pkg/api/condition.go
@@ -94,6 +94,12 @@ const (
 	TeamUnmanaged ConditionType = "TeamUnmanaged"
 )
 
+// Atlas Private Endpoint condition types
+const (
+	PrivateEndpointServiceReady ConditionType = "PrivateEndpointServiceReady"
+	PrivateEndpointReady        ConditionType = "PrivateEndpointReady"
+)
+
 // Generic condition type
 const (
 	ResourceVersionStatus ConditionType = "ResourceVersionIsValid"

diff --git a/pkg/api/v1/atlasprivateendpoint_types.go b/pkg/api/v1/atlasprivateendpoint_types.go
@@ -53,12 +53,18 @@ type AtlasPrivateEndpointSpec struct {
 	// +kubebuilder:validation:Required
 	Region string `json:"region"`
 	// AWSConfiguration is the specific AWS settings for the private endpoint
+	// +listType=map
+	// +listMapKey=id
 	// +kubebuilder:validation:Optional
 	AWSConfiguration []AWSPrivateEndpointConfiguration `json:"awsConfiguration,omitempty"`
 	// AzureConfiguration is the specific Azure settings for the private endpoint
+	// +listType=map
+	// +listMapKey=id
 	// +kubebuilder:validation:Optional
 	AzureConfiguration []AzurePrivateEndpointConfiguration `json:"azureConfiguration,omitempty"`
 	// GCPConfiguration is the specific Google Cloud settings for the private endpoint
+	// +listType=map
+	// +listMapKey=groupName
 	// +kubebuilder:validation:Optional
 	GCPConfiguration []GCPPrivateEndpointConfiguration `json:"gcpConfiguration,omitempty"`
 }

diff --git a/pkg/controller/atlas/provider.go b/pkg/controller/atlas/provider.go
@@ -76,7 +76,8 @@ func (p *ProductionProvider) IsResourceSupported(resource api.AtlasCustomResourc
 		*akov2.AtlasDatabaseUser,
 		*akov2.AtlasSearchIndexConfig,
 		*akov2.AtlasBackupCompliancePolicy,
-		*akov2.AtlasFederatedAuth:
+		*akov2.AtlasFederatedAuth,
+		*akov2.AtlasPrivateEndpoint:
 		return true
 	case *akov2.AtlasDataFederation,
 		*akov2.AtlasStreamInstance,