CLOUDP-151638: Fix network peer container handling (#820)

* Fix network peer container handling

* Make custom roles e2e test more stable

Author: Sugar-pack

.github/workflows/test-e2e.yml

@@ -76,10 +76,11 @@ jobs:
       - name: Change path for the test
         run: |
           awk '{gsub(/cloud.mongodb.com/, "cloud-qa.mongodb.com", $0); print}' bundle/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml > tmp && mv tmp bundle/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml
-      - name: Cache all files
+      - name: Cache repo files
         uses: actions/cache@v3
         with:
-          path: ./*
+          path: |
+            ./*
           key: ${{ github.sha }}
       - name: Prepare docker tag
         id: prepare-docker-bundle-tag
@@ -137,7 +138,7 @@ jobs:
             "teams",
           ]
     steps:
-      - name: Cache all files
+      - name: Get repo files from cache
         uses: actions/cache@v3
         with:
           path: ./*

pkg/controller/atlasproject/network_peering.go

@@ -13,6 +13,7 @@ import (
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/provider"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/status"
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/workflow"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/util"
 )
 
 const (
@@ -39,7 +40,7 @@ func ensureNetworkPeers(ctx *workflow.Context, groupID string, project *mdbv1.At
 		return result
 	}
 	ctx.SetConditionTrue(status.NetworkPeerReadyType)
-	if len(networkPeerStatus) == 0 && len(networkPeerSpec) == 0 {
+	if len(networkPeerSpec) == 0 {
 		ctx.UnsetCondition(status.NetworkPeerReadyType)
 	}
 
@@ -69,7 +70,7 @@ func SyncNetworkPeer(context context.Context, ctx *workflow.Context, groupID str
 	logger := ctx.Log
 	mongoClient := ctx.Client
 	logger.Debugf("syncing network peers for project %v", groupID)
-	list, err := getAllExistedNetworkPeer(context, logger, mongoClient.Peers, groupID)
+	list, err := GetAllExistedNetworkPeer(context, mongoClient.Peers, groupID)
 	if err != nil {
 		logger.Errorf("failed to get all network peers: %v", err)
 		return workflow.Terminate(workflow.ProjectNetworkPeerIsNotReadyInAtlas, "failed to get all network peers"),
@@ -97,10 +98,16 @@ func SyncNetworkPeer(context context.Context, ctx *workflow.Context, groupID str
 	peerStatuses = createNetworkPeers(context, mongoClient, groupID, diff.PeersToCreate, logger)
 	peerStatuses, err = UpdateStatuses(context, mongoClient.Containers, peerStatuses, diff.PeersToUpdate, groupID, logger)
 	if err != nil {
+		logger.Errorf("failed to update network peer statuses: %v", err)
 		return workflow.Terminate(workflow.ProjectNetworkPeerIsNotReadyInAtlas,
 			"failed to update network peer statuses"), status.NetworkPeerReadyType
 	}
-
+	err = deleteUnusedContainers(context, mongoClient.Containers, groupID, getPeerIDs(peerStatuses))
+	if err != nil {
+		logger.Errorf("failed to delete unused containers: %v", err)
+		return workflow.Terminate(workflow.ProjectNetworkPeerIsNotReadyInAtlas,
+			fmt.Sprintf("failed to delete unused containers: %s", err)), status.NetworkPeerReadyType
+	}
 	return ensurePeerStatus(peerStatuses, len(peerSpecs), logger)
 }
 
@@ -124,6 +131,30 @@ func UpdateStatuses(context context.Context, containerService mongodbatlas.Conta
 	return peerStatuses, nil
 }
 
+func getPeerIDs(statuses []status.AtlasNetworkPeer) []string {
+	ids := make([]string, 0, len(statuses))
+	for _, networkPeer := range statuses {
+		ids = append(ids, networkPeer.ContainerID)
+	}
+	return ids
+}
+
+func deleteUnusedContainers(context context.Context, containerService mongodbatlas.ContainersService, groupID string, doNotDelete []string) error {
+	containers, _, err := containerService.List(context, groupID, nil)
+	if err != nil {
+		return err
+	}
+	for _, container := range containers {
+		if !util.Contains(doNotDelete, container.ID) {
+			response, errDelete := containerService.Delete(context, groupID, container.ID)
+			if errDelete != nil && response.StatusCode != http.StatusConflict { // AWS peer does not contain container id
+				return errDelete
+			}
+		}
+	}
+	return nil
+}
+
 func getContainer(context context.Context, containerService mongodbatlas.ContainersService,
 	peerToUpdate mongodbatlas.Peer, groupID string, logger *zap.SugaredLogger) (mongodbatlas.Container, error) {
 	var container mongodbatlas.Container
@@ -260,34 +291,28 @@ func createNetworkPeers(context context.Context, mongoClient mongodbatlas.Client
 	return newPeerStatuses
 }
 
-func getAllExistedNetworkPeer(ctx context.Context, logger *zap.SugaredLogger, peerService mongodbatlas.PeersService, groupID string) ([]mongodbatlas.Peer, error) {
+func GetAllExistedNetworkPeer(ctx context.Context, peerService mongodbatlas.PeersService, groupID string) ([]mongodbatlas.Peer, error) {
 	var peersList []mongodbatlas.Peer
 	listAWS, _, err := peerService.List(ctx, groupID, &mongodbatlas.ContainersListOptions{})
 	if err != nil {
-		logger.Errorf("failed to list network peers: %v", err)
-		return nil, err
+		return nil, fmt.Errorf("failed to list network peers for AWS: %w", err)
 	}
-	logger.Debugf("got %d aws peers", len(listAWS))
 	peersList = append(peersList, listAWS...)
 
 	listGCP, _, err := peerService.List(ctx, groupID, &mongodbatlas.ContainersListOptions{
 		ProviderName: string(provider.ProviderGCP),
 	})
 	if err != nil {
-		logger.Errorf("failed to list network peers: %v", err)
-		return nil, err
+		return nil, fmt.Errorf("failed to list network peers for GCP: %w", err)
 	}
-	logger.Debugf("got %d gcp peers", len(listGCP))
 	peersList = append(peersList, listGCP...)
 
 	listAzure, _, err := peerService.List(ctx, groupID, &mongodbatlas.ContainersListOptions{
 		ProviderName: string(provider.ProviderAzure),
 	})
 	if err != nil {
-		logger.Errorf("failed to list network peers: %v", err)
-		return nil, err
+		return nil, fmt.Errorf("failed to list network peers for Azure: %w", err)
 	}
-	logger.Debugf("got %d azure peers", len(listAzure))
 	peersList = append(peersList, listAzure...)
 	return peersList, nil
 }
@@ -548,7 +573,7 @@ func DeleteAllNetworkPeers(ctx context.Context, groupID string, service mongodba
 }
 
 func deleteAllNetworkPeers(ctx context.Context, groupID string, service mongodbatlas.PeersService, logger *zap.SugaredLogger) error {
-	peers, err := getAllExistedNetworkPeer(ctx, logger, service, groupID)
+	peers, err := GetAllExistedNetworkPeer(ctx, service, groupID)
 	if err != nil {
 		logger.Errorf("failed to list network peers for project %s: %v", groupID, err)
 		return err

pkg/util/comparation.go

@@ -25,3 +25,12 @@ func PtrValuesEqual[T comparable](a, b *T) bool {
 	}
 	return *a == *b
 }
+
+func Contains[T comparable](a []T, b T) bool {
+	for _, item := range a {
+		if item == b {
+			return true
+		}
+	}
+	return false
+}

test/e2e/actions/conditions.go

@@ -4,37 +4,35 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/status"
-
-	v1 "k8s.io/api/core/v1"
-
 	. "github.com/onsi/gomega"
-
 	"github.com/onsi/gomega/types"
+	v1 "k8s.io/api/core/v1"
 
-	kube "github.com/mongodb/mongodb-atlas-kubernetes/test/e2e/actions/kube"
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/status"
+	"github.com/mongodb/mongodb-atlas-kubernetes/test/e2e/actions/kube"
 	"github.com/mongodb/mongodb-atlas-kubernetes/test/e2e/model"
 )
 
-func WaitForConditionsToBecomeTrue(userData *model.TestDataProvider, conditonTypes ...status.ConditionType) {
-	Eventually(allConditionsAreTrueFunc(userData, conditonTypes...)).
+func WaitForConditionsToBecomeTrue(userData *model.TestDataProvider, conditionTypes ...status.ConditionType) {
+	Eventually(allConditionsAreTrueFunc(userData, conditionTypes...)).
 		WithTimeout(15*time.Minute).WithPolling(20*time.Second).
-		Should(BeTrue(), fmt.Sprintf("Status conditions %v are not all 'True'", conditonTypes))
+		Should(BeTrue(), fmt.Sprintf("Status conditions %v are not all 'True'", conditionTypes))
 }
 
-// CheckConditionsNotSet wait for Ready condition to become true and checks that input conditions are unset
-func CheckConditionsNotSet(userData *model.TestDataProvider, conditonTypes ...status.ConditionType) {
-	Eventually(conditionsAreUnset(userData, conditonTypes...)).
+// CheckProjectConditionsNotSet wait for Ready condition to become true and checks that input conditions are unset
+func CheckProjectConditionsNotSet(userData *model.TestDataProvider, conditionTypes ...status.ConditionType) {
+	Eventually(conditionsAreUnset(userData, conditionTypes...)).
 		WithTimeout(15*time.Minute).WithPolling(20*time.Second).
-		Should(BeTrue(), fmt.Sprintf("Status conditions %v should be unset", conditonTypes))
+		Should(BeTrue(), fmt.Sprintf("Status conditions %v should be unset. project status: %v",
+			conditionTypes, userData.Project.Status.Conditions))
 }
 
-func allConditionsAreTrueFunc(userData *model.TestDataProvider, conditonTypes ...status.ConditionType) func(g types.Gomega) bool {
+func allConditionsAreTrueFunc(userData *model.TestDataProvider, conditionTypes ...status.ConditionType) func(g types.Gomega) bool {
 	return func(g Gomega) bool {
 		conditions, err := kube.GetAllProjectConditions(userData)
 		g.Expect(err).ShouldNot(HaveOccurred())
 
-		for _, conditionType := range conditonTypes {
+		for _, conditionType := range conditionTypes {
 			foundTrue := false
 			for _, condition := range conditions {
 				if condition.Type == conditionType && condition.Status == v1.ConditionTrue {
@@ -52,7 +50,7 @@ func allConditionsAreTrueFunc(userData *model.TestDataProvider, conditonTypes ..
 	}
 }
 
-func conditionsAreUnset(userData *model.TestDataProvider, unsetConditonTypes ...status.ConditionType) func(g types.Gomega) bool {
+func conditionsAreUnset(userData *model.TestDataProvider, unsetConditionTypes ...status.ConditionType) func(g types.Gomega) bool {
 	return func(g Gomega) bool {
 		conditions, err := kube.GetAllProjectConditions(userData)
 		g.Expect(err).ShouldNot(HaveOccurred())
@@ -70,7 +68,7 @@ func conditionsAreUnset(userData *model.TestDataProvider, unsetConditonTypes ...
 		}
 
 		for _, condition := range conditions {
-			for _, unsetConditionType := range unsetConditonTypes {
+			for _, unsetConditionType := range unsetConditionTypes {
 				if condition.Type == unsetConditionType {
 					return false
 				}

test/e2e/auditing_test.go

@@ -68,7 +68,7 @@ func auditingFlow(userData *model.TestDataProvider, auditing *v1.Auditing) {
 	By("Remove Auditing from the project", func() {
 		userData.Project.Spec.Auditing = nil
 		Expect(userData.K8SClient.Update(userData.Context, userData.Project)).Should(Succeed())
-		actions.CheckConditionsNotSet(userData, status.AuditingReadyType)
+		actions.CheckProjectConditionsNotSet(userData, status.AuditingReadyType)
 	})
 }
 

test/e2e/custom_roles_test.go

@@ -125,20 +125,23 @@ func projectCustomRolesFlow(userData *model.TestDataProvider, customRoles []v1.C
 	})
 
 	By("Remove one Custom Roles from the project", func() {
-		Expect(userData.K8SClient.Get(userData.Context, types.NamespacedName{Name: userData.Project.Name,
-			Namespace: userData.Project.Namespace}, userData.Project)).Should(Succeed())
-
-		cr := userData.Project.Spec.CustomRoles
-		userData.Project.Spec.CustomRoles = cr[:1]
-
-		Expect(userData.K8SClient.Update(userData.Context, userData.Project)).Should(Succeed())
+		Eventually(func(g Gomega) {
+			g.Expect(userData.K8SClient.Get(userData.Context, types.NamespacedName{Name: userData.Project.Name,
+				Namespace: userData.Project.Namespace}, userData.Project)).Should(Succeed())
+			cr := userData.Project.Spec.CustomRoles
+			userData.Project.Spec.CustomRoles = cr[:1]
+			g.Expect(userData.K8SClient.Update(userData.Context, userData.Project)).Should(Succeed())
+		}).Should(Succeed())
 		actions.WaitForConditionsToBecomeTrue(userData, status.ProjectCustomRolesReadyType, status.ReadyType)
 	})
 
 	By("Remove all Custom Roles from the project", func() {
-		userData.Project.Spec.CustomRoles = nil
-
-		Expect(userData.K8SClient.Update(userData.Context, userData.Project)).Should(Succeed())
-		actions.CheckConditionsNotSet(userData, status.ProjectCustomRolesReadyType)
+		Eventually(func(g Gomega) {
+			g.Expect(userData.K8SClient.Get(userData.Context, types.NamespacedName{Name: userData.Project.Name,
+				Namespace: userData.Project.Namespace}, userData.Project)).Should(Succeed())
+			userData.Project.Spec.CustomRoles = nil
+			g.Expect(userData.K8SClient.Update(userData.Context, userData.Project)).Should(Succeed())
+		}).Should(Succeed())
+		actions.CheckProjectConditionsNotSet(userData, status.ProjectCustomRolesReadyType)
 	})
 }

test/e2e/encryption_at_rest_test.go

@@ -132,7 +132,7 @@ func encryptionAtRestFlow(userData *model.TestDataProvider, encAtRest v1.Encrypt
 	})
 
 	By("Check if project returned back to the initial state", func() {
-		actions.CheckConditionsNotSet(userData, status.EncryptionAtRestReadyType)
+		actions.CheckProjectConditionsNotSet(userData, status.EncryptionAtRestReadyType)
 
 		Expect(userData.K8SClient.Get(userData.Context, types.NamespacedName{Name: userData.Project.Name,
 			Namespace: userData.Resources.Namespace}, userData.Project)).Should(Succeed())

test/e2e/integration_test.go

@@ -113,7 +113,7 @@ func integrationCycle(data *model.TestDataProvider, key string) {
 			Namespace: data.Resources.Namespace}, data.Project)).Should(Succeed())
 		data.Project.Spec.Integrations = []project.Integration{}
 		Expect(data.K8SClient.Update(data.Context, data.Project)).Should(Succeed())
-		actions.CheckConditionsNotSet(data, status.IntegrationReadyType)
+		actions.CheckProjectConditionsNotSet(data, status.IntegrationReadyType)
 	})
 
 	By("Delete integration check", func() {

test/e2e/network_peering_test.go

@@ -6,6 +6,8 @@ import (
 	"testing"
 	"time"
 
+	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/controller/atlasproject"
+
 	"github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1/status"
 
 	"github.com/mongodb/mongodb-atlas-kubernetes/test/e2e/data"
@@ -229,6 +231,22 @@ func networkPeerFlow(userData *model.TestDataProvider, peers []v1.NetworkPeer) {
 		Expect(userData.K8SClient.Get(userData.Context, types.NamespacedName{Name: userData.Project.Name, Namespace: userData.Project.Namespace}, userData.Project)).Should(Succeed())
 		Expect(userData.Project.Status.NetworkPeers).Should(HaveLen(len(peers)))
 	})
+
+	By("Delete network peers", func() {
+		Expect(userData.K8SClient.Get(userData.Context, types.NamespacedName{Name: userData.Project.Name,
+			Namespace: userData.Project.Namespace}, userData.Project)).Should(Succeed())
+		userData.Project.Spec.NetworkPeers = nil
+		Expect(userData.K8SClient.Update(userData.Context, userData.Project)).Should(Succeed())
+		actions.CheckProjectConditionsNotSet(userData, status.NetworkPeerReadyType)
+		Eventually(func(g Gomega) {
+			atlasPeers, err := atlasproject.GetAllExistedNetworkPeer(userData.Context, atlasClient.Client.Peers, userData.Project.ID())
+			g.Expect(err).ToNot(HaveOccurred())
+			g.Expect(atlasPeers).To(BeEmpty(), "All network peers should be deleted")
+			containers, _, err := atlasClient.Client.Containers.ListAll(userData.Context, userData.Project.Status.ID, nil)
+			g.Expect(err).ToNot(HaveOccurred())
+			g.Expect(containers).To(BeEmpty(), "All containers should be deleted")
+		})
+	})
 }
 
 func EnsurePeersReadyToConnect(g Gomega, userData *model.TestDataProvider, lenOfSpec int) bool {

test/e2e/project_settings_test.go

@@ -70,6 +70,6 @@ func projectSettingsFlow(userData *model.TestDataProvider, settings *v1.ProjectS
 	By("Remove Project Settings from the project", func() {
 		userData.Project.Spec.Settings = nil
 		Expect(userData.K8SClient.Update(userData.Context, userData.Project)).Should(Succeed())
-		actions.CheckConditionsNotSet(userData, status.ProjectSettingsReadyType)
+		actions.CheckProjectConditionsNotSet(userData, status.ProjectSettingsReadyType)
 	})
 }