CLOUDP-116867: Add Private Link for GCP (#516)

Author: fabritsius

config/crd/bases/atlas.mongodb.com_atlasprojects.yaml

@@ -193,6 +193,30 @@ spec:
                   for the current Project.
                 items:
                   properties:
+                    endpointGroupName:
+                      description: Unique identifier of the endpoint group. The endpoint
+                        group encompasses all of the endpoints that you created in
+                        Google Cloud.
+                      type: string
+                    endpoints:
+                      description: Collection of individual private endpoints that
+                        comprise your endpoint group.
+                      items:
+                        properties:
+                          endpointName:
+                            description: Forwarding rule that corresponds to the endpoint
+                              you created in Google Cloud.
+                            type: string
+                          ipAddress:
+                            description: Private IP address of the endpoint you created
+                              in Google Cloud.
+                            type: string
+                        type: object
+                      type: array
+                    gcpProjectId:
+                      description: Unique identifier of the Google Cloud project in
+                        which you created your endpoints.
+                      type: string
                     id:
                       description: Unique identifier of the private endpoint you created
                         in your AWS VPC or Azure Vnet.
@@ -476,6 +500,23 @@ spec:
                   project
                 items:
                   properties:
+                    endpoints:
+                      description: Collection of individual GCP private endpoints
+                        that comprise your network endpoint group.
+                      items:
+                        properties:
+                          endpointName:
+                            type: string
+                          ipAddress:
+                            type: string
+                          status:
+                            type: string
+                        required:
+                        - endpointName
+                        - ipAddress
+                        - status
+                        type: object
+                      type: array
                     id:
                       description: Unique identifier for AWS or AZURE Private Link
                         Connection.

config/rbac/role.yaml

@@ -0,0 +1,102 @@
+# Create a PrivateLink for GCP
+
+## I. Create a Private Endpoint Service
+```yaml
+cat <<EOF | kubectl apply -f -
+apiVersion: atlas.mongodb.com/v1
+kind: AtlasProject
+metadata:
+  name: my-project
+spec:
+  name: Test Atlas Operator Project
+  privateEndpoints:
+  - provider: "GCP"
+    region: "us-east1"
+EOF
+```
+
+## II. Setup GCP Side of connection
+
+- Use `EDIT` Atlas UI Button and follow a few steps to get a similar script:
+
+  ```
+  #!/bin/bash
+  gcloud config set project atlasoperator
+
+  for i in {0..5}
+  do
+    gcloud compute addresses create user-private-endpoint-ip-$i --region=us-east1 --subnet=user-test-subnet
+  done
+
+  for i in {0..5}
+  do
+    if [ $(gcloud compute addresses describe user-private-endpoint-ip-$i --region=us-east1 --format="value(status)") != "RESERVED" ]; then
+      echo "user-private-endpoint-ip-$i is not RESERVED";
+      exit 1;
+    fi
+  done
+
+  for i in {0..5}
+  do
+    gcloud compute forwarding-rules create user-private-endpoint-$i --region=us-east1 --network=user-test-vpc --address=user-private-endpoint-ip-$i --target-service-attachment=projects/p-long-id/regions/us-east1/serviceAttachments/long-id-$i
+  done
+
+  if [ $(gcloud compute forwarding-rules list --regions=us-east1 --format="csv[no-heading](name)" --filter="name:user-private-endpoint" | wc -l) -gt 6 ]; then
+    echo "Project has too many forwarding rules that match prefix user-private-endpoint. Either delete the competing resources or choose another endpoint prefix."
+    exit 2;
+  fi
+
+  gcloud compute forwarding-rules list --regions=us-east1 --format="json(IPAddress,name)" --filter="name:user-private-endpoint" > atlasEndpoints-user-private-endpoint.json
+  ```
+
+- Run the scipt `sh setup_psk.sh`
+- Run a couple command to format the output for the operator:
+  ```bash
+  yq e -P atlasEndpoints-user-private-endpoint.json > atlasEndpoints-user-private-endpoint.yaml
+  awk 'sub("name","endpointName")sub("IPAddress","ipAddress")' atlasEndpoints-user-private-endpoint.yaml
+  ```
+  Expected output:
+  ```
+  - ipAddress: 10.0.0.00
+    endpointName: user-private-endpoint-0
+  - ipAddress: 10.0.0.01
+    endpointName: user-private-endpoint-1
+  - ipAddress: 10.0.0.02
+    endpointName: user-private-endpoint-2
+  - ipAddress: 10.0.0.03
+    endpointName: user-private-endpoint-3
+  - ipAddress: 10.0.0.04
+    endpointName: user-private-endpoint-4
+  - ipAddress: 10.0.0.05
+    endpointName: user-private-endpoint-5
+  ```
+
+## III. Create the Private Endpoint Inteface
+```yaml
+cat <<EOF | kubectl apply -f -
+apiVersion: atlas.mongodb.com/v1
+kind: AtlasProject
+metadata:
+  name: my-project
+spec:
+  name: Test Atlas Operator Project
+  privateEndpoints:
+  - provider: "GCP"
+    region: "us-east1"
+    gcpProjectId: "atlasoperator"
+    endpointGroupName: "user-test-vpc"
+    endpoints:
+    - ipAddress: 10.0.0.00
+      endpointName: user-private-endpoint-0
+    - ipAddress: 10.0.0.01
+      endpointName: user-private-endpoint-1
+    - ipAddress: 10.0.0.02
+      endpointName: user-private-endpoint-2
+    - ipAddress: 10.0.0.03
+      endpointName: user-private-endpoint-3
+    - ipAddress: 10.0.0.04
+      endpointName: user-private-endpoint-4
+    - ipAddress: 10.0.0.05
+      endpointName: user-private-endpoint-5
+EOF
+```

docs/gcpPrivateEndpoint.md

@@ -6,6 +6,7 @@
 
 ## AtlasProject Resource
   * [3rd Party Integration](https://docs.atlas.mongodb.com/reference/api/third-party-integration-settings/) are supported `spec.integrations`
+  * [GCP Private Endpoints](https://www.mongodb.com/docs/atlas/reference/api/private-endpoints/) are now supported
 
 ## AtlasCluster Resource
 * Changes

docs/release-notes/release-notes.md

@@ -66,8 +66,6 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/nxadm/tail v1.4.8 // indirect
-	github.com/onsi/ginkgo v1.16.5 // indirect
 	github.com/openlyinc/pointy v1.1.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -96,7 +94,6 @@ require (
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
-	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/apiextensions-apiserver v0.23.4 // indirect
 	k8s.io/component-base v0.23.4 // indirect

go.mod

@@ -97,8 +97,6 @@ github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hC
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
-github.com/aws/aws-sdk-go v1.43.7 h1:Gbs53KxXJWbO3txoVkevf56bhdDFqRisl7MQQ6581vc=
-github.com/aws/aws-sdk-go v1.43.7/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/aws/aws-sdk-go v1.43.23 h1:/YmZzPMK6Xzi0B/W9O/Pq7nyIXpBv6mTiJdDDFC7u94=
 github.com/aws/aws-sdk-go v1.43.23/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
@@ -635,8 +633,6 @@ golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE=
-golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4 h1:kUhD7nTDoI3fVd9G4ORWrbV5NY0liEs/Jg2pv5f+bBA=
 golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=

go.sum

@@ -56,7 +56,7 @@ type AtlasProjectSpec struct {
 	ProjectIPAccessList []project.IPAccessList `json:"projectIpAccessList,omitempty"`
 
 	// PrivateEndpoints is a list of Private Endpoints configured for the current Project.
-	PrivateEndpoints []project.PrivateEndpoint `json:"privateEndpoints,omitempty"`
+	PrivateEndpoints []PrivateEndpoint `json:"privateEndpoints,omitempty"`
 
 	// Flag that indicates whether to create the new project with the default alert settings enabled. This parameter defaults to true
 	// +kubebuilder:default:=true