CLOUDP-124554: Improve the way PE conditions are set (#555)

* Make sure PE conditions are set properly
* Simplify assert statement for one HELM test

Author: fabritsius

pkg/controller/atlasproject/atlasproject_controller.go

@@ -202,7 +202,6 @@ func (r *AtlasProjectReconciler) Reconcile(context context.Context, req ctrl.Req
 	}
 
 	if result = r.ensurePrivateEndpoint(ctx, projectID, project); !result.IsOk() {
-		setCondition(ctx, status.PrivateEndpointReadyType, result)
 		return result.ReconcileResult(), nil
 	}
 	r.EventRecorder.Event(project, "Normal", string(status.PrivateEndpointReadyType), "")

pkg/controller/atlasproject/private_endpoint.go

@@ -37,67 +37,77 @@ func createOrDeletePEInAtlas(ctx *workflow.Context, projectID string, specPEs []
 	log.Debugw("Updated PE Connections", "atlasPeConnections", atlasPeConnections, "statusPEs", statusPEs)
 
 	if result := clearOutNotLinkedPEs(ctx, projectID, atlasPeConnections, statusPEs); !result.IsOk() {
+		ctx.SetConditionFromResult(status.PrivateEndpointServiceReadyType, result)
 		return result
 	}
 
 	endpointsToDelete := set.Difference(statusPEs, specPEs)
 	log.Debugw("Private Endpoints to delete", "difference", endpointsToDelete)
 	if result := deletePrivateEndpointsFromAtlas(ctx, projectID, endpointsToDelete); !result.IsOk() {
+		ctx.SetConditionFromResult(status.PrivateEndpointServiceReadyType, result)
 		return result
 	}
 
 	endpointsToCreate := set.Difference(specPEs, statusPEs)
 	log.Debugw("Private Endpoints to create", "difference", endpointsToCreate)
 	newConnections, err := createPeServiceInAtlas(ctx.Client, projectID, endpointsToCreate)
 	if err != nil {
-		log.Debugw("Failed to create PE Service in Atlas", "error", err)
+		return terminateWithError(ctx, status.PrivateEndpointServiceReadyType, "Failed to create PE Service in Atlas", err)
 	}
 	ctx.EnsureStatusOption(status.AtlasProjectAddPrivateEnpointsOption(convertAllToStatus(ctx, projectID, newConnections)))
 
 	endpointsToUpdate := set.Intersection(specPEs, statusPEs)
 	log.Debugw("Private Endpoints to update", "difference", endpointsToUpdate)
-	if err = createPrivateEndpointInAtlas(ctx.Client, projectID, endpointsToUpdate, log); err != nil {
-		log.Debugw("Failed to create PE Interface in Atlas", "error", err)
+	if err = createPeInterfaceInAtlas(ctx.Client, projectID, endpointsToUpdate, log); err != nil {
+		return terminateWithError(ctx, status.PrivateEndpointReadyType, "Failed to update PE Interface in Atlas", err)
 	}
 
-	return getStatusForInterfaceConnections(ctx, projectID)
+	return getStatusForInterfaceConnections(ctx, projectID, specPEs)
 }
 
-func getStatusForInterfaceConnections(ctx *workflow.Context, projectID string) workflow.Result {
-	atlasPeConnections, err := getAllPrivateEndpoints(ctx.Client, projectID)
+func getStatusForInterfaceConnections(ctx *workflow.Context, projectID string, specPEs []mdbv1.PrivateEndpoint) workflow.Result {
+	atlasPEs, err := getAllPrivateEndpoints(ctx.Client, projectID)
 	if err != nil {
 		return workflow.Terminate(workflow.Internal, err.Error())
 	}
 
-	if len(atlasPeConnections) != 0 {
-		allAvailable, anyFailed := areServicesAvailableOrFailed(atlasPeConnections)
-		if anyFailed {
-			result := workflow.Terminate(workflow.ProjectPEServiceIsNotReadyInAtlas, "Private Endpoint Service failed")
-			ctx.SetConditionFromResult(status.PrivateEndpointServiceReadyType, result)
-			return result
-		}
-		if !allAvailable {
-			result := workflow.InProgress(workflow.ProjectPEServiceIsNotReadyInAtlas, "Private Endpoint Service is not ready")
-			ctx.SetConditionFromResult(status.PrivateEndpointServiceReadyType, result)
-			return result
-		}
+	if len(atlasPEs) != len(specPEs) {
+		result := workflow.InProgress(workflow.ProjectPEServiceIsNotReadyInAtlas, "Not all Private Endpoints are created")
+		ctx.SetConditionFromResult(status.PrivateEndpointServiceReadyType, result)
+		return result
+	}
 
+	allAvailable, failureMessage := areServicesAvailableOrFailed(atlasPEs)
+	if failureMessage != "" {
+		result := workflow.Terminate(workflow.ProjectPEServiceIsNotReadyInAtlas, failureMessage)
+		ctx.SetConditionFromResult(status.PrivateEndpointServiceReadyType, result)
+		return result
+	}
+	if !allAvailable {
+		result := workflow.InProgress(workflow.ProjectPEServiceIsNotReadyInAtlas, "Private Endpoint Service is not ready")
+		ctx.SetConditionFromResult(status.PrivateEndpointServiceReadyType, result)
+		return result
+	}
+
+	if len(atlasPEs) != 0 {
 		ctx.SetConditionTrue(status.PrivateEndpointServiceReadyType)
 	}
 
-	for _, statusPeService := range convertAllToStatus(ctx, projectID, atlasPeConnections) {
+	for _, statusPeService := range convertAllToStatus(ctx, projectID, atlasPEs) {
 		if statusPeService.InterfaceEndpointID == "" {
-			continue
+			result := workflow.OK().WithMessage("Interface Private Endpoint awaits configuration")
+			ctx.SetConditionFromResult(status.PrivateEndpointReadyType, result)
+			return result
 		}
 
 		interfaceEndpoint, _, err := ctx.Client.PrivateEndpoints.GetOnePrivateEndpoint(context.Background(), projectID, string(statusPeService.Provider), statusPeService.ID, statusPeService.InterfaceEndpointID)
 		if err != nil {
 			return workflow.Terminate(workflow.Internal, err.Error())
 		}
 
-		interfaceIsAvailable, interfaceHasFailed := isInterfaceAvailableOrFailed(ctx, statusPeService.Provider, interfaceEndpoint)
-		if interfaceHasFailed {
-			result := workflow.Terminate(workflow.ProjectPrivateEndpointIsNotReadyInAtlas, "Interface Private Endpoint has failed")
+		interfaceIsAvailable, interfaceFailureMessage := checkIfInterfaceIsAvailable(interfaceEndpoint)
+		if interfaceFailureMessage != "" {
+			result := workflow.Terminate(workflow.ProjectPrivateEndpointIsNotReadyInAtlas, interfaceFailureMessage)
 			ctx.SetConditionFromResult(status.PrivateEndpointReadyType, result)
 			return result
 		}
@@ -106,42 +116,28 @@ func getStatusForInterfaceConnections(ctx *workflow.Context, projectID string) w
 			ctx.SetConditionFromResult(status.PrivateEndpointReadyType, result)
 			return result
 		}
+	}
 
+	if len(atlasPEs) != 0 {
 		ctx.SetConditionTrue(status.PrivateEndpointReadyType)
 	}
 
 	return workflow.OK()
 }
 
-func areServicesAvailableOrFailed(atlasPeConnections []mongodbatlas.PrivateEndpointConnection) (allAvailable, anyFailed bool) {
+func areServicesAvailableOrFailed(atlasPeConnections []mongodbatlas.PrivateEndpointConnection) (allAvailable bool, failureMessage string) {
 	allAvailable = true
-	anyFailed = false
 
 	for _, conn := range atlasPeConnections {
+		if isFailed(conn.Status) {
+			return false, conn.ErrorMessage
+		}
 		if !isAvailable(conn.Status) {
 			allAvailable = false
 		}
-		if isFailed(conn.Status) {
-			anyFailed = true
-			return
-		}
 	}
 
-	return allAvailable, anyFailed
-}
-
-func isInterfaceAvailableOrFailed(ctx *workflow.Context, peProvider provider.ProviderName, interfaceEndpoint *mongodbatlas.InterfaceEndpointConnection) (interfaceAvailable, hasFailed bool) {
-	switch peProvider {
-	case provider.ProviderAWS:
-		return isAvailable(interfaceEndpoint.AWSConnectionStatus), isFailed(interfaceEndpoint.AWSConnectionStatus)
-	case provider.ProviderAzure:
-		return isAvailable(interfaceEndpoint.Status), isFailed(interfaceEndpoint.Status)
-	case provider.ProviderGCP:
-		return isGCPInterfaceAvailableOrFailed(interfaceEndpoint)
-	default:
-		ctx.Log.Warnf("unsupported provider value for Private Endpoints: %s", peProvider)
-		return false, true
-	}
+	return allAvailable, ""
 }
 
 func syncPEConnections(ctx *workflow.Context, projectID string) ([]mongodbatlas.PrivateEndpointConnection, error) {
@@ -194,7 +190,7 @@ func createPeServiceInAtlas(client mongodbatlas.Client, projectID string, endpoi
 	return newConnections, nil
 }
 
-func createPrivateEndpointInAtlas(client mongodbatlas.Client, projectID string, endpointsToUpdate [][]set.Identifiable, log *zap.SugaredLogger) error {
+func createPeInterfaceInAtlas(client mongodbatlas.Client, projectID string, endpointsToUpdate [][]set.Identifiable, log *zap.SugaredLogger) error {
 	for _, pair := range endpointsToUpdate {
 		specPeService := pair[0].(mdbv1.PrivateEndpoint)
 		statusPeService := pair[1].(status.ProjectPrivateEndpoint)
@@ -210,9 +206,14 @@ func createPrivateEndpointInAtlas(client mongodbatlas.Client, projectID string,
 			if gcpEndpoints, err := specPeService.Endpoints.ConvertToAtlas(); err == nil {
 				interfaceConn.Endpoints = gcpEndpoints
 			}
-			interfaceConn, _, err := client.PrivateEndpoints.AddOnePrivateEndpoint(context.Background(), projectID, string(specPeService.Provider), statusPeService.ID, interfaceConn)
+			interfaceConn, response, err := client.PrivateEndpoints.AddOnePrivateEndpoint(context.Background(), projectID, string(specPeService.Provider), statusPeService.ID, interfaceConn)
 			log.Debugw("AddOnePrivateEndpoint Reply", "interfaceConn", interfaceConn, "err", err)
 			if err != nil {
+				if response.StatusCode == 400 || response.StatusCode == 409 {
+					log.Debugw("failed to create PE Interface", "error", err)
+					continue
+				}
+
 				return err
 			}
 		}
@@ -222,9 +223,14 @@ func createPrivateEndpointInAtlas(client mongodbatlas.Client, projectID string,
 }
 
 func endpointsAreNotFullyConfigured(specPeService mdbv1.PrivateEndpoint, statusPeService status.ProjectPrivateEndpoint) bool {
-	awsOrAzureCondition := specPeService.ID != "" && statusPeService.InterfaceEndpointID == ""
-	gcpCondition := specPeService.GCPProjectID != "" && specPeService.EndpointGroupName != "" && len(specPeService.Endpoints) != 0 && len(statusPeService.Endpoints) != len(specPeService.Endpoints)
-	return awsOrAzureCondition || gcpCondition
+	switch specPeService.Provider {
+	case provider.ProviderAWS, provider.ProviderAzure:
+		return specPeService.ID != "" && statusPeService.InterfaceEndpointID == ""
+	case provider.ProviderGCP:
+		return specPeService.GCPProjectID != "" && specPeService.EndpointGroupName != "" && len(specPeService.Endpoints) != 0 && len(statusPeService.Endpoints) != len(specPeService.Endpoints)
+	}
+
+	return false
 }
 
 func DeleteAllPrivateEndpoints(ctx *workflow.Context, client mongodbatlas.Client, projectID string, statusPE []status.ProjectPrivateEndpoint, log *zap.SugaredLogger) workflow.Result {
@@ -365,26 +371,24 @@ func getGCPInterfaceEndpoint(ctx *workflow.Context, projectID string, endpoint s
 	return listOfInterfaces, nil
 }
 
-func isGCPInterfaceAvailableOrFailed(interfaceEndpointConn *mongodbatlas.InterfaceEndpointConnection) (allAvailable, anyFailed bool) {
+// checkIfInterfaceIsAvailable checks if an interface and all of its nested endpoints are available and also returns an error message
+func checkIfInterfaceIsAvailable(interfaceEndpointConn *mongodbatlas.InterfaceEndpointConnection) (allAvailable bool, failureMessage string) {
 	allAvailable = true
-	anyFailed = false
 
-	if !isAvailable(interfaceEndpointConn.Status) {
-		allAvailable = false
-	}
 	if isFailed(interfaceEndpointConn.Status) {
-		anyFailed = true
-		return
+		return false, interfaceEndpointConn.ErrorMessage
+	}
+	if !isAvailable(interfaceEndpointConn.Status) && !isAvailable(interfaceEndpointConn.AWSConnectionStatus) {
+		allAvailable = false
 	}
 
 	for _, endpoint := range interfaceEndpointConn.Endpoints {
+		if isFailed(endpoint.Status) {
+			return false, interfaceEndpointConn.ErrorMessage
+		}
 		if !isAvailable(endpoint.Status) {
 			allAvailable = false
 		}
-		if isFailed(endpoint.Status) {
-			anyFailed = true
-			return
-		}
 	}
 
 	return
@@ -397,3 +401,10 @@ func isAvailable(status string) bool {
 func isFailed(status string) bool {
 	return status == "FAILED"
 }
+
+func terminateWithError(ctx *workflow.Context, conditionType status.ConditionType, message string, err error) workflow.Result {
+	ctx.Log.Debugw(message, "error", err)
+	result := workflow.Terminate(workflow.ProjectPEServiceIsNotReadyInAtlas, err.Error()).WithoutRetry()
+	ctx.SetConditionFromResult(conditionType, result)
+	return result
+}

pkg/controller/workflow/result.go

@@ -74,6 +74,11 @@ func (r Result) WithoutRetry() Result {
 	return r
 }
 
+func (r Result) WithMessage(message string) Result {
+	r.message = message
+	return r
+}
+
 func (r Result) IsOk() bool {
 	return !r.terminated
 }

test/e2e/cli/helm/helm.go

@@ -56,7 +56,7 @@ func Install(args ...string) {
 	args = append([]string{"install"}, args...)
 	session := cli.Execute("helm", args...)
 	msg := cli.GetSessionExitMsg(session)
-	ExpectWithOffset(1, msg).Should(SatisfyAny(Say("STATUS: deployed"), Say("resource that already exists"), BeEmpty()),
+	ExpectWithOffset(1, msg).Should(SatisfyAny(Say("STATUS: deployed"), Say("already exists"), BeEmpty()),
 		"HELM. Can't install release",
 	)
 }

test/int/deployment_test.go

@@ -435,8 +435,8 @@ var _ = Describe("AtlasDeployment", Label("int", "AtlasDeployment"), func() {
 		})
 	})
 
-	Describe("Create/Update the cluster (GCP)", func() {
-		It("Should fail, then be fixed", func() {
+	Describe("Create/Update the cluster", func() {
+		It("Should fail, then be fixed (GCP)", func() {
 			createdCluster = mdbv1.DefaultGCPCluster(namespace.Name, createdProject.Name).WithAtlasName("")
 
 			By(fmt.Sprintf("Creating the Cluster %s with invalid parameters", kube.ObjectKeyFromObject(createdCluster)), func() {
@@ -472,7 +472,7 @@ var _ = Describe("AtlasDeployment", Label("int", "AtlasDeployment"), func() {
 			})
 		})
 
-		It("Should Succeed", func() {
+		It("Should Succeed (AWS)", func() {
 			createdCluster = mdbv1.DefaultAWSCluster(namespace.Name, createdProject.Name)
 
 			By(fmt.Sprintf("Creating the Cluster %s", kube.ObjectKeyFromObject(createdCluster)), func() {