K8SPSMDB-818: fix explainRole role (#1317)

* K8SPSMDB-818: fix `explainRole` role

https://jira.percona.com/browse/K8SPSMDB-818

* improve monitoring test

* fix roles

* improve `get_qan_values` function

* update privileges only for crVersion > 1.15.0

* comment qan check

* small change

* fix `init-deploy` test

---------

Co-authored-by: Viacheslav Sarzhan <[email protected]>

Author: pooknull

e2e-tests/demand-backup-sharded/run

@@ -7,16 +7,6 @@ test_dir=$(realpath "$(dirname "$0")")
 . "${test_dir}/../functions"
 set_debug
 
-insert_data() {
-	local data=$1
-
-	for i in $(seq 0 2); do
-		run_mongos \
-			"use myApp${i/0/}\n db.test.insert({ x: ${data} })" \
-			"myApp:myPass@$cluster-mongos.$namespace"
-	done
-}
-
 check_data() {
 	local postfix=$1
 
@@ -78,7 +68,9 @@ run_mongos \
 run_mongos \
 	'sh.enableSharding("myApp2","rs2")' \
 	"clusterAdmin:clusterAdmin123456@$cluster-mongos.$namespace"
-insert_data "100500"
+insert_data_mongos "100500" "myApp"
+insert_data_mongos "100500" "myApp1"
+insert_data_mongos "100500" "myApp2"
 minikube_sleep
 compare_mongos_cmd "find" "myApp:myPass@$cluster-mongos.$namespace"
 
@@ -117,7 +109,9 @@ if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
 	curl -s "https://s3.amazonaws.com/${backup_dest_aws}/rs0/myApp.test.gz" | gunzip >/dev/null
 	curl -s "https://s3.amazonaws.com/${backup_dest_aws}/rs1/myApp1.test.gz" | gunzip >/dev/null
 	curl -s "https://s3.amazonaws.com/${backup_dest_aws}/rs2/myApp2.test.gz" | gunzip >/dev/null
-	insert_data "100501"
+	insert_data_mongos "100501" "myApp"
+	insert_data_mongos "100501" "myApp1"
+	insert_data_mongos "100501" "myApp2"
 	check_data "-2nd"
 	run_restore "$backup_name_aws"
 	wait_restore "$backup_name_aws" "$cluster"
@@ -128,7 +122,9 @@ if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
 	curl -s "https://storage.googleapis.com/${backup_dest_gcp}/rs0/myApp.test.gz" | gunzip >/dev/null
 	curl -s "https://storage.googleapis.com/${backup_dest_gcp}/rs1/myApp1.test.gz" | gunzip >/dev/null
 	curl -s "https://storage.googleapis.com/${backup_dest_gcp}/rs2/myApp2.test.gz" | gunzip >/dev/null
-	insert_data "100501"
+	insert_data_mongos "100501" "myApp"
+	insert_data_mongos "100501" "myApp1"
+	insert_data_mongos "100501" "myApp2"
 	check_data "-2nd"
 	run_restore "$backup_name_gcp"
 	wait_restore "$backup_name_gcp" "$cluster"
@@ -139,7 +135,9 @@ if [ -z "$SKIP_BACKUPS_TO_AWS_GCP_AZURE" ]; then
 	curl -s "https://engk8soperators.blob.core.windows.net/${backup_dest_azure}/rs0/myApp.test.gz" | gunzip >/dev/null
 	curl -s "https://engk8soperators.blob.core.windows.net/${backup_dest_azure}/rs1/myApp1.test.gz" | gunzip >/dev/null
 	curl -s "https://engk8soperators.blob.core.windows.net/${backup_dest_azure}/rs2/myApp2.test.gz" | gunzip >/dev/null
-	insert_data "100501"
+	insert_data_mongos "100501" "myApp"
+	insert_data_mongos "100501" "myApp1"
+	insert_data_mongos "100501" "myApp2"
 	check_data "-2nd"
 	run_restore "$backup_name_azure"
 	wait_restore "$backup_name_azure" "$cluster"
@@ -152,7 +150,9 @@ kubectl_bin run -i --rm aws-cli --image=perconalab/awscli --restart=Never -- \
 	/usr/bin/env AWS_ACCESS_KEY_ID=some-access-key AWS_SECRET_ACCESS_KEY=some-secret-key AWS_DEFAULT_REGION=us-east-1 \
 	/usr/bin/aws --endpoint-url http://minio-service:9000 s3 ls "s3://${backup_dest_minio}/rs0/" \
 	| grep "myApp.test.gz"
-insert_data "100501"
+insert_data_mongos "100501" "myApp"
+insert_data_mongos "100501" "myApp1"
+insert_data_mongos "100501" "myApp2"
 check_data "-2nd"
 run_restore "$backup_name_minio"
 wait_restore "$backup_name_minio" "$cluster"

e2e-tests/functions

@@ -667,9 +667,9 @@ compare_kubectl() {
 			del(.spec.ipFamilyPolicy) |
 			(.. | select(. == "extensions/v1beta1")) = "apps/v1" |
 			(.. | select(. == "batch/v1beta1")) = "batch/v1" ' - >${new_result}
-	
+
 	yq -i eval 'del(.spec.persistentVolumeClaimRetentionPolicy)' ${new_result}
-	
+
 	if version_gt "1.22"; then
 		yq -i eval 'del(.spec.internalTrafficPolicy)' ${new_result}
 		yq -i eval 'del(.spec.allocateLoadBalancerNodePorts)' ${new_result}
@@ -979,56 +979,50 @@ get_metric_values() {
 }
 
 get_qan_values() {
-	local instance=$1
-	local start=$($date -u "+%Y-%m-%dT%H:%M:%S" -d "-30 minute")
-	local end=$($date -u "+%Y-%m-%dT%H:%M:%S")
-	local endpoint=$(get_service_endpoint monitoring-service)
-
-	local uuid=$(
-		curl -s -k "https://$endpoint/qan-api/instances?deleted=no" \
-			| jq '.[] | select(.Subsystem == "mongo" and .Name == "'$instance'") | .UUID' \
-			| sed -e 's/^"//; s/"$//;'
-	)
-
-	curl -s -k "https://$endpoint/qan-api/qan/profile/$uuid?begin=$start&end=$end&offset=0" \
-		| jq '.Query[].Fingerprint'
-}
-
-get_qan20_values() {
-	local instance=$1
+	local service_type=$1
 	local user_pass=$2
-	local start=$($date -u "+%Y-%m-%dT%H:%M:%S" -d "-30 minute")
-	local end=$($date -u "+%Y-%m-%dT%H:%M:%S")
-	local endpoint=$(get_service_endpoint monitoring-service)
+	local start
+	local end
+	local endpoint
+	start=$($date -u -d '-12 hour' '+%Y-%m-%dT%H:%M:%S%:z')
+	end=$($date -u '+%Y-%m-%dT%H:%M:%S%:z')
+	endpoint=$(get_service_endpoint monitoring-service)
 
 	cat >payload.json <<EOF
 {
-   "columns":[
-      "load",
-      "num_queries",
-      "query_time"
-   ],
-   "first_seen": false,
-   "group_by": "queryid",
-   "include_only_fields": [],
-   "keyword": "",
-   "labels": [
-       {
-           "key": "cluster",
-           "value": ["monitoring"]
-   }],
-   "limit": 10,
-   "offset": 0,
-   "order_by": "-load",
-   "main_metric": "load",
-   "period_start_from": "$($date -u -d '-12 hour' '+%Y-%m-%dT%H:%M:%S%:z')",
-   "period_start_to": "$($date -u '+%Y-%m-%dT%H:%M:%S%:z')"
+  "period_start_from": "$start",
+  "period_start_to": "$end",
+  "group_by": "queryid",
+  "labels": [
+    {
+      "key": "service_type",
+      "value": [
+        "All",
+        "$service_type"
+      ]
+    }
+  ],
+  "columns": [
+    "load",
+    "num_queries",
+    "query_time"
+  ],
+  "order_by": "-load",
+  "offset": 0,
+  "limit": 10,
+  "main_metric": "load",
+  "search": ""
 }
 EOF
 
-	curl -s -k -XPOST -d @payload.json "https://${user_pass}@$endpoint/v0/qan/GetReport" \
-		| jq '.rows[].fingerprint'
+	local response
+	response=$(curl -s -k -XPOST -d @payload.json "https://${user_pass}@$endpoint/v0/qan/GetReport" \
+		| jq '.rows[].fingerprint')
 	rm -f payload.json
+	if [[ $response == "null" ]]; then
+		echo "No data for $service_type service type in QAN"
+		exit 1
+	fi
 }
 
 cat_config() {
@@ -1278,7 +1272,10 @@ check_passwords_leak() {
 	secrets=$(kubectl_bin get secrets -o json | jq -r '.items[].data | to_entries | .[] | select(.key | (contains("_PASSWORD"))) | .value')
 	echo secrets=$secrets
 
-	passwords="$(for i in $secrets; do base64 -d <<< $i; echo; done) $secrets"
+	passwords="$(for i in $secrets; do
+		base64 -d <<<$i
+		echo
+	done) $secrets"
 	echo passwords=$passwords
 
 	pods=$(kubectl_bin get pods -o name | awk -F "/" '{print $2}')
@@ -1295,7 +1292,7 @@ check_passwords_leak() {
 				if [[ ${c} =~ "pmm" ]]; then
 					continue
 				fi
-				kubectl_bin -n "$NS" logs $p -c $c > ${TEMP_DIR}/logs_output-$p-$c.txt
+				kubectl_bin -n "$NS" logs $p -c $c >${TEMP_DIR}/logs_output-$p-$c.txt
 				echo logs saved in: ${TEMP_DIR}/logs_output-$p-$c.txt
 				for pass in $passwords; do
 					count=$(grep -c --fixed-strings -- "$pass" ${TEMP_DIR}/logs_output-$p-$c.txt || :)
@@ -1315,3 +1312,14 @@ check_passwords_leak() {
 		collect_logs $OPERATOR_NS
 	fi
 }
+
+insert_data_mongos() {
+	local data=$1
+	local db_name=$2
+	local flags=$3
+
+	run_mongos \
+		"use ${db_name}\n db.test.insert({ x: ${data} })" \
+		"myApp:myPass@$cluster-mongos.$namespace" "" "" \
+		"$flags"
+}

e2e-tests/init-deploy/compare/clusterMonitor-42.json

@@ -28,10 +28,14 @@
         },
         "actions": [
           "collStats",
+          "dbHash",
           "dbStats",
+          "find",
           "getDatabaseVersion",
           "getShardVersion",
-          "indexStats"
+          "indexStats",
+          "listCollections",
+          "listIndexes"
         ]
       },
       {
@@ -41,11 +45,9 @@
         },
         "actions": [
           "collStats",
-          "dbHash",
           "dbStats",
           "find",
-          "listCollections",
-          "listIndexes"
+          "indexStats"
         ]
       },
       {

e2e-tests/init-deploy/compare/clusterMonitor-44.json

@@ -28,10 +28,14 @@
         },
         "actions": [
           "collStats",
+          "dbHash",
           "dbStats",
+          "find",
           "getDatabaseVersion",
           "getShardVersion",
-          "indexStats"
+          "indexStats",
+          "listCollections",
+          "listIndexes"
         ]
       },
       {
@@ -41,11 +45,9 @@
         },
         "actions": [
           "collStats",
-          "dbHash",
           "dbStats",
           "find",
-          "listCollections",
-          "listIndexes"
+          "indexStats"
         ]
       },
       {

e2e-tests/init-deploy/compare/clusterMonitor-50.json

@@ -28,10 +28,14 @@
         },
         "actions": [
           "collStats",
+          "dbHash",
           "dbStats",
+          "find",
           "getDatabaseVersion",
           "getShardVersion",
-          "indexStats"
+          "indexStats",
+          "listCollections",
+          "listIndexes"
         ]
       },
       {
@@ -41,11 +45,9 @@
         },
         "actions": [
           "collStats",
-          "dbHash",
           "dbStats",
           "find",
-          "listCollections",
-          "listIndexes"
+          "indexStats"
         ]
       },
       {

e2e-tests/init-deploy/compare/clusterMonitor-60.json

@@ -28,10 +28,14 @@
         },
         "actions": [
           "collStats",
+          "dbHash",
           "dbStats",
+          "find",
           "getDatabaseVersion",
           "getShardVersion",
-          "indexStats"
+          "indexStats",
+          "listCollections",
+          "listIndexes"
         ]
       },
       {
@@ -41,11 +45,9 @@
         },
         "actions": [
           "collStats",
-          "dbHash",
           "dbStats",
           "find",
-          "listCollections",
-          "listIndexes"
+          "indexStats"
         ]
       },
       {

e2e-tests/monitoring-2-0/compare/statefulset_monitoring-cfg-oc.yml

@@ -212,7 +212,7 @@ spec:
             - name: PMM_AGENT_SETUP_METRICS_MODE
               value: push
             - name: PMM_ADMIN_CUSTOM_PARAMS
-              value: --environment=dev-mongod
+              value: --enable-all-collectors --environment=dev-mongod
             - name: PMM_AGENT_SERVER_USERNAME
               value: api_key
             - name: PMM_AGENT_SERVER_PASSWORD

e2e-tests/monitoring-2-0/compare/statefulset_monitoring-cfg.yml

@@ -213,7 +213,7 @@ spec:
             - name: PMM_AGENT_SETUP_METRICS_MODE
               value: push
             - name: PMM_ADMIN_CUSTOM_PARAMS
-              value: --environment=dev-mongod
+              value: --enable-all-collectors --environment=dev-mongod
             - name: PMM_AGENT_SERVER_USERNAME
               value: api_key
             - name: PMM_AGENT_SERVER_PASSWORD

e2e-tests/monitoring-2-0/compare/statefulset_monitoring-rs0-oc.yml

@@ -200,7 +200,7 @@ spec:
             - name: PMM_AGENT_SETUP_METRICS_MODE
               value: push
             - name: PMM_ADMIN_CUSTOM_PARAMS
-              value: --environment=dev-mongod
+              value: --enable-all-collectors --environment=dev-mongod
             - name: PMM_AGENT_SERVER_USERNAME
               value: api_key
             - name: PMM_AGENT_SERVER_PASSWORD

e2e-tests/monitoring-2-0/compare/statefulset_monitoring-rs0.yml

@@ -201,7 +201,7 @@ spec:
             - name: PMM_AGENT_SETUP_METRICS_MODE
               value: push
             - name: PMM_ADMIN_CUSTOM_PARAMS
-              value: --environment=dev-mongod
+              value: --enable-all-collectors --environment=dev-mongod
             - name: PMM_AGENT_SERVER_USERNAME
               value: api_key
             - name: PMM_AGENT_SERVER_PASSWORD