Handle new mongot config schema (#230)

# Summary

Implements minimum necessary changes to run against newest mongot
container built from master:

* Workaround for mongot's requirement of password file having owner-only
permissions
* New config schema structure
* Switched default mongot image to ECR
* Simulated searchCoordinated role

Author: lsierant

api/v1/search/mongodbsearch_types.go

@@ -1,6 +1,8 @@
 package search
 
 import (
+	"fmt"
+
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/types"
 
@@ -14,8 +16,9 @@ import (
 )
 
 const (
-	MongotDefaultPort        = 27027
-	MongotDefaultMetricsPort = 9946
+	MongotDefaultPort               = 27027
+	MongotDefaultMetricsPort        = 9946
+	MongotDefaultSyncSourceUsername = "mongot-user"
 )
 
 func init() {
@@ -38,6 +41,10 @@ type MongoDBSearchSpec struct {
 type MongoDBSource struct {
 	// +optional
 	MongoDBResourceRef *userv1.MongoDBResourceRef `json:"mongodbResourceRef,omitempty"`
+	// +optional
+	PasswordSecretRef *userv1.SecretKeyRef `json:"passwordSecretRef,omitempty"`
+	// +optional
+	Username *string `json:"username,omitempty"`
 }
 
 type MongoDBSearchStatus struct {
@@ -105,6 +112,25 @@ func (s *MongoDBSearch) MongotConfigConfigMapNamespacedName() types.NamespacedNa
 	return types.NamespacedName{Name: s.Name + "-search-config", Namespace: s.Namespace}
 }
 
+func (s *MongoDBSearch) SourceUserPasswordSecretRef() *userv1.SecretKeyRef {
+	if s.Spec.Source != nil && s.Spec.Source.PasswordSecretRef != nil {
+		return s.Spec.Source.PasswordSecretRef
+	}
+
+	return &userv1.SecretKeyRef{
+		Name: fmt.Sprintf("%s-%s-password", s.Name, MongotDefaultSyncSourceUsername),
+		Key:  "password",
+	}
+}
+
+func (s *MongoDBSearch) SourceUsername() string {
+	if s.Spec.Source != nil && s.Spec.Source.Username != nil {
+		return *s.Spec.Source.Username
+	}
+
+	return MongotDefaultSyncSourceUsername
+}
+
 func (s *MongoDBSearch) StatefulSetNamespacedName() types.NamespacedName {
 	return types.NamespacedName{Name: s.Name + "-search", Namespace: s.Namespace}
 }

config/crd/bases/mongodb.com_mongodbsearch.yaml

@@ -160,6 +160,21 @@ spec:
                     required:
                     - name
                     type: object
+                  passwordSecretRef:
+                    description: |-
+                      SecretKeyRef is a reference to a value in a given secret in the same
+                      namespace. Based on:
+                      https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.15/#secretkeyselector-v1-core
+                    properties:
+                      key:
+                        type: string
+                      name:
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  username:
+                    type: string
                 type: object
               statefulSet:
                 description: |-

config/manager/manager.yaml

@@ -392,9 +392,9 @@ spec:
             - name: RELATED_IMAGE_MONGODB_IMAGE_8_0_0_ubi9
               value: "quay.io/mongodb/mongodb-enterprise-server:8.0.0-ubi9"
             - name: RELATED_IMAGE_MDB_SEARCH_IMAGE_1_47_0
-              value: "quay.io/mongodb/mongodb-search-community:1.47.0"
+              value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-search-community:1.47.0"
             - name: MDB_SEARCH_COMMUNITY_REPO_URL
-              value: "quay.io/mongodb"
+              value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev"
             - name: MDB_SEARCH_COMMUNITY_NAME
               value: "mongodb-search-community"
             - name: MDB_SEARCH_COMMUNITY_VERSION

controllers/operator/mongodbsearch_controller_test.go

@@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/util/workqueue"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllertest"
 	"sigs.k8s.io/controller-runtime/pkg/event"
@@ -73,21 +74,42 @@ func newSearchReconciler(
 }
 
 func buildExpectedMongotConfig(search *searchv1.MongoDBSearch, mdbc *mdbcv1.MongoDBCommunity) mongot.Config {
-	return mongot.Config{CommunityPrivatePreview: mongot.CommunityPrivatePreview{
-		MongodHostAndPort: fmt.Sprintf(
-			"%s.%s.svc.cluster.local:%d",
-			mdbc.ServiceName(), mdbc.Namespace,
-			mdbc.GetMongodConfiguration().GetDBPort(),
-		),
-		QueryServerAddress: fmt.Sprintf("localhost:%d", search.GetMongotPort()),
-		KeyFilePath:        "/mongot/keyfile/keyfile",
-		DataPath:           "/mongot/data/config.yml",
-		Metrics: mongot.Metrics{
+	return mongot.Config{
+		SyncSource: mongot.ConfigSyncSource{
+			ReplicaSet: mongot.ConfigReplicaSet{
+				HostAndPort:    fmt.Sprintf("%s.%s.svc.cluster.local:%d", mdbc.Name+"-svc", search.Namespace, 27017),
+				Username:       "mongot-user",
+				PasswordFile:   "/tmp/sourceUserPassword",
+				TLS:            ptr.To(false),
+				ReadPreference: ptr.To("secondaryPreferred"),
+				ReplicaSetName: "mdb",
+			},
+		},
+		Storage: mongot.ConfigStorage{
+			DataPath: "/mongot/data/config.yml",
+		},
+		Server: mongot.ConfigServer{
+			Wireproto: &mongot.ConfigWireproto{
+				Address: "0.0.0.0:27027",
+				Authentication: &mongot.ConfigAuthentication{
+					Mode:    "keyfile",
+					KeyFile: "/tmp/keyfile",
+				},
+				TLS: mongot.ConfigTLS{Mode: "disabled"},
+			},
+		},
+		Metrics: mongot.ConfigMetrics{
 			Enabled: true,
-			Address: fmt.Sprintf("localhost:%d", search.GetMongotMetricsPort()),
+			Address: fmt.Sprintf("localhost:%d", searchv1.MongotDefaultMetricsPort),
+		},
+		HealthCheck: mongot.ConfigHealthCheck{
+			Address: "0.0.0.0:8080",
 		},
-		Logging: mongot.Logging{Verbosity: "DEBUG"},
-	}}
+		Logging: mongot.ConfigLogging{
+			Verbosity: "TRACE",
+			LogPath:   nil,
+		},
+	}
 }
 
 func TestMongoDBSearchReconcile_NotFound(t *testing.T) {

controllers/search_controller/mongodbsearch_reconcile_helper.go

@@ -13,6 +13,7 @@ import (
 	"golang.org/x/xerrors"
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/utils/ptr"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
@@ -207,26 +208,50 @@ func buildSearchHeadlessService(search *searchv1.MongoDBSearch) corev1.Service {
 }
 
 func createMongotConfig(search *searchv1.MongoDBSearch, db SearchSourceDBResource) mongot.Config {
-	return mongot.Config{CommunityPrivatePreview: mongot.CommunityPrivatePreview{
-		MongodHostAndPort:  fmt.Sprintf("%s.%s.svc.cluster.local:%d", db.DatabaseServiceName(), db.GetNamespace(), db.DatabasePort()),
-		QueryServerAddress: fmt.Sprintf("localhost:%d", search.GetMongotPort()),
-		KeyFilePath:        "/mongot/keyfile/keyfile",
-		DataPath:           "/mongot/data/config.yml",
-		Metrics: mongot.Metrics{
+	return mongot.Config{
+		SyncSource: mongot.ConfigSyncSource{
+			ReplicaSet: mongot.ConfigReplicaSet{
+				HostAndPort:    fmt.Sprintf("%s.%s.svc.cluster.local:%d", db.DatabaseServiceName(), db.GetNamespace(), db.DatabasePort()),
+				Username:       search.SourceUsername(),
+				PasswordFile:   "/tmp/sourceUserPassword",
+				TLS:            ptr.To(false),
+				ReadPreference: ptr.To("secondaryPreferred"),
+				ReplicaSetName: db.Name(),
+			},
+		},
+		Storage: mongot.ConfigStorage{
+			DataPath: "/mongot/data/config.yml",
+		},
+		Server: mongot.ConfigServer{
+			Wireproto: &mongot.ConfigWireproto{
+				Address: "0.0.0.0:27027",
+				Authentication: &mongot.ConfigAuthentication{
+					Mode:    "keyfile",
+					KeyFile: "/tmp/keyfile",
+				},
+				TLS: mongot.ConfigTLS{Mode: "disabled"},
+			},
+		},
+		Metrics: mongot.ConfigMetrics{
 			Enabled: true,
 			Address: fmt.Sprintf("localhost:%d", search.GetMongotMetricsPort()),
 		},
-		Logging: mongot.Logging{
-			Verbosity: "DEBUG",
+		HealthCheck: mongot.ConfigHealthCheck{
+			Address: "0.0.0.0:8080",
 		},
-	}}
+		Logging: mongot.ConfigLogging{
+			Verbosity: "TRACE",
+			LogPath:   nil,
+		},
+	}
 }
 
 func GetMongodConfigParameters(search *searchv1.MongoDBSearch) map[string]interface{} {
 	return map[string]interface{}{
 		"setParameter": map[string]interface{}{
-			"mongotHost":                       mongotHostAndPort(search),
-			"searchIndexManagementHostAndPort": mongotHostAndPort(search),
+			"mongotHost":                                      mongotHostAndPort(search),
+			"searchIndexManagementHostAndPort":                mongotHostAndPort(search),
+			"skipAuthenticationToSearchIndexManagementServer": false,
 		},
 	}
 }

controllers/search_controller/search_construction.go

@@ -95,14 +95,18 @@ func CreateSearchStatefulSetFunc(mdbSearch *searchv1.MongoDBSearch, sourceDBReso
 
 	dataVolumeName := "data"
 	keyfileVolumeName := "keyfile"
+	sourceUserPasswordVolumeName := "password"
 	mongotConfigVolumeName := "config"
 
 	pvcVolumeMount := statefulset.CreateVolumeMount(dataVolumeName, "/mongot/data", statefulset.WithSubPath("data"))
 
-	keyfileVolume := statefulset.CreateVolumeFromSecret("keyfile", sourceDBResource.KeyfileSecretName())
+	keyfileVolume := statefulset.CreateVolumeFromSecret(keyfileVolumeName, sourceDBResource.KeyfileSecretName())
 	keyfileVolumeMount := statefulset.CreateVolumeMount(keyfileVolumeName, "/mongot/keyfile", statefulset.WithReadOnly(true))
 
-	mongotConfigVolume := statefulset.CreateVolumeFromConfigMap("config", mdbSearch.MongotConfigConfigMapNamespacedName().Name)
+	sourceUserPasswordVolume := statefulset.CreateVolumeFromSecret(sourceUserPasswordVolumeName, mdbSearch.SourceUserPasswordSecretRef().Name)
+	sourceUserPasswordVolumeMount := statefulset.CreateVolumeMount(sourceUserPasswordVolumeName, "/mongot/sourceUserPassword", statefulset.WithReadOnly(true))
+
+	mongotConfigVolume := statefulset.CreateVolumeFromConfigMap(mongotConfigVolumeName, mdbSearch.MongotConfigConfigMapNamespacedName().Name)
 	mongotConfigVolumeMount := statefulset.CreateVolumeMount(mongotConfigVolumeName, "/mongot/config", statefulset.WithReadOnly(true))
 
 	var persistenceConfig *common.PersistenceConfig
@@ -120,12 +124,14 @@ func CreateSearchStatefulSetFunc(mdbSearch *searchv1.MongoDBSearch, sourceDBReso
 		keyfileVolumeMount,
 		tmpVolumeMount,
 		mongotConfigVolumeMount,
+		sourceUserPasswordVolumeMount,
 	}
 
 	volumes := []corev1.Volume{
 		tmpVolume,
 		keyfileVolume,
 		mongotConfigVolume,
+		sourceUserPasswordVolume,
 	}
 
 	stsModifications := []statefulset.Modification{
@@ -180,7 +186,17 @@ func mongodbSearchContainer(mdbSearch *searchv1.MongoDBSearch, volumeMounts []co
 		container.WithCommand([]string{"sh"}),
 		container.WithArgs([]string{
 			"-c",
-			"/mongot-community/mongot --config /mongot/config/config.yml",
+			`
+cp /mongot/keyfile/keyfile /tmp/keyfile
+chown 2000:2000 /tmp/keyfile
+chmod 0600 /tmp/keyfile
+
+cp /mongot/sourceUserPassword/password /tmp/sourceUserPassword
+chown 2000:2000 /tmp/sourceUserPassword
+chmod 0600 /tmp/sourceUserPassword
+
+/mongot-community/mongot --config /mongot/config/config.yml
+`,
 		}),
 		containerSecurityContext,
 	)

docker/mongodb-kubernetes-tests/kubetester/helm.py

@@ -120,6 +120,9 @@ def helm_repo_add(repo_name: str, url: str):
 
 
 def process_run_and_check(args, **kwargs):
+    if "check" not in kwargs:
+        kwargs["check"] = True
+
     try:
         logger.debug(f"subprocess.run: {args}")
         completed_process = subprocess.run(args, **kwargs)

docker/mongodb-kubernetes-tests/tests/common/search/movies_search_helper.py

@@ -1,3 +1,8 @@
+import logging
+
+import pymongo.errors
+
+from kubetester import kubetester
 from tests import test_logger
 from tests.common.search.search_tester import SearchTester
 
@@ -26,9 +31,33 @@ def create_search_index(self):
     def wait_for_search_indexes(self):
         self.search_tester.wait_for_search_indexes_ready(self.db_name, self.col_name)
 
-    def assert_search_query(self):
-        # sample taken from: https://www.mongodb.com/docs/atlas/atlas-search/tutorial/run-query/#run-a-complex-query-on-the-movies-collection-7
-        result = self.search_tester.client[self.db_name][self.col_name].aggregate(
+    def assert_search_query(self, retry_timeout: int = 1):
+        def wait_for_search_results():
+            # sample taken from: https://www.mongodb.com/docs/atlas/atlas-search/tutorial/run-query/#run-a-complex-query-on-the-movies-collection-7
+            count = 0
+            status_msg = ""
+            try:
+                result = self.execute_example_search_query()
+                status_msg = f"{self.db_name}/{self.col_name}: search query results:\n"
+                for r in result:
+                    status_msg += f"{r}\n"
+                    count += 1
+                status_msg += f"Count: {count}"
+                logger.debug(status_msg)
+            except pymongo.errors.PyMongoError as e:
+                logger.debug(f"error: {e}")
+
+            return count == 4, status_msg
+
+        kubetester.run_periodically(
+            fn=wait_for_search_results,
+            timeout=retry_timeout,
+            sleep_time=1,
+            msg="Search query to return correct data",
+        )
+
+    def execute_example_search_query(self):
+        return self.search_tester.client[self.db_name][self.col_name].aggregate(
             [
                 {
                     "$search": {
@@ -47,11 +76,3 @@ def assert_search_query(self):
                 {"$project": {"title": 1, "plot": 1, "genres": 1, "_id": 0}},
             ]
         )
-
-        logger.debug(f"{self.db_name}/{self.col_name}: search query results:")
-        count = 0
-        for r in result:
-            logger.debug(r)
-            count += 1
-
-        assert count == 4

docker/mongodb-kubernetes-tests/tests/common/search/search_tester.py

@@ -49,6 +49,10 @@ def wait_for_search_indexes_ready(self, database_name: str, collection_name: str
 
     def search_indexes_ready(self, database_name: str, collection_name: str):
         search_indexes = self.get_search_indexes(database_name, collection_name)
+        if len(search_indexes) == 0:
+            logger.error(f"There are no search indexes available in {database_name}.{collection_name}")
+            return False
+
         for idx in search_indexes:
             if idx.get("status") != "READY":
                 logger.debug(f"{database_name}/{collection_name}: search index {idx} is not ready")