MLE-19843 Allow Using existing secret for MarkLogic Admin Credentials (#61)

* MLE-19843: Allow Using existing secret for MarkLogic Admin Credentials

* update readme

* Add E2E Test for using existing secret for Auth

---------

Co-authored-by: Peng Zhou <[email protected]>

Author: pengzhouml

api/v1alpha1/common_types.go

@@ -46,6 +46,7 @@ type VolumeMountWrapper struct {
 }
 
 type AdminAuth struct {
+	SecretName     *string `json:"secretName,omitempty"`
 	AdminUsername  *string `json:"adminUsername,omitempty"`
 	AdminPassword  *string `json:"adminPassword,omitempty"`
 	WalletPassword *string `json:"walletPassword,omitempty"`

api/v1alpha1/marklogicgroup_types.go

@@ -83,8 +83,8 @@ type MarklogicGroupSpec struct {
 
 	AdditionalVolumes      *[]corev1.Volume      `json:"additionalVolumes,omitempty"`
 	AdditionalVolumeMounts *[]corev1.VolumeMount `json:"additionalVolumeMounts,omitempty"`
-
-	Tls *Tls `json:"tls,omitempty"`
+	SecretName             string                `json:"secretName,omitempty"`
+	Tls                    *Tls                  `json:"tls,omitempty"`
 }
 
 // InternalState defines the observed state of MarklogicGroup

api/v1alpha1/zz_generated.deepcopy.go

@@ -2810,6 +2810,8 @@ spec:
                     type: string
                   adminUsername:
                     type: string
+                  secretName:
+                    type: string
                   walletPassword:
                     type: string
                 type: object

config/crd/bases/database.marklogic.com_marklogicclusters.yaml

@@ -2811,6 +2811,8 @@ spec:
                     type: string
                   adminUsername:
                     type: string
+                  secretName:
+                    type: string
                   walletPassword:
                     type: string
                 type: object
@@ -3804,6 +3806,8 @@ spec:
                       More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
                     type: object
                 type: object
+              secretName:
+                type: string
               securityContext:
                 default:
                   allowPrivilegeEscalation: false

config/crd/bases/database.marklogic.com_marklogicgroups.yaml

@@ -10,9 +10,10 @@ metadata:
   name: ml-cluster
 spec:
   image: "progressofficial/marklogic-db:11.3.0-ubi-rootless"
-  auth:
-    adminUsername: user
-    adminPassword: pass
+  # auth:
+    # secretName: <SECRET_NAME>
+    # adminUsername: user
+    # adminPassword: pass
 # This is the cluster level configuration that will apply to all the groups
   # storage:
   #   size: 5Gi
@@ -21,9 +22,9 @@ spec:
   ## An out of box load balancer with configured to handle cookie based session affinity that required by most MarkLogic applications.
   ## It also support multi-statement transaction and ODBC connections.  
   ## Uncomment the following lines to enable HAProxy configuration
-  haproxy:
-    enabled: true
-    pathBasedRouting: false
+  # haproxy:
+  #   enabled: true
+  #   pathBasedRouting: false
   #   frontendPort: 8080
   #   tcpPorts:
   #     enabled: true
@@ -41,9 +42,9 @@ spec:
   #     - name: "manage"
   #       port: 8002
   #       path: "/manage"
-  #   stats:
-  #     enabled: true
-  #     port: 1024
+    # stats:
+    #   enabled: true
+    #   port: 1024
   #   resources:
   #     requests:
   #       memory: "4Gi"

config/samples/marklogiccluster.yaml

@@ -170,5 +170,15 @@ var _ = Describe("MarklogicCluster Controller", func() {
 			Expect(clusterCR.Spec.Tls.CertSecretNames).Should(ContainElements("cert-secret-1", "cert-secret-2"))
 			Expect(clusterCR.Spec.Tls.CaSecretName).Should(Equal("ca-secret"))
 		})
+
+		It("Should create a secret for MarkLogic Admin User", func() {
+			// Validating if Secret is created successfully
+			secret := &corev1.Secret{}
+			secretName := clusterName + "-admin"
+			Eventually(func() bool {
+				err := k8sClient.Get(ctx, types.NamespacedName{Name: secretName, Namespace: clusterNS}, secret)
+				return err == nil
+			}, timeout, interval).Should(BeTrue())
+		})
 	})
 })

internal/controller/marklogiccluster_controller_test.go

@@ -199,16 +199,6 @@ var _ = Describe("MarkLogicGroup controller", func() {
 			}, timeout, interval).Should(BeTrue())
 		})
 
-		It("Should create a secret for MarkLogic Admin User", func() {
-			// Validating if Secret is created successfully
-			secret := &corev1.Secret{}
-			secretName := Name + "-admin"
-			Eventually(func() bool {
-				err := k8sClient.Get(ctx, types.NamespacedName{Name: secretName, Namespace: Namespace}, secret)
-				return err == nil
-			}, timeout, interval).Should(BeTrue())
-		})
-
 		It("Should update the MarklogicGroup CR", func() {
 			// Update the MarklogicGroup CR
 			createdCR := &databasev1alpha1.MarklogicGroup{}

internal/controller/marklogicgroup_controller_test.go

@@ -12,10 +12,6 @@ func (oc *OperatorContext) ReconsileMarklogicGroupHandler() (reconcile.Result, e
 	}
 	setOperatorInternalStatus(oc, "Created")
 
-	if result := oc.ReconcileSecret(); result.Completed() {
-		return result.Output()
-	}
-
 	if result := oc.ReconcileConfigMap(); result.Completed() {
 		return result.Output()
 	}
@@ -32,6 +28,9 @@ func (oc *OperatorContext) ReconsileMarklogicGroupHandler() (reconcile.Result, e
 }
 
 func (cc *ClusterContext) ReconsileMarklogicClusterHandler() (reconcile.Result, error) {
+	if result := cc.ReconcileSecret(); result.Completed() {
+		return result.Output()
+	}
 	result, err := cc.ReconsileMarklogicCluster()
 	if cc.MarklogicCluster.Spec.NetworkPolicy.Enabled {
 		if result := cc.ReconcileNetworkPolicy(); result.Completed() {

pkg/k8sutil/handler.go

@@ -44,6 +44,7 @@ type MarkLogicGroupParameters struct {
 	Tls                           *databasev1alpha1.Tls
 	AdditionalVolumes             *[]corev1.Volume
 	AdditionalVolumeMounts        *[]corev1.VolumeMount
+	SecretName                    string
 }
 
 type MarkLogicClusterParameters struct {
@@ -128,6 +129,7 @@ func GenerateMarkLogicGroupDef(cr *databasev1alpha1.MarklogicCluster, index int,
 			Tls:                           params.Tls,
 			AdditionalVolumes:             params.AdditionalVolumes,
 			AdditionalVolumeMounts:        params.AdditionalVolumeMounts,
+			SecretName:                    params.SecretName,
 		},
 	}
 	AddOwnerRefToObject(MarkLogicGroupDef, ownerDef)
@@ -230,7 +232,7 @@ func generateMarkLogicClusterParams(cr *databasev1alpha1.MarklogicCluster) *Mark
 }
 
 func generateMarkLogicGroupParams(cr *databasev1alpha1.MarklogicCluster, index int, clusterParams *MarkLogicClusterParameters) *MarkLogicGroupParameters {
-	MarkLogicGroupParameters := &MarkLogicGroupParameters{
+	markLogicGroupParameters := &MarkLogicGroupParameters{
 		Replicas:                      cr.Spec.MarkLogicGroups[index].Replicas,
 		Name:                          cr.Spec.MarkLogicGroups[index].Name,
 		GroupConfig:                   cr.Spec.MarkLogicGroups[index].GroupConfig,
@@ -260,50 +262,55 @@ func generateMarkLogicGroupParams(cr *databasev1alpha1.MarklogicCluster, index i
 		AdditionalVolumes:             clusterParams.AdditionalVolumes,
 	}
 
+	if cr.Spec.Auth != nil && cr.Spec.Auth.SecretName != nil && *cr.Spec.Auth.SecretName != "" {
+		markLogicGroupParameters.SecretName = *cr.Spec.Auth.SecretName
+	} else {
+		markLogicGroupParameters.SecretName = fmt.Sprintf("%s-admin", cr.ObjectMeta.Name)
+	}
 	if cr.Spec.MarkLogicGroups[index].HAProxy != nil && cr.Spec.MarkLogicGroups[index].HAProxy.PathBasedRouting != nil {
-		MarkLogicGroupParameters.PathBasedRouting = *cr.Spec.MarkLogicGroups[index].HAProxy.PathBasedRouting
+		markLogicGroupParameters.PathBasedRouting = *cr.Spec.MarkLogicGroups[index].HAProxy.PathBasedRouting
 	}
 	if cr.Spec.MarkLogicGroups[index].Image != "" {
-		MarkLogicGroupParameters.Image = cr.Spec.MarkLogicGroups[index].Image
+		markLogicGroupParameters.Image = cr.Spec.MarkLogicGroups[index].Image
 	}
 	if cr.Spec.MarkLogicGroups[index].ImagePullPolicy != "" {
-		MarkLogicGroupParameters.ImagePullPolicy = cr.Spec.MarkLogicGroups[index].ImagePullPolicy
+		markLogicGroupParameters.ImagePullPolicy = cr.Spec.MarkLogicGroups[index].ImagePullPolicy
 	}
 	if cr.Spec.MarkLogicGroups[index].ImagePullSecrets != nil {
-		MarkLogicGroupParameters.ImagePullSecrets = cr.Spec.MarkLogicGroups[index].ImagePullSecrets
+		markLogicGroupParameters.ImagePullSecrets = cr.Spec.MarkLogicGroups[index].ImagePullSecrets
 	}
 	if cr.Spec.MarkLogicGroups[index].Storage != nil {
-		MarkLogicGroupParameters.Storage = cr.Spec.MarkLogicGroups[index].Storage
+		markLogicGroupParameters.Storage = cr.Spec.MarkLogicGroups[index].Storage
 	}
 	if cr.Spec.MarkLogicGroups[index].Resources != nil {
-		MarkLogicGroupParameters.Resources = cr.Spec.MarkLogicGroups[index].Resources
+		markLogicGroupParameters.Resources = cr.Spec.MarkLogicGroups[index].Resources
 	}
 	if cr.Spec.MarkLogicGroups[index].Affinity != nil {
-		MarkLogicGroupParameters.Affinity = cr.Spec.MarkLogicGroups[index].Affinity
+		markLogicGroupParameters.Affinity = cr.Spec.MarkLogicGroups[index].Affinity
 	}
 	if cr.Spec.MarkLogicGroups[index].NodeSelector != nil {
-		MarkLogicGroupParameters.NodeSelector = cr.Spec.MarkLogicGroups[index].NodeSelector
+		markLogicGroupParameters.NodeSelector = cr.Spec.MarkLogicGroups[index].NodeSelector
 	}
 	if cr.Spec.MarkLogicGroups[index].TopologySpreadConstraints != nil {
-		MarkLogicGroupParameters.TopologySpreadConstraints = cr.Spec.MarkLogicGroups[index].TopologySpreadConstraints
+		markLogicGroupParameters.TopologySpreadConstraints = cr.Spec.MarkLogicGroups[index].TopologySpreadConstraints
 	}
 	if cr.Spec.MarkLogicGroups[index].PriorityClassName != "" {
-		MarkLogicGroupParameters.PriorityClassName = cr.Spec.MarkLogicGroups[index].PriorityClassName
+		markLogicGroupParameters.PriorityClassName = cr.Spec.MarkLogicGroups[index].PriorityClassName
 	}
 	if cr.Spec.MarkLogicGroups[index].HugePages != nil {
-		MarkLogicGroupParameters.HugePages = cr.Spec.MarkLogicGroups[index].HugePages
+		markLogicGroupParameters.HugePages = cr.Spec.MarkLogicGroups[index].HugePages
 	}
 	if cr.Spec.MarkLogicGroups[index].LogCollection != nil {
-		MarkLogicGroupParameters.LogCollection = cr.Spec.MarkLogicGroups[index].LogCollection
+		markLogicGroupParameters.LogCollection = cr.Spec.MarkLogicGroups[index].LogCollection
 	}
 	if cr.Spec.MarkLogicGroups[index].Tls != nil {
-		MarkLogicGroupParameters.Tls = cr.Spec.MarkLogicGroups[index].Tls
+		markLogicGroupParameters.Tls = cr.Spec.MarkLogicGroups[index].Tls
 	}
 	if cr.Spec.MarkLogicGroups[index].AdditionalVolumes != nil {
-		MarkLogicGroupParameters.AdditionalVolumes = cr.Spec.MarkLogicGroups[index].AdditionalVolumes
+		markLogicGroupParameters.AdditionalVolumes = cr.Spec.MarkLogicGroups[index].AdditionalVolumes
 	}
 	if cr.Spec.MarkLogicGroups[index].AdditionalVolumeMounts != nil {
-		MarkLogicGroupParameters.AdditionalVolumeMounts = cr.Spec.MarkLogicGroups[index].AdditionalVolumeMounts
+		markLogicGroupParameters.AdditionalVolumeMounts = cr.Spec.MarkLogicGroups[index].AdditionalVolumeMounts
 	}
-	return MarkLogicGroupParameters
+	return markLogicGroupParameters
 }